[members-discuss] Questions to RIPE NCC in light of last GM

Mon May 27 15:34:20 CEST 2024

On 27/05/2024, 13:17:22, "Mihail Fedorov" <mihail at fedorov.net> wrote:
>I’m not sure about other members. But from my perspective - members funded org structure means you should have report on every single cent spent, no exclusions possible. How many servers put and what for and what are traffic amounts on each switch port. This is how governance works normally. You don’t have to read all reports, but they should exist.

They could exist but at a price and of what utility? They cannot change
history and retribution is not effective management nor are 700 members
whatabouting every item and challenging them as they would have prefered 
a
different decision.

They may deter some abuses but there are more efficient methods. It is
also very easy to hide things in such reports - see government/military
contracts.

>You don’t simply trust your bank, you do research when choosing.

Yes we do. You may check for previously publicly exposed problems but
you do not go in and audit their current systems/software/organisation
and practices. If you did you would find things you do not like in all
of them,

You elect your government (assuming you are in a democracy), have them
regulate the banking sector and trust their reports saying it is all 
fine.

>  You do not trust apartment online photos, you go and check

Yes we do. You may go have a look around, but usually pay a 
surveyor/have
your lawyer get a report saying that stuff looks ok and their annual
inspections are all current and correct, to the extent they are required
to be by law.

You do not personally sample and test the building cladding to checked 
if
it is made of flamable materials, excavate and check the foundations, 
test
all the building systems are in spec.

You trust someone else more expert in the matters to do this.

>You demand from your government full transparency.

Governments are not usualy transparent until about 30 years later
when the secret documents become public (redacted) and the guilty
are long gone.

>But when it comes to RIPE - doing NDA on supply chain is somehow ok.
>
>Regardless of *any* personalities and regardless of *any* trust you might or might not have in them - this is terribly wrong and leads to terrible things.

We are trusting the systems not individual people.

>I will be happy to understand how “trust us, what we do is not your business” model can be better by any means.

That is totally not how governance works.

20000 of us don't have time (ok some seem to have more time to go into
the bits that interest them on the list) for this so we elect a board
to look after it.

We don’t pay the board to be full time so they hire a management team
and staff to manage daily operations.

There is delegation throughout but they are accountable so if there
were problems members/board/managment can audit/investigate/report/fix.

We are literally paying with our fees to not have to do all this 
ourselves
unless it majorly screws up, and then we'll make a committee to sort it 
out.

brandon