1 |
On Wed, 3 Apr 2019 17:43:15 +0300 Andrew Savchenko wrote: |
2 |
> On Wed, 3 Apr 2019 10:04:36 -0400 NP-Hardass wrote: |
3 |
> > On 4/3/19 8:43 AM, Alec Warner wrote: |
4 |
> > > |
5 |
> > > |
6 |
> > > On Wed, Apr 3, 2019 at 7:31 AM NP-Hardass <NP-Hardass@g.o |
7 |
> > > <mailto:NP-Hardass@g.o>> wrote: |
8 |
> > > |
9 |
> > > On 3/31/19 11:20 PM, William Hubbs wrote: |
10 |
> > > > Hi all, |
11 |
> > > > |
12 |
> > > > two weeks from today (2019-04-14) the Gentoo Council will meet at |
13 |
> > > > 19:00 UTC in the #gentoo-council channel on freenode. |
14 |
> > > > |
15 |
> > > > Please reply to this message with any items you would like us to |
16 |
> > > put on |
17 |
> > > > the agenda to discuss or vote on. |
18 |
> > > > |
19 |
> > > > Thanks much, |
20 |
> > > > |
21 |
> > > > William |
22 |
> > > > |
23 |
> > > |
24 |
> > > I'd like the council to discuss the issue and general trend of actions |
25 |
> > > (particularly recent) to restrict the ability of developers to |
26 |
> > > contribute to Gentoo. In my view, efforts are being made to make |
27 |
> > > contributions as users substantially easier, while efforts are being |
28 |
> > > made to make being a developer substantially harder. The months of |
29 |
> > > studying, quiz taking, and interviews set a bar that should make |
30 |
> > > contributions from those individuals that become developers easier than |
31 |
> > > the average user, not more difficult. |
32 |
> > > |
33 |
> > > |
34 |
> > > This is a pretty vague statement, are there particular things you want |
35 |
> > > the council to review; or just the 'general trend'? |
36 |
> > > I'm not aware of any recent changes to the developer onboarding process. |
37 |
> > > |
38 |
> > > -A |
39 |
> > > |
40 |
> > > |
41 |
> > > |
42 |
> > > -- |
43 |
> > > NP-Hardass |
44 |
> > > |
45 |
> > |
46 |
> > Not just the onboarding, but the retention too. General trend is what |
47 |
> > I'm proposing should be discussed publicly during the meeting. |
48 |
> > |
49 |
> > Three points: |
50 |
> > |
51 |
> > At present time, everyone needs a "Real Name" to contribute. A user, |
52 |
> > with a new email address, can allege to be "Foo Bar" and contribute |
53 |
> > without impediment, but, as recent proposals would have it, developers |
54 |
> > would need to show proof of ID over video call to become part of the web |
55 |
> > of trust for committing. That effectively allows any user to remain |
56 |
> > anonymous by using a false name, obviating a huge portion of the alleged |
57 |
> > benefit to requiring names in the first place. So, developers can be |
58 |
> > held to such a high standard that they can either no longer contribute, |
59 |
> > while we trim eligible pool of new developers and compare that to the |
60 |
> > ease with which any "named" contributor on github or bugzilla can do as |
61 |
> > they please. |
62 |
> > |
63 |
> > We currently have a RFC, just posted two days ago, for developers to be |
64 |
> > regularly tested to maintain commit status. Again, if the developer |
65 |
> > feels like it, maybe it is easier for him/her to just become a plain old |
66 |
> > user and submit patches, waiting on the (as I see it, dwindling,) amount |
67 |
> > of active other developers ready to commit instead. |
68 |
> |
69 |
> That RFC was issued on 1st April, so I assume it to be an ill joke. |
70 |
> |
71 |
> > Totally anecdotal, I've seen developers that have fairly decent QA on |
72 |
> > their own commits merge PRs from users without full review and |
73 |
> > introducing a whole host of issues because code from users isn't always |
74 |
> > vetted as thoroughly as ones own work. So, I'd argue, the QA standards |
75 |
> > of being a dev don't quite apply to you as stringently once you |
76 |
> > downgrade to being a user... |
77 |
> > |
78 |
> > At the end of the day, holding developers to higher standards than users |
79 |
> > is a given, but it shouldn't be more onerous to be a developer than to |
80 |
> > be a user contributing. |
81 |
> |
82 |
> As you already noted, users also have to sign-off contributions with |
83 |
> their real names, though we have no way to verify those names, as |
84 |
> well as for developers actually. |
85 |
> |
86 |
> Will all due respect GLEP76 was prepared by people without much |
87 |
> legal expertise and creates more problems than solves. The part of |
88 |
> GLEP76 mandating real name signatures *must* be amended. |
89 |
> |
90 |
> Why? We have no way to verify that provided names are valid or that |
91 |
> provided ID's are valid. At least in my jurisdiction such |
92 |
> information collected can't be used for legal action or protection |
93 |
> without following established government-assisted verification |
94 |
> procedure. In other jurisdictions similar problems may and will |
95 |
> arise. Additional problem is personal data collection, it is |
96 |
> restricted or heavily regulated in many countries. One can't just |
97 |
> demand to show an ID via electronic means without following |
98 |
> complicated data protection procedures which are likely to be |
99 |
> incompatible between jurisdictions. |
100 |
> |
101 |
> So the real name requirement gives us no real protection from |
102 |
> possible cases, but creates real and serious problems by kicking |
103 |
> active developers and contributors from further contributions. |
104 |
> NP-Hardass is not the only one. I invited some gifted people with |
105 |
> high quality out-of-tree work to become contributors or developers, |
106 |
> but due to hostile attitude towards anonymous contributors they |
107 |
> can't join. And people want to stay anonymous for good reasons, |
108 |
> because they are engaged with privacy oriented development. |
109 |
> |
110 |
> We are loosing real people, real contributions and real community. |
111 |
> What for? For solving imaginary problems with inappropriate tools. |
112 |
|
113 |
Since the Council usually makes decisions on some specific proposals |
114 |
and not on vague ideas, here is my proposal on this subject: keep real |
115 |
name as a recommendation, not as a requirement. See a draft patch to |
116 |
GLEP 76 below. It is not intended to be a final wording, but it |
117 |
shows the idea. |
118 |
|
119 |
diff --git a/glep-0076.rst b/glep-0076.rst |
120 |
index 9d5aa79..b16fae7 100644 |
121 |
--- a/glep-0076.rst |
122 |
+++ b/glep-0076.rst |
123 |
@@ -137,8 +137,9 @@ the Certificate of Origin by adding :: |
124 |
Signed-off-by: Name <e-mail> |
125 |
|
126 |
to the commit message as a separate line. The sign-off must contain |
127 |
-the committer's legal name as a natural person, i.e., the name that |
128 |
-would appear in a government issued document. |
129 |
+either the committer's legal name as a natural person, i.e., the name |
130 |
+that would appear in a government issued document or the pseudonym. |
131 |
+Usage of the legal name is recommended. |
132 |
|
133 |
The following is the current Gentoo Certificate of Origin, revision 1: |
134 |
|
135 |
@@ -242,10 +243,9 @@ to protect the Gentoo infrastructure owners and improve consistency. |
136 |
|
137 |
The copyright model is built on the DCO model used by the Linux kernel |
138 |
and requires all contributors to certify the legitimacy of their |
139 |
-contributions. This also requires that they use their real name for |
140 |
-signing; an anonymous certification or one under a pseudonym would not |
141 |
-mean anything. This policy is derived from the Linux project's policy |
142 |
-[#SUBMITTING-PATCHES]_. |
143 |
+contributions. This also requires that they use their real name |
144 |
+(recommended) or a pseudonym for signing. This policy is derived from the |
145 |
+Linux project's policy [#SUBMITTING-PATCHES]_. |
146 |
|
147 |
In the future, a second stage of this policy may use a combination of |
148 |
the DCO model and an FLA model [#FLA]_ as it is used by different open |
149 |
|
150 |
|
151 |
Best regards, |
152 |
Andrew Savchenko |