[Board] Role Of Officers

Frank Warmerdam warmerdam at pobox.com
Thu Feb 7 10:24:02 PST 2008


Tyler and I raised the question of what is an appropriate number of officers,
what their responsibilities and powers are and such on the Foundations mailing
list.  We received a few responses, some of which missed the point.  I found
the following to be the most pertinent.

To be honest, I wasn't left with the sense that any of these were
deeply grounded in a strong legal understanding of the issues, but
perhaps I'm looking for more than there is in all this.  The lessons
I took away:

1) Officer roles other than Pres/Treasurer/Secretary are essentially
defined by the organizations bylaws, including rights and responsibilities.

2) Designating people with officer roles can be useful as a form of

3) Designating officers creates a network of responsibility that is
useful if we need to make a legal case that we as a foundation were
doing something.  For instance to show we are making an effort to
manage our source code in a responsible way. (As I recall this
was also a point that Rich Steele made).

4) We as a foundation can be held legally liable for the actions
of officers.  We should show at least some caution in who we assign
such responsibilities too.

My personal recommendation is that we continue to have officer
VPs for the projects and for our major designated committees but
that we stop having VPs for local chapters.  Of course, the local
chapters can designate their own officers internally but they are
not directly tied to, nor representing the international foundation.


Brian Behlendorf writes:
One thing I seem to recall from setting up Apache: there existed a desire
to make sure that the actions developers take while working on Apache
projects can be to some degree legally protected by the corporation.
E.g., some patent troll discovers an Apache project seems to cover some of
their claims - who do they sue?  They can sue the committers, but what we
would like is for them to be limited to suing the Foundation instead, so
we can fight the troll with more resources (and probably fewer interesting
assets) than the individual had.  So long as a committer held up their end
of the bargain, which was to not knowingly commit work they knew was
covered (or to clearly cite those patent claims they do know are covered
by that work), then the ASF should try and fight on their behalf.

In order to get that protection, though, it had to be clear that the board
was delegating thier corporate responsibility of oversight to the actions
of the developers.  The VP role was thus created, as the bridge between
the board (to whom they had to send a status report of the project on a
regular basis - once every month, now every 3 months I believe) and the
developers on the project.  Which means the VP is expected to be roughly
aware of, and roughly overseeing, everything taking place within that
project - commits, new committers, a fair process, etc.  The VP can take
whatever action they deem necessary, such as cutting off commit privs or
removing violating code from the repository, when necessary to protect
Apache's interests; though for anything less than a dire emergency they'd
be crazy to do it without consensus from the other committers, as the
board usually expects the committers to propose their VPs for board
confirmation, as a check to make sure the right people are in those

This also means that a bad VP choice could place the organization into
some amount of jeopardy.  It would be a stretch, but if the VP was sued
for, say, violating someone's civil rights in the course of their Apache
work, you could fire the VP, but liability for their actions (a court
case, and if successful, financial penalties) might remain against the
Foundation.  Not something to worry about every day, but it might be one
reason not to give out VP titles the way we give away software.

This applies to whether the board themselves create and manage the VP
slots, or an ED does.


Evan Leibovitch writes:
FWIW, based on my involvement with a bunch of nonprofits (in and out of
the FOSS community):

Most jurisdictions of which I'm aware require only three specific
officers for the purpose of reporting and  accountability; President/ED,
Secretary, and Treasurer. Everything else -- _especially_ including
Vice-President(s) -- is an internally defined frill that may be useful
to the org but isn't legally mandated.

As a result, approaches towards VP titles vary wildly. They can be used
as a way to reward outstanding volunteers with a title, without giving
them actual responsibility; at the other extreme, VPs may exist to do
all the heavy lifting, leaving the Pres/ED to spend more time as a
delegator and cat-herder than anything else. Much depends on the
personal style of the Pres/ED; generally boards hold the Pres/ED
accountable for the composition (or, more usefully, the accomplishments)
of the team as a whole but don't get involved in the VP selections
themselves. Most charters that I've seen do not require board
confirmation of VP selections.

To use a poor sports analogy: the owner hires the coach, and then lets
the coach pick how many assistants to have and who they are. So long as
personnel costs are within budget, the owner doesn't get involved with
the assistants while holding the coach accountable for the team's

NPO charters may be (and are often) deliberately vague about VP roles,
allowing them to be created and demolished at the President's whim. Some
mandate specific VP roles (ie, someone to step up in case the President
cannot serve, often defined as the "Executive VP"....) while allowing
other VP positions to be introduced as needed.


Justin Erenkrantz (Apache) writes:
Obviously, since you are following our model, it's what we feel in
Apache is right.  =)

In Apache, a PMC Chair has responsibility over the project and the
community - they could perhaps sign a contract just for that project,
but they do not have any recognized authority outside of that project.
  If they tried to do something outside of that, the Board would smack
'em down.

and later:

On Feb 6, 2008 8:33 AM, Frank Warmerdam <warmerdam at pobox.com> wrote:
 > > The concern that has been expressed at the board level is whether there
 > > is a danger in having so many executives, some of which are really not
 > > that well known to the board or the ED.

It depends on what their roles are.  Within the ASF, it's unlikely I
can name every one of our TLPs off the top of my head - but having *a*
designated person for the Board to go to if we have an issue with a
PMC is a *very* *very* good thing.

 > > In general we are looking for
 > > what the legal responsibilities of corporate officers are, in turn what
 > > risks we are taking when we appoint people as officers.

The responsibilities are usually dictated by your bylaws.  For Apache,
our PMCs are set by Section 6.3 of our bylaws:
http://www.apache.org/foundation/bylaws.html.  The 'Exec Officers'
(who should be known to your board) are described in 6.2.

I wouldn't generally be worried about having lots of mid-level
'officers'.  Empowerment is good.  -- justin

Best regards,
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | President OSGeo, http://osgeo.org

More information about the Board mailing list