This was extracted (@ 2025-01-15 21:10) from a list of minutes
which have been approved by the Board.
Please Note
The Board typically approves the minutes of the previous meeting at the
beginning of every Board meeting; therefore, the list below does not
normally contain details from the minutes of the most recent Board meeting.
WARNING: these pages may omit some original contents of the minutes.
Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).
Public Policy ====================== 0) Discussion was moved to the members only public-affairs-private@apache.org mailing list. There is a companion wiki page with recent documents https://cwiki.apache.org/confluence/display/ASFP/Public+Affairs (members only). About 38 members sat in on an introduction presentation I gave (same as given to the board@). 1) CRA - `plot twist' Prior to the ASF/OpenSSL meeting - the open source community assumed that the CRA's 'bad definitions' of open source were just that. And that the intentions were right - to keep (the ASF type of) open source out of the CRA. This shifted last week. First: both the policy & political side of the 3 law making powers confirmed that they want foundations such as the ASF under the CRA regulation. Otherwise it would be `too costly' for SMEs to comply. Open Source Foundations are expected to carry that burden. Second: this is broadly-carried consensus; it is not controversial. The open source community (coordinated by OFE) has since started to respond and is (slowly) adjusting strategy -- this will mean a focus on country level (that indirectly influences the third power, the Council (consilium). The more loud options (e.g. go black, geolocked-messaging, the blocking of distribution, intentionally break CI/CD via maven/npm, etc) were discussed between the code-producing foundations -- and the ASF steered away from these as unlikely to have the right effect at this stage. BKP and I are preparing a muted blog post for both the community and policy makers. 2) PLD, US acts No changes or updates -- these are progressing and are not a particular cause for concern (yet). 3) Open Source Congress. The Linux Foundation (on request/tied to sponsorship by Huawei/FutureWei) is organising an invite-only, chatham house rules event in Geneva at the end of this month. About 1/3 of the people there are from open source foundations that create code; about 1/3 are from the Linux Foundation (most of whom are not on the code producing side); 1/3 are from organisations supportive of open source (e.g. funding, OSI, OpenUK, etc). With the sponsors - and noteworthy, several representatives of the (normative) standards body will be present. The various risks were discussed with the other code-producing open source organisations. 4) Situational Awareness - EUROPE As per the last board meeting - to give the ASF situational awareness - I propose that we join the OFE as a partner; as the low-key visibility and association gives the right message. And makes us a natural `ask us anything' sort of non pushing partner in the ecosystem. I.e. you are consulted about impact. OFE has more than proven itself in the past 18 months (with the CRA, working with us and in their advisory rather than pushly lobbyist relation to the folks in Brussels). That said - it is also common for organisations to 'just' subscribe to their situational awareness feed. And do so silently. So I am requesting permission to make this so, work with Legal to dot any i's, and submit something for board final OK. 5) Situational Awareness - USA There is currently no OFE equivalent in the USA. Deb Bryant is trying to create such under the name of the Open Policy Alliance. She has however not detailed this to any meaningful level. I ask permission from the board to tentatively support her in this effort - with, for us, the focus on 1) this being about awareness in the US, and 2) for the code-producing open source organisations (as opposed to those that, say, are more about dispersing money, etc). And 3) with a heavy slant towards the volunteer ran open source; with a modus operandi that fits that type of organisation . 6) Registration on the transparency register Although there are no legal requirements (see earlier reports on the legal analysis) - it is generally considered good practice and `wise' to register in the transparency register in Brussels https://ec.europa.eu/transparencyregister/public/homePage.do Given our own high level of openness, transparency and the fact that want to stay far away from lobbying (and radiate such) - I hereby ask permission to register the ASF in there as a Delaware corporation. 7) New EU/US data sharing agreement There is a new political agreement between the US and the EU on data sharing. Our VP of Privacy and I agree that it is very likely that this will shortly be voided in a Schrems-III ruling. And that it thus behoves the ASF to not change its current approach.