[Cryptech Core] contributor license agreement

[Stephen Farrell]

Hiya,

On 07/08/18 22:03, Peter Stuge wrote:
> Hi,
> 
> Stephen Farrell wrote:
>>>> One thing that seems to come up regardless of which home we find,
>>>> is the need for a contributor license agreement for the project.
>>>
>>>> So the question for now is would folks be ok if we adopted
>>>> something like the one that's used by openssl?  [2]
>>>
>>> The question is moot until a rationale explains the "need".
>>
>> My assumption was that folks on the core team would be familiar
>> with such things. If that's a bad assumption I'm happy to try
>> explain why these things seem to be useful.
> 
> I don't know about others on core@, but I know various reasons for
> CLAs, most if not all related to legal issues.
> 
> I was asking for clarification about what specific reasons there are
> for CrypTech to start requiring one, if any, beyond that a "bank"
> requires it as part of *their* processes.

I suspect this will be a requirement for most/any such entity
(whether we call 'em a bank of billing agent or whatever). If
there's a way to avoid that, I don't think anyone would have a
problem continuing as we are. I'd be surprised if there were,
as anyone handling the dosh (which is what we need done) will
need to worry about that, and won't have Nordunet's advantages
in respect of insurance.

> 
> There are plenty of reasons to avoid CLAs, an obvious one is that they
> make anonymous contributions impossible, which I personally find highly
> undesirable - ie. I am against CLAs.

Well, OTOH, there are also risks with anonymous contributions,
specific to this project (aside from the obvious IPR risks).
Personally, I think CLAs are ok, but if the consensus of the
core team is against that, then we'll need to think seriously
about that because they'll be hard to avoid I suspect. Can we
find out if that is/isn't a consensus position of the core
team as that's kind of an important input here?

>> We have a couple more things we're checking with the commons
>> conservancy folks, will send the full details when we have 'em.
> 
> Thanks, I think full details are important for a discussion, but well,
> I don't support adding a legal team and a bank into the project anyway.
> 
> 
>>> What are the desired new and changed processes within the project
>>
>> See the notes of the f2f meetings from last Sept/Feb. Basically,
>> Nordunet have been handling the money since we started and don't
>> really see doing that for open-source projects as a core function
>> of theirs, so we need to find some other entity to do that.
> 
> Thanks! That's pretty much as I remembered. So the project is actually
> looking for an entity to handle billing rather than it is looking for
> a "home", a legal team or a "bank".

Not just billing, no. Someone has to mind the money donated.
And do accounting and transfers etc.

We need that to continue to be under the real control of the
project core team, with help from biz team folks, but there'll
be some overhead inevitable in filling the role of Nordunet.

>> There are not many such organisations existing, btw, and we need
>> someone to handle the dosh from donors so getting this sorted is
>> a thing we kinda have to succeed at, without there being anything
>> mega urgent afaik.
> 
>>> Popular choices are always convenient and of course politically safe,
>>> but usually not the best.
>>
>> I fail to see the relevance tbh - which is the "popular" thing here? :-)
> 
> Affiliation with "such organisations" in order to have a "home".
> 
> 
>>> CrypTech is relevant because we improve the state of the art - let's
>>> not lose that.
>>
>> Agreed. I don't see that replacing Nordunet's kindness in processing
>> payments with someone else doing just that job really risks that.
>> (Not replacing Nordunet would eventually put that at risk I guess.)
> 
> I think it depends a lot on who is doing the job. Currently an active
> project participant is doing the job, anything else is obviously a lot
> less desirable, both politically and practically. 

I agree that we need the practical controls to reside with known
folks already involved in the project. I think the commons conservancy
setup could result in that (modulo the checking out still to be done).

> That's what I mean
> by state of the art. How can we stay self-sufficient? Maybe Bitcoin?
> (I'm being serious.)

I'm not aware that any of the bigger donors over the past years would
have donated in BTC. I'm pretty sure that some of them would not have.
So, I'd personally need to be convinced that's really practical. (That
said I'm sure we'd accept BTC if offered.)

>> I don't see that we need to agree or disagree with other things they do,
>> no more than we need to like the banks that hold/distribute the money
>> that donors contribute to fund the project.
> 
> I disagree. I think where we bank and shop for groceries matters, not
> only where we store crypto keys.

Fair enough that we disagree about how that applies here.

We do agree though that we need to find a way to accept and process
donations, as has been done in the past. TBH, I don't see a practical
way other than to deal with the like of these kinds of umbrella
organisation unless we take on all the costs of setting up our own
thing, which also seems undesirable, to me anyway.

S.

> 
> 
> //Peter
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x5AB2FAF17B172BEA.asc
Type: application/pgp-keys
Size: 6730 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/core/attachments/20180807/32df3ac3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/core/attachments/20180807/32df3ac3/attachment.sig>