CPP: Commitments, Policies and Processes

Librehosters Commitments, Policies and Processes

Librehosters form a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms. Our values connect transparency, fairness and privacy with a culture of data portability and public contributions to the commons.

An objective of this network is to gather initiatives of various online service providers offering free software based solutions, enabling the public to choose services according to their needs.

Other objectives include sharing of infrastructure, knowledge and techniques, co-learning and helping participants transition from user to service provider.

Integrity is key in these commitments, aiming to ensure reliability of offered services and the users’ confidence towards them. Librehosters are expected to respect and uphold these community standards including any codes of conduct.

Solidarity and Cooperation

  • Librehosters create bonds of solidarity around the core principles of the network.

  • Librehosters help and assist one another, both online and offline.

  • Librehosters share knowledge and techniques.

  • Librehosters promote the network’s values.

  • Librehosters seek service replicability and share their configurations with each other.

  • Librehosters cultivate self-reflection by nurturing ongoing dialogue and active listening.

Free Software and Public Contributions to the Commons

  • Librehosters’ servers and services run on free software. The software should allow others to reproduce the service without requiring additional development relative to the server structure or to the software itself.

  • Librehosters use open formats, especially for publications. Their sources should also be made available if relevant.

  • Librehosters respect the terms of the free software licenses they use (including mentioning these licenses, linking to the source code, etc.).

  • Librehosters contribute to the free software ecosystems, communities and projects used.

Transparency and Fairness

  • Librehosters publicly display a policy regarding the administration of user accounts. The Terms of Service (TOS) must be clear, accessible and not in contradiction with the librehosters’ values.

  • Librehosters clearly express their economic model on a page that a user can easily find and understand.

  • Librehosters do not exploit personal data. User data is only used for internal administrative or technical purposes.

  • Librehosters review applications and evaluate them carefully (!awaiting sentence etc.!).

Privacy and Data Portability

  • Librehosters enable users to access, export and recover their personal data when possible.

  • Librehosters provide encryption at no additional cost: encryption is a key element of safeguarding privacy and the freedom to communicate; as such, it is considered a right and not to be merchandised.

  • Librehosters provide software with end-to-end encryption when possible.

  • Librehosters do not tamper with network traffic transmitted through their services or inspect their contents. No network communication protocol is privileged in the distribution of information.

Policies and Processes

Public Relations

The network having no official status, no one is allowed to speak in its name without first gaining the approval of the members. However, every member is encouraged to spread knowledge of the collective freely.

If needed, the collective will be permitted to speak (collectively) through press releases made available on the libreho.st domain: to welcome a new member, to state a position on a news topic, etc.

Structures of the Members

Librehosters can be non-profits, individuals, businesses, collectives or other legal forms.

Each librehoster will appoint a unique delegate or delegation (and inform in case of replacement) who will be the main contact with other members. Either a single person or a group, so long as it is simple and obvious to establish contact using a single e-mail address as specified in the on-boarding process.

Each librehoster will publish a web page presenting the offered services. That URL will serve as reference during exchange with members of the network.

Functioning of the librehosters network

Librehosters is not a formal organisation. Decision making is carried out by the current members of the network. Librehosters are invited to participate in the collective decisions as much as possible, in a consensual manner. In case no consensus can be reached, we aim for rough consensus.

The libreho.st domain is managed and hosted by the members of the network. It presents a web site containing the member directory as well as links to other tools allowing exchange between members.

Processes for joining and leaving

How to join the network?

Any organisation respecting these values and principles can ask to become a member. To be accepted as a member, the organisation will have to follow the on-boarding process for joining the network.

When an application is received it will be evaluated by other members of the network for a period of at least a month during which the application will be brought to the attention of the monthly online network meeting. After discussion and potential adjustments, if there are no objections and sufficient support of the network, an organisation becomes part of the network.

How to leave the network?

Process to leave the network is activated in the following cases:

  • Voluntary self-removal
  • Break of commitments
  • End of member’s services

These processes will be more clearly defined in future meetings.

Code of conduct

There is a proposal for a code of conduct in progress.

Incident processes will be more clearly defined in future meetings.

This document was inspired by the CHATONS manifesto.


We had a brief discussion about this at the Webarchitects management committee today and a few queries arose.

Why would we not want to sell encryption related services? What if a client requests a EV rather than a DV cert would this have an impact on that?

Passing client email through SpamAssassin could be understood to be included in this?

1 Like

The idea is to not provide a separate cost for encryption and encourage encryption in the basic package.

EV (Extended Validation) implies extra checks that must be done by dedicated work. This work is not encryption, it’s extra administrative work that you should be paid for (and IMO, you should be paid extra to take any administrative work as this is taxing on your mental health.)

Right. Please provide a better way to handle this case. :slight_smile:

Thank you for your scrutiny!

1 Like

Hmmm, interesting point. The original inspiration was the “Neutrality” section of https://chatons.org/en/manifesto which also reads ambiguously with this in mind. Of course we want to “discriminate” against spam … we’ll need to be less ambiguous here.

Thanks for your review @chrisc and co.

Ah, did we have a further sentence for this or it can be removed?

So, question now. I will be bringing a proposal to apply to join the network with the collective I am a member of. The aim of our hosting efforts are to support members and friends. Some services are publicly available (like the git hosting and etherpads) but this not “officially” advertised.

Now, I remember in the CHATONS manifesto, under “Solidarity and Dissemination” we saw:

Members of CHATONS must however not stick to themselves and be satisfied with a limited number of users, as this could cause discrimination in the access to services. On the contrary, all communication efforts toward the public are encouraged as a way to disseminate FLOSS based solutions and to create bonds of solidarity around the core principles defended by the collective. These efforts must be mutualised and can take the form of online courses, public information meetings, booths during events, conferences, publishing booklets, etc.

I know we did not include this in the document but it is a concern from the collective I am a part of. At this early stage in the network, the “scope” of what is acceptable for the network is not clear. Can small, more locally based and functioning collectives find a place here? A lot of our efforts are to do with publicising and facilitating critical discourse on technology. I think that could be seen as a method of “online courses, public information meetings, booths during events, conferences, publishing booklets, etc.”

I think it’s important to clarify this point. A lot of cultural institutions might function like this and there will be similar questions on whether they “fit” or not. It should be easy to see if you should join the network or not. Thoughts?

I think this is a crucial question. It is like the copyleft discussion (BSD vs GPL). Do you want to have enforced growth or not? I actually think a self-sufficient provider should be able to be part of the network as well. Seeking out to expand entails a certain aggressiveness.
I also think it might be quite some high expectations to not only provide the administrational and technical work, but also the social one. And also somewhat uncomfortable and unproductive for some…

And for the actual topic, first a disclaimer: I really like the idea of the project, but the shape right now is something I heavily criticize. Take this text as a proof-reading and commenting on it.

First, the very concrete remarks I have:

The formulation is a bit weird for such a document. Not “an objective” and “other objectives” or including something… Everything should be formulated as an intention:

This network gathers initiatives of various online service providers offering free software based solutions, enabling the public to choose services according to their needs.
The network aims at sharing of infrastructure, knowledge and techniques, co-learning and helping participants transition from user to service provider.

As much as I like this as a general concept in life, and also for running services, I have a really bad feeling in writing such a thing into the principles. I actually think such a point would mainly help people who want to cause trouble and annoy others.

That is a legal requirement anyway, isn’t it? If the licence is not respected, the authors can sue the provider.

And if a one-man project does not have the time or even the intention of doing this? Is it not a valid point to be simply a provider of some services and not more?

What is meant by that? I would say it needs clarification.

I really like this point. In Germany, when founding a Verein, the definition of who is actually allowed as a member usually causes trouble. :slight_smile:
And in international context it is even more problematic. I would just say “any legal entity by its country of origin”, without going into detail. Or not even requiring that. I guess there are many providers out there who are very well in agreement with the statutes, but have no legal status. It is just somebody hosting a service on a website. Looking at the free software world, the majority of the projects is not represented by a legal entity. I do not know how to formulate this in English, a native speaker would be helpful here.

More generally speaking, some issues I see in general:

  1. I really see the “free software” part as problematic. Everybody knows about the actual problems to define the boundaries of software, or when blobs come into use, or when for some things simply no adequate free software is available (ubiquiti management anyone?). What would happen with a provider in such a case?
    Also, actually most of the small service providers which do not target businesses only of this world actually use free software anyway. It is simply a matter of practicability to use Linux with a free software mail toolchain, Apache for web, etc.

  2. Decision making process. I do not know if this is supposed to be in the CPP, or if this actually belongs into the “rough consensus” thread, but I think this should be stated somewhere, or at least another document should be referenced that defines the working principles of working groups or the whole network.

  3. (Non-)commerciality is a very difficult construct legally, but many seem to be very emotional on this topic and might see it as part of librehosters. I guess that should be addressed somehow (I know I was criticizing just that paragraph above), but do not have a clear idea yet, how.

  4. Overall, I think some more reflection is required on what librehosters is supposed to be. This CPP reads in parts as “fair business rules”, in others as “anarchy for the world!!11”. The overall trouble the hacker scene has at the moment to find its place, somewhere in between big money funding security research, the maker scene, free software, hamradio, movie release crews and media piracy, etc. …
    Is it supposed to be an elite ascetic group of providers which fulfill all these goals? Is it a group of hosters which mainly want free software and some transparency? Or is it a group of hosters which just want to make sure that you know what you get?
    While writing this, I was actually thinking: What about the elite group, which then also has “labels” to describe the actual fulfillment of its own rules so that others can comply where they want (but not become part of the network)? A bit like CC, where a legal framework is provided and everybody can pick himself which labels he prefers.

Thanks for comments!

Can you please give an example? This does not exist alone and works in conjuction with the code of conduct which has solid provisions for not being used against those who it was intented to be used to help.

I think we could be clearer on “contribute” here. I didn’t take it to mean that we would contribute code or do any of the typical skills required in the actual development of free software but more that we, for example: raise useful reports on the issue tracker, lurk the IRC to help if we can and generally give feed back and share knowledge.

1 Like

I have seen many people who like to talk. And not to do. And people who like to refer to their rights to do things or to the commitment of certain organizations (“it is written in your charter!”).
I think the self-commitment to listen to people would lead those who like to make trouble to start abusing exactly this self-commitment.
I cannot give you a direct example, but broadly speaking, there are initiatives which commit to helping people. However, there is also people who use these services in an “abusive” way (like using way too much resources so they impact others).
And even when mentioning that, the only point is “You committed to helping everybody, and I am somebody!” or “it is not in your rules that XXX is limited.”

I would say these are the things that users do for their own benefit (like reporting bugs) and IRC is anyway just for idling nowadays?

Then it is more a general question on what this cpp is for. Is it rules every hoster has to comply to or they will be kicked out? Is it rules of good behaviour? Is it a statement of intentions?

So today we have a meeting: Amsterdam Gathering June 2019

Since there were not enough people able to attend in person we decided to make it a remote meeting.

One of the points on the agenda is to adopt the CPP: I would like to know whether all points have been addressed (or: did we reach rough consensus?). In that case, we would adopt the text on Sunday (tomorrow) so we can move on.

I think it should read:
Librehosters review applications and evaluate them carefully(!awaiting sentence etc.!).

1 Like