Make disclosure of conflicts of interest mandatory for spec change proposals #2079
Conversation
Fixes: matrix-org#1700 Signed-off-by: Johannes Marbach <[email protected]>
Johennes
changed the title
| @@ -193,7 +206,8 @@ is as follows: | |||
| filename that follows the format `1234-my-new-proposal.md` where | |||
| `1234` is the MSC ID. | |||
| - Your PR description must include a link to the rendered Markdown | |||
| document and a summary of the proposal. | |||
| document and a disclosure of potential conflicts of interest where | |||
| they might reasonably apply. | |||
There was a problem hiding this comment.
Empirically, proposal summaries in the PR description don't appear to happen at all in practice. Therefore, I've dropped this part when adding the CoI clause.
| For the purposes of transparency and to underpin the "greater benefit" | ||
| principle, proposals MUST disclose possible conflicts of interest where | ||
| they might reasonably exist. Authors MAY do this by filling out the | ||
| following checklist and publishing it together with their proposal. |
There was a problem hiding this comment.
It is debatable whether RFC2119 language makes sense here. I found it helpful for differentiating between hard and optional requirements. I might be partial to this language by having worked with it in the spec for too long, however.
| - [ ] I am being paid for working on this proposal by <ORGANIZATION> | ||
| - [ ] I am an employee or member of <ORGANIZATION> which is involved in the Matrix ecosystem | ||
| - [ ] I have another relationship that might appear to be a conflict of interest: <DETAILS> | ||
| - [ ] I have some other type of financial interest in Matrix or this proposal: <DETAILS> | ||
| - [ ] None of the above |
There was a problem hiding this comment.
This doesn't include a situation where the employer is being paid by another organisation to develop the proposal
There was a problem hiding this comment.
I guess for the author, the first checkbox would still be applicable. It's a good question whether companies sponsoring other companies should also be disclosed. This might actually be tricky because those relationships could be subject to contractual privacy agreements.
There was a problem hiding this comment.
I guess for the author, the first checkbox would still be applicable
I feel like it would be a good idea to make that explicit
This might actually be tricky because those relationships could be subject to contractual privacy agreements.
Yeah, however, nothing stops individuals also making these sorts of contractual agreements. And the first line would still apply there i think? So it makes sense for there to be consistency between individuals and employers. I don't know how either would disclose that they have to keep the customer secret though...
There was a problem hiding this comment.
I guess for the author, the first checkbox would still be applicable
I feel like it would be a good idea to make that explicit
How about something like this?
I am being paid for working on this proposal by <ORGANIZATION> (which might itself be funded or sponsored by other organizations)
There was a problem hiding this comment.
no because that doesn't make it sound like they need to disclose who the organization is who is funding the work.
There was a problem hiding this comment.
While I appreciate an attempt to identify a conflict of interest that may hide anywhere down the chain of funding, I don't think it's prudent (let alone feasible) to unwrap the chain all the way, particularly in the checklist which is meant to streamline the declaration. The onus is on the author to declare the CoI wherever it sits - no kind of language can cover all specific cases. If the employer is funded by a private equity firm that has vested interest in X (pun intended), declaring that the employer is funded by that specific private equity firm doesn't expose CoI anyway.
Personally, I would use either box 1 or box 3 in this situation, clarifying the details in free text.
| following checklist and publishing it together with their proposal. | ||
|
|
||
| ``` | ||
| - [ ] I am being paid for working on this proposal by <ORGANIZATION> |
There was a problem hiding this comment.
| - [ ] I am being paid for working on this proposal by <ORGANIZATION> | |
| - [ ] I am being paid (directly or indirectly) for working on this proposal by <ORGANIZATION> |
@Gnuxie would that be better though?
There was a problem hiding this comment.
What I was trying to get at in the other thread is that only direct relationships should have to be disclosed. I think a lot of times, people writing MSCs will probably not even know what business relationships their employer has with other companies. Empirically, the joint ventures in Matrix projects can be quite complex. This formulation now makes me worry about having to name every other organisation that my employer gets income from.
There was a problem hiding this comment.
Well it does mean that the disclosure process is quite weak and doesn't put any accountability onto matrix vendors. All the disclosure is for individuals and allows vendors to hide behind their employees who will obviously only be doing work for their employer... which we likely already knew. I'm not expecting anyone to come up with a magic solution to fix that but it kinda sucks a bit now that i realise it.
There was a problem hiding this comment.
It is a double standard though.. really if your employer wants to contribute to matrix then they're gonna have to be upfront and make a disclosure statement on the MSC... if that's too much or legally grey for them... then why's the same free-pass not apply to individuals?
There was a problem hiding this comment.
To illustrate why this is a big deal: It allows the foundation to claim that the spec process has a disclosure process which on the surface sounds good. And does apply to individuals. But it does not apply to the interests of any matrix vendor. Because their disclosure is as simple as having someone say "I am a vendor employee", and that is not a disclosure of the vendor's interests that are relevant to the MSC.
There was a problem hiding this comment.
Whereas as an individual i would likely need to declare all of the following information:
- That i have an option contact to buy shares as part of my previous employment at vccorp.example.com who are a matrix vendor
- I am receiving funds from a grant from nice-people.example.com to complete a feature that is relevant to the MSC.
- I am carrying out contractual work for small-company.example.com to complete xyz feature
This is a lot of relevant information that i should disclose. But the moment i create a legal company and move my contracts there then i don't need to disclose anything:
- I am an employee at marewolf-enterprise.example.com
There was a problem hiding this comment.
Yeah, this is definitely an issue. 😕
I'm not sure how to fix this. In a way, the entire disclosure builds on good faith and we cannot systematically verify it. The only thing we can do is, if at some point it comes out that you have misrepresented your conflicts of interest, "you then get shunned as a bad faith actor" (as Rich put it on #1700).
Therefore, I was trying to phrase the checklist in a way that doesn't make the good faith, normal people obsess about their disclosures given that we have limited control over the bad faith people anyway.
Fixes: #1700
Pull Request Checklist
Preview: https://pr2079--matrix-spec-previews.netlify.app