 public interest birds of a feather session with a SPI board or a subset of the SPI board. We have Badele Garby, who's the president. We have Michael Schulteis, who's the treasurer. Jonathan McDowell, who is the secretary. And Jimmy Kaplowitz, who is the director. So everybody, welcome to the board here. And I'm not sure, Michael, are you starting off? Thanks for coming to the SPI BOF. Our brief agenda is an introduction of the board members and officers we have here, which has already occurred. Then we have a brief overview and history of SPI, a slide showing our associated projects, a slide about our financial status, and then a question and answer section. At DEPCOMP 10, we have half of the board of directors of SPI present, Badele, Jonathan McDowell, myself, and Jimmy Kaplowitz. Joshua Drake, who is involved in the Postgres project, was originally scheduled to attend DEPCOMP 10, but due to scheduling difficulties, he was unable to make it. We also recently had board elections. For the past several years, we have had a nine-member board of directors, but we had five open seats this time and four people running for their seats. So we shrank down to our minimum size of eight people on the board of directors. SPI is software in the public interest. It's a nonprofit organization which was founded to help organizations develop and distribute open hardware and software. It's an organization that holds Debian funds in the United States. It also has assets such as the Debian trademark, local domain names for Debian projects, as well as the copyright to the Debian logo. I was just going to amplify slightly. One of the things that's interesting about having DEPCOMP not only in the United States but in New York is that we're actually incorporated in the state of New York as a New York corporation. So even I guess Jimmy's the only person who's on the board who's currently a resident of this fine state. For legal reasons, this is where the corporate headquarters are. So just an interesting little factoid here. This is a brief history of SPI. As B. Dale mentioned, we were incorporated in the state of New York. That happened on June 16th in 1997. In 1999, the United States Internal Revenue Service granted SPI 501C3 tax exempt status. That means contributions from donors within the United States may be tax-aductible. SPI was originally started to serve the needs of Debian, but it's ground to serve many other additional free software projects. This slide lists the associated projects of SPI. We have OSUNIX, which is an open-source version of Solaris. There's PATH64, which is a high-performance compiler. CITIX is a Debian-based distribution, which is based on the SID or unstable version of Debian. Of course, there's Debian itself. The OFTC IRC network, open office.org, free desktop.org, Provoxy, mad Wi-Fi, Fresco, Postgres, Yaffare, OpenVas, Tux for Kids, Gallery, the Helios Project, Open Voting Foundation, OpenWRT, and Drupal. And I apologize if I missed anything. Oh, GNU Tux Max. That was joined SPI several years ago and hasn't been very actively involved in SPI, but they still do have a non-zero financial balance with SPI, so I assume they're still somewhat associated. This is the financial status of SPI as of June 30th. As you can see, Debian has a fairly significant balance. Most of those, or a good portion of those, Debian funds will be spent paying for the DEF CONF-10 conference. But there are several other projects that have non-zero balances. And if you have any questions, feel free to ask me about that since I'm the SPI Treasurer. SPI membership is open to anyone who is interested in applying for membership. There are two different types of SPI memberships. There's what's called non-contributing, which doesn't give you voting rights in SPI. Then there are contributing membership. You can find out more about the membership at the URL at the bottom of this slide. As of yesterday, there were 847 current members, including 405 non-contributing and 442 contributing members. And all of our SPI board meetings are held in the SPI channel on OFTC. We also have several mailing lists. You can go to list.spi-inc.org to find out more about our mailing list. You can also talk to half of the board here at DEF CONF-10. And that's all we have in our slide deck, so we'll open it up to questions. Any questions? Well, I have a question for the people who aren't asking questions. Since you don't have questions, why are you here? What made you interested in coming to this talk? What's your interest in SPI? I'll answer, but it's really not a bad, it's not a good answer. It's just way overcrowded. I'll comment. It's very interesting because a number of years ago, we had some serious process problems in SPI. There's the sort of infamous issue of a box of materials that were in the hands of our then-treasurer going missing and a lot of checks not getting deposited and having to go back to donors and apologize either for losing their checks or whatever. One of the things that I think is something I think that all of us on the board are particularly proud of is that it's been years now since we've had any of that kind of unpleasantness going on. Things, for the most part, are just working pretty well, and we've been gradually accreting more projects. If you think about it, back in 1997, when we were first incorporated, the whole motivation was that there needed to be some legal entity in the US to hold various assets on behalf of the Debian project. One of the wonderful things about Debian, after all, is that it's an organization of volunteers who've made common cause, but there's no particular company behind it. It's one of the things that really substantially differentiates us from many other Linux distribution activities. And at the same time, in order to be able to accept donations of hardware from certain companies who wanted the tax benefits of making a donation in order to be able to accept financial donations from individuals and have them able to get the tax benefits that you can have of donating to a recognized non-profit corporation in the US and things like this on whole domain names and trademark paperwork and all these sorts of things, we needed to have a legal entity somewhere. And thanks to the folks who were motivated to do the work, we got one in the US. It's actually kind of cool now, if you pay attention to such things, there are a number of organizations in other parts of the world. You know, we've got FFIS, I guess, in Germany. There's the Association Software Lever in Brazil and various other organizations around the world that are holding assets on behalf of the Debian project. And so SPI is now just one of a set of organizations holding legal assets and financial contributions in different parts of the world when you look at this from a Debian perspective. But simultaneously, SPI has gone broad. The original charter was written sort of expansively with this notion that if we're going to go to the trouble of incorporating and getting 501c3 tax exemption status, which is non-trivial, no matter how good your lawyers are, it takes a year or so to get through all that paperwork. If we were going to do that, we might as well take a more expansive view of the world. And as you can see from our associated projects list, there are a lot of interesting projects now that are taking advantage of our services. Some of them are a little higher overhead to deal with than others, but all in all, I'm just tickled that this mechanism we built has been able to survive that test of time and that we've seen both this expansion of other organizations holding assets in other countries for Debian so we aren't always getting nailed with international funds transfer and asset transfer legal constraints. And at the same time that we've been able to expand the role of SPI to provide that same set of services to a lot of other really worthwhile projects. Anyway, you know. So I guess kind of two things that I was just going to say, I thought of is that I mean I have to agree, I think you guys have been doing a great job lately. I mean I've actually followed the mailing list, I do pay attention to the SPI traffic in part because I'm also involved in a great deal with Postgres. And I was really happy to see that project start working with you guys and I know Josh Drake's now a member on the board and I think that's all great. I guess the only thing I was wondering is I know there was a point at which and I don't know if this was really in confidence or whatnot but it was expressed to me some concern about using SPI for Postgres and for that project. I don't know if you guys know anything, I mean is everything going kind of well in that? Oh, yeah, okay. I think things are actually going really well. There was a point in time where we had some turnover in the membership of the board and for some folks that was an enabler where all of a sudden they said, okay well people we didn't necessarily want to deal with aren't there anymore. In other cases it's like oh well the people we like to deal with aren't there anymore. So there were a few sort of transitional things over who the people were on the SPI board. That was a few years ago and since then things have in that regard been very calm I think because it's all maybe we've had fewer strong personalities duking it out with each other in board meetings. Maybe it's something else I don't know but the sense I have today is that the only sort of lingering problem if you want to call it that is that such a high percentage of the people on the board would list Debian as their primary project affiliation. You know on some level I would love to see people running for the board to get board seats who would list some other project as their primary affiliation. Having Josh on there from the Postgres QL community is wonderful but you know it'd be great to see folks from other places. On the other hand you know I was talking to Keith about the Keith Packard about this before the last election sort of pointing out that you know by the way poke poke this is the time of year where if you wanted to bring somebody forward from the free desktop world or something and his reply was why would I you guys are doing fine. And so there's this sort of funny trade-off if you look at it you know there's a bunch of Debian folks on the board and doing things for SPI you know we originally created the corporation because Debian had a need and so I'm not too bothered by that correlation it's we're not there because we're trying to push a Debian agenda it's just you know this is a set of services the project needs and we're happy to provide those to other people too but I know that sometimes people who don't know us very well look in from the outside and go ah it's just a bunch of Debian guys. I also want to use a VDL term amplify a couple of the things VDL has said in his answers you know I don't think there was anything quite like SPI back when we started in 1997 and now as he's mentioned there is the Software Freedom Conservancy Association Software Libre FFIS and I I mean there are some other organizations as well that serve one project like Python Software Foundation Free Software FreeBSD Foundation that's all great as well but no foundation good example which they started their own foundation after formally being SPI affiliated. I just think it's you know another form of SPI going broad and serving many different needs is people adopting aspects of SPI's model that they like for their own organizations in other countries or in the US when they want to do things a little differently and I think that's great similar to how organizations in the cooperative movement are not competitors with other cooperatives I think it's great that we've sort of helped cooperate into a whole system of umbrella organizations which was a great innovation back in the 90s and still is. My name is Jack Farahur. The question is as a 503C are you allowed to lobby political organizations and institutions and do you? No we do not and we're not legally allowed to do so there are certain exceptions where you can make limited lobbying but it's best not to perform any lobbying at all so you don't get in trouble with the IRS. If we wanted to do any more political activities or lobbying or legislative that would be best done with the creation of an additional legal entity or more than one and if we wanted to do that it would take sufficient interest and manpower. The only other thing I'd add to that is people have asked us at various times well what else can we do what else would SPI like to do and my answer has always been that if SPI contributing members have things that they would like to do in the name of the corporation they should come and have a conversation with the board about it and if it falls within our charter and the boundaries of our legal permissions that we're very likely to have a conversation with the board about it and I think the key benefit of it is that my focus and that of I think most of the current board members has been on getting the small set of things that we've absolutely committed to our associated projects we would handle on their behalf so they didn't have to think about it didn't have to worry about it and that would be our problem not theirs and get those right and you know if we run the clock back to that period of time it's all of that right so everyone trusted that we knew how to do those things and so forth I'm very pleased that that's all sort of history now and everything's good and everybody's seems to be quite satisfied with the services we're providing but when given the choice I'd rather you know stay focused on a small set of core services and get those absolutely perfectly right than to you know add more activities that may very well have some other possible home that would be just as reasonable place as a another one of those none of us are paid to do any of the things that we do so if other volunteers who are part of our contributing member base would like to you know propose other activities that they would like to do on behalf of and in the name of SPI the board is always willing to hear proposals like that. I have usually quite some concerns with people willing to take over open source project usually and SPI is probably a good target for them what kind of protection those SPI has in constitution or other parts to protect from being taken over and has there been some sort of maybe duplicating organization in smaller so I actually the whole notion of sort of being subverted or taken over by bad actors you know who don't have our best interest at heart is something that we have been talking about a lot I personally think it's an over stated risk in a lot of places and watching certain other organizations that I've tried to provide some advice and guidance to navigate this whole space I've been disappointed how timid people are sometimes but in the SPI case I think that our current structure has two very significant protections against that kind of activity one is that in order to have a vote in the election process you have to be aware that the committee is reasonably generous with granting contributing membership but there is you know a real litmus test there around the notion of are you an active participant in the free software process are you making contributions to some project are you a member of one of our associated projects that sort of thing so there would be no straightforward easy mechanism for you know a bunch of barbarians that show up at the gate and magically have voting and the second piece is that under our current bylaws and current set of behavioral processes we don't reelect all of the board every year it staggered over a three year term and so as a consequence it was a strange situation this year that we actually had five board seats open that would not normally be the case and it just has to do with links of service and when people filled gaps and all of this sort of thing there is a lot of debate about the merits of having this kind of a rolling board versus just reelecting everybody every year and I'm not of hugely strong opinion on this but many other successful 501 C3s that I've been a part of or have observed in the past have used this sort of rolling board thing and has the potential both to provide some continuity across you know an annual election process but also I think it does provide some protection against you know being deeply gamed. I feel free to add this if it's not what I'm going to say but given that we are a 501 C3 we can't be taken over into a for profit entity all of SPI's assets are permanently dedicated to charitable non-profit public purposes we could transfer assets as a project's request to say the Software Freedom Conservancy or probably FFIS or other groups but we can't transfer them to say Microsoft for their general use even if Microsoft wanted us to and paid us a lot of money. Perfectly said. I'm Karen Sandler I'm with the Software Freedom Law Center so as a lawyer sitting here I just wanted to say oh there's one more question. So beyond just transferring assets if software in the public interest were to conduct its activities in a way that didn't support Freedom Conservancy or software as per its non-profit mission the IRS when it looked at the annual reports would probably have a big problem with it so just the 501 C3 status is some assurance about it being gamed. No thanks that's great and you know this is part of what I was saying earlier that the process of acquiring that status is that we have as board members is to make sure that all of our activities remain in compliance with relevant laws. It's one of the reasons we've been so pleased to see certain projects Debian included taking advantage of similar services being offered by other organizations in other geographies and other legal systems around the world is that's another interesting sort of protection in this particular case you know not all of Debian's assets are in SPI's hand some of them with FFIS some of them are in Brazil which is on one of the lists recently from the Debian auditor I guess is the title of that role now and it was really quite interesting to me I had not been paying enough attention to realize that as significant a percentage of Debian's assets are sprinkled around in various places as they are and I think that's very healthy for the project so it also means when we're trying to do things like reimburse expenses for people in Europe or in South America or something we aren't constantly being burned by international money transfer fees which we all know how to deal with it but it's not cheap what do contributing members do what's the range of volunteers you're looking for yeah we would really really like to throw out our current website infrastructure and replace it all if I end up doing it I'll end up being you know icky wicky and get but yeah we have this sort of problem it's a classic problem every volunteer organization has somebody has a great idea they implement a bunch of infrastructure it works fine as long as they're there to massage it and care for it and when they're gone other people are gonna go what is this and how does it work and so you know it's not a big deal but we sort of would love to fix that at some point that's probably the biggest thing that we as a board care about right now you know there are various tasks that come up from time to time we've committed to scrubbing the contributing membership list I guess around the time of annual elections to make sure that we aren't accumulating no longer active participants and messing with quorum numbers over time and that sort of thing and I suspect that someone were interested in helping massage the database that something could happen at some point but no on a day-to-day basis there are not a whole lot of tasks that are just sitting around lacking attention I would encourage people when the board elections come around next year if this is something you're at all interested in or have friends that you'd like to poke with sharp sticks to have them stand I would much rather have more candidates than seats than the other way around so I guess two questions just popped in my head from that is which database are you using it's Postgres backed it's the websites currently blown running on top of Postgres okay and then the other question I was wondering about is how are you going to how is the scrubbing of the membership list going to work I'm just curious about the you know like notify people we're going to take you off for I'm also on the SPI membership committee in our current bylaws we have the means to basically inspire people several years ago there was actually an automated process to you basically set the expiration date and then some system would automatically email someone saying hey do you still want to be a contributing member unfortunately we don't seem to know how to make that work anymore so in addition to the main website we also need assistance in updating the membership website because we have quite a few issues with that not functioning the way that we would want it to for 100% functionality so in the current board resolution that was made some months ago we agreed that after the board election we'd send people who didn't vote now in this case no one voted but we'll we'll send people who are contributing members of status ping saying hey are you still involved in the community do you still want to be a contributing member and if they respond great they'll stay if they don't then they'll be reversibly not permanently downgraded to non-contributing and if they want to be re-upgraded and still meet the criteria which any member of a associated project like Debian or Postgres automatically does then they can certainly be getting contributing status this will mainly just the motivation for this is partly just to ensure the contributing membership means something but also BDL alluded to quorum requirements there are some major improvements that we could make in our bylaws but we have to get a certain percentage of our contributing members so quorum requirements do actually matter yeah I forgot I've been saying for years that would be wonderful if someone just like sit down and fix our bylaws and we have conflicting opinions about the right fixes we have no conflict at all about the fact that what we currently have is self-contradictory and impedes progress the language and the bylaws around when we are supposed to hold meetings and what we have to do to hold a meeting for example is did not comprehend monthly board meetings on IRC and so nobody's likely to call us on it and the bylaws have a set of requirements which we do our best to meet in the context of wanting to operate in a more responsive and more modern way so I guess regarding that do we have reporting obligations to the IRS or other folks yes and we actually do file IRS reports every year you can check websites like guysdar.org you can see our 990s okay so but we don't have to principally we have to report to the IRS so we don't have to report to the federal trade folks or anything like that okay nothing with the federal trade commission or FCC or anything like that we also actually do more reporting than we have to for example in our meeting agendas and I think our meeting minutes as well and also on the contributing member SPI private mailing list the first two locations that I mentioned are public we give monthly treasure reports similar to what Michael showed plus incoming expenses and we're generally a lot more open than we're required to be so there's a lot of ways to see what we do that's also led to the interesting situation that the last three or four years we've briefly had a conversation about do we need to generate an annual report to our contributing members and we always sort of lean back and go back to the report on that isn't already where they can click and get it and the reality is it would probably be a nice thing for us to do to create some kind of you know at least a token object that had links to the right places or something but it is quite interesting that unlike some other 501c3s serving the free software world we do have all of our board meetings on a completely open channel and things like this so there's just very little at any given moment that you know our contributing members don't already have access to that would you know lend meaning to the process of generating something like an annual report to members so if somebody really wants to draft an annual report for us we volunteer as always welcome any other questions well thank you very much for your time and your attention now you know what we look like we'll be around the rest of the week if you have questions or thoughts or ideas for us feel free to let us know please tell your projects about us have them get more involved pay attention to us