Skip to Main Content
Apache Events The Apache Software Foundation
Apache 20th Anniversary Logo

This was extracted (@ 2023-11-15 18:10) from a list of minutes which have been approved by the Board.
Please Note The Board typically approves the minutes of the previous meeting at the beginning of every Board meeting; therefore, the list below does not normally contain details from the minutes of the most recent Board meeting.

WARNING: these pages may omit some original contents of the minutes.
This is due to changes in the layout of the source minutes over the years. Fixes are being worked on.

Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).

Public Affairs

20 Sep 2023 [Dirk-Willem van Gulik]

Europe
======

Over the parliament recess, significant work and various analyses done on the
3(4) versions of the CRA by the open source foundations; coordinated by Open
Forum Europe. Which will lead to outreach to national stakeholders/cabinet
offices and the EU/EC that is coordinated between all of us. With consensus
inside and outside the ASF. This analysis is expected to become public this
week (with earlier versions used by some of our members in talks with NL, DE
and IT). Note that this will be under the OFE banner - we, the ASF, merely
supports their work.

Conversations with DE suggest that the CRA is getting slowed down; with
trialogue completion now expected no earlier than end of October. The PLD
(plain, simple, strict liability for software) is still on schedule for the
end of this year.

The situation around the 3 versions sees some of our large peer organsions
deciding to wait the outcome of the Trialogues before a more
public/public-outcry oriented campaign. Consensus at the ASF (and various
other peer organisations) seems to be that this is too late; as 1) the
regulation has been carved into stone at that point; and you generally assume
a complete reversal. And 2) as the current Council version (which generally
`win's) is not that problematic for a pure volunteer ran organisation like us
(i.e. where the open source organisation does not pay its developers; where
the baord does not tell PMCs what to do).

I am currently looking into engaging some legal expertise around a few, ASF
specific, narrow interpretation questions: 1) confirmation that distributing
source code with make/build/rel-notes, version numbers. etc, i.e. alll that
`signal that this code is expected to be used' meets the current (and not yet
final) definitions of placing it into the market of the Blue Guide/NLF. 2)
what the boundary would be if the ASF where to avoid itself to place a product
on the market/have the CRA read on it and 3) the implications for both our EU
based committers -and- their employers.

CRA P(review) Week
==================

There is discussion on the mailing list about the need for a "louder
action", especially the concept of CRAP Week, but the exact definition of
this, the goals of this action, the impact of said action on the community,
and the required infrastructure resources and timing continue to be
debated.  There is not a consensus that the action would accomplish the
stated goals of attracting attention and getting our community fired up
against the CRA.  Indeed, this could easily alienate our supporters.  If we
are to contemplate this for the future and anticipate the need for this
action of "last resort", it would require Board approvals as it falls
outside the purview of the Public Affairs remit.  Meanwhile we are seeing
large, powerful industries waking up to the reality and the action may not
be needed.

USA
===

No changes - but NIST is increasingly engaging with industry. Given the lack
of progress on the normative standards organisations in Europe -- this makes
it increasingly likely that it is ultimately the US that will define the
global standards in this area.

International
=============

There is a Linux Foundation organised Open Source Summit in Bilbao. ASF folks
known to attend have been briefed - but we've postponed/declined to engage
with lawmakers/regulators in prepared meetings & avoided a public appearance.

(Background: Bilbao is in Spain, and Spain is the current president of the EU
 & hence sets agenda/etc for the next months). Instead people attending have
 been given a number of talking points to have ready should they happen to be
 put in a position where they need to respond/have the right opportunity.

Standards
=========

No changes over the summer / no new conversations.

16 Aug 2023 [Dirk-Willem van Gulik]

Europe
======

With Europe (Brussels & national capitals) largely shut down over the summer
there is no additional clarity/leaks on which of the 3 versions of the CRA
will prevail. No changes around the status of the PLD (strict liability for
software) — the exemption for `us’ still there. Unfortunately - the current
documents are not yet final enough for proper legal analysis.

Both industry (i.e larger enterprises, SMEs) and wider open source community
(especially those that pay their developers) starting to understand the
 implications. With several highy respected industry consortia briefing in
 line with our interest. Progress at Open Forum Europe to come with a general
 analysis that helps inform the trialogues by describing impact.

Meanwhile - various people in our community have been brainstorming what
possible (public) responses; such as ‘CRAP week (CRA preview week)’ are
appropriate. I think that this this another 1 or 2 weeks to see what the
sentiment is at our peer open source organisations before the ASF needs to
make up its mind. Reality is that the `Council’ version (that generally sets
the tone) is not -that- bad for the ASF.

USA
===

No changes

Russia
======

There is some discussion on the mailing list as to wether or not be a `good
community shepherd’ and stress to, or inform (e.g. with a very short blog
post), our committers at the ASF that the ASF, at this time, has not
registered itself on the foreign non-profit organisations register of Russia;
and that the ASF, as Delaware Inc entity,  has, at this time, no intention to
analyse the situation or register. This discussion has not yet reached
consensus and is still going on.

Background:
https://russia.postsen.com/business/372099/Under-the-new-law-developers-of-unregistered-open-source-software-can-be-prosecuted-under-the-Criminal-Code-of-the-Russian-Federation.html

Standards (US/EUROPE):
======================

We’re reaching out to organisations that represent nations on the standards
bodies as to make our existence known & offer expertise. Both jointly through
OFE and, hopefully, as the ASF come September (I expect to post a call for
volunteers once we have the details).  There are also several calls going out
for experts to sit on standards bodies that will operationally the CRA/PLDA
(e.g. https://www.sbs-sme.eu/sites/default/files/Open%20call%20for%20experts%20-%20for%202024%20.pdf)
- I hope to get a complete list & then pass this on to our community
(committers & members) to find (local) volunteers.

Open Forum Europe
=================

Asking the board for an budget/Ok to sign up to supporting them for 30k/year.
Secondly we decede if we want to be publicly listed on their site as a
supported. My suggestion is that we do that; as it is a win-win for us & the
wider open source community (and we can rescind this any time we want).

There is no paperwork needed. They would need an email confirming this, the
payment made & which logo’s we’d want them to use - and our contacts.

BOARD Action: ok on budget & ok on becoming a supporter.

Open Source Initiative (OSI) - rejoining
========================================

Early on opensource.org and the ASF had some overlap in directors; but we
disengaged at some point. I suggest we re-enage. As there now is an affiliate
agreement (https://opensource.org/affiliateAgreement/) I am asking for the
board to OK re-enagement subject to an legal OK; with our president as the
person to vote in the OSI board election; our VP of Marketing for the
marketing contact and the VP of public affairs as the contact for their Public
Policy angle.

BOARD Action: yes / no