This was extracted (@ 2023-11-15 18:10) from a list of minutes
which have been approved by the Board.
Please Note
The Board typically approves the minutes of the previous meeting at the
beginning of every Board meeting; therefore, the list below does not
normally contain details from the minutes of the most recent Board meeting.
WARNING: these pages may omit some original contents of the minutes.
Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).
Europe ====== Over the parliament recess, significant work and various analyses done on the 3(4) versions of the CRA by the open source foundations; coordinated by Open Forum Europe. Which will lead to outreach to national stakeholders/cabinet offices and the EU/EC that is coordinated between all of us. With consensus inside and outside the ASF. This analysis is expected to become public this week (with earlier versions used by some of our members in talks with NL, DE and IT). Note that this will be under the OFE banner - we, the ASF, merely supports their work. Conversations with DE suggest that the CRA is getting slowed down; with trialogue completion now expected no earlier than end of October. The PLD (plain, simple, strict liability for software) is still on schedule for the end of this year. The situation around the 3 versions sees some of our large peer organsions deciding to wait the outcome of the Trialogues before a more public/public-outcry oriented campaign. Consensus at the ASF (and various other peer organisations) seems to be that this is too late; as 1) the regulation has been carved into stone at that point; and you generally assume a complete reversal. And 2) as the current Council version (which generally `win's) is not that problematic for a pure volunteer ran organisation like us (i.e. where the open source organisation does not pay its developers; where the baord does not tell PMCs what to do). I am currently looking into engaging some legal expertise around a few, ASF specific, narrow interpretation questions: 1) confirmation that distributing source code with make/build/rel-notes, version numbers. etc, i.e. alll that `signal that this code is expected to be used' meets the current (and not yet final) definitions of placing it into the market of the Blue Guide/NLF. 2) what the boundary would be if the ASF where to avoid itself to place a product on the market/have the CRA read on it and 3) the implications for both our EU based committers -and- their employers. CRA P(review) Week ================== There is discussion on the mailing list about the need for a "louder action", especially the concept of CRAP Week, but the exact definition of this, the goals of this action, the impact of said action on the community, and the required infrastructure resources and timing continue to be debated. There is not a consensus that the action would accomplish the stated goals of attracting attention and getting our community fired up against the CRA. Indeed, this could easily alienate our supporters. If we are to contemplate this for the future and anticipate the need for this action of "last resort", it would require Board approvals as it falls outside the purview of the Public Affairs remit. Meanwhile we are seeing large, powerful industries waking up to the reality and the action may not be needed. USA === No changes - but NIST is increasingly engaging with industry. Given the lack of progress on the normative standards organisations in Europe -- this makes it increasingly likely that it is ultimately the US that will define the global standards in this area. International ============= There is a Linux Foundation organised Open Source Summit in Bilbao. ASF folks known to attend have been briefed - but we've postponed/declined to engage with lawmakers/regulators in prepared meetings & avoided a public appearance. (Background: Bilbao is in Spain, and Spain is the current president of the EU & hence sets agenda/etc for the next months). Instead people attending have been given a number of talking points to have ready should they happen to be put in a position where they need to respond/have the right opportunity. Standards ========= No changes over the summer / no new conversations.
Europe ====== With Europe (Brussels & national capitals) largely shut down over the summer there is no additional clarity/leaks on which of the 3 versions of the CRA will prevail. No changes around the status of the PLD (strict liability for software) — the exemption for `us’ still there. Unfortunately - the current documents are not yet final enough for proper legal analysis. Both industry (i.e larger enterprises, SMEs) and wider open source community (especially those that pay their developers) starting to understand the implications. With several highy respected industry consortia briefing in line with our interest. Progress at Open Forum Europe to come with a general analysis that helps inform the trialogues by describing impact. Meanwhile - various people in our community have been brainstorming what possible (public) responses; such as ‘CRAP week (CRA preview week)’ are appropriate. I think that this this another 1 or 2 weeks to see what the sentiment is at our peer open source organisations before the ASF needs to make up its mind. Reality is that the `Council’ version (that generally sets the tone) is not -that- bad for the ASF. USA === No changes Russia ====== There is some discussion on the mailing list as to wether or not be a `good community shepherd’ and stress to, or inform (e.g. with a very short blog post), our committers at the ASF that the ASF, at this time, has not registered itself on the foreign non-profit organisations register of Russia; and that the ASF, as Delaware Inc entity, has, at this time, no intention to analyse the situation or register. This discussion has not yet reached consensus and is still going on. Background: https://russia.postsen.com/business/372099/Under-the-new-law-developers-of-unregistered-open-source-software-can-be-prosecuted-under-the-Criminal-Code-of-the-Russian-Federation.html Standards (US/EUROPE): ====================== We’re reaching out to organisations that represent nations on the standards bodies as to make our existence known & offer expertise. Both jointly through OFE and, hopefully, as the ASF come September (I expect to post a call for volunteers once we have the details). There are also several calls going out for experts to sit on standards bodies that will operationally the CRA/PLDA (e.g. https://www.sbs-sme.eu/sites/default/files/Open%20call%20for%20experts%20-%20for%202024%20.pdf) - I hope to get a complete list & then pass this on to our community (committers & members) to find (local) volunteers. Open Forum Europe ================= Asking the board for an budget/Ok to sign up to supporting them for 30k/year. Secondly we decede if we want to be publicly listed on their site as a supported. My suggestion is that we do that; as it is a win-win for us & the wider open source community (and we can rescind this any time we want). There is no paperwork needed. They would need an email confirming this, the payment made & which logo’s we’d want them to use - and our contacts. BOARD Action: ok on budget & ok on becoming a supporter. Open Source Initiative (OSI) - rejoining ======================================== Early on opensource.org and the ASF had some overlap in directors; but we disengaged at some point. I suggest we re-enage. As there now is an affiliate agreement (https://opensource.org/affiliateAgreement/) I am asking for the board to OK re-enagement subject to an legal OK; with our president as the person to vote in the OSI board election; our VP of Marketing for the marketing contact and the VP of public affairs as the contact for their Public Policy angle. BOARD Action: yes / no