1 |
On Tue, Jul 21, 2020 at 7:22 AM Michał Górny <mgorny@g.o> wrote: |
2 |
> |
3 |
> I don't know if it's worth the effort. The effort is better put into |
4 |
> disbanding GF and making Gentoo more sustainable, than making it harder |
5 |
> to keep GF afloat when we have a very bad track record of dealing with |
6 |
> the 'easier' variant. |
7 |
|
8 |
Along these lines I'll just mention something that I brought up on IRC |
9 |
last night. |
10 |
|
11 |
IMO something we ought to do is try to make our infra a bit more |
12 |
legally resilient. That is, we should have an answer to the question, |
13 |
what would we do if somebody took away ALL our toys - anything owned |
14 |
by the Foundation? Having more toys owned by the Foundation would not |
15 |
help with that - I'm not talking about a datacenter failure, I'm |
16 |
talking about a legal failure. |
17 |
|
18 |
Note that this isn't about any of our Trustees/Officers/etc having bad |
19 |
intentions/etc. I'm just saying that reducing points of failure is a |
20 |
good design practice. |
21 |
|
22 |
If somebody took away all the Linux Foundation's toys chances are all |
23 |
the subsystem maintainers already know each other's private emails, |
24 |
and with their workflow each person really only needs to know the |
25 |
people above/below them. They don't really need even a mailing list |
26 |
or central repo to operate in the short term, though obviously those |
27 |
things help. If they lost all their list history and started a new |
28 |
list it wouldn't really be a big deal. They're not super-dependent on |
29 |
central bug-trackers. Linus could just stick a mirror of his repo on |
30 |
gitlab/github/whatever and it more-or-less gets the job done. |
31 |
|
32 |
Now, we aren't the same sort of project, but we really ought to give |
33 |
some thought to our own bus factor. |
34 |
|
35 |
I'm not saying we can't have/use infra. I'm just saying we shouldn't |
36 |
be so dependent on them that we basically just go away if our bugzilla |
37 |
gets shut down, or that it be so hard to re-create everything that |
38 |
everybody just gives up. |
39 |
|
40 |
We can have a Foundation. We can have it add value. But let's try to |
41 |
do it in a way that doesn't make us too dependent on sustained |
42 |
operations. Bug bounties are a good use of money - we spend money, we |
43 |
get GPL code. Nobody can take the GPL code away from us, so we've |
44 |
traded an at-risk asset (money) for a risk-free asset (GPL code). |
45 |
Infra is riskier - we trade a fungible asset (money) for illiquid |
46 |
assets (hardware), and those assets increase our baseline |
47 |
spending/support burden or they become useless, and those assets can |
48 |
be taken away from us. |
49 |
|
50 |
Donated services/hardware that we don't own is one way of mitigating |
51 |
risk, though in the event of legal failure we should consider that |
52 |
such orgs might be reluctant to get involved and might decide to only |
53 |
make these resources available to somebody who can legally represent |
54 |
Gentoo. Splitting resources between the e.V. and Foundation is |
55 |
another way of mitigating risk as long as those orgs have no legal |
56 |
connection. Having mirrors that are completely personally owned by a |
57 |
few different community members and which don't have "Gentoo" anywhere |
58 |
in their name is another way of mitigating risk. |
59 |
|
60 |
I'm all for finding a balance - we should just balance risk of legal |
61 |
failure into our org design. |
62 |
|
63 |
-- |
64 |
Rich |