CPP: Commitments, Policies and Processes

Librehosters Commitments, Policies and Processes

Librehosters form a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms. Our values connect transparency, fairness and privacy with a culture of data portability and public contributions to the commons.

An objective of this network is to gather initiatives of various online service providers offering free software based solutions, enabling the public to choose services according to their needs.

Other objectives include sharing of infrastructure, knowledge and techniques, co-learning and helping participants transition from user to service provider.

Integrity is key in these commitments, aiming to ensure reliability of offered services and the users’ confidence towards them. Librehosters are expected to respect and uphold these community standards including any codes of conduct.

Solidarity and Cooperation

  • Librehosters create bonds of solidarity around the core principles of the network.

  • Librehosters help and assist one another, both online and offline.

  • Librehosters share knowledge and techniques.

  • Librehosters promote the network’s values.

  • Librehosters seek service replicability and share their configurations with each other.

  • Librehosters cultivate self-reflection by nurturing ongoing dialogue and active listening.

Free Software and Public Contributions to the Commons

  • Librehosters’ servers and services run on free software. The software should allow others to reproduce the service without requiring additional development relative to the server structure or to the software itself.

  • Librehosters use open formats, especially for publications. Their sources should also be made available if relevant.

  • Librehosters respect the terms of the free software licenses they use (including mentioning these licenses, linking to the source code, etc.).

  • Librehosters contribute to the free software ecosystems, communities and projects used.

Transparency and Fairness

  • Librehosters publicly display a policy regarding the administration of user accounts. The Terms of Service (TOS) must be clear, accessible and not in contradiction with the librehosters’ values.

  • Librehosters clearly express their economic model on a page that a user can easily find and understand.

  • Librehosters do not exploit personal data. User data is only used for internal administrative or technical purposes.

  • Librehosters review applications and evaluate them carefully (!awaiting sentence etc.!).

Privacy and Data Portability

  • Librehosters enable users to access, export and recover their personal data when possible.

  • Librehosters provide encryption at no additional cost: encryption is a key element of safeguarding privacy and the freedom to communicate; as such, it is considered a right and not to be merchandised.

  • Librehosters provide software with end-to-end encryption when possible.

  • Librehosters do not tamper with network traffic transmitted through their services or inspect their contents. No network communication protocol is privileged in the distribution of information.

Policies and Processes

Public Relations

The network having no official status, no one is allowed to speak in its name without first gaining the approval of the members. However, every member is encouraged to spread knowledge of the collective freely.

If needed, the collective will be permitted to speak (collectively) through press releases made available on the libreho.st domain: to welcome a new member, to state a position on a news topic, etc.

Structures of the Members

Librehosters can be individuals and informal collectives, non-profits, co-operatives, businesses or other legal forms.

Each librehoster will appoint a unique delegate or delegation (and inform in case of replacement) who will be the main contact with other members. Either a single person or a group, so long as it is simple and obvious to establish contact using a single e-mail address as specified in the on-boarding process.

Each librehoster will publish a web page presenting the offered services. That URL will serve as reference during exchange with members of the network.

Functioning of the librehosters network

Librehosters is not a formal organisation. Decision making is carried out by the current members of the network. Librehosters are invited to participate in the collective decisions as much as possible, in a consensual manner. In case no consensus can be reached, we aim for rough consensus.

The libreho.st domain is managed and hosted by the members of the network. It presents a web site containing the member directory as well as links to other tools allowing exchange between members.

Processes for joining and leaving

How to join the network?

Any organisation respecting these values and principles can ask to become a member. To be accepted as a member, the organisation will have to follow the on-boarding process for joining the network.

When an application is received it will be evaluated by other members of the network for a period of at least a month during which the application will be brought to the attention of the monthly online network meeting. After discussion and potential adjustments, if there are no objections and sufficient support of the network, an organisation becomes part of the network.

How to leave the network?

Process to leave the network is activated in the following cases:

  • Voluntary self-removal
  • Break of commitments
  • End of member’s services

These processes will be more clearly defined in future meetings.

Code of conduct

There is a proposal for a code of conduct in progress.

Incident processes will be more clearly defined in future meetings.

This document was inspired by the CHATONS manifesto.


We had a brief discussion about this at the Webarchitects management committee today and a few queries arose.

Why would we not want to sell encryption related services? What if a client requests a EV rather than a DV cert would this have an impact on that?

Passing client email through SpamAssassin could be understood to be included in this?


The idea is to not provide a separate cost for encryption and encourage encryption in the basic package.

EV (Extended Validation) implies extra checks that must be done by dedicated work. This work is not encryption, it’s extra administrative work that you should be paid for (and IMO, you should be paid extra to take any administrative work as this is taxing on your mental health.)

Right. Please provide a better way to handle this case. :slight_smile:

Thank you for your scrutiny!

1 Like

Hmmm, interesting point. The original inspiration was the “Neutrality” section of https://chatons.org/en/manifesto which also reads ambiguously with this in mind. Of course we want to “discriminate” against spam … we’ll need to be less ambiguous here.

Thanks for your review @chrisc and co.

Ah, did we have a further sentence for this or it can be removed?

So, question now. I will be bringing a proposal to apply to join the network with the collective I am a member of. The aim of our hosting efforts are to support members and friends. Some services are publicly available (like the git hosting and etherpads) but this not “officially” advertised.

Now, I remember in the CHATONS manifesto, under “Solidarity and Dissemination” we saw:

Members of CHATONS must however not stick to themselves and be satisfied with a limited number of users, as this could cause discrimination in the access to services. On the contrary, all communication efforts toward the public are encouraged as a way to disseminate FLOSS based solutions and to create bonds of solidarity around the core principles defended by the collective. These efforts must be mutualised and can take the form of online courses, public information meetings, booths during events, conferences, publishing booklets, etc.

I know we did not include this in the document but it is a concern from the collective I am a part of. At this early stage in the network, the “scope” of what is acceptable for the network is not clear. Can small, more locally based and functioning collectives find a place here? A lot of our efforts are to do with publicising and facilitating critical discourse on technology. I think that could be seen as a method of “online courses, public information meetings, booths during events, conferences, publishing booklets, etc.”

I think it’s important to clarify this point. A lot of cultural institutions might function like this and there will be similar questions on whether they “fit” or not. It should be easy to see if you should join the network or not. Thoughts?

I think this is a crucial question. It is like the copyleft discussion (BSD vs GPL). Do you want to have enforced growth or not? I actually think a self-sufficient provider should be able to be part of the network as well. Seeking out to expand entails a certain aggressiveness.
I also think it might be quite some high expectations to not only provide the administrational and technical work, but also the social one. And also somewhat uncomfortable and unproductive for some…

And for the actual topic, first a disclaimer: I really like the idea of the project, but the shape right now is something I heavily criticize. Take this text as a proof-reading and commenting on it.

First, the very concrete remarks I have:

The formulation is a bit weird for such a document. Not “an objective” and “other objectives” or including something… Everything should be formulated as an intention:

This network gathers initiatives of various online service providers offering free software based solutions, enabling the public to choose services according to their needs.
The network aims at sharing of infrastructure, knowledge and techniques, co-learning and helping participants transition from user to service provider.

As much as I like this as a general concept in life, and also for running services, I have a really bad feeling in writing such a thing into the principles. I actually think such a point would mainly help people who want to cause trouble and annoy others.

That is a legal requirement anyway, isn’t it? If the licence is not respected, the authors can sue the provider.

And if a one-man project does not have the time or even the intention of doing this? Is it not a valid point to be simply a provider of some services and not more?

What is meant by that? I would say it needs clarification.

I really like this point. In Germany, when founding a Verein, the definition of who is actually allowed as a member usually causes trouble. :slight_smile:
And in international context it is even more problematic. I would just say “any legal entity by its country of origin”, without going into detail. Or not even requiring that. I guess there are many providers out there who are very well in agreement with the statutes, but have no legal status. It is just somebody hosting a service on a website. Looking at the free software world, the majority of the projects is not represented by a legal entity. I do not know how to formulate this in English, a native speaker would be helpful here.

More generally speaking, some issues I see in general:

  1. I really see the “free software” part as problematic. Everybody knows about the actual problems to define the boundaries of software, or when blobs come into use, or when for some things simply no adequate free software is available (ubiquiti management anyone?). What would happen with a provider in such a case?
    Also, actually most of the small service providers which do not target businesses only of this world actually use free software anyway. It is simply a matter of practicability to use Linux with a free software mail toolchain, Apache for web, etc.

  2. Decision making process. I do not know if this is supposed to be in the CPP, or if this actually belongs into the “rough consensus” thread, but I think this should be stated somewhere, or at least another document should be referenced that defines the working principles of working groups or the whole network.

  3. (Non-)commerciality is a very difficult construct legally, but many seem to be very emotional on this topic and might see it as part of librehosters. I guess that should be addressed somehow (I know I was criticizing just that paragraph above), but do not have a clear idea yet, how.

  4. Overall, I think some more reflection is required on what librehosters is supposed to be. This CPP reads in parts as “fair business rules”, in others as “anarchy for the world!!11”. The overall trouble the hacker scene has at the moment to find its place, somewhere in between big money funding security research, the maker scene, free software, hamradio, movie release crews and media piracy, etc. …
    Is it supposed to be an elite ascetic group of providers which fulfill all these goals? Is it a group of hosters which mainly want free software and some transparency? Or is it a group of hosters which just want to make sure that you know what you get?
    While writing this, I was actually thinking: What about the elite group, which then also has “labels” to describe the actual fulfillment of its own rules so that others can comply where they want (but not become part of the network)? A bit like CC, where a legal framework is provided and everybody can pick himself which labels he prefers.

1 Like

Thanks for comments!

Can you please give an example? This does not exist alone and works in conjuction with the code of conduct which has solid provisions for not being used against those who it was intented to be used to help.

I think we could be clearer on “contribute” here. I didn’t take it to mean that we would contribute code or do any of the typical skills required in the actual development of free software but more that we, for example: raise useful reports on the issue tracker, lurk the IRC to help if we can and generally give feed back and share knowledge.

1 Like

I have seen many people who like to talk. And not to do. And people who like to refer to their rights to do things or to the commitment of certain organizations (“it is written in your charter!”).
I think the self-commitment to listen to people would lead those who like to make trouble to start abusing exactly this self-commitment.
I cannot give you a direct example, but broadly speaking, there are initiatives which commit to helping people. However, there is also people who use these services in an “abusive” way (like using way too much resources so they impact others).
And even when mentioning that, the only point is “You committed to helping everybody, and I am somebody!” or “it is not in your rules that XXX is limited.”

I would say these are the things that users do for their own benefit (like reporting bugs) and IRC is anyway just for idling nowadays?

Then it is more a general question on what this cpp is for. Is it rules every hoster has to comply to or they will be kicked out? Is it rules of good behaviour? Is it a statement of intentions?

So today we have a meeting: Amsterdam Gathering June 2019

Since there were not enough people able to attend in person we decided to make it a remote meeting.

One of the points on the agenda is to adopt the CPP: I would like to know whether all points have been addressed (or: did we reach rough consensus?). In that case, we would adopt the text on Sunday (tomorrow) so we can move on.

I think it should read:
Librehosters review applications and evaluate them carefully(!awaiting sentence etc.!).

1 Like

The CPP document is addressing Librehosters members, who are organizations. We are not trying to replace personal psychological support: it’s out of scope and we simply cannot hack minds. All we can do is provide best effort support. Abuse remains abuse, and whatever the rules, abuse will happen, there’s nothing we can do about it but provide sensible guidelines, which I think we did. Am I wrong? If someone starts using a document as a weapon, we can deal with it without even mentioning the document.

Overall I think this document provides sensible guidelines for good understanding among ourselves. When someone starts causing trouble, we can see how to deal with it (and BTW, this resorts to the Care Team, if we want to have one) in an intelligent way: probably by escalating slowly, e.g., private message reminder of the expected behavior, then applying sanctions (still to be defined), etc.

Generally the CPP is not about personal behavior (see the code of conduct for that), but things Librehosters should do as part of their normal behavior in order to promote the values we defend. If someone accepts the CPP and then acts against it, we should eventually come to sanctions, and expulsion from the network is one extreme sanction (but yes, it could happen – unless we screen people at the entrance, and then this is unlikely to happen).

I don’t want to oversweat this: we provide a definition of what image we want to cast, and this image is not fine-grained, but a general idea that most sane people would agree with. Micromanaging and bikeshedding do not seem to match the spirit of the CPP.

I’m not sure this rant answers your questions though…

Trying to respond to concerns from my POV …

I’m OK with the current wording.

We choose to make it explicit here. I see no disadvantage of making this clear.

I am OK to change wording here to make it clear that providing services is also OK if you have limited time but still subscribe to the rest of the values.

The point here it to exclude illegal forms. I mean, in practice, I think we wouldn’t exclude informal groups who aspire to fill out the paperwork to get their official legal status.

I don’t see why you’d want to join the network if this is an issue for you. This is part of making this clear statement that we find free software to be an important part of this entire effort.

This is included in the “functioning of the network” section.

We’re trying to write this manifesto, like the tried and tested manifesto of the CHATONS, so we set the boundaries of what it can mean to be a librehoster. What it really means to be a librehoster will be for each member to understand, express and enact beyond “you are a member who accepts the manifesto”. So, I find this out of scope for now. It will be more clear in time.

So, summary of actions that I see to be addressed:

  • Write a “what is it for” statement to be explicit?
  • More clearly allow for those who only host but cannot take time to contribute to ecosystems but still are valuable members of the network (“Librehosters contribute to the free software ecosystems, communities and projects used.”)?

One final note - let’s appreciate the difficulty of this online medium for achieveing consent at this early stage in the network. Let’s keep our points actionable so as to make it clear what others can do to resolve concerns and push forward the agenda. Thanks.

1 Like

I think this is a good base to propose an edit for the “what is it for” statement.

1 Like

I guess that would be clearer if the following was done:

Since there seems to be a difference between a manifesto and a charter, it should be clear what this document is for and then lots of things would clarify.
I guess that’s the main point of conflict here.

What is an illegal form?
What I mean: When you say you want a legal entity, you exclude informal groups. Or you have to think about what a legal form ist.
A look at the librehoster list shows to me that many do not even state their legal status on the website, most of them just “projects” run by a few persons (webarchitects, nomagic and Dark Peak being the only? exceptions).

I am not saying this should be dropped, but it should be stated more clearly. I just see that this will spark discussions or even conflict in the future when it is difficult to change the CPP.
There will be raised concerns about blobs. Or is it ok to use closed source software for things that are not possible otherwise? Or to use closed source software wheren open source alternatives are available, but unfeasible? What about appliances, is it ok to use them?

One more point I would like to add (in Transparency and Fairness):

  • Librehosters provide an accessible clear point of contact for users and foreigners.

I saw it on all websites, but I think this is an important quality criterium that is required for transparency and privacy issues like having your data deleted.

Good, we’ve marked this point for discussion. We’ll resolve this together.

I am not a lawyer. I would suggest the actionable point then: we discuss how to word inclusion of informal groups if we want that.

As far as I understand, member aspire to use only free software in their work. That’s it. For an example of people doing this for years successfully, see https://www.webarchitects.coop/floss.

Sounds fine. I think “users” covers all people though.

CPP Task: Add public contact point under Transparency and Fairness
CPP Task: Find a sensible alternative to invite reviewing applications - On-boarding process

Indeed, we insist on “free software” because we agree it’s important to make a point in supporting software freedom, and not just the practicality of open-source. Stating “free software” explicitly places us in the domain of the Commons. We’re looking for social transformation, and understanding the ethical dimension as part of the technical roots reflects our values. This has nothing to do with “purity”, where one should use free software exclusively: we know it’s impossible, but that does not mean we don’t want to see proprietary software and the practices that come with it gone, that were embraced by the open-source world, especially extracting value from, and capturing community value.

I think that if you run free software in production, sooner or later you will stumble across a problem you cannot solve on your own, and then reach out to that software’s community. By doing so, you’re already contributing to help other people solve a similar issue by providing good feedback, bug reports, a bit of documentation, etc. Using free software properly means that when you hit an issue, you solve it using community knowledge: sooner or later, as your experience grows, you will contribute something that is not there yet. It’s more a state of mind than a hassle, IMO.

Sure, and that’s a valid concern. When you do not have a choice, why making it a problem? Let’s consider a typical datacenter: it runs routers, disk managers, and all kinds of appliances beyond our control. But let’s say GreenHost develops an open hardware solution to replace a proprietary solution by the fearsome Cheezco: we would certainly prefer such a solution, and put more effort in testing and documenting it, than say, document AWS setups. Again, it’s a question of steering our efforts towards what we want to achieve, and not be a sect of black&white zealots. We know the world is complex, don’t you?

We have nothing against hobbyists and informal collectives.

Proposal: Librehosters can be non-profits, collectives, individuals, businesses, collectives or other legal forms. The updated proposal is now in post #20 CPP: Commitments, Policies and Processes

Putting ‘collectives’ away from ‘or other legal forms’ makes it clearer that we include informal collectives to inform the network. An individual is hardly a legal form itself. Moreover ‘businesses and other legal forms’ confirms that ‘businesses’ is the associated keyword here.

I think this is a larger discussion we should have with more people. So we should open a specific #proposal for this and link that topic.

Working list of CPP points to be addressed:

  • Write a “what is it for” statement to be explicit?
  • More clearly allow for those who only host but cannot take time to contribute to ecosystems but still are valuable members of the network (“Librehosters contribute to the free software ecosystems, communities and projects used.”)?
  • we discuss how to word inclusion of informal groups if we want that.
  • Librehosters provide an accessible clear point of contact for users and foreigners.
  • “values overidde rules” was suggested as a nice way to express that these rules are not dogmatically followed to the letter in all instances all the time forever with no exception always.

Taken from CPP: Commitments, Policies and Processes.

Is the proposal above working for you?

Could even be: Librehosters can be individuals, collectives, non-profits, businesses or other legal forms.

Would be nice to have co-operatives on this list :slight_smile:.

1 Like

What about : Librehosters can be individuals and informal collectives, non-profits, co-operatives, businesses or other legal forms.