[Cryptech Core] Budget, accounts payable, and NGI Trust project

[kodonog@pobox.com]

Coming from the business side of the house, I would defer to the desires 
of the developer team. I think this sounds reasonable. We do need to be 
sure that we understand the resources that will be required to meet the 
NGI grant deliverables and prioritize those going forward. And, we need 
to be realistic/conservative.

On 24 Feb 2020, at 23:31, Pavel Shatov wrote:

> On 20.02.2020 1:14, Rob Austein wrote:
>> I'm writing on behalf of the "Cryptech Board" created as part of
>> moving the project home to NLnet/Commons Conservancy.  In spite of 
>> the
>> name, the board has no real authority to make decisions, we're really
>> more of a liaison group to NLnet.  Real decision making still rests
>> with the core team.  Hence this note.
>>
>> As some of you are all too aware, there have been some hold-ups
>> paying Cryptech developers for current work.  The reason for this is
>> simple: we're down to a fairly small pot of money, almost all of 
>> which
>> has strings attached.
>>
>> Current status: we have a current balance of just under 77,000 EUR,
>> 70,000 of which is the initial block of NGI grant money (the pot with
>> strings attached).  We currently owe Pavel about 21,000 EUR, and Paul
>> about 9,000 EUR, all for work done since the start of the NGI project
>> and submitted for payment.  That leaves about 47,000 EUR to get the
>> rest of the NGI project done.
>>
>> Assuming we tick all the boxes from the project plan, our work is
>> approved as meeting what we said we'd do at the end, and we raise
>> enough money from other sources to satisfy the matching requirements,
>> we get about another 100,000 from NGI in September.  Not a sure 
>> thing.
>>
>> We think that all the work Pavel has been doing qualifies under the
>> NGI deliverables (faster ModExp was on the plan).  The driver and
>> performance test work Paul has been doing should also qualify, same
>> reasoning.  The one bit of current work we're not sure about is the
>> stuff Paul did to support storing wrapped keys outside the HSM: this
>> is not listed explicitly in the "new SW core functionality" section 
>> of
>> the etherpad notes from November, but easily could have been, given
>> that it was the one missing feature ARIN said would have been a
>> showstopper for them, back when they were evaluating us for their
>> current HSM purchase round.  We're inclined to say it qualifies.
>>
>> Given the size of the pot, the board is hereby proposing that, for 
>> the
>> duration of the NGI project or until we (somehow) obtain adequate
>> funding from other sources, we do the following:
>>
>> 1. Pay the amounts currently owed.  Yes they're large compared to the
>>     total size of the current pot, but the work was done in good 
>> faith
>>     with the expectation of being paid, expecting developers to 
>> accept
>>     a retroactive rule change does not seem fair or reasonable.
>>
>> 2. Effective immediately, we switch to a model where the remaining
>>     funding is split up equally among the project goals, with the
>>     understanding that if, by some miracle, achieving one of the 
>> goals
>>     does not take that goal's full share, the remainder gets thrown
>>     back into the pot to be shared among the other goals.  This seems
>>     the least unfair way to allocate limited funding.  It's not 
>> great,
>>     it just sucks less than the alternatives.  If and when we get
>>     sufficient other funding, we can go back to the old rules.
>>
>>     "Effective immediately" in the previous paragraph refers to work
>>     done after today.  Given that there is active work in progress, 
>> we
>>     will almost certainly owe a bit more than the sums above already
>>     owed to Paul and Pavel (mostly past due at this point, ouch).
>>
>> 3. 7,000 of the current 47,000 presumably comes from non-NGI sources.
>>     In an ideal world, we'd spend that covering any outstanding
>>     requests for payment from before the NGI project started, eg
>>     anything left unpaid from work Pavel did on ModExpNG over the
>>     summer.  Further, we would argue that Pavel has first call on 
>> such
>>     funding, because that was what the core team agreed a year ago 
>> when
>>     it became obvious that we were going to be going through a dry
>>     period: core discussed work in progress and concluded that 
>> ModExpNG
>>     was the most critical project in progress, and therefore should 
>> get
>>     what funding we could find.
>>
>>     All that said, at this point 7,000 is a significant portion of 
>> what
>>     we have left, so we would understand if core feels that we can't
>>     spare it at this time.  Nevertheless, the board's recommendation 
>> is
>>     that we earmark this 7,000 towards paying down whatever we still
>>     owe Pavel for the period before the NGI project started.
>>
>> So now it's up to core to decide whether to adopt the above plan or
>> not.  This has been dragging on for much too long, so there's some
>> urgency.  In the interest of resolving this, silence will be 
>> construed
>> as agreement with the above plan.
>>
>> -- Your Friendly Neighborhood Cryptech Board (Leif, Stephen, and Rob)
>> _______________________________________________
>> Core mailing list
>> Core at cryptech.is
>> https://lists.cryptech.is/listinfo/core
>>
>
> I wonder what the appropriate timeout for waiting for objections would 
> be?
>
>
> -- 
> With best regards,
> Pavel Shatov
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core