#354 Invitation for Fedora Linux to apply as a Digital Public Good
Opened 2 months ago by jflory7. Modified a month ago

Summary

The Fedora Project is invited to submit a nomination for Fedora Linux to be recognized by the United Nations as a Digital Public Good.

Background

I believe that Fedora Linux meets the criteria to be recognized as a Digital Public Good. You can read more about digital public goods on the Wikipedia page, but they are summarized below:

"We define digital public goods as open source software, open data, open AI models, open standards and open content that adhere to privacy and other applicable best practices, do no harm and are of high relevance for attainment of the UN’s 2030 Sustainable Development Goals (SDGs)."

I believe Fedora Linux supports Goal 9 of the UN's SDGs:

"Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation."

The context of what "infrastructure" means in a 21st century context is changing. It's not just cars, trains, and planes; it is also fiber lines, bits and bytes. I believe Fedora Linux being recognized as a digital public good is an important step to recognize the role that Fedora Linux plays, in its many forms, as a platform for Open Source innovation.

Details

The ask is completing the DPG nomination form for Fedora Linux.

There is a short version and a long version. The short version is one page, asks mostly basic questions, and you will likely have a follow-up to clarify more details. It may take more time in the long tail. The long version is multiple pages and one will need to block time out to complete it. This should be completed by someone who can officially represent the Fedora Project as an individual.

I can also offer advise and feedback for completing and submitting the application.

Outcome

Fedora joins the growing registry of Digital Public Goods and gets connected to the mission of the DPG Alliance in promoting DPGs, especially in government, civic tech, and non-profit contexts.


I'm unclear on what the benefits for this might be for us — what does being connected to this mission do for us concretely?

I'm also a little concerned about the obligations that might be connected to "adhere to privacy and other applicable laws and best practices". While obviously we must adhere to laws, we also package a lot of upstream open source software that we are not always able to police for "best practices".

I'll put this on the meeting agenda for Thursday

@bcotton wrote…
I'll put this on the meeting agenda for Thursday

Thanks Ben! I'll come ready for this one on Thursday. In the meantime, I'll share some thoughts in reply to @mattdm for all to think on before the meeting.

@mattdm wrote…
I'm unclear on what the benefits for this might be for us — what does being connected to this mission do for us concretely?

There are four key benefits, each outlined below:

1. Discoverability

Nominated projects and DPGs alike can be found on the DPG Registry. As an added bonus, the DPG Registry is partially compiled from, and feeds back into, partner systems like the Catalog of Digital Solutions maintained by the Digital Impact Alliance (DIAL). This method of cross-pollination enhances a project’s discoverability and accelerates the likelihood of it being found and adopted by public sector organizations and governments looking for innovative solutions.

2. Support for adoptability

Digital public goods have clear documentation, open licenses, and follow standards and best practices that make them easy to adopt. The DPG Alliance supports nominees working to meet these standards with a technical team to navigate which documentation or requirements are needed.

The release notes, installation guide, System Administrator's Guide, and Quick Docs are examples of ways Fedora Linux fits this model of adoptability.

3. Development impact

Open Source will be at the core of future international development efforts. As part of the digital transformation unfolding globally, governments and development agencies are re-framing approaches to international development with a focus on creating and adapting Open Source projects.

Nominating a project to become a digital public good signals alignment with the United Nations Sustainable Development Goals and a commitment to making an impact. DPGs are a part of a growing network of projects committed to Open Source principles that also respect privacy, strive to “do no harm”, and help attain the SDGs.

4. Becoming a Digital Public Good

Nominating a project is the first step toward being reviewed against the DPG Standard, and - if passing - confirmed as a digital public good. Becoming a DPG provides exposure to development organizations including UNICEF and members of our communities of practice that look to highlight projects so they can receive the support needed to be adopted by governments globally.

@mattdm wrote…
I'm also a little concerned about the obligations that might be connected to "adhere to privacy and other applicable laws and best practices". While obviously we must adhere to laws, we also package a lot of upstream open source software that we are not always able to police for "best practices".

It is OK to put exactly this into the nomination form when answering this question. For context, the minimum requirement is validated in Fedora's Privacy Policy and GDPR compliance.

Discussed in 2021-03-18 meeting.


Questions

Three key questions were raised today:

  1. Is the DPG Standard like measuring sticks or do they create obligations? How is change managed for the DPG Standard, and how do those changes impact projects already submitted?
  2. Does anything have to be legally signed for?
  3. How is "do no harm" measured?

Answers

I have circled back on some of these and have answers below for what I have. I am happy to take more questions or doubts.

  1. The DPG Standard is a set of requirements. It creates new obligations only if you have to undergo work in order to meet the Standards. This is something that can be figured out during the submission process too, and does not come with a binding agreement to do new work if it is determined Fedora Linux did not fully meet the Standard.
    1. No clear answer yet on how changes to the definition are managed, but as I understand it, the process is partly-inspired by the Open Source Definition, in that revisions 1.1 to 1.9 of the OSD typically are inclusive of Open Source licenses approved under a previous version.
  2. No signatures, but someone from the project has to make certain claims on behalf of the project.
  3. Generally the DPG Alliance focuses on whether a project was designed to minimize the potential of harm. The DPG Standard defines this into three smaller categories of Data Privacy & Security, Inappropriate & Illegal Content, and Protection from harassment. Our GDPR compliance in Privacy Policy meets the Data Privacy & Security requirements. The second two lean more into content moderation, which I feel like the Fedora Code of Conduct adequately covers to get over the submission line.

We tentatively booked some time in the next Council meeting agenda (8 April) to review the most recent comments here, and if there are any clarifications that can be made to improve understanding.

At the encouragement of @bcotton, I also booked the 10 June 2021 video meeting slot along with a colleague of mine, Victor Grau Serrat. Our presentation is titled, Is Fedora Linux the next Digital Public Good?

Of course, it would be nice to submit an application as a Digital Public Good before June, and then use the video meeting to go deeper and review confusing points. I think this would make the most value of this session, if Fedora is able to apply by 28 May (to allow review time before the video meeting).

Login to comment on this ticket.

Metadata