This is a draft of a page to keep an inventory of conflicts of interest around Gitea. I think it would help Gitea contributors who are currently debating about what the apparition of Gitea Ltd changed in the project. There will be good things in the future, I’m sure. But there will also be a steady stream of manifestations of their conflict of interest.
The list should also show the conflict of interest Codeberg has so they can compare and decide where they prefer to be.
TL;DR:
Comparison of Gitea and Smithy, on topics related to conflicts of interest.
|
Gitea |
Smithy |
In the interest of the general public |
No |
No |
Democratic |
No |
Yes |
Privacy first |
No |
Yes |
Conflicts of interest and their consequences
In the interest of the general public
A Free Software project goal could be to give priority to the needs of the general public, as opposed to a particular organization. Gitea is controled by the Gitea Ltd for-profit company and Smithy is controled by the Codeberg e.V. non-profit association. In both projects there is a conflict of interest between the needs of the general public which includes the community of volunteer developers and the needs of the organization that controls them.
Democratic
Volunteer developers may be contributing in a democratic environment where they collectively are in control of the Free Software project. If there is no democratic environment, they are have no control over the project.
-
Yes: Smithy is controled by Codeberg which is a democratic non-profit organization.
-
No: Gitea is controled, via a trademark and ownership of the domains, by Gitea Ltd which is a privately owned for-profit company. See the “Trademark and domains ownership” section below.
Privacy first
When privacy comes first, the software can be run out of the box with no risk regarding privacy. Otherwise it may contain features that may compromise the user privacy for practical purposes, such as enhancing security.
-
Yes: Smithy has a privacy first policy
-
No: Gitea Ltd does not have a privacy first policy. A potential conflict of interest has been identified, see the “Access to the domains access logs” section below.
Conflicts of interest analysis methodology
A conflict of interest is when a person (individual or organization) has to choose between their own gain (financial or power) and the benefit of others. A person involved in a Free Software project may face no conflict of interest, very little or a lot: it is a matter of degree. It is worth identifying them when they have a singificant influence on the evolution of the project.
Conflicts of interest:
- Are identified: when a topic has the potential of a financial or power gain for someone invovled in the project (example: the number of stars of Gitea on GitHub has a positive influence on the reputation of Gitea maintainers and may help them get jobs or create companies)
- Are declared: when someone publicly stated their conflict of interest on a given topic (example: Lunny announced publicly being a shareholder of Gitea Ltd, a for profit company and at the same time being an elected member of the Gitea community. The two organizations have diverging goals and some Lunny’s decisions may be in favor of Gitea Ltd and detrimental to the Gitea community)
- Have potential: when someone could have a conflict of interest if they participate in decisions on a given topic (example: Gitea Ltd could oppose Gitea leaving GitHub because it harms is reputation)
- Have manifestations: when someone made money or gained power after making or influencing a decision at the expense of others (example: Gitea Ltd tookover the Gitea project and the Gitea community no longer has control over it)
If a conflict of interest cannot be resolved, it can be mitigated if the person abstains from participating in the decisions where they can manifest (example: Gitea maintainers should not speak against leaving GitHub because the reputation of the Gitea project on GitHub is an incentive for them to do so).
Gitea: inventory of the conflicts of interest
Trademark and domains ownership
-
Identified: the person who owns the trademark and the domains is in control of the Gitea project
-
Potential: it was never detected, primarily because the Gitea project governance promised the ownership of the project was under the control of democratic elected leaders. There has been no indication the moral obligation of the owners would not be fulfilled.
-
Declared: October 2022 when Gitea Ltd announced ownership of the trademark and domains and declared itself steward of the project.
-
Manifestation: Gitea Ltd takeover the Gitea project
- Financial win: Gitea Ltd gets funding and commercial contracts
- Power loss: The Gitea community decisions can all be overruled by Gitea Ltd
-
Mitigation: none
Access to the domains access logs
-
Identified: the person who has acces to the logs of the web site to which weekly update defer to can use this data to evaluate the number of installed Gitea instances as well as their geographical location. It can be used to figure out in which region it would be best to develop a commercial activity. It can also be used to cross reference Gitea instances run by opponents of an oppressive regime.
-
Potential: Gitea Ltd owns the domains and may have used that information to gain a commercial advantage. They could be opposed to changes that favor privacy if the outcome is that the accuracy of the data collected lowers the commercial advantage they get from it.
-
Mitigation: none (shareholders of Gitea Ltd advocate against privacy in this PR)
The interest of the organization in control comes first
-
Identified: the goals of Gitea Ltd may be prefered to the goals of the general public
Smithy: inventory of the conflicts of interest
The interest of the organization in control comes first
-
Identified: the goals of Codeberg e.V. may be prefered to the goals of the general public