Ongoing discussions to narrow down the general criteris for a formal criteria of a Debian Trusted Org

Update: See https://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria for final resolution of discussion.

Purposes?

Notes

Constitution

Section 9 of the constitution deals with Assets and Trusted Organizations http://www.debian.org/devel/constitution#item-9

9. Assets held in trust for Debian

9.1. Relationship with Associated Organizations

9.2. Authority

9.3. Trusted organisations

bgupta's original proposal

  1. Organization is incorporated as a non-profit and can legally hold assets in the organization's name
  2. The leadership structure of organization must have at least three Debian Project Members
  3. At least 50% of the leadership structure of the organization must be Debian Project Members
  4. The organization is willing to hold assets on behalf of Debian
  5. The organization is willing to sign a contract agreeing to only transfer, spend, or use those assets on authorization of the Debian Project Leader or a designated delegate. (Not sure if we want DPL only, or leave DPL flexibility to delegate signatory rights on certain assets. If we do, the delegation almost certainly must be revocable. Perhaps better to leave DPL only.)
  6. Organization must be willing and capable of providing detailed reports of asset transfers and balance sheets on a quarterly basis
  7. Mission of organization should be in support of Free Software
  8. Even if all other criteria are met, it will be at the final Discretion of the DPL to decide if they are to be authorized as a TO.

Additional thoughts:

  1. Can the designation be revoked? (I'd think yes, if they aren't meeting the criteria of being a TO, or DPL otherwise feels needed, if for some reason the affiliation is no longer beneficial to Debian.)
  2. Anything about mission of organization? Perhaps something about Free Software? IE: I can't think of great examples, but if there were a non-profit run by Debian Project Members, but it was say, an educational organization would it be suitable?

lucas's counterproposal (with zack's comments/responses as sub-bullets)

Debian Trusted Organizations (TO) are organizations that hold and manage assets on behalf of the Debian project. The list of TOs is maintained by the Debian Project Leader (following Debian Constitution 5.1.11 and 9).

Generally:

Comments: