1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
|
[19:01:31] Meeting started by prometheanfire
[19:01:47] Meeting chairs are: dabbott, robbat2, swift, antarus, prometheanfire,
[19:02:01] <prometheanfire> .topic roll call
[19:02:11] Current subject: roll call, (set by prometheanfire)
[19:02:32] <prometheanfire> robbat2: SwifT dabbott antarus ping
[19:02:36] <SwifT> pong
[19:02:39] <antarus> here
[19:02:41] <dabbott> here
[19:02:42] <robbat2> here
[19:03:02] <prometheanfire> cool, all here
[19:03:21] <prometheanfire> dabbott: logging the meeting?
[19:03:28] <dabbott> yes
[19:03:41] <prometheanfire> next activity tracker task is in july
[19:04:08] Current subject: how are we doing on the mailing address change?, (set by prometheanfire)
[19:04:19] LINK: https://bugs.gentoo.org/show_bug.cgi?id=613950 [613950 – Change of Mailing Address: tracker bug]
[19:04:30] <robbat2> about halfway on the list of bugs
[19:04:49] <robbat2> a bunch of them need bank records to show a paper trail
[19:04:56] <prometheanfire> ah
[19:05:09] <robbat2> since we have no other bills that come in
[19:05:44] <prometheanfire> ok, next
[19:05:55] <prometheanfire> no update on irs, waiting on bank
[19:05:59] <dabbott> paypal may be a problem, I'm afraid to do anything there, they have my name and address I think
[19:06:18] <robbat2> we need bank statements for the paypal one anyway
[19:06:18] <prometheanfire> speaking of bank
[19:06:37] Current subject: getting control of the bank, (set by prometheanfire)
[19:06:53] <prometheanfire> dabbott: mind updating the others on your progress?
[19:07:15] <dabbott> When I talked to them on friday they just need to do the change afaik
[19:07:37] <prometheanfire> which is amazing to me :D
[19:07:43] <prometheanfire> so hopefully end of week there
[19:07:44] <dabbott> did not say there was any problem, no one has looked at the documents as yet
[19:08:23] <dabbott> they know who I am summers had added me to the account just not followed through setting it up
[19:09:01] <dabbott> i could have sent them a sig and been approved if he would have done it
[19:09:01] <prometheanfire> cool, next?
[19:09:46] Current subject: insurance updates, (set by prometheanfire)
[19:09:54] LINK: https://bugs.gentoo.org/show_bug.cgi?id=592198 [592198 – D&O insurance]
[19:10:17] <prometheanfire> I've sent out one of the two proposals (the other is in underwriting)
[19:10:53] <prometheanfire> the one we have to review is not for D&O though
[19:11:05] <prometheanfire> the D&O one is in underwriting
[19:11:41] <prometheanfire> anyone review it?
[19:12:31] <dabbott> personaly I could care less, if the rest of the board wants it its fine by me
[19:13:03] <prometheanfire> I'm kinda in the same place on this one, it could be a nice to have, but I'm not sure if we should pursue it
[19:13:18] <antarus> same here
[19:13:28] <robbat2> yeah, i want to wait for the D&O response
[19:13:34] <robbat2> to figure out where it stands on the budget line
[19:13:57] <prometheanfire> k
[19:14:00] <robbat2> most of it is irrelevant to us
[19:14:06] <prometheanfire> tabling it for now then
[19:14:29] <dabbott> sounds good
[19:14:30] <prometheanfire> alicef: pre-ping
[19:14:35] Current subject: Do we need date of birth in developer apps, (set by prometheanfire)
[19:14:55] <prometheanfire> I sent out my proposed email and got slaped down
[19:15:15] <prometheanfire> so, if anyone wants to try again...
[19:16:35] <robbat2> can we side-step it entirely then, and just have some statement:
[19:16:52] <robbat2> by joining, you agree you are able to enter into contractual agreements
[19:17:15] <prometheanfire> that sounds good to me
[19:17:30] <NeddySeagoon> Thats too simple. Vhat abaut minors?
[19:18:21] <robbat2> can you think of a simple way to include them in the above, without complicating it?
[19:18:51] <NeddySeagoon> No.
[19:20:12] <prometheanfire> ok, next?
[19:20:21] <prometheanfire> or action?
[19:20:43] <robbat2> ok, does leaving out minors really matter for this?
[19:21:11] <robbat2> if they are a minor, and assert yes to the above, are we in the clear ourselves?
[19:21:11] <NeddySeagoon> It would have excluded several devs.
[19:21:20] <dabbott> just keep doing it the way we have been unless someone comes up with a better solution, if its not broke don't fix kind of thing
[19:21:23] <SwifT> it isn't about having a simple statement imo; we need to inform developers (and aspiring developers) why we need some kind of information. As long as that isn't clear, the statements will be under continuous debate
[19:21:36] <robbat2> if we have the statement, we can drop the DOB need
[19:23:04] <robbat2> let's move on for the moment
[19:23:07] <prometheanfire> k
[19:23:08] <robbat2> alicef: reping
[19:23:24] <prometheanfire> in the mean time
[19:23:27] Current subject: open bugs, (set by prometheanfire)
[19:23:35] LINK: https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=IN_PROGRESS&bug_status=VERIFIED&email2=trustees&emailassigned_to2=1&emailcc2=1&emailreporter2=1&emailtype2=substring&known_name=TrusteesOpenBugs&list_id=3290194&order=Last%20Changed&query_based_on=TrusteesOpenBugs&query_format=advanced&resolution=--- [Bug List: TrusteesOpenBugs]
[19:24:35] <prometheanfire> there are a couple of updates
[19:24:41] LINK: https://bugs.gentoo.org/show_bug.cgi?id=605336 [Bug Access Denied]
[19:24:49] <robbat2> i see 3 things there to do: dilfridge filed his invoices, so I can reimburse him now
[19:24:52] <prometheanfire> the invoices are submitted
[19:25:26] <prometheanfire> ok, so robbat2 will do that
[19:25:30] <prometheanfire> the other two?
[19:25:32] <robbat2> bug 318841 is a license question, with implications of breaking the install media
[19:25:35] <willikins> robbat2: https://bugs.gentoo.org/318841 "sys-kernel/linux-firmware incomplete LICENSE"; Gentoo Linux, New packages; IN_P; ulm:licenses
[19:26:00] <robbat2> mostly that we are taking a stricter stance than upstream or debian on some firmware
[19:26:41] <robbat2> when we put RESTRICT=bindist, the firmware will no longer be on the install media
[19:27:23] <robbat2> should trustees override licenses team on this, based on what upstream does?
[19:27:24] <prometheanfire> ya, not sure that's workable
[19:28:43] <robbat2> (bug 531540 we can ignore, it only shows updated because of a change in the tracker bug)
[19:28:46] <willikins> robbat2: https://bugs.gentoo.org/531540 "dev-libs/openssl: revise inclusion of elliptic curves with bindist USE flag"; Gentoo Linux, Current packages; CONF; aballier:base-system
[19:29:24] <prometheanfire> ah, k
[19:29:30] <ulm> hi
[19:29:31] <robbat2> i just asked ulm to join re 318841
[19:29:37] <dilfridge> hm?
[19:29:38] <dilfridge> ah
[19:29:53] <robbat2> per 318841, originally you were going to add just a license statement
[19:30:00] <robbat2> but your recent comment said add RESTRICT=bindist too
[19:30:09] <antarus> why doesn't upstream care?
[19:30:13] <robbat2> would that not break any install media using the firmware
[19:30:21] <ulm> RESTRICT=mirror too
[19:30:25] <antarus> aren't they also distributin?
[19:30:35] <robbat2> because catalyst wouldn't have it on the media?
[19:30:45] <robbat2> upstream is distributing the firmware yes
[19:31:25] <ulm> robbat2: some of the firmware blobs seem to come without any license at all
[19:31:27] <antarus> why do we care when they don't?
[19:31:47] <ulm> because without a license we cannot redistribute them
[19:31:55] <antarus> (not saying we are wrong, but more so looking for their rationale)
[19:32:04] <robbat2> why does our redistribution differ from upstream redistribution?
[19:32:07] <antarus> what do they know that we don't :)
[19:32:33] <ulm> then there are others that alledgedly are GPL licensed but their source is not available
[19:32:52] <ulm> which has the same consequence, namely that it's not distributable
[19:33:21] <mrueg> can we get a USE="proper-licensing" that fetches a different tarball which contains validated firmware?
[19:33:33] <robbat2> ulm: if upstream redistributes it, and we also redistribute it; surely we have a lower risk profile than upstream?
[19:33:58] <ulm> robbat2: upstream owns copyright so they can do what they want
[19:34:14] <robbat2> upstream is the linux-firmware.git repo owner
[19:34:17] <robbat2> not the creator of the firmware
[19:34:27] <robbat2> https://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git
[19:34:52] <antarus> yes, exactly
[19:35:09] <ulm> so if the linux-firmware repo owner violates copyright, it follows that we're allowed to violate it too?
[19:35:16] <antarus> no
[19:35:33] <antarus> I want to understand if its by accident, on purpose, or if they have some other circumstance
[19:35:38] <SwifT> have we reported the licensing problems to the linux-firmware.git project owner? if not, it might be a good idea to do so, perhaps they have more info on these things?
[19:35:48] <ulm> SwifT: yes we have
[19:35:53] <prometheanfire> response?
[19:36:04] <robbat2> SwifT: yes, that's covered in the bug, gregkh took it very far up in the linux foundation, to no real resolution
[19:36:12] <ulm> let me look up the history
[19:36:27] <ulm> wasn't that in the bug?
[19:36:37] <SwifT> if our main concern right now is to not break the installation media, is the only alternative (beyond ignoring the issue) to break up and only pull the correctly licensed firmware ?
[19:36:43] <prometheanfire> I don't see it in the bug
[19:37:10] <ulm> give me a minute
[19:38:00] <ulm> ok, it was reported upstream in Feb. 2013
[19:38:31] <robbat2> in the spirit of pragmatic solutions, keep the ' According to upstream, all of them should be redistributable.' statement, augment it to say that we disagree, but will continue to redistribute it for working install media
[19:38:35] <ulm> and it went up to the Technical Advisory board of the Linux Foundation
[19:38:50] <ulm> who tasked GregKH with it
[19:39:03] <ulm> according to a mail from him in March 2013
[19:39:14] <ulm> then we sent a reminder in May 2013
[19:39:30] <ulm> and since then nothing seems to have happened
[19:39:31] <antarus> I mean I see two arguments here, an ethical argument about following the law
[19:39:38] <antarus> and an argument about legal exposure
[19:40:08] <ulm> robbat2: I don't think we have a statement from upstream that all are distributable
[19:40:59] <antarus> "This repository contains all these firmware images which have been
[19:41:00] <antarus> extracted from older drivers, as well various new firmware images which
[19:41:00] <antarus> we were never permitted to include in a GPL'd work, but which we _have_
[19:41:01] <antarus> been permitted to redistribute under separate cover."
[19:41:15] <ulm> the wording in the last version of that note is "Most likely, some of the images are not redistributable." and I believe that it accurately describes the situation
[19:41:58] <mrueg> https://packages.debian.org/sid/firmware-misc-nonfree is that a stripped down version of the same?
[19:42:00] <ulm> antarus: who is the "we" in "we have been permitted"?
[19:42:35] <robbat2> ulm: their statement is implicit in that they are redistributing them
[19:43:08] <antarus> I think my point is that from a legal perspective the risk of action seems low
[19:43:11] <antarus> and the benefit high
[19:43:54] <antarus> I'm less convinced on the social contract angle (does it allow us to take this sort of action?)
[19:45:02] <robbat2> as an example of breakage, the firmware that we decided was not redistributable includes really common stuff like e100
[19:46:37] <K_F> is it really breakage as long as it is installable?
[19:46:51] <prometheanfire> network makes it un-fetchable
[19:47:03] <robbat2> you need to include the firmware on the install media to start up the network :-)
[19:47:05] <prometheanfire> bootstraping problem
[19:47:27] <ulm> then sort it out with the copyright holder?
[19:49:00] <robbat2> wasn't our discussion from 2013 that attempt already, to no avail?
[19:49:30] <ulm> yes, no progress because linux upstream didn't do their homework
[19:50:10] <prometheanfire> prod them again?
[19:50:12] <robbat2> so we're faced with the choice of: break install media || ethically follow law
[19:50:22] <K_F> prometheanfire: seems like a possible action
[19:50:37] <K_F> prometheanfire: in particular if there are outstanding output from last discussion
[19:50:44] <prometheanfire> yep
[19:50:53] <ulm> robbat2: we should at least add a license notice as suggested in bug 318841
[19:50:55] <willikins> https://bugs.gentoo.org/318841 "sys-kernel/linux-firmware incomplete LICENSE"; Gentoo Linux, New packages; IN_P; ulm:licenses
[19:50:59] <prometheanfire> it seems like the original question was never resolved
[19:51:07] <SwifT> I would rather see the ebuild reflect the actual state, and if necessary override it when building media (if that is the course that would be suggested)
[19:51:09] <robbat2> yes, definetly add the notice, but no RESTRICT
[19:51:09] <ulm> even if that wouldn't go along with any RESTRICT
[19:51:15] <ulm> yep :)
[19:51:33] <prometheanfire> yep, add notice, no restrict, prod upstream again
[19:52:06] <robbat2> ulm: where was the gregkh / LF TAB piece, so we can link to it from the text?
[19:52:15] <SwifT> prometheanfire: wouldn't it make more sense that catalyst overrides it, but let the ebuild reflect it as suggested by the bug?
[19:52:48] <ulm> robbat2: e-mail to licenses@
[19:52:57] <ulm> Mon, 25 Mar 2013 06:30:26 -0700
[19:53:00] <robbat2> i'd have to double-check, but I think catalyst can't override RESTRICT=bindist
[19:53:12] <robbat2> for a single package
[19:54:01] <ulm> can we say "Most likely, some of the images are not redistributable"?
[19:54:12] <ulm> or choose a weaker wording, saying that we don't know or aren't sure?
[19:54:52] <prometheanfire> It is likely, instead of most likely?
[19:55:23] <ulm> "Possibly"?
[19:55:37] <SwifT> I'd rather say that we don't know (something akin to "Although the firmware is distributed through the linux-firmware project, some of the firmware is not accompanied by a proper license attribution, making it difficult for us to know if the files are redistributable or not."
[19:55:40] <robbat2> "Most likely, upstream redistribution of some firmware images may conflict with the licenses or lack thereof on the images"
[19:56:14] <ulm> wfm
[19:56:23] <prometheanfire> k
[19:56:35] <prometheanfire> so, we good?
[19:56:36] <antarus> sgtm
[19:56:39] <robbat2> +1
[19:56:44] <dabbott> +1
[19:56:49] <robbat2> thanks for being available on short notice ulm
[19:57:04] <SwifT> is it on the statement that robbat2 made? (just to be certain)
[19:57:36] <ulm> so, full text of the notice will be:
[19:57:37] <ulm> "Linux firmware images are distributed under a variety of licenses, many of them being non-free. Most likely, upstream redistribution of some firmware images may conflict with the licenses or lack thereof on the images. You will need to check the WHENCE and LICEN[CS]E.* files in the package for specific licensing terms."
[19:58:25] <ulm> and no RESTRICT
[19:58:30] <prometheanfire> k
[19:58:33] <robbat2> +1
[19:58:35] <SwifT> ok
[19:58:40] <prometheanfire> 2+1
[19:58:43] <dabbott> ok
[19:59:12] <prometheanfire> do we have time to talk about bitcoin?
[20:01:15] LINK: https://bugs.gentoo.org/show_bug.cgi?id=476718 [476718 – Request for bitcoin donation support]
[20:01:17] <prometheanfire> bug 476718
[20:01:20] <willikins> prometheanfire: https://bugs.gentoo.org/476718 "Request for bitcoin donation support"; Gentoo Foundation, Proposals; CONF; rich0:trustees
[20:01:29] <robbat2> as treasurer, I will re-assert what the bug noted before: i'm only comfortable if we accept it in a manner that immediately converts it to another currency
[20:01:39] <robbat2> and not carry a balance in it
[20:01:40] <prometheanfire> the idea is to accept bitcoin donations and immediatly cash out
[20:01:50] <prometheanfire> yep, I think that's for the best
[20:02:03] <SwifT> yup agree to that... accountancy with multiple currencies is a nightmare
[20:02:23] <robbat2> it's more that bitcoin has special tax implications since it's not entirely a currency
[20:02:40] <robbat2> multi-currency accounting itself is not a problem
[20:02:51] <robbat2> just more painful than single-currency accounting
[20:03:22] <robbat2> (and for the record, i'm not anti-bitcoin, i personally have a diverse investment portfolio that does include bitcoin)
[20:03:26] <antarus> the cashing out is more to avoid the volatility
[20:03:51] <robbat2> i'd say it's to avoid the capital gain/loss side effects of the volatility
[20:04:00] <SwifT> whatever the reason, I think we all agree to it ;)
[20:04:11] <prometheanfire> yep
[20:04:12] <prometheanfire> +1
[20:04:19] <SwifT> +2
[20:04:26] <robbat2> signing up for some of the providers needs us to fix the bank accounts first
[20:04:36] <antarus> don't we need to like, yeah have accounts people can donate to?
[20:05:11] <prometheanfire> this can depend on the bank then
[20:06:10] <prometheanfire> next?
[20:06:43] <K_F> robbat2: might be an idea to look into services that converts bitcoin to currency at time of donation, we do that for some other organisations
[20:07:01] <robbat2> the github ToS issue on bug 611376 had some followup questions
[20:07:03] <willikins> robbat2: https://bugs.gentoo.org/611376 "New GitHub Terms of Service"; Gentoo Foundation, Proposals; CONF; ulm:trustees
[20:07:34] <robbat2> specifically, that we distribute some patches in the tree, and the patches have licenses that are violated by the GitHub TOS
[20:07:57] <robbat2> i think just moving those patches to distfiles would suffice
[20:08:28] <robbat2> with the exeption of licenses/GPL-2 itself
[20:09:28] <prometheanfire> that sounds ok
[20:09:33] <robbat2> (other than the above, I have no further business)
[20:09:42] <ulm> it's rather licenses/* (but it doesn't change the argument of course)
[20:10:48] <robbat2> GPL-2 is a useful example, because the FSF wants it included in every package that's GPL-2, and they themselves said the GH TOS are ok
[20:13:19] <robbat2> for the moment then, RESO:talk-to-FSF-again
[20:13:39] <prometheanfire> ya
[20:13:44] <dabbott> ok
[20:13:54] <robbat2> ulm: ok if I draft and email and run it by you before sending it to licensing@fsf?
[20:14:00] <ulm> sure
[20:15:06] <robbat2> prometheanfire: any other business?
[20:15:48] <prometheanfire> nope, just picking the next meeting
[20:16:08] <prometheanfire> may 21?
[20:16:35] Current subject: Date of Next Meeting - Sun May 21 2017 19:00 UTC, (set by dabbott)
[20:16:44] <dabbott> fine here
[20:16:44] <robbat2> still good with me
[20:17:13] <prometheanfire> antarus: SwifT ?
[20:17:24] <SwifT> ok
[20:17:31] <SwifT> had to check my calendar, sorry for the delay
[20:18:23] <prometheanfire> ok, going for that then
[20:18:43] <prometheanfire> think that's it, unless someone has something else?
[20:19:10] <prometheanfire> k, ending
[20:19:13] Meeting ended by prometheanfire, total meeting length 4661 seconds
|