Conservancy Blog
Displaying posts by Brett Smith
System improvements at Conservancy
by
on December 7, 2016When I joined Conservancy, we discussed system administration as one of my early responsibilities. (One of many—you might remember the long list of possible functions for my position.) Like any organization our size, there are plenty of improvements to our systems that we wanted to make, but were tough to prioritize against our other responsibilities. Since I joined in August, I’ve kept an eye out for easy opportunities to invest a little time now that will save us effort in the long run. As we start looking back on 2016, I wanted to highlight some of the public-facing improvements that I’ve made as part of this effort, and share a little about the tools and services that make them possible.
I deployed domain keys on our mail servers. Now each outgoing e-mail is signed to demonstrate that it came from an authorized user at Conservancy, and not an impostor. To make a long story short, this means our mail is more likely to land in your inbox, and not in your spam folder.
Thanks to our friends at Let’s Encrypt, all of Conservancy’s web sites are served over HTTPS exclusively. This includes not just our main site here and copyleft.org, but also web front-ends for Mailman and Kallithea. Using HTTPS everywhere helps keeps everyone’s communications with us more secure.
It’s nice that Let’s Encrypt offers free SSL certificates to save us money, but I think what I like even more is that the service saves us time. Using their client software, I’ve mostly automated the process of obtaining and renewing certificates. We don’t have to manually track expiration dates, renew certificates, and install them on our systems anymore. That time is freed up to help our member projects.
I wrote systemd service definitions for several public-facing services that didn’t already have them. Before this, each service was managed by ad hoc scripts, which could fail if something unusual happened. systemd has given us a simple, standard way to manage each service and its runtime environment. We get more service reliability and security for less effort.
I built tools to help automate some of Conservancy’s day-to-day accounting work. Our biggest project here is the payment and reimbursement request system, which is still in development. Behind the scenes, I’ve also written some scripts to help automate smaller tasks like saving and filing receipts from our different accounts.
I upgraded our Kallithea installations to the latest stable version, here and on copyleft.org. This was my first time working with Kallithea, but their documentation made the upgrade process a breeze. We’ve seen improved service stability and uptime with the new version, too. Kudos to the entire Kallithea team for a job well done.
A typical Conservancy office
© Karen Sandler, CC BY-SA
This is all in addition to some usual day-to-day system administration: buying and managing domains, keeping up-to-date with security fixes, and so on. All this work should all make Conservancy’s systems a little nicer for everyone who uses them today, and free up all our time for more important work tomorrow. I love having this opportunity to put some of my technical know-how to good use, so Conservancy can better serve its member projects and the broader FOSS community, and that wouldn’t happen without help from the Supporters who sustain our operations. If you’re already a Supporter, thank you for making this work possible. If not, please join today so we can continue providing necessary infrastructure for important FOSS projects.
Come see Conservancy at linux.conf.au 2017
by
on December 5, 2016Are you coming to linux.conf.au in January? So are we! We’re presenting a variety of sessions, so whether you’re just starting to learn about free and open source software, or a seasoned contributor who wants to hear about cutting-edge issues, we’ve got something for you.
On Thursday Karen and Bradley offer A Practical Guide to Compliance with the GNU GPL, a pragmatic tutorial on how to comply with the most popular FOSS license. The focus is on providing concrete actions you can take to comply. There’s something for everyone who works with GPL’ed software, whether you’re an upstream contributor, distributor, or lawyer.
On Friday Karen presents Surviving the Next 30 Years of Free Software. As the FOSS community matures and time marches on, we’re starting to see cases where a contributor passes away and a project has to work out legalities with their estate. Karen will explain the law in this area, and suggest next steps for projects and the broader community to make these transitions easier.
As part of the Kernel Miniconf, we’ll also run another feedback session about our GPL Compliance Project for Linux Developers. Just like the sessions at ELC EU and LPC, this is your opportunity to hear more about what the program does, how it works, ask questions, and offer ideas for improvement. All interested contributors are welcome to attend. We’ll announce schedule details as they’re available.
We’re looking forward to seeing everyone in Hobart!
Recap: GPL Compliance BoF at Linux Plumbers’ Conference
by
on November 16, 2016At the Linux Plumbers Conference a couple of weeks ago, Karen and I ran a Birds of a Feather session about our GPL Compliance Project for Linux Developers. It was a success by every measure. Approximately seventy people attended, and about twenty of them participated in the discussion, covering a wide variety of issues around compliance. The interactive and inclusive format was ideal for us to provide additional information and get feedback from a lot of interested people. Many thanks to the Linux Plumbers Organizing Committee for scheduling a slot for us to run this session.
We opened the discussion with a basic overview of the program: its history and mission, the structure of how we coordinate with Linux developers on our coalition, the typical flow of how we respond to a violation and work to help the distributor comply. We published the project agreement templates beforehand to facilitate the discussion. In the past, we heard people express concern that these agreements were private. We were happy to tackle that issue head-on, and I was glad to see several attendees download the template and review it during the session.
We also talked about how our work differs from some inappropriately aggressive enforcement efforts going on today—including Patrick McHardy's unfortunate enforcement lawsuits. One person rightly pointed out that less savvy distributors will often assume all GPL compliance is handled the same way. We discussed how Conservancy could emphasize the distinctions up front. We agree that's important; it's why we published our Principles of Community-Oriented GPL Enforcement, and why we were the first organization to publicly criticize McHardy's actions. Still, a new Linux distributor might not know about our principles, or understand that they specifically call on lawsuits only as a last resort. Based on this feedback, we plan to mention the Principles in our first correspondence about GPL compliance problems.
Our transparency in our methods and goals distinguishes Conservancy's compliance work from others'. There were several suggestions that we could take this further by publishing different numbers about how many cases we're handling, and different ways they've been resolved. To this end, Karen echoed the same point Bradley made at ELC EU that we only have the resources to pursue a relatively small percentage of the violation reports we receive. Because of this, publishing these numbers could de-anonymize active cases, which would contravene our compliance principles. Nonetheless, we will reexamine this issue to see if we could publish some numbers safely.
That discussion led to suggestions that volunteers could help us with technical compliance work, confirming violations and the completeness of source code. We've discussed that idea internally for many years. Even more than publishing numbers, engaging volunteers risks leaking information about violators to the public. Furthermore, we would need to vet and train volunteers, which we lack the resources to do now. If we received funding for this work, we could use that to plan and provide volunteer training, but there has been limited interest in funding community-oriented compliance initiatives.
Finally, we discussed different ways to make compliance work less necessary. We'd love to see more of this: as more distributors proactively come into compliance, we have more time to spend supporting our member projects and other initiatives. That's a big reason we helped write the Copyleft Guide, which helps distributors better understand the conditions and requirements of the GPL. The pristine source example, in particular, is designed to show step-by-step the process of verifying a complete, corresponding source release. There's certainly lots of great ideas for more work like this, and I think naming them in the BoF helped make some good connections between them.
Our thanks to everyone who attended and provided feedback. If you couldn't attend this BoF, don't worry. We'll be running similar sessions at other conferences over the next few months, and you can also provide feedback on our principles-discuss mailing list. We want to hear from as much of the community as possible, so if you have questions or comments about our Linux compliance work, we hope we'll hear from you soon.
Starting Out at Conservancy
by
on September 15, 2016With a title like Director of Strategic Initiatives, you might think I started at Conservancy with big plans for new programs. I hope I'll have that kind of impact in the long run, but the truth is that I joined Conservancy because I believe the work that it already does, from the high-level mission to the day-to-day tasks, is critically important to advance many FLOSS projects. That range of vision is what makes Conservancy unique. Because the organization supports FLOSS projects that use a wide variety of licenses and technology, it has a very broad view of the challenges those projects face. And Conservancy's mission calls on us to tackle those larger problems, instead of providing a limited set of services.
Because of that, I'm taking my time to learn about how Conservancy runs today. While I do that, I've been keeping an eye out for ways to improve our systems and processes. My personal overarching priority right now is to help the organization work more effectively, so we can provide more of this critical support to more projects, and help other organizations do the same.
The first major improvement I'm leading is a web system to file reimbursement requests, as the first tool in our NPO Accounting system. Fiscal sponsorship is one of Conservancy's core activities, and we spend a lot of time on it. Today it can take a few manual e-mails back and forth to get a reimbursement request complete, and all of this handling can get backlogged around the peak conference season. The first release will provide a web form that guides users through the process of submitting a complete request, and organize the result so it's easy to add to a project's books. This will save time and hassle for everyone involved in the process, and help shorten response times too.
Of course, Conservancy isn't the only NPO that handles reimbursement requests, and a long-term goal of the NPO Accounting system is to provide software that lots of organizations can use. I've already spoken with some early adopters about what they would like in a reimbursement system, and we're building it with those requirements in mind. Even if it's not all in the first release, knowing them now should help make sure we're building something that can be broadly useful.
I've already had the chance to work with several member projects and Conservancy supporters over these first few weeks. If you ideas about what Conservancy can improve, whether it's handling reimbursements or anything else, feel free to get in touch. You can reach me by e-mail or on Twitter. I look forward to meeting even more of you over the coming months!