1 |
Hi, |
2 |
|
3 |
Alec Warner: |
4 |
> On Wed, Apr 3, 2019 at 10:04 AM NP-Hardass <NP-Hardass@g.o> wrote: |
5 |
> |
6 |
>> On 4/3/19 8:43 AM, Alec Warner wrote: |
7 |
>>> |
8 |
>>> |
9 |
>>> On Wed, Apr 3, 2019 at 7:31 AM NP-Hardass <NP-Hardass@g.o |
10 |
>>> <mailto:NP-Hardass@g.o>> wrote: |
11 |
>>> |
12 |
>>> On 3/31/19 11:20 PM, William Hubbs wrote: |
13 |
>>> > Hi all, |
14 |
>>> > |
15 |
>>> > two weeks from today (2019-04-14) the Gentoo Council will meet at |
16 |
>>> > 19:00 UTC in the #gentoo-council channel on freenode. |
17 |
>>> > |
18 |
>>> > Please reply to this message with any items you would like us to |
19 |
>>> put on |
20 |
>>> > the agenda to discuss or vote on. |
21 |
>>> > |
22 |
>>> > Thanks much, |
23 |
>>> > |
24 |
>>> > William |
25 |
>>> > |
26 |
>>> |
27 |
>>> I'd like the council to discuss the issue and general trend of |
28 |
>> actions |
29 |
>>> (particularly recent) to restrict the ability of developers to |
30 |
>>> contribute to Gentoo. In my view, efforts are being made to make |
31 |
>>> contributions as users substantially easier, while efforts are being |
32 |
>>> made to make being a developer substantially harder. The months of |
33 |
>>> studying, quiz taking, and interviews set a bar that should make |
34 |
>>> contributions from those individuals that become developers easier |
35 |
>> than |
36 |
>>> the average user, not more difficult. |
37 |
>>> |
38 |
>>> |
39 |
>>> This is a pretty vague statement, are there particular things you want |
40 |
>>> the council to review; or just the 'general trend'? |
41 |
>>> I'm not aware of any recent changes to the developer onboarding process. |
42 |
>>> |
43 |
>>> -A |
44 |
>>> |
45 |
>>> |
46 |
>>> |
47 |
>>> -- |
48 |
>>> NP-Hardass |
49 |
>>> |
50 |
>> |
51 |
>> Not just the onboarding, but the retention too. General trend is what |
52 |
>> I'm proposing should be discussed publicly during the meeting. |
53 |
>> |
54 |
>> Three points: |
55 |
>> |
56 |
>> At present time, everyone needs a "Real Name" to contribute. A user, |
57 |
>> with a new email address, can allege to be "Foo Bar" and contribute |
58 |
>> without impediment, but, as recent proposals would have it, developers |
59 |
>> would need to show proof of ID over video call to become part of the web |
60 |
>> of trust for committing. That effectively allows any user to remain |
61 |
>> anonymous by using a false name, obviating a huge portion of the alleged |
62 |
>> benefit to requiring names in the first place. So, developers can be |
63 |
>> held to such a high standard that they can either no longer contribute, |
64 |
>> while we trim eligible pool of new developers and compare that to the |
65 |
>> ease with which any "named" contributor on github or bugzilla can do as |
66 |
>> they please. |
67 |
>> |
68 |
> |
69 |
> I think it is reasonable to try to pursue a more inclusive policy where |
70 |
> identity is more flexible (as I discussed in a different message on this |
71 |
> thread), but keep in mind the Council (and really a few key members) spent |
72 |
> over a year working on the policy we have; so I'm not certain its a trivial |
73 |
> change. You are free to dislike the policy we have and you are free to |
74 |
> suggest we pursue a more inclusive policy, but at least here as a trustee |
75 |
> who voted for it we made a deliberate choice here and barring some middle |
76 |
> ground where we somehow understand that contributions to Gentoo are done in |
77 |
> a low-risk way, we will continue to reject commits from obvious |
78 |
> contributors. |
79 |
> |
80 |
> What I refuse to engage in is an incessant debate about the policy we have; |
81 |
> please accept that we made it in good faith to reduce legal risk for the |
82 |
> project and, if an alternative is presented that keeps risk low while |
83 |
> accepting a broader set of contributions we will consider it in the same |
84 |
> good faith. |
85 |
> |
86 |
> -A |
87 |
> |
88 |
|
89 |
I don't doubt people's good faith in proposing this policy and I'm sure |
90 |
it's done with the best interest in mind. I apologize for not doing the |
91 |
homework for the following question: did the Foundation pay for any kind |
92 |
of legal counsel on this matter? I think one thing most of us struggle |
93 |
with is that we are not lawyers. It would help to put people's mind at |
94 |
ease if the Foundation consulted a lawyer that clearly explained: |
95 |
|
96 |
- What exactly is the legal liability being addressed here? |
97 |
- Have there been any precedent cases of copyright infringement |
98 |
(constrained to the context of copyrighted ebuilds, or code of similar |
99 |
nature) to make this a more realistic threat for the Foundation? |
100 |
- In the case of a potential court case, how is the liability |
101 |
distributed among involved parties? Would we be legally required to |
102 |
track down the contributor (whose identity we may or may not have |
103 |
confirmed yet)? |
104 |
|
105 |
The reason why I'm suggesting this is because I've talked to a friend of |
106 |
mine, who is a software patent lawyer, about the DCO and GLEP. Their |
107 |
first impression was that the DCO itself has no clause for requiring a |
108 |
legal name, so signing it with a fake name may not violate the DCO |
109 |
itself. So the (informal) conclusion is that as long as nobody sues you |
110 |
for copyright infringement, there is no legal problem with using a fake |
111 |
name to sign the DCO. I know it sounds very obvious but the point is |
112 |
that legal people have a better grip of the situation than we do, and |
113 |
the community is more likely to take their word and justification for it. |
114 |
|
115 |
> |
116 |
>> We currently have a RFC, just posted two days ago, for developers to be |
117 |
>> regularly tested to maintain commit status. Again, if the developer |
118 |
>> feels like it, maybe it is easier for him/her to just become a plain old |
119 |
>> user and submit patches, waiting on the (as I see it, dwindling,) amount |
120 |
>> of active other developers ready to commit instead. |
121 |
>> |
122 |
>> Totally anecdotal, I've seen developers that have fairly decent QA on |
123 |
>> their own commits merge PRs from users without full review and |
124 |
>> introducing a whole host of issues because code from users isn't always |
125 |
>> vetted as thoroughly as ones own work. So, I'd argue, the QA standards |
126 |
>> of being a dev don't quite apply to you as stringently once you |
127 |
>> downgrade to being a user... |
128 |
>> |
129 |
>> At the end of the day, holding developers to higher standards than users |
130 |
>> is a given, but it shouldn't be more onerous to be a developer than to |
131 |
>> be a user contributing. |
132 |
>> |
133 |
>> -- |
134 |
>> NP-Hardass |
135 |
>> |
136 |
>> |