| 1 |
On Fri, Jun 26, 2020 at 4:17 PM Alec Warner <antarus@g.o> wrote: |
| 2 |
> |
| 3 |
> Is it against the social contract to purchase these CDN services? |
| 4 |
> Is it against the social contract to purchase these CDN services, even if the services are provided via open source software? |
| 5 |
> |
| 6 |
|
| 7 |
IMO the obvious answer to the second question is that purchasing |
| 8 |
services that are provided using FOSS is absolutely permitted by the |
| 9 |
social contract. Obviously we should be careful with money, but we're |
| 10 |
allowed to spend money on services and in fact have done so in other |
| 11 |
cases (like paying for a bug bounty, for accounting services, etc - |
| 12 |
generally all using FOSS where it exists). |
| 13 |
|
| 14 |
The first question is more of a grey area. IMO something like a |
| 15 |
mirror/CDN network is really not something we're "depending" on in the |
| 16 |
spirit of the social contract. They're just providing extremely |
| 17 |
commoditized services based on completely open protocols, so if the |
| 18 |
whole thing were to go away overnight the main thing we'd see is a |
| 19 |
lower level of service, and replicating the network with another |
| 20 |
provider would be trivial. For our distfiles/rsync mirrors we don't |
| 21 |
audit to make sure every one of those providers is using 100% FOSS, |
| 22 |
and I doubt most of their servers are running coreboot. Those mirrors |
| 23 |
are just http/etc and nobody is going to notice if one is running IIS |
| 24 |
for some reason. |
| 25 |
|
| 26 |
Now, if we were going to host bugzilla or email or some other core |
| 27 |
infra on non-FOSS software I think it would be a much larger concern. |
| 28 |
I think the key is that the authoritative source is FOSS, and we're |
| 29 |
just using vendors to mirror data using a black box mechanism and open |
| 30 |
protocols. |
| 31 |
|
| 32 |
But, I'll be the first to ack that this second bit is a grey area, and |
| 33 |
I'm sure there will be others that disagree. I think it is ok if a |
| 34 |
social contract has a bit of grey around the edges, and ultimately the |
| 35 |
community can decide how they feel about it. |
| 36 |
|
| 37 |
I realize that you didn't want to get into the fiscal argument, but |
| 38 |
I'd toss in my two cents here: it seems like we have a lot of orgs |
| 39 |
that donate servers/etc and I know we're always getting requests on |
| 40 |
pr@ for "sponsors" (usually cash for SEO, but maybe some could offer |
| 41 |
actual hosting). I actually like depending on donations in kind a lot |
| 42 |
more than money because it tends to keep the org rooted in what serves |
| 43 |
the broader FOSS/etc community vs being an org that handles a lot of |
| 44 |
cash which can sometimes lose perspective. |
| 45 |
|
| 46 |
-- |
| 47 |
Rich |
Archives