projects / libreriscv.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
rfp_submission_guide: Added link to cont. IRC
[libreriscv.git] / HDL_workflow / rfp_submission_guide.mdwn
1 # RfP Submission Guide
2
3 * HDL workflow guide page: [[HDL_workflow]]
4 * LibreSOC bug process page: [[HDL_workflow/libresoc_bug_process]]
5 * New bug for further LibreSOC documentation: [bug #1233](https://bugs.libre-soc.org/show_bug.cgi?id=1233)
6 * email thread detailing RfP submission process:
7 <https://lists.libre-soc.org/pipermail/libre-soc-dev/2023-December/005829.html>
8 * Meeting used to introduce team to this process:
9 * *RfP submission walkthrough on IRC*, 21st Dec 2023:
10 [IRC log](https://libre-soc.org/irclog/%23libre-soc.2023-12-21.log.html#t2023-12-21T14:24:42)
11 * Continuation of RfP walkthrough on IRC, 15th Jan 2024:
12 [IRC log](https://libre-soc.org/irclog/latest.log.html#t2024-01-15T17:58:17)
13
14 ## Verbatim copy of email thread
15
16 ## email 1
17
18 Hi Luke,
19
20 Based on our conversation on bug #701, Luke suggested to start a mailing
21 list thread which we can use as part of documenting RfP submission in
22 general. This will then be added to:
23 https://libre-soc.org/HDL_workflow/libresoc_bug_process/
24
25 Thanks,
26
27 Andrey
28
29 ## email 2
30
31 On Tuesday, December 5, 2023, Andrey Miroshnikov via Libre-soc-dev <
32 libre-soc-dev at lists.libre-soc.org> wrote:
33 > Hi Luke,
34 >
35 > Based on our conversation on bug #701, Luke suggested to start a mailing
36 list thread which we can use as part of documenting RfP submission in
37 general. This will then be added to:
38 > https://libre-soc.org/HDL_workflow/libresoc_bug_process/
39
40 ah. yes. ok
41
42 so first thing: the secret URLs are to be respected and treated
43 as plaintext passwords. you DO NOT put them on the internet
44 or send them to people on publicly logged Libre-SOC resources.
45
46 https://bugs.libre-soc.org/show_bug.cgi?id=1126#c48
47
48 second: you click the "New Request" button then fill in your
49 bank details and name from the dropdown. then you put
50 in the amounts, under each milestone.
51
52 third: you go to the bugtracker and fill in the TOML field
53 with "name={amount=NNNN, submitted=YYYY-MM-DD}" in that
54 EXACT format, because it is machine-readable.
55
56 ***EXERCISE EXTREME CAUTION HERE BECAUSE YOU ARE EDITING
57 FINANCIAL BOOKKEEPING RECORDS***
58
59 if you are uncertain STOP DO NOT PROCEED ASK FOR ADVICE
60 IMMEDIATELY. it is best that you WAIT until someone on
61 IRC can walk you through the process, or set up a conference
62 call with screen-sharing to REVIEW YOUR CHANGES ***BEFORE***
63 YOU HIT THE BUGZILLA SUBMIT BUTTON.
64
65 fourth: you run the budget-sync program LOCALLY on your
66 personal machine, and if it produces errors and you know
67 how to correct them then do so, but if not STOP, do NOT
68 attempt further changes, instead IMMEDIATELY ask for help
69 on both IRC and the mailing list. this is a REQUIRED
70 (mandatory) action. do NOT if you make a mistake "just leave it"
71 as your actions will have consequences for everyone who then
72 also tries to run budget-sync.
73
74 fifth: find your own task_db/yourname.mdwn file,
75 return to the NLnet RFP and cut/paste the relevant
76 autogenerated sections into the "results" form.
77
78 you *do not* repeat DO NOT have to write a long-winded
79 report: you can write one *if it is useful to the project* but
80 should in no way feel "obligated to write one just for NLnet".
81 if you do write one it should be placed PUBLICLY onto
82 Libre-SOC resources, and the *URL* given in the associated
83 bugreport under comment #0 (which you can of course edit
84 to include it).
85
86 basically NLnet are flexible and trusting but MUST have
87 ACTUAL EVIDENCE of completion of the milestone, whatever that
88 may be, such that an EU Auditor is satisfied that no fraud
89 has taken place (yes, this *has* actually been attempted in
90 the past, by scammers).
91
92 sixth: hit the submit button, review the page and then
93 submit the RFP.
94
95 (NOTE: it is strongly recommended you take a screenshot or
96 do a "print page" to make sure that you have the bank records
97 correct! NLnet's database may get corrupted or you might have
98 one digit wrong)
99
100 seventh: the MoU Signatory will have been notified by email,
101 and should review the submission. DO NOT just "click yes",
102 you must ACTUALLY do Due Diligence as you are RESPONSIBLE
103 FOR ENSURING COMPLIANCE with the Memorandum of Understanding
104 and for knowing the FULL consequences of getting things right
105 or wrong here.
106
107 that's basically it, other than we have been asked by NLnet
108 to set up some CI which shows actual unit test results
109 passing (or, ha, failing). this will need some work as there
110 is NO WAY we can submit multi-megabyte unit test results
111 with THOUSANDS of unit tests... oh look, somwehere buried
112 in that there is ONE that is actully relevant.
113
114 no.
115
116 we need to keep NLnet's workload RIGHT down by giving
117 them as BRIEF and compact a "review" task as is humanly
118 possible whilst also giving them enough heads-up to
119 PRE-EMPT any EU Auditor questions.
120
121 PLEASE NOTE: for the >50k Grants an Audit is a *HUNDRED PERCENT*
122 guaranteed, as part of the *EU* Funding conditions. it is NOT
123 hypothetical or a "lottery" (like the one that came up a few
124 months ago where NLnet had its first *full* Audit of its
125 entire project suite, by an EU Auditor).
126
127 even for the <=50k Grants we there have to assume that an
128 Audit could take place at any time, and therefore also act
129 pre-emptively to provide NLnet with satisfactory answers
130 to questions that the EU Auditor will be asking to determine
131 if Fraud is or is not taking place.
132
133 i trust that that hammers home that this is in fact really
134 quite serious and a hell of a responsibility, because we are
135 representing NLnet's trust in us to keep these Financial
136 Records meticulously accurate, in order to not have ourselves
137 be accused of Fraud or money-laundering by the EU and thus
138 bring both ourselves *and NLnet* into serious disrepute.
139
140 as a reminder this was why i had to call an Emergency Freeze
141 and full audit of the OPF ISA WG Grant Financial Records a few
142 months ago. i *really* do not want ever to have to do that ever
143 again, so i expect everyone to LISTEN and take the above on
144 board and treat it with the seriousness it requires.
145
146 once again if there is anything you are hesitant about or
147 feel you must "assume" stop immediately and ask for help.
148
149 l.
150
151
152 --
153 ---
154 crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
155
156 ### email 3
157
158
159 >
160 > seventh: the MoU Signatory will have been notified by email,
161 > and should review the submission. DO NOT just "click yes",
162 > you must ACTUALLY do Due Diligence
163
164 which includes checking that the "submitted" date is
165 correctly entered for each milestone under its TOML field,
166 and contacting the submitter to ask that they update it
167 *before* clicking the "approve" button.
168
169 do not do this for them (except under mitigating circumstances),
170 walk them through the process. over IRC is the better medium
171 as it is both interactive *and logged* so if there are mistakes
172 or constructive feedback required there is a full audit log
173 to analyse to see what went awry, and why.
174
175
176 --
177 ---
178 crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
179
180 ### email 4
181
182 On Wednesday, December 6, 2023, Luke Kenneth Casson Leighton <lkcl at lkcl.net>
183 wrote:
184
185 > walk them through the process. over IRC is the better medium
186 > as it is both interactive *and logged* so if there are mistakes
187 > or constructive feedback required there is a full audit log
188 > to analyse to see what went awry, and why.
189
190 ninth: the person will receive their payment, and as part of
191 the secret URL there is a table stating "paid date" against
192 each RFP. the person is *required* to go back through the
193 milestones against which they first added "submitted=YYYY-MM-DD"
194 and to now add "paid=YYYY-MM-DD" on every single one.
195
196 (there is a mode of budget-sync that can perform this action
197 automatically, documented in the README, but it should ONLY
198 be used if properly understood as it can perform "mass change"
199 risking destruction of the Financial Records if abused.
200 ONLY use this program under STRICT supervision, on the
201 logged IRC Channel, with an experienced Authorized MOU
202 Agent/Signatry guiding and monitoring its use).
203
204 as with "submitted" run budget-sync to ensure that you
205 have not caused "damage" to the Financial Records.
206
207 tenth: notify the MoU Signatory Agent (Project Lead) that
208 the payment records have been updated. the Project Lead
209 *should* be receiving bugzilla change notifications but that
210 does not guarantee they have been seen: it is your
211 responsibility to keep notifying them and escalating until
212 you have received an *acknowledgement*.
213
214 eleventh: the Project Lead (MoU Signatory) then needs to
215 double-check the Financial Records, by re-running budget-sync,
216 then going to the mdwn/{payee}.mdwn file and check that
217 all tasks on the corresponding NLnet RFP have moved to a
218 "paid by NLnet" section. they should all have the same "paid"
219 date because RFPs are never split. there should also neither be
220 tasks listed as "paid" that are not listed on the RFP, or
221 tasks on the RFP but that are not listed on the payee mdwn file.
222 if there are this needs to be raised on Audit-tracked Libre-SOC
223 resources, NOT discussed privately with the payee, requesting
224 that they review and if necessary correct any discrepancies.
225
226
227
228 yes this really is this astoundingly meticulous, specific
229 and detailed, and requires extreme thorough rigour, patience
230 and diligence.
231
232 that diligence and meticulous attention is why we have been
233 trusted with the order of HALF A MILLON Euros of EU Grant
234 money over the past five years. it all comes down to being
235 able to demonstrate, if asked, in effect, putting it plainly:
236 "are you committing fraud here?"
237 we can categorically answer NO.
238
239 l.
240
241
242
243 --
244 ---
245 crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
246
247 # TODO: Refactor or remove the content below, probably duplicate...
248 ## Checks beforehand
249
250 - Is the task under a grant sub-task?
251 - Has the grant been accepted by NLnet **and** MoU signed?
252 (Work on tasks can begin after grant accepted, but RfP submission **only**
253 after MoU signing.)
254 - Has NLnet set the RfP system for the grant (and provided *the secret URL*
255 for the team members to make RfPs)?
256 - Has the task been declared complete? The comment section of the bug needs
257 to have a clear history of completed work (sub-tasks, git commits,
258 development thoughts).
259
260 ## NLnet RfP system
261
262 This site can only be accessed by a secret URL. This URL will be
263 distributed to MoU signees by Andrey or Luke after NLnet confirms the RfP
264 system is in place.
265
266
267 ## Making a submission
268
269 1. Go to the NLnet RfP system via the secret URL.
270 2.
271
272
http://libre-riscv.org ikiwiki