We had a brief discussion about this at the Webarchitects management committee today and a few queries arose.
Why would we not want to sell encryption related services? What if a client requests a EV rather than a DV cert would this have an impact on that?
Passing client email through SpamAssassin could be understood to be included in this?
The idea is to not provide a separate cost for encryption and encourage encryption in the basic package.
EV (Extended Validation) implies extra checks that must be done by dedicated work. This work is not encryption, it’s extra administrative work that you should be paid for (and IMO, you should be paid extra to take any administrative work as this is taxing on your mental health.)
Right. Please provide a better way to handle this case. 
Thank you for your scrutiny!
Hmmm, interesting point. The original inspiration was the “Neutrality” section of https://chatons.org/en/manifesto which also reads ambiguously with this in mind. Of course we want to “discriminate” against spam … we’ll need to be less ambiguous here.
Thanks for your review @chrisc and co.
Ah, did we have a further sentence for this or it can be removed?
So, question now. I will be bringing a proposal to apply to join the network with the collective I am a member of. The aim of our hosting efforts are to support members and friends. Some services are publicly available (like the git hosting and etherpads) but this not “officially” advertised.
Now, I remember in the CHATONS manifesto, under “Solidarity and Dissemination” we saw:
Members of CHATONS must however not stick to themselves and be satisfied with a limited number of users, as this could cause discrimination in the access to services. On the contrary, all communication efforts toward the public are encouraged as a way to disseminate FLOSS based solutions and to create bonds of solidarity around the core principles defended by the collective. These efforts must be mutualised and can take the form of online courses, public information meetings, booths during events, conferences, publishing booklets, etc.
I know we did not include this in the document but it is a concern from the collective I am a part of. At this early stage in the network, the “scope” of what is acceptable for the network is not clear. Can small, more locally based and functioning collectives find a place here? A lot of our efforts are to do with publicising and facilitating critical discourse on technology. I think that could be seen as a method of “online courses, public information meetings, booths during events, conferences, publishing booklets, etc.”
I think it’s important to clarify this point. A lot of cultural institutions might function like this and there will be similar questions on whether they “fit” or not. It should be easy to see if you should join the network or not. Thoughts?
I think this is a crucial question. It is like the copyleft discussion (BSD vs GPL). Do you want to have enforced growth or not? I actually think a self-sufficient provider should be able to be part of the network as well. Seeking out to expand entails a certain aggressiveness.
I also think it might be quite some high expectations to not only provide the administrational and technical work, but also the social one. And also somewhat uncomfortable and unproductive for some…
And for the actual topic, first a disclaimer: I really like the idea of the project, but the shape right now is something I heavily criticize. Take this text as a proof-reading and commenting on it.
First, the very concrete remarks I have:
The formulation is a bit weird for such a document. Not “an objective” and “other objectives” or including something… Everything should be formulated as an intention:
This network gathers initiatives of various online service providers offering free software based solutions, enabling the public to choose services according to their needs.
The network aims at sharing of infrastructure, knowledge and techniques, co-learning and helping participants transition from user to service provider.
As much as I like this as a general concept in life, and also for running services, I have a really bad feeling in writing such a thing into the principles. I actually think such a point would mainly help people who want to cause trouble and annoy others.
That is a legal requirement anyway, isn’t it? If the licence is not respected, the authors can sue the provider.
And if a one-man project does not have the time or even the intention of doing this? Is it not a valid point to be simply a provider of some services and not more?
What is meant by that? I would say it needs clarification.
I really like this point. In Germany, when founding a Verein, the definition of who is actually allowed as a member usually causes trouble.
And in international context it is even more problematic. I would just say “any legal entity by its country of origin”, without going into detail. Or not even requiring that. I guess there are many providers out there who are very well in agreement with the statutes, but have no legal status. It is just somebody hosting a service on a website. Looking at the free software world, the majority of the projects is not represented by a legal entity. I do not know how to formulate this in English, a native speaker would be helpful here.
More generally speaking, some issues I see in general:
I really see the “free software” part as problematic. Everybody knows about the actual problems to define the boundaries of software, or when blobs come into use, or when for some things simply no adequate free software is available (ubiquiti management anyone?). What would happen with a provider in such a case?
Also, actually most of the small service providers which do not target businesses only of this world actually use free software anyway. It is simply a matter of practicability to use Linux with a free software mail toolchain, Apache for web, etc.
Decision making process. I do not know if this is supposed to be in the CPP, or if this actually belongs into the “rough consensus” thread, but I think this should be stated somewhere, or at least another document should be referenced that defines the working principles of working groups or the whole network.
(Non-)commerciality is a very difficult construct legally, but many seem to be very emotional on this topic and might see it as part of librehosters. I guess that should be addressed somehow (I know I was criticizing just that paragraph above), but do not have a clear idea yet, how.
Overall, I think some more reflection is required on what librehosters is supposed to be. This CPP reads in parts as “fair business rules”, in others as “anarchy for the world!!11”. The overall trouble the hacker scene has at the moment to find its place, somewhere in between big money funding security research, the maker scene, free software, hamradio, movie release crews and media piracy, etc. …
Is it supposed to be an elite ascetic group of providers which fulfill all these goals? Is it a group of hosters which mainly want free software and some transparency? Or is it a group of hosters which just want to make sure that you know what you get?
While writing this, I was actually thinking: What about the elite group, which then also has “labels” to describe the actual fulfillment of its own rules so that others can comply where they want (but not become part of the network)? A bit like CC, where a legal framework is provided and everybody can pick himself which labels he prefers.
Thanks for comments!
Can you please give an example? This does not exist alone and works in conjuction with the code of conduct which has solid provisions for not being used against those who it was intented to be used to help.
I think we could be clearer on “contribute” here. I didn’t take it to mean that we would contribute code or do any of the typical skills required in the actual development of free software but more that we, for example: raise useful reports on the issue tracker, lurk the IRC to help if we can and generally give feed back and share knowledge.
I have seen many people who like to talk. And not to do. And people who like to refer to their rights to do things or to the commitment of certain organizations (“it is written in your charter!”).
I think the self-commitment to listen to people would lead those who like to make trouble to start abusing exactly this self-commitment.
I cannot give you a direct example, but broadly speaking, there are initiatives which commit to helping people. However, there is also people who use these services in an “abusive” way (like using way too much resources so they impact others).
And even when mentioning that, the only point is “You committed to helping everybody, and I am somebody!” or “it is not in your rules that XXX is limited.”
I would say these are the things that users do for their own benefit (like reporting bugs) and IRC is anyway just for idling nowadays?
Then it is more a general question on what this cpp is for. Is it rules every hoster has to comply to or they will be kicked out? Is it rules of good behaviour? Is it a statement of intentions?
So today we have a meeting: Amsterdam Gathering June 2019
Since there were not enough people able to attend in person we decided to make it a remote meeting.
One of the points on the agenda is to adopt the CPP: I would like to know whether all points have been addressed (or: did we reach rough consensus?). In that case, we would adopt the text on Sunday (tomorrow) so we can move on.
I think it should read:
Librehosters review applications and evaluate them carefully(!awaiting sentence etc.!).
The CPP document is addressing Librehosters members, who are organizations. We are not trying to replace personal psychological support: it’s out of scope and we simply cannot hack minds. All we can do is provide best effort support. Abuse remains abuse, and whatever the rules, abuse will happen, there’s nothing we can do about it but provide sensible guidelines, which I think we did. Am I wrong? If someone starts using a document as a weapon, we can deal with it without even mentioning the document.
Overall I think this document provides sensible guidelines for good understanding among ourselves. When someone starts causing trouble, we can see how to deal with it (and BTW, this resorts to the Care Team, if we want to have one) in an intelligent way: probably by escalating slowly, e.g., private message reminder of the expected behavior, then applying sanctions (still to be defined), etc.
Generally the CPP is not about personal behavior (see the code of conduct for that), but things Librehosters should do as part of their normal behavior in order to promote the values we defend. If someone accepts the CPP and then acts against it, we should eventually come to sanctions, and expulsion from the network is one extreme sanction (but yes, it could happen – unless we screen people at the entrance, and then this is unlikely to happen).
I don’t want to oversweat this: we provide a definition of what image we want to cast, and this image is not fine-grained, but a general idea that most sane people would agree with. Micromanaging and bikeshedding do not seem to match the spirit of the CPP.
I’m not sure this rant answers your questions though…
Trying to respond to concerns from my POV …
I’m OK with the current wording.
We choose to make it explicit here. I see no disadvantage of making this clear.
I am OK to change wording here to make it clear that providing services is also OK if you have limited time but still subscribe to the rest of the values.
The point here it to exclude illegal forms. I mean, in practice, I think we wouldn’t exclude informal groups who aspire to fill out the paperwork to get their official legal status.
I don’t see why you’d want to join the network if this is an issue for you. This is part of making this clear statement that we find free software to be an important part of this entire effort.
This is included in the “functioning of the network” section.
We’re trying to write this manifesto, like the tried and tested manifesto of the CHATONS, so we set the boundaries of what it can mean to be a librehoster. What it really means to be a librehoster will be for each member to understand, express and enact beyond “you are a member who accepts the manifesto”. So, I find this out of scope for now. It will be more clear in time.
So, summary of actions that I see to be addressed:
One final note - let’s appreciate the difficulty of this online medium for achieveing consent at this early stage in the network. Let’s keep our points actionable so as to make it clear what others can do to resolve concerns and push forward the agenda. Thanks.
I think this is a good base to propose an edit for the “what is it for” statement.
I guess that would be clearer if the following was done:
Since there seems to be a difference between a manifesto and a charter, it should be clear what this document is for and then lots of things would clarify.
I guess that’s the main point of conflict here.
What is an illegal form?
What I mean: When you say you want a legal entity, you exclude informal groups. Or you have to think about what a legal form ist.
A look at the librehoster list shows to me that many do not even state their legal status on the website, most of them just “projects” run by a few persons (webarchitects, nomagic and Dark Peak being the only? exceptions).
I am not saying this should be dropped, but it should be stated more clearly. I just see that this will spark discussions or even conflict in the future when it is difficult to change the CPP.
There will be raised concerns about blobs. Or is it ok to use closed source software for things that are not possible otherwise? Or to use closed source software wheren open source alternatives are available, but unfeasible? What about appliances, is it ok to use them?
One more point I would like to add (in Transparency and Fairness):
I saw it on all websites, but I think this is an important quality criterium that is required for transparency and privacy issues like having your data deleted.
Good, we’ve marked this point for discussion. We’ll resolve this together.
I am not a lawyer. I would suggest the actionable point then: we discuss how to word inclusion of informal groups if we want that.
As far as I understand, member aspire to use only free software in their work. That’s it. For an example of people doing this for years successfully, see Free Software | Webarchitects.
Sounds fine. I think “users” covers all people though.
Working list of CPP points to be addressed:
Taken from CPP: Commitments, Policies and Processes.
CPP Task: Add public contact point under Transparency and Fairness
CPP Task: Find a sensible alternative to invite reviewing applications - On-boarding process
Indeed, we insist on “free software” because we agree it’s important to make a point in supporting software freedom, and not just the practicality of open-source. Stating “free software” explicitly places us in the domain of the Commons. We’re looking for social transformation, and understanding the ethical dimension as part of the technical roots reflects our values. This has nothing to do with “purity”, where one should use free software exclusively: we know it’s impossible, but that does not mean we don’t want to see proprietary software and the practices that come with it gone, that were embraced by the open-source world, especially extracting value from, and capturing community value.
I think that if you run free software in production, sooner or later you will stumble across a problem you cannot solve on your own, and then reach out to that software’s community. By doing so, you’re already contributing to help other people solve a similar issue by providing good feedback, bug reports, a bit of documentation, etc. Using free software properly means that when you hit an issue, you solve it using community knowledge: sooner or later, as your experience grows, you will contribute something that is not there yet. It’s more a state of mind than a hassle, IMO.
Sure, and that’s a valid concern. When you do not have a choice, why making it a problem? Let’s consider a typical datacenter: it runs routers, disk managers, and all kinds of appliances beyond our control. But let’s say GreenHost develops an open hardware solution to replace a proprietary solution by the fearsome Cheezco: we would certainly prefer such a solution, and put more effort in testing and documenting it, than say, document AWS setups. Again, it’s a question of steering our efforts towards what we want to achieve, and not be a sect of black&white zealots. We know the world is complex, don’t you?
We have nothing against hobbyists and informal collectives.
[*] Proposal: Librehosters can be non-profits, collectives, individuals, businesses The updated proposal is now in post #20 CPP: Commitments, Policies and Processes - #20, collectives or other legal forms.
Putting ‘collectives’ away from ‘or other legal forms’ makes it clearer that we include informal collectives to inform the network. An individual is hardly a legal form itself. Moreover ‘businesses and other legal forms’ confirms that ‘businesses’ is the associated keyword here.
I think this is a larger discussion we should have with more people. So we should open a specific #proposal for this and link that topic.
Is the proposal above working for you?
Could even be: Librehosters can be individuals, collectives, non-profits, businesses or other legal forms.
Would be nice to have co-operatives on this list .
What about : Librehosters can be individuals and informal collectives, non-profits, co-operatives, businesses or other legal forms.
i know people have been thinking/working on/for libreho.st and CPP for months/years, but to move forward i have a small proposal…:
my opinion about it, is that this is a “mature” text that could finalize. and the “in progress” topics can be discussed in future meetings, and added/edited onwards.
chatons text has some similar problematics raised here as well, but it’s online as is…
any disagreements, adjustments, re-positions, etc, can be edited, PR’ed in the future, after proper discussion-evaluation. what i’m saying is that there’s no need to have a pure 100% perfect text to publish…
just 2c, so that this may proceed, and keep it a continuous process for discussion/adjustments…
– minor remarks –
this spamassassin thing, (along with possible use of RBLs, anti-webbots, etc) should be somewhat stated clearly for librehosts, but not being english native, i’ll leave someone else to propose a “formal” way of stating it…
something in the context of “librehosters may use foss anti-malware (to fight spam & other malicious activity) that need access to parts of network traffic in order to work properly”.
not sure if this has to be stated in each librehost, but i think this CPP could be used a central point for @ll to use. (and a way to “promote” libreho.st at our own web.)
also, there’s stats/analytics that usually for-profit coops/businesses use. that’s another thing, even with Matomo used…
encryption part (about EVs) was clear after @how’s response, +1 there.
about the free software part, i’m mostly in favour of an ethical change at some point, and i would agree with one here as well, but this is just personal…
i got into foss by reading “free software for a free society” but this is no longer the case… same people who stood by that in the past, are now GAFAMI employees, selling foss for “defense” contracts, no matter the cost (= killings, discriminations, leading the way to a dystopic-caged society…).
anyway, sorry for this last rant, it’s just that i’m fighting with myself a lot on this topic lately.