| 1 |
Hi, |
| 2 |
|
| 3 |
Alec Warner: |
| 4 |
> On Wed, Apr 3, 2019 at 10:04 AM NP-Hardass <NP-Hardass@g.o> wrote: |
| 5 |
> |
| 6 |
>> On 4/3/19 8:43 AM, Alec Warner wrote: |
| 7 |
>>> |
| 8 |
>>> |
| 9 |
>>> On Wed, Apr 3, 2019 at 7:31 AM NP-Hardass <NP-Hardass@g.o |
| 10 |
>>> <mailto:NP-Hardass@g.o>> wrote: |
| 11 |
>>> |
| 12 |
>>> On 3/31/19 11:20 PM, William Hubbs wrote: |
| 13 |
>>> > Hi all, |
| 14 |
>>> > |
| 15 |
>>> > two weeks from today (2019-04-14) the Gentoo Council will meet at |
| 16 |
>>> > 19:00 UTC in the #gentoo-council channel on freenode. |
| 17 |
>>> > |
| 18 |
>>> > Please reply to this message with any items you would like us to |
| 19 |
>>> put on |
| 20 |
>>> > the agenda to discuss or vote on. |
| 21 |
>>> > |
| 22 |
>>> > Thanks much, |
| 23 |
>>> > |
| 24 |
>>> > William |
| 25 |
>>> > |
| 26 |
>>> |
| 27 |
>>> I'd like the council to discuss the issue and general trend of |
| 28 |
>> actions |
| 29 |
>>> (particularly recent) to restrict the ability of developers to |
| 30 |
>>> contribute to Gentoo. In my view, efforts are being made to make |
| 31 |
>>> contributions as users substantially easier, while efforts are being |
| 32 |
>>> made to make being a developer substantially harder. The months of |
| 33 |
>>> studying, quiz taking, and interviews set a bar that should make |
| 34 |
>>> contributions from those individuals that become developers easier |
| 35 |
>> than |
| 36 |
>>> the average user, not more difficult. |
| 37 |
>>> |
| 38 |
>>> |
| 39 |
>>> This is a pretty vague statement, are there particular things you want |
| 40 |
>>> the council to review; or just the 'general trend'? |
| 41 |
>>> I'm not aware of any recent changes to the developer onboarding process. |
| 42 |
>>> |
| 43 |
>>> -A |
| 44 |
>>> |
| 45 |
>>> |
| 46 |
>>> |
| 47 |
>>> -- |
| 48 |
>>> NP-Hardass |
| 49 |
>>> |
| 50 |
>> |
| 51 |
>> Not just the onboarding, but the retention too. General trend is what |
| 52 |
>> I'm proposing should be discussed publicly during the meeting. |
| 53 |
>> |
| 54 |
>> Three points: |
| 55 |
>> |
| 56 |
>> At present time, everyone needs a "Real Name" to contribute. A user, |
| 57 |
>> with a new email address, can allege to be "Foo Bar" and contribute |
| 58 |
>> without impediment, but, as recent proposals would have it, developers |
| 59 |
>> would need to show proof of ID over video call to become part of the web |
| 60 |
>> of trust for committing. That effectively allows any user to remain |
| 61 |
>> anonymous by using a false name, obviating a huge portion of the alleged |
| 62 |
>> benefit to requiring names in the first place. So, developers can be |
| 63 |
>> held to such a high standard that they can either no longer contribute, |
| 64 |
>> while we trim eligible pool of new developers and compare that to the |
| 65 |
>> ease with which any "named" contributor on github or bugzilla can do as |
| 66 |
>> they please. |
| 67 |
>> |
| 68 |
> |
| 69 |
> I think it is reasonable to try to pursue a more inclusive policy where |
| 70 |
> identity is more flexible (as I discussed in a different message on this |
| 71 |
> thread), but keep in mind the Council (and really a few key members) spent |
| 72 |
> over a year working on the policy we have; so I'm not certain its a trivial |
| 73 |
> change. You are free to dislike the policy we have and you are free to |
| 74 |
> suggest we pursue a more inclusive policy, but at least here as a trustee |
| 75 |
> who voted for it we made a deliberate choice here and barring some middle |
| 76 |
> ground where we somehow understand that contributions to Gentoo are done in |
| 77 |
> a low-risk way, we will continue to reject commits from obvious |
| 78 |
> contributors. |
| 79 |
> |
| 80 |
> What I refuse to engage in is an incessant debate about the policy we have; |
| 81 |
> please accept that we made it in good faith to reduce legal risk for the |
| 82 |
> project and, if an alternative is presented that keeps risk low while |
| 83 |
> accepting a broader set of contributions we will consider it in the same |
| 84 |
> good faith. |
| 85 |
> |
| 86 |
> -A |
| 87 |
> |
| 88 |
|
| 89 |
I don't doubt people's good faith in proposing this policy and I'm sure |
| 90 |
it's done with the best interest in mind. I apologize for not doing the |
| 91 |
homework for the following question: did the Foundation pay for any kind |
| 92 |
of legal counsel on this matter? I think one thing most of us struggle |
| 93 |
with is that we are not lawyers. It would help to put people's mind at |
| 94 |
ease if the Foundation consulted a lawyer that clearly explained: |
| 95 |
|
| 96 |
- What exactly is the legal liability being addressed here? |
| 97 |
- Have there been any precedent cases of copyright infringement |
| 98 |
(constrained to the context of copyrighted ebuilds, or code of similar |
| 99 |
nature) to make this a more realistic threat for the Foundation? |
| 100 |
- In the case of a potential court case, how is the liability |
| 101 |
distributed among involved parties? Would we be legally required to |
| 102 |
track down the contributor (whose identity we may or may not have |
| 103 |
confirmed yet)? |
| 104 |
|
| 105 |
The reason why I'm suggesting this is because I've talked to a friend of |
| 106 |
mine, who is a software patent lawyer, about the DCO and GLEP. Their |
| 107 |
first impression was that the DCO itself has no clause for requiring a |
| 108 |
legal name, so signing it with a fake name may not violate the DCO |
| 109 |
itself. So the (informal) conclusion is that as long as nobody sues you |
| 110 |
for copyright infringement, there is no legal problem with using a fake |
| 111 |
name to sign the DCO. I know it sounds very obvious but the point is |
| 112 |
that legal people have a better grip of the situation than we do, and |
| 113 |
the community is more likely to take their word and justification for it. |
| 114 |
|
| 115 |
> |
| 116 |
>> We currently have a RFC, just posted two days ago, for developers to be |
| 117 |
>> regularly tested to maintain commit status. Again, if the developer |
| 118 |
>> feels like it, maybe it is easier for him/her to just become a plain old |
| 119 |
>> user and submit patches, waiting on the (as I see it, dwindling,) amount |
| 120 |
>> of active other developers ready to commit instead. |
| 121 |
>> |
| 122 |
>> Totally anecdotal, I've seen developers that have fairly decent QA on |
| 123 |
>> their own commits merge PRs from users without full review and |
| 124 |
>> introducing a whole host of issues because code from users isn't always |
| 125 |
>> vetted as thoroughly as ones own work. So, I'd argue, the QA standards |
| 126 |
>> of being a dev don't quite apply to you as stringently once you |
| 127 |
>> downgrade to being a user... |
| 128 |
>> |
| 129 |
>> At the end of the day, holding developers to higher standards than users |
| 130 |
>> is a given, but it shouldn't be more onerous to be a developer than to |
| 131 |
>> be a user contributing. |
| 132 |
>> |
| 133 |
>> -- |
| 134 |
>> NP-Hardass |
| 135 |
>> |
| 136 |
>> |
Archives