[IAEP] Today's meeting topic: Financial report first quarter 2017 by mail

James Cameron quozl at laptop.org
Fri Aug 4 19:53:25 EDT 2017

G'day Adam,

I've a degree in business, which included accounting, and have
recently completed extra training on governance, so I'll comment on
what I've seen; in context below;

On Fri, Aug 04, 2017 at 05:03:06PM -0400, Adam Holt wrote:
> 1) Detailed Sugar Labs financial info is provided for the entirety
> of 2016 and 2017-to-date below.

Interesting, thanks.  I've no issues with the numbers or transactions.

> The entirety of Sugar Labs financial info is almost 1/3 of gigabyte
> as checked out from SFC,

Quite a small data set, at only 333 MB.

> so more details can be obtained later this year should finer details
> be truly necessary, with a finer-toothed comb,

Looking through the meeting minutes, you probably don't need to worry
so much about this; the board members are entitled to full access to
the data, read-only, and are obliged to keep the data as secure as

Yes, it will include private identifiable information (PII) of Sugar
Labs members or other participants.  In dealing with Sugar Labs,
people expect the board may see this PII.

Not every board member will access the data, or have the knowledge to
decode and understand the data.  But they are entitled to it.

Here's what I suggest;

Don't make it available by posting a URL to any mailing list, not even
slobs@, but instead send it privately to board members who request it,
and include a way for board members to confirm they have the same copy
of the file as other board members.  e.g. with a digital signature or
md5sum that you post on the slobs@ mailing list.

> to de-identify personal home address and very personal account
> numbers therein, which make everyone vulnerable to identify theft.

No, that is not necessary; as long as the board members know the data
must be kept confidential to the board.

> Until then, this below provides a very detailed picture of all funds
> received and spent over the past 19 months.

This and your follow-up messages on this thread could be pulled
together into a single report to the board rather than a series of
messages.  It would make your intent clearer.

A report to community may be different to a report to the board,
containing less identifying information.

James Cameron

More information about the IAEP mailing list