Considerations around legal advice

In the absence of facts, I speculated earlier that the PSF needed legal review and should fire its PR firm.

But now that more facts are out, I think I got it exactly backwards: the PSF should hire a PR firm to advise on when to push back. I’m wholly sincere about intent here, if not married to mechanism. Lawyers often push for CYA to the exclusion of all other considerations. PR people have a more balanced view.

When PythonLabs was paying the legal bills to keep Python free from too much employer control, we eventually pulled the plug. The legal advice we were getting was great, but also seemingly never-ending, piling on ever-more pages of clauses to guard against ever-more fantastical "what if?"s. We finally said “thank you, but that’s enough - if space reptiles do conquer the Earth and want to seize control of Python, they’re not going to respect that XYZ Corp signed a contract explicitly forbidding that” ,

Of course that’s absurd exaggeration, to make the point. On advice of legal counsel, I can’t say more about the actual last straws(*).

Which ix exactly what “transparency” ends up looking like if you feel bound to counter every worst case lawyers can point out. PR people know that it comes across as the opposite of transparency, which carries existential risks of a non-legal nature (the trust of its members is the lifeblood of a membership organization - ask any PR person - and “forthrightness” is very highly valued).

Could we please skip accusations of that I don’t trust the current PSF? I do. Period. This is intended to provoke thought about what excessive reliance on legalistic logic-chopping can lead to. We’re on that path to my eyes, but still far from falling off the cliff it can lead to.

(*) Article III, Section 1, of the US Constitution:

The judicial Power of the United States, shall be vested in one supreme Court, and in such inferior Courts as the Congress may from time to time ordain and establish. The Judges, both of the supreme and inferior Courts, shall hold their Offices during good Behaviour, and shall, at stated Times, receive for their Services, a Compensation, which shall not be diminished during their Continuance in Office.

Why on Earth does it talk about their salaries? Because the writers anticipated that politicians could try to pressure judges by cutting their salaries. Now they can’t. The only way left to pressure a judge is to threaten to impeach them on the “good Behaviour” test, which is very much harder to pull off.

Our “last straws” were vaguely of that nature, clause after clause intending to prevent employers from making our working lives hell to pressure us. And I wouldn’t be surprised even a little if a lawyer advised I should not have said that much - the names of potential employers at that time aren’t hard to find, and it’s certainly possible “in theory” that one could claim reputational harm from the purely hypothetical implication that they might have tried to play dirty tricks like that. But we didn’t think they might - it was our lawyer doing their best to protect us (& Python) from the worst cases they could imagine. That’s what we were paying for, but it was ultimately our call, not theirs.

BTW, during my years on the Board, I paid for personal liability insurance covering my Board activities. I don’t routinely reject legal advice It’s a valued input to me, but not the last word. If the PSF hasn’t since changed to cover liability insurance for Board members as a cost of doing business, it really should. Members may not all know that PSF Board members serve “for free”. But insurance isn’t free, and not all can afford it on their own.

Apologies for the possibly stupid question but what is the context here? I have no idea what facts you are referring to.

Rest easy, nothing “stupid” about it. A moderator moved this message from another topic, here:

Which is very long and contentious already. Much of what I wrote here is more-than-less directly addressing points at various places in that thread, but what I wrote was already so long I didn’t want to bog it down with quote after quote.

So I ended up quoting nothing - which, alas, left parts pretty baffling when removed from its original context.

BTW, I had (& have) no objection to the post being moved. And I thank you for nudging me to link back to the post’s original home.

Thank you for clarifying. (I had muted that thread from the beginning since I wasn’t interested in the topic, so I hadn’t noticed the contention around it.)

I definitely agree with this general sentiment. For example, the Python CLA was long ago a pain point when dealing with occasional contributions, because it involved tedious paperwork both for the submitter and the understaffed PSF. Many high-profile open source projects go fine without a CLA, but the PSF has always stubbornly insisted that the CLA is absolutely necessary to protect, well, I don’t even know what exactly (how can you trust a CLA signed by a person nobody actually knows?), but something important about Python.

(I also saw this recently in an unrelated org where some well-meaning legal advice led to a dysfunction-inducing reorg that we are still not sure how to deal with)

That was quite a while ago, these days the PSF does carry insurance for staff, board members and officers.

Thanks, Deb! I’m not a lawyer, but it sure seemed so to me too by reading all the text about “indemnification” and such in the current bylaws. But this part of the recently posted FAQ in the parent topic seemed to say the current Board was still seriously scared by the notion of personal liability:

For all I know (I don’t), the indemnification text in the current bylaws was also present when I was on the Board. But whether it was or wasn’t, I was advised at the time that I should obtain “personal” liability insurance.

I don’t even have a clue about the legal meaning of “personal liability”. The only mention of personal liability in the bylaws I can find is:

a director of the corporation shall not be personally liable to the corporation or its members for monetary damages for breach of fiduciary duty as a director

Which appears to have scant connection to what Christopher is warning about (and he already pointed to Article Xii above, from which my quote is taken, so he didn’t think it offered relevant protection either).

Indeed, that FAQ answer is an example of what I was talking about in my post here. It’s telegraphic legalisms presented as unquestionable, absolute constraints. The claims it makes are surprising, too. I’m old, and I’ve never before heard of a membership organization being held legally responsible for anything one of its members did on their own. Well, not under US law.

Guido started the Python project at CWI (in the Netherlands), and legalistic wrangling was conspicuous by absence for the duration. It was very refreshing.

The CLA requirement predates the PSF, and was introduced by CNRI (Python’s second home). The latter non-profit largely lives by government-funded projects, and is acutely sensitive to legalisms. The first “crisis” I recall in the early days was in fact the imposition of a CLA requirement. Those had to be delivered by snail mail, as I recall. It was exceedingly unpopular with the contributors at the time. but most of us stuck around anyway.

You may recall the great uncertainty about Pythons 2.0 and 1.6 when PythonLabs was formed and Guido moved to BeOpen.com (while still live, the page that link points to now has nothing to do with this) . That was all legal haggling with CNRI. 1.6 was dubbed “the contractual obligation release”, and was the last from CNRI (although Guido had already moved on).

To be clear, CNRI also had Python’s best interests at heart, but its vision was different. For example, the text of the current Python license, mostly inherited from CNRI’s lawyers, is far (crossed out - “far” is too strong) more elaborate and “corporate-sounding” than typical open-source projects impose. Outside of, e.g., the GPL. And haggling between CNRI’s lawyers and GNU’s lawyers over whether their licenses were “compatible” consumed enormous amounts of many people’s time (mine included).

Anyway, PythonLabs and the PSF weren’t able to persuade CNRI to let go of any “control” it still retained. I assume that keeping the CLA requirement is part of that, and also assume that nobody is still trying to persuade CNRI to cut Python completely loose from its legal legacy.

Bingo. Unintended consequences abound. PR people have seen it all before.

Want to break that out for special emphasis here. There are any number of “GPL compatible” open source licenses that I’m sure the PSF membership would be perfectly happy with. So the enormous work devoted to “defending” the CNRI license was solely due to all sides following their lawyers’ recommendations without pushing back. The very real (at the time) harm done to the communities was brushed off.

A difference is that the FSF is in the business of lawfare - they were never going to budge.

But that’s too facile . I expect just about any lawyer would recommend requiring CLAs. It’s a CYA thing at heart. The current PSF CLA gives both the PSF and the contributor protections from “worst cases”, and without the requirement for snail mail (which contributors outside the US found especially obnoxious) it’s a minor (to my sensibilities) burden to play along with.

Buti if it’s ever possible to consider dropping it, I’d welcome an open debate about it.

I’m not sure I understand the argument here.

In the previous thread it seemed there was an assumption that the Board had proposed changes without getting/taking into account legal advice, and a claim that it would be bad for the Board to do so.

The Board made clear that they are getting and acting on legal advice, and now in this thread… it’s seemingly bad that the Board is doing so?

I don’t think it’s possible to have it both ways.

Not both ways simultaneously. Best guesses changed as more facts were presented.

To me, the argument relates to this quote by @chrisjrn (this is just to attribute the quote FTR, I assume the position depicted in the quote is not solely personal) :

We can’t discuss any events that would hypothetically lead to removing a Fellow, or even whether there have even been any events that would warrant a removal, because releasing details — or even the existence — of investigations where we failed to remove a fellow would open us up to the possibility of liability.

But I agree the legal argument was brought by both sides.

Christopher is on the Board of Directors, and started the parent topic, so unless he explicitly says otherwise in some message it’s reasonable to assume he’s speaking for the Board in these topics. So, no, not just personal - by default in this context, he’s officially speaking for the PSF.

We can’t discuss any events that would hypothetically lead to removing a Fellow, or even whether there have even been any events that would warrant a removal, because releasing details — or even the existence — of investigations where we failed to remove a fellow would open us up to the possibility of liability.

That’s certainly an instance of what I’m trying to say: despite all the good will in the world, it comes across as the opposite of “transparent”. “Sorry, we can’t say anything about anything, period.” Which I have no doubt is what a lawyer advised them to say. Lawyers have said very much the same to me at times.

To which I say, “consider pushing back - and for detailed reasons for why that should be considered, pay a PR professional for expert advice on the human psychology of corporate communications”.

The law is certainly important, but in reality it’s not the only thing in play. At some times, there may be things even more important to the health of a membership organization than trying to wholly eliminate any possibility whatsoever of legal risk.

According to me. Your lawyer may not agree - but your PR flak will .

An example of something I, personally, would be wholly willing to say if I were still on the Board, regardless of how many lawyers advised that there was some fantastical possibility of opening the PSF to liability of some kind (of which kind I can’t imagine - but I’m not a lawyer):

“”"
Suppose a PSF Fellow were convicted of fraud, for trying to sell unauthorized and worthless “PSF Python Excellence” certificates to the grandparents of tens of thousands of Python students. In that case the Board would almost certainly act to terminate their PSF membership.
“”"

Easy call to me. But then I did buy millions of dollars worth of personal liability insurance coverage for my Board activities .

And really, once you’re in that scenario, might as well get your money’s worth!

(True only in hindsight, probably, once you no longer also have to worry about the resulting exponential growth of the following year’s insurance premiums.)

ETA: Personally I’ve always found abject poverty to be the ultimate ass-covering shield. Anything short of inviting criminal charges is effectively penalty-free. “From a certain point of view.”

Since it’s my hypothetical, here’s more detail on how it came to be, where “L” is the lawyers and “B” is the Board:

L: Best to say nothing at all.

B: Let us push back on that. We may not be legally required to tell the members anything, but believe some level of transparency is vital for extra-legal reasons. How can we minimize - if not wholly eliminate - the legal risk of saying something?

L: Sure, although it’s against my best legal advice. Provided that’s understood, let’s proceed. What do you have in mind?

B: Understood. Could we, for example, explain exactly what the nature of the legal risk of saying more might be?

L: Oh no. This is a very unlikely scenario, and you could be held legally liable for disclosing exactly how it might come to be. It’s all but daring someone to try to provoke it. It’s akin to leaving a loaded gun on a table and walking away.

B: OK. How about a pure hypothetical? Extreme in several respects?

L: That could work. And avoid any absolutes. Always leave an out. For example, instead of saying “we would”, say “we almost certainly would”.

B: OK! Let’s brainstorm some concrete text.

And so it goes on, until we end up with what I posted.

It needn’t be confrontational at all. You’re all on the same team, but the people paying the bills have the final call, and good lawyers have no problem with that. Indeed, they’re used to it. Likewise a good PR flak will have no problem if you take a lawyer’s conflicting advice. On most issues, they’ll agree.

Only partly joking, this has worked to the PSF’s advantage. Over most of its life, it hasn’t had enough financial assets to be worth the bother of trying to sue. I’m not sure if it’s still the case, but for at least most of its life the PSF has only been one PyCon away from potential bankruptcy.

BTW, I was amazed at how inexpensive (a relative term, of course) it was to obtain personal liability insurance at the time. My own squeaky-clean record helped, but I was pleased to discover that it helped even more that the PSF has US 501(c)(3) non-profit status. It cost significantly less than, e.g., my car insurance.

Of course, that may just imply that you’re a menace behind the wheel, and a danger to yourself and others.

A fine illustration of Occam’s Razor! You nailed it

But I don’t need a car to wreak havoc. I’m so dangerous I left a string of innocent failed startups in my tsunamic wake. I eat “now I am become Death, the destroyer of worlds” for a mid-morniing snack .

I want to clarify that it’s no longer the case: the current Python CLA, both the form itself and the process, are enormously friendlier now.

It’s automated now, just a few clicks in your browser, typically done when a new contributor first opens a pull request on Github. The text is as short and plainly stated as legal counsel could be harassed into accepting .

Seriously, as I recall Van Lindberg was key to crafting this. He’s a top-notch lawyer specializing in open source issues, and a former PSF Board chair. The PSF’s CLA text and process are, by far, the friendliest I know of across all projects anywhere requiring a CLA. And, yes, Van said having a CLA was essential for the PSF.

BTW, note that the PSF’s CLA promises the contributor that the PSF will not release the contributed code under anything other than an open source license “approved by a unanimous vote of the PSF board”. So, contrary to an oft-repeated claim in the parent topic, it’s not true that “simple majority” suffices for all Board actions today.