Skip to Main Content
Apache Events The Apache Software Foundation
Apache 20th Anniversary Logo

This was extracted (@ 2023-11-15 18:10) from a list of minutes which have been approved by the Board.
Please Note The Board typically approves the minutes of the previous meeting at the beginning of every Board meeting; therefore, the list below does not normally contain details from the minutes of the most recent Board meeting.

WARNING: these pages may omit some original contents of the minutes.
This is due to changes in the layout of the source minutes over the years. Fixes are being worked on.

Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).

Public Policy

19 Jul 2023 [Dirk-Willem van Gulik]

Public Policy

0) Discussion was moved to the members only
mailing list.

There is a companion wiki page with recent documents (members
only). About 38 members sat in on an introduction presentation I gave (same as
given to the board@).

1) CRA - `plot twist'

Prior to the ASF/OpenSSL meeting - the open source community assumed that the
CRA's 'bad definitions' of open source were just that. And that the intentions
were right - to keep (the ASF type of) open source out of the CRA.

This shifted last week.

First: both the policy & political side of the 3 law making powers confirmed
that they want foundations such as the ASF under the CRA regulation. Otherwise
it would be `too costly' for SMEs to comply. Open Source Foundations are
expected to carry that burden. Second: this is broadly-carried consensus; it
is not controversial.

The open source community (coordinated by OFE) has since started to respond
and is (slowly) adjusting strategy -- this will mean a focus on country level
(that indirectly influences the third power, the Council (consilium).

The more loud options (e.g. go black, geolocked-messaging, the blocking of
distribution, intentionally break CI/CD via maven/npm, etc) were discussed
between the code-producing foundations -- and the ASF steered away from these
as unlikely to have the right effect at this stage.

BKP and I are preparing a muted blog post for both the community and policy

2) PLD, US acts

No changes or updates -- these are progressing and are not a particular cause
for concern (yet).

3) Open Source Congress.

The Linux Foundation (on request/tied to sponsorship by Huawei/FutureWei) is
organising an invite-only, chatham house rules event in Geneva at the end of
this month. About 1/3 of the people there are from open source foundations
that create code; about 1/3 are from the Linux Foundation (most of whom are
not on the code producing side); 1/3 are from organisations supportive of open
source (e.g. funding, OSI, OpenUK, etc). With the sponsors - and noteworthy,
several representatives of the (normative) standards body will be present.

The various risks were discussed with the other code-producing open source

4) Situational Awareness - EUROPE

As per the last board meeting - to give the ASF situational awareness - I
propose that we join the OFE as a partner;
as the low-key visibility and association gives the right message. And makes
us a natural `ask us anything' sort of non pushing partner in the ecosystem.
I.e. you are consulted about impact.

OFE has more than proven itself in the past 18 months (with the CRA, working
with us and in their advisory rather than pushly lobbyist relation to the
folks in Brussels).

That said - it is also common for organisations to 'just' subscribe to their
situational awareness feed. And do so silently.

So I am requesting permission to make this so, work with Legal to dot any i's,
and submit something for board final OK.

5) Situational Awareness - USA

There is currently no OFE equivalent in the USA. Deb Bryant is trying to
create such under the name of the Open Policy Alliance. She has however not
detailed this to any meaningful level.

I ask permission from the board to tentatively support her in this effort -
with, for us, the focus on 1) this being about awareness in the US, and 2) for
the code-producing open source organisations (as opposed to those that, say,
are more about dispersing money, etc). And 3) with a heavy slant towards the
volunteer ran open source; with a modus operandi that fits that type of

6) Registration on the transparency register

Although there are no legal requirements (see earlier reports on the legal
analysis) - it is generally considered good practice and `wise' to register in
the transparency register in Brussels

Given our own high level of openness, transparency and the fact that want to
stay far away from lobbying (and radiate such) - I hereby ask permission to
register the ASF in there as a Delaware corporation.

7) New EU/US data sharing agreement

There is a new political agreement between the US and the EU on data sharing.
Our VP of Privacy and I agree that it is very likely that this will shortly be
voided in a Schrems-III ruling. And that it thus behoves the ASF to not change
its current approach.