Realizing Good Ideas with Debian Money

classic Classic list List threaded Threaded
44 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Realizing Good Ideas with Debian Money

Sam Hartman-3

[moving a discussion from -devel to -project where it belongs]

>>>>> "Mo" == Mo Zhou <[hidden email]> writes:

    Mo> Hi,
    Mo> On 2019-05-29 08:38, Raphael Hertzog wrote:
    >> Use the $300,000 on our bank accounts?

So, there were two $300k donations in the last year.
One of these was earmarked for a DSA equipment upgrade.
DSA has a couple of options to pursue, but it's possible they may
actually spend $400k on an equipment refresh.

$200k doesn't really go that far in terms of big infrastructure projects
like bikeshed or similar.

I'm looking for someone who would be willing to guide a discussion of
the Money issues Martin brought up in his campaign.  I don't have time
to guide that effor myself.  Real thought needs to be put into it; it
will be at least as much work as the discussions I'm leading on
packaging practices and git if done correctly.

However it could be very valuable for the project.

--Sam

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Adrian Bunk-3
On Wed, May 29, 2019 at 07:49:25AM -0400, Sam Hartman wrote:

>
> [moving a discussion from -devel to -project where it belongs]
>
> >>>>> "Mo" == Mo Zhou <[hidden email]> writes:
>
>     Mo> Hi,
>     Mo> On 2019-05-29 08:38, Raphael Hertzog wrote:
>     >> Use the $300,000 on our bank accounts?
>
> So, there were two $300k donations in the last year.
> One of these was earmarked for a DSA equipment upgrade.
> DSA has a couple of options to pursue, but it's possible they may
> actually spend $400k on an equipment refresh.
>
> $200k doesn't really go that far in terms of big infrastructure projects
> like bikeshed or similar.
>
> I'm looking for someone who would be willing to guide a discussion of
> the Money issues Martin brought up in his campaign.  I don't have time
> to guide that effor myself.  Real thought needs to be put into it; it
> will be at least as much work as the discussions I'm leading on
> packaging practices and git if done correctly.
>
> However it could be very valuable for the project.

The information required for an informed discussion on this topic
is missing.

What is really missing in Debian is an annual report from the
treasurer team covering all trusted organizations, listing the
accounts of all income and expenses as well as the reserves.

Some people are suggesting to spend 6 digit US$ amounts on whatever they
consider important, while other people are spending their precious
Debian time on getting mere 4 or 5 digit amounts of sponsorship for
a DebConf or MiniDebConf.

I don't see how these could both make sense at the same time.

Just from looking at the SPI part I would say that Debian has some
reserves that could be used if needed, but new substantial recurring
commitments would not be reasonable since the long-term situation
is that there are usually < US$ 100k per year in both regular income
and expenses (excluding Debconf earmarks).

Other trusted organizations might show a similar or a completely
different picture - it is impossible to start the budgetary
discussion you are asking for without the status quo of the
Debian finances as a basis.

> --Sam

cu
Adrian

--

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Luca Filipozzi
On Fri, May 31, 2019 at 11:32:42PM +0300, Adrian Bunk wrote:
> On Wed, May 29, 2019 at 07:49:25AM -0400, Sam Hartman wrote:
> > So, there were two $300k donations in the last year.
> > One of these was earmarked for a DSA equipment upgrade.
> > DSA has a couple of options to pursue, but it's possible they may
> > actually spend $400k on an equipment refresh.
>
> The information required for an informed discussion on this topic
> is missing.

If we (DSA) elect to puchase HPE equipment for EU that is similar to the
NA equipment that was donated by HPE (blade enclosure, server blades,
10GE switches, FC storage, FC switches - thank you HPE!), then the
(list) costs are as per above.

However, without an HPE donation or discount, we are much more likely to
follow a less expensive approach: pairs of 2U servers with local
storage, etc. Still not cheap but not multiples of 100k.

If a hardware vendor happens to offer a discounts, then we can stretch
the dollars further. We would love to have HPE or Dell or Lenovo become
an ongoing hardware partner; hmu if you can facilitate.

When we last crunched the numbers, maintaining a 5y refresh (to stay in
warranty, etc.) would require $75k-100k/yr. We've avoided that level of
annual expenditure because we are keeping hardware longer than 5y and
we've had amazing hardware [donations][1].

Before you ask: an insecure hypervisor is an insecure buildd.

[1]: https://www.debian.org/News/2016/20161003.

-----

Personally speaking, I would prefer to keep Debian a volunteer
organization.

-----

--
Luca Filipozzi

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Sam Hartman-3
In reply to this post by Adrian Bunk-3
>>>>> "Adrian" == Adrian Bunk <[hidden email]> writes:

I agree that's missing.

I don't think that is the important information needed to drive the
discussions I'm hoping someone will drive.

Instead I'm more interested in seeing discussions at a high level.

Talking about the issues involved in paying people to do work.
What the options are, collecting people's concerns etc.

I actually think the first round of that can be done without significant
access to numbers.

That said, I'd sure like that anual report (actually I'd love it
quarterly) you speak of above.
I'm not volunteering.  Are you?

--Sam

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Adrian Bunk-3
On Fri, May 31, 2019 at 05:29:42PM -0400, Sam Hartman wrote:

> >>>>> "Adrian" == Adrian Bunk <[hidden email]> writes:
>
> I agree that's missing.
>
> I don't think that is the important information needed to drive the
> discussions I'm hoping someone will drive.
>
> Instead I'm more interested in seeing discussions at a high level.
>
> Talking about the issues involved in paying people to do work.
> What the options are, collecting people's concerns etc.
>
> I actually think the first round of that can be done without significant
> access to numbers.
>
> That said, I'd sure like that anual report (actually I'd love it
> quarterly) you speak of above.
> I'm not volunteering.  Are you?

My biggest high level concern is the income side, since this is the most
difficult part and will likely also be the most controversial one.

If I am driving this discussion the first round will be about the
income side only, to get the numbers what is actually realistic at
the expense side.

Many divisive discussions at the expense side might then not even be
necessary since they could anyways not get financed.

> --Sam

cu
Adrian

--

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Adrian Bunk-3
In reply to this post by Luca Filipozzi
On Fri, May 31, 2019 at 09:04:24PM +0000, Luca Filipozzi wrote:
>...
> When we last crunched the numbers, maintaining a 5y refresh (to stay in
> warranty, etc.) would require $75k-100k/yr. We've avoided that level of
> annual expenditure because we are keeping hardware longer than 5y and
> we've had amazing hardware [donations][1].
>...

For me this implies that Debian should aim at having at least US$500k
reserves, to be prepared if there is no large donation coming for a
future refresh.

> Luca Filipozzi

cu
Adrian

--

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Luca Filipozzi
On Sat, Jun 01, 2019 at 01:50:25AM +0300, Adrian Bunk wrote:

> On Fri, May 31, 2019 at 09:04:24PM +0000, Luca Filipozzi wrote:
> >...
> > When we last crunched the numbers, maintaining a 5y refresh (to stay in
> > warranty, etc.) would require $75k-100k/yr. We've avoided that level of
> > annual expenditure because we are keeping hardware longer than 5y and
> > we've had amazing hardware [donations][1].
> >...
>
> For me this implies that Debian should aim at having at least US$500k
> reserves, to be prepared if there is no large donation coming for a
> future refresh.

Plus another $300k in reserves for DebConf in case those donations don't
come through.

--
Luca Filipozzi

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Holger Levsen-2
On Fri, May 31, 2019 at 10:56:16PM +0000, Luca Filipozzi wrote:
> > For me this implies that Debian should aim at having at least US$500k
> > reserves, to be prepared if there is no large donation coming for a
> > future refresh.
> Plus another $300k in reserves for DebConf in case those donations don't
> come through.

we never had that. how did we manage to survive those last >25y?


--
tschau,
        Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Luca Filipozzi
On Fri, May 31, 2019 at 10:57:51PM +0000, Holger Levsen wrote:
> On Fri, May 31, 2019 at 10:56:16PM +0000, Luca Filipozzi wrote:
> > > For me this implies that Debian should aim at having at least US$500k
> > > reserves, to be prepared if there is no large donation coming for a
> > > future refresh.
> > Plus another $300k in reserves for DebConf in case those donations don't
> > come through.
>
> we never had that.

we do have reserves at SPI; it's why SPI feels comfortable signing hotel
and venue contracts against "commited donations"

> how did we manage to survive those last >25y?

because, thankfully, the donations do come through for DebConf

and because, historically, HPE and Bytemark have donated a lot of
hardware (thanks HPE and Bdale!), no ... but this is no longer the case

--
Luca Filipozzi

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Russ Allbery-2
In reply to this post by Adrian Bunk-3
Adrian Bunk <[hidden email]> writes:

> My biggest high level concern is the income side, since this is the most
> difficult part and will likely also be the most controversial one.

I could well be entirely wrong, but the part that I would expect to be the
most controversial is that, once Debian starts spending project money to
pay people to do work that other people in the project are doing for free,
the project is doing a form of picking winners and losers.  We're deciding
as a project that some people's work is valuable enough to pay for and (by
omission if nothing else) other people's work is not, and for all the good
intentions that we have going in, there are so many ways for this to go
poorly.

If we're only hiring people from *outside* the project, not each other,
maybe that avoids the worst of the problems, but it's still an odd
dynamic.  For example, it creates a perverse incentive for someone to
resign from the project so that they can be paid for the work they're
currently doing as a volunteer.

I'm particularly concerned what will happen if something goes wrong: we
pay someone to do additional work and that work isn't up to the quality
standards that we need.  Now what?  If that person is also a Debian
Developer, we have now introduced an aspect of job performance feedback
into a volunteer community.  While doubtless there are Debian Developers
who are also managers in their day jobs, that's not something anyone is
currently doing *in Debian*.  Managing feedback and consequences for poor
performance is a skill that we are not currently exercising and that is
not trivial to learn.

These problems generally go away with externally-funded initiatives such
as LTS.  In that case, even when Debian Developers are involved, it's
clear that the person with the money is making contract and hiring
decisions, is the person who can decide to fire someone from that contract
if they don't like the work being done, and any decisions made there are
entirely separate from one's ongoing Debian work as a volunteer.  People
still have to decide what they're willing to do for free and what they
want to be paid for, but it helps a lot that LTS is scoped to one specific
problem and has resources such that, if everyone else decides they're not
willing to do LTS support for free, the initiative still survives.  It
also helps considerably that LTS was something we as a project had decided
not to do with pure volunteer resources, so it's a pure incremental on top
of project work.

Maybe we can find more things like LTS that are pure incrementals over
what the project is currently doing, but I'm pretty worried about the
social dynamic of paying people to do core project work that others are
currently doing for free.

I assume the above is the sort of thing that Sam is referring to when he
says that we need to have a higher-level discussion if we're going to
pursue this idea.

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Holger Levsen-2
dear Russ,

once again, many thanks for expressing nicely what I couldnt express
that well. My thoughts exactly.


--
tschau,
        Holger, who first wanted to send this in private to Russ and
        then decided against.

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Ximin Luo-5
In reply to this post by Russ Allbery-2
Russ Allbery:

> Adrian Bunk <[hidden email]> writes:
>
>> My biggest high level concern is the income side, since this is the most
>> difficult part and will likely also be the most controversial one.
>
> I could well be entirely wrong, but the part that I would expect to be the
> most controversial is that, once Debian starts spending project money to
> pay people to do work that other people in the project are doing for free,
> the project is doing a form of picking winners and losers.  We're deciding
> as a project that some people's work is valuable enough to pay for and (by
> omission if nothing else) other people's work is not, and for all the good
> intentions that we have going in, there are so many ways for this to go
> poorly.
>

A lot of people are already paid full-time to work on Debian. Wouldn't it be better to additionally have some other people be paid full-time to work on Debian under a democratic mandate (our voting system) rather than under corporate orders? At the very least, it would be a good social experiment to gain insight from - something like that hasn't not been done much in the world before.

X

--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Russ Allbery-2
Ximin Luo <[hidden email]> writes:

> A lot of people are already paid full-time to work on Debian. Wouldn't
> it be better to additionally have some other people be paid full-time to
> work on Debian under a democratic mandate (our voting system) rather
> than under corporate orders? At the very least, it would be a good
> social experiment to gain insight from - something like that hasn't not
> been done much in the world before.

In an ideal world, with some sort of cooperative allocation of resources
in the context of a mutually supportive society where fundamental human
needs are met automatically, yes, I would love to work out the details of
such a system.

In the messy, mostly-capitalist world in which nearly all Debian project
collaborators are embedded, in which some of us have considerably more
money and resources than others, where costs of living vary *wildly* by
where you happen to live, and where one person's extra and mostly
unimportant spending money is another person's food and rent, I am afraid
that social experiment has a much higher chance to result in very real
losses to the project.  The failure mode here is that we lose contributors
because of hard feelings over who gets paid and who doesn't get paid and
how much they get paid and how they get paid, and the project ends up
weaker and more fragile.

People have strong feelings about money, sometimes even if they don't
think they will.  Not all people, not all the time, but it's a maxim
because on average it's true.  Money ranks right up there with politics
and religion as likely to cause the most drama, the most hard feelings,
and the most misunderstandings.  That's because money is really
complicated: it's not just a way to meet one's physical needs.  It's also
affirmation, it's a measure (sometimes competitive) of worth, and there's
a whole lot of social programming and momentum behind the feeling that who
gets paid is a measure of who is the most valuable.

I respect the desire to try social experiments and be bold, but my counter
question is whether Debian as a project has the right training and the
right people to conduct a proper social experiment *here*, on *this*
particular topic.  Do we have economists?  Psychologists?  Do we know what
the nature of the experiment would be?

For example, you say "democratic mandate," but what *specifically* does
that mean?  Are we going to vote in a GR on who gets paid and who doesn't?
Wouldn't that risk compensation turning into a popularity contest, or at
least being perceived that way?  If we're paying someone under such a
system, is there any accountability if they don't do what we're paying
them for?  Is there someone supervising them, and if so, who?  Or are we
just giving people $X and saying "do whatever you want with it"?  This
stuff is very not easy to figure out.

You rightfully point out that people are getting paid now, and that
payment determines, partly, their priorities in the project.  That's true,
but that payment comes from a huge variety of different sources and there
are very strong social norms in the free software community about what
sorts of things people writing those checks get to determine for the
community and what things they don't.  And we have a lot of ways of
handling when some contributor no longer is getting paid to do something
they were doing, and a firm understanding that this isn't *because* of our
community, although it may be a problem our community has to find a way to
deal with.  These dynamics change a *lot* when the money is coming from
the project itself.  That money is special; it's not just one more company
or foundation or whatnot that is providing resources to aid in a general
volunteer project.  It becomes a loaded statement about what work the
project considers the most important and, worse, *who* the project
considers important to do that work.

It's a real problem for the project that we don't have a better way of
allocating resources, and it hampers us in some ways compared to, say,
Ubuntu or Red Hat, where there is a single, stable funding stream to
maintain the distribution and set firm priorities.  There are some things
we don't do as well as those distributions because of it.  But, for
instance, while I know a lot of people volunteer work for Ubuntu, I
personally have very little desire to do anything with Ubuntu because
people get paid to do that.  Particularly now that my free time is rarer
and more precious to me, doing unpaid work for an organization that also
has paid staff is hugely demotivating.  It's entirely plausible that
paying for resources would mean that Debian would end up with *less*
resources than we have now, if other volunteers feel the same way.

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Ximin Luo-5
Russ Allbery:

> [..] The failure mode here is that we lose contributors
> because of hard feelings over who gets paid and who doesn't get paid and
> how much they get paid and how they get paid, and the project ends up
> weaker and more fragile. [..]
>
> For example, you say "democratic mandate," but what *specifically* does
> that mean?  Are we going to vote in a GR on who gets paid and who doesn't?
> Wouldn't that risk compensation turning into a popularity contest, or at
> least being perceived that way? [..]
>
> You rightfully point out that people are getting paid now, and that
> payment determines, partly, their priorities in the project.  That's true,
> but that payment comes from a huge variety of different sources and there
> are very strong social norms in the free software community about what
> sorts of things people writing those checks get to determine for the
> community and what things they don't.  [..]
> [..]  These dynamics change a *lot* when the money is coming from
> the project itself.  That money is special; it's not just one more company
> or foundation or whatnot that is providing resources to aid in a general
> volunteer project.  It becomes a loaded statement about what work the
> project considers the most important and, worse, *who* the project
> considers important to do that work. [..]

Nobody is suggesting that it won't be a hard problem to get right, but progress isn't made by worrying about all the things that could possibly go wrong. Figuring out a blueprint for organising large-scale work using more directly-democratic principles would have lots of benefits far beyond this project.

Some of the things you talk about are already issues everywhere. For example, "people having strong feelings about money" is already used as justification for companies to keep salary negotiations a secret, even though economists generally have acknowledged that workers get a better deal if salaries are transparent.

Then some of the other things you mentioned are not necessarily downsides. Making a loaded statement about what work the project considers the most important isn't necessarily a bad thing, especially if it stands against the loaded statements that Big Tech already puts out worldwide, that give engineers (including open source engineers) a bad name in front of people that don't know there are less monopolistic ways of creating and using technology.

Injecting a bit of risk into a 25-year old project isn't such a bad thing. We've been at 1k developers for about 10 years now, if I remember my numbers right.

X

--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Ximin Luo-5
In reply to this post by Russ Allbery-2
Russ Allbery:
> [..]
> I respect the desire to try social experiments and be bold, but my counter
> question is whether Debian as a project has the right training and the
> right people to conduct a proper social experiment *here*, on *this*
> particular topic.  Do we have economists?  Psychologists?  Do we know what
> the nature of the experiment would be?
>

How many of us have PhDs that are writing free software being deployed on many thousands of AWS clusters around the world? Then there are also many of us that started by tinkering with our own computers at home and slowly got experience along the way.

> For example, you say "democratic mandate," but what *specifically* does
> that mean?  Are we going to vote in a GR on who gets paid and who doesn't?
> Wouldn't that risk compensation turning into a popularity contest, or at
> least being perceived that way?  If we're paying someone under such a
> system, is there any accountability if they don't do what we're paying
> them for?  Is there someone supervising them, and if so, who?  Or are we
> just giving people $X and saying "do whatever you want with it"?  This
> stuff is very not easy to figure out.
> [..]

Straw man initial proposal:

1. GR for whether this is even a good idea, then
2. GR for high-level budget allocation, then
3. GR to approve/disapprove specific project proposals on spending the budget allocation.

Or, delegate some/parts of this to a team.

X

--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Russ Allbery-2
In reply to this post by Ximin Luo-5
Ximin Luo <[hidden email]> writes:

> Nobody is suggesting that it won't be a hard problem to get right, but
> progress isn't made by worrying about all the things that could possibly
> go wrong.  Figuring out a blueprint for organising large-scale work
> using more directly-democratic principles would have lots of benefits
> far beyond this project.

Yup, this is fair, and I admit that I tend to see the problems more
readily than the opportunities.

My core point is that I personally don't believe this is the right
experiment for us.  I don't think Debian is the right organization to try
this.  I don't think we have the expertise and the muscle in the right
places to be the project to lead in this specific area.

However, this is just my opinion, and I don't want to try to persaude you
too strongly, because if you're right and I'm wrong and we can make this
work, it would be a very neat positive development.  Funding free software
development is an enormous problem right now that desperately needs
options other than controlling sponsorship by for-profit companies with
all the baggage that carries.

> Then some of the other things you mentioned are not necessarily
> downsides. Making a loaded statement about what work the project
> considers the most important isn't necessarily a bad thing, especially
> if it stands against the loaded statements that Big Tech already puts
> out worldwide, that give engineers (including open source engineers) a
> bad name in front of people that don't know there are less monopolistic
> ways of creating and using technology.

I think I'm coming from a place where I feel like our community is still
rather fragile, and I'm worried about putting more stress on it by making
those sorts of loaded statements.  But yes, it's entirely possible that
I'm being too cautious.

I will say this: we only have the energy to make a small number of big
bets like this.  If we work on funding development, we're *not* going to
work on most, if not all, of the other big bet ideas that the project
could work on.

Now, that's possibly better than not working on *any* big bets, and we do
have a tendency to default into not changing anything, and that isn't
going to serve us well in the long run.  I'm in favor of picking something
big and going for it.  But I think we should pick one or two big things,
no more, and try those things until they reach some agreed-upon conclusion
before adding more on.

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Eldon Koyle
In reply to this post by Russ Allbery-2
On Fri, May 31, 2019 at 5:08 PM Russ Allbery <[hidden email]> wrote:

>
> Adrian Bunk <[hidden email]> writes:
>
> > My biggest high level concern is the income side, since this is the most
> > difficult part and will likely also be the most controversial one.
>
> I could well be entirely wrong, but the part that I would expect to be the
> most controversial is that, once Debian starts spending project money to
> pay people to do work that other people in the project are doing for free,
> the project is doing a form of picking winners and losers.  We're deciding
> as a project that some people's work is valuable enough to pay for and (by
> omission if nothing else) other people's work is not, and for all the good
> intentions that we have going in, there are so many ways for this to go
> poorly.

I think this is a very real concern.  What if payment was structured as task
bounties rather than hiring full-time employees? Then the payment becomes
an acknowledgement that a task is undesirable or time consuming, rather
than a status symbol.

--
Eldon Koyle

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Ondřej Surý-4
In reply to this post by Russ Allbery-2
It might be worth looking on how other organizations in our ballpark are doing stuff.

f.e. IETF/ISOC is in similar situation to Debian/SPI. I am not directly involved in looking into IETF financials, but they have contracts for certain functions (Ops, RFC Editor to name few, for full list see https://iaoc.ietf.org/contracts.html).

I agree that crunching the numbers must be a first step, then next step might be identifying roles within the project that can have clear job descriptions, that might also include roles that we currently don’t have because it can’t be filled by volunteers work. Then this must also include balancing whether we can improve the function if the function is contracted and there are “hard” requirements.

Personally, I don’t have any problem with paying people with Debian money if the competition for the function is transparent (thus done by third party in our case), time-limited and clearly specified so we can end the contract if the conditions are not fulfilled by the other party.

Ondrej
--
Ondřej Surý <[hidden email]>

On 1 Jun 2019, at 01:07, Russ Allbery <[hidden email]> wrote:

Adrian Bunk <[hidden email]> writes:

My biggest high level concern is the income side, since this is the most
difficult part and will likely also be the most controversial one.

I could well be entirely wrong, but the part that I would expect to be the
most controversial is that, once Debian starts spending project money to
pay people to do work that other people in the project are doing for free,
the project is doing a form of picking winners and losers.  We're deciding
as a project that some people's work is valuable enough to pay for and (by
omission if nothing else) other people's work is not, and for all the good
intentions that we have going in, there are so many ways for this to go
poorly.

If we're only hiring people from *outside* the project, not each other,
maybe that avoids the worst of the problems, but it's still an odd
dynamic.  For example, it creates a perverse incentive for someone to
resign from the project so that they can be paid for the work they're
currently doing as a volunteer.

I'm particularly concerned what will happen if something goes wrong: we
pay someone to do additional work and that work isn't up to the quality
standards that we need.  Now what?  If that person is also a Debian
Developer, we have now introduced an aspect of job performance feedback
into a volunteer community.  While doubtless there are Debian Developers
who are also managers in their day jobs, that's not something anyone is
currently doing *in Debian*.  Managing feedback and consequences for poor
performance is a skill that we are not currently exercising and that is
not trivial to learn.

These problems generally go away with externally-funded initiatives such
as LTS.  In that case, even when Debian Developers are involved, it's
clear that the person with the money is making contract and hiring
decisions, is the person who can decide to fire someone from that contract
if they don't like the work being done, and any decisions made there are
entirely separate from one's ongoing Debian work as a volunteer.  People
still have to decide what they're willing to do for free and what they
want to be paid for, but it helps a lot that LTS is scoped to one specific
problem and has resources such that, if everyone else decides they're not
willing to do LTS support for free, the initiative still survives.  It
also helps considerably that LTS was something we as a project had decided
not to do with pure volunteer resources, so it's a pure incremental on top
of project work.

Maybe we can find more things like LTS that are pure incrementals over
what the project is currently doing, but I'm pretty worried about the
social dynamic of paying people to do core project work that others are
currently doing for free.

I assume the above is the sort of thing that Sam is referring to when he
says that we need to have a higher-level discussion if we're going to
pursue this idea.

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Philipp Kern-6
In reply to this post by Luca Filipozzi
On 5/31/2019 11:04 PM, Luca Filipozzi wrote:
> Before you ask: an insecure hypervisor is an insecure buildd.

Are we then looking more closely at AMD-based machines given that those
had less problems around speculative attacks?

Kind regards
Philipp Kern

Reply | Threaded
Open this post in threaded view
|

Re: Realizing Good Ideas with Debian Money

Ondřej Surý-4
In reply to this post by Russ Allbery-2
Again I would suggest looking at https://tools.ietf.org/html/rfc4071 as a start to learn from the experience of others.

It’s a change in paradigm, but somehow I feel that this is needed if we want to keep up to par with other parties in the same field.

P.S.: At no point of time I am speaking about packaging work paid by Debian, but there are other functions that would benefit from having staff on full time dedicated to that function and being accountable to the Debian project and not to their employers.

Cheers,
Ondrej
--
Ondřej Surý <[hidden email]>

On 1 Jun 2019, at 06:12, Russ Allbery <[hidden email]> wrote:

Ximin Luo <[hidden email]> writes:

Nobody is suggesting that it won't be a hard problem to get right, but
progress isn't made by worrying about all the things that could possibly
go wrong.  Figuring out a blueprint for organising large-scale work
using more directly-democratic principles would have lots of benefits
far beyond this project.

Yup, this is fair, and I admit that I tend to see the problems more
readily than the opportunities.

My core point is that I personally don't believe this is the right
experiment for us.  I don't think Debian is the right organization to try
this.  I don't think we have the expertise and the muscle in the right
places to be the project to lead in this specific area.

However, this is just my opinion, and I don't want to try to persaude you
too strongly, because if you're right and I'm wrong and we can make this
work, it would be a very neat positive development.  Funding free software
development is an enormous problem right now that desperately needs
options other than controlling sponsorship by for-profit companies with
all the baggage that carries.

Then some of the other things you mentioned are not necessarily
downsides. Making a loaded statement about what work the project
considers the most important isn't necessarily a bad thing, especially
if it stands against the loaded statements that Big Tech already puts
out worldwide, that give engineers (including open source engineers) a
bad name in front of people that don't know there are less monopolistic
ways of creating and using technology.

I think I'm coming from a place where I feel like our community is still
rather fragile, and I'm worried about putting more stress on it by making
those sorts of loaded statements.  But yes, it's entirely possible that
I'm being too cautious.

I will say this: we only have the energy to make a small number of big
bets like this.  If we work on funding development, we're *not* going to
work on most, if not all, of the other big bet ideas that the project
could work on.

Now, that's possibly better than not working on *any* big bets, and we do
have a tendency to default into not changing anything, and that isn't
going to serve us well in the long run.  I'm in favor of picking something
big and going for it.  But I think we should pick one or two big things,
no more, and try those things until they reach some agreed-upon conclusion
before adding more on.

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>

123