[trustable-software] Trustable Software next steps

Paul Sherwood paul.sherwood at codethink.co.uk
Fri Nov 4 11:49:58 UTC 2016 

One topic which keeps cropping up in private as we expand on this 
discussion is whether we need an industry membership forum or foundation 
etc, so I'd like to clarify some things on that in public now.

In my view many previous (and some current) organisations have failed to 
move the needle as a result of

- getting their scope wrong
- getting their initial ground-rules wrong
- locking down controlling interests and membership structures too early
- letting the marketing people run the show

Here, I'm hoping to foster a candid community of grown-up engineers and 
see how far we can get without falling into the above traps.

However it's clear to me that we need to start getting real work done.  
Talk is cheap, as they say :) and since the original call-to-action [1] 
there have been many new examples of how broken things are. Just in the 
last couple of weeks we've seen Dirty COW [2], DNS takedown [3], a 
hospital system shutdown [4]...

So as a heads-up, here's what I (and I'm speaking also on behalf of 
Codethink) can commit to:

- we've obtained the trustable.io domain, and will migrate this list 
there over the coming weeks
- we'll add a public git-backed wiki for collaborative documentation
- we'll establish that any/all contributions on the wiki are licensed as 
CC0 [5]
- we'll publish any/all code we contribute either as copyleft or more 
permissively, depending on preferences/needs of applicable communities
- we'll maintain and safeguard the domain and the infrastructure
- we'll transfer the ownership of the above into whatever formal entity 
the community discussion leads to, if/when the community becomes 
sufficiently active and diverse to give confidence that it can't be 
closed or subverted by a controlling interest group
- we'll commit at least two FTE to ongoing contributions into this 
initiative

Over the coming months I'll be asking partners, colleagues, customers 
and friends to consider how they can best contribute also.

br
Paul

[1] 
https://lists.veristac.io/pipermail/trustable-software/2016-July/000000.html
[2] 
https://www.theguardian.com/technology/2016/oct/21/dirty-cow-linux-vulnerability-found-after-nine-years
[3] https://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/
[4] 
https://krebsonsecurity.com/2016/11/computer-virus-cripples-uk-hospital-system/
[5] https://creativecommons.org/share-your-work/public-domain/cc0/

More information about the trustable-software mailing list