1 |
On Tue, Apr 09, 2019 at 08:46:00PM +0000, Gokturk Yuksek wrote: |
2 |
> Hi, |
3 |
> |
4 |
> Alec Warner: |
5 |
> > On Wed, Apr 3, 2019 at 10:04 AM NP-Hardass <NP-Hardass@g.o> wrote: |
6 |
|
7 |
[snip] |
8 |
|
9 |
> |
10 |
> I don't doubt people's good faith in proposing this policy and I'm sure |
11 |
> it's done with the best interest in mind. I apologize for not doing the |
12 |
> homework for the following question: did the Foundation pay for any kind |
13 |
> of legal counsel on this matter? I think one thing most of us struggle |
14 |
> with is that we are not lawyers. It would help to put people's mind at |
15 |
> ease if the Foundation consulted a lawyer that clearly explained: |
16 |
> |
17 |
> - What exactly is the legal liability being addressed here? |
18 |
> - Have there been any precedent cases of copyright infringement |
19 |
> (constrained to the context of copyrighted ebuilds, or code of similar |
20 |
> nature) to make this a more realistic threat for the Foundation? |
21 |
> - In the case of a potential court case, how is the liability |
22 |
> distributed among involved parties? Would we be legally required to |
23 |
> track down the contributor (whose identity we may or may not have |
24 |
> confirmed yet)? |
25 |
> |
26 |
|
27 |
There is precent with the Linux Foundation and the DCO being enforced. |
28 |
That is why they spent so much time and effort in preparing the DCO... |
29 |
to guard the Linux Foundation from any copyright cases. I think it is |
30 |
safe to say that other precendents wrt copyrights can be seen in recent |
31 |
things like VMWare (sued in German court), SCO, etc. There are plenty |
32 |
of situations out there. |
33 |
|
34 |
> The reason why I'm suggesting this is because I've talked to a friend of |
35 |
> mine, who is a software patent lawyer, about the DCO and GLEP. Their |
36 |
> first impression was that the DCO itself has no clause for requiring a |
37 |
> legal name, so signing it with a fake name may not violate the DCO |
38 |
> itself. So the (informal) conclusion is that as long as nobody sues you |
39 |
> for copyright infringement, there is no legal problem with using a fake |
40 |
> name to sign the DCO. I know it sounds very obvious but the point is |
41 |
> that legal people have a better grip of the situation than we do, and |
42 |
> the community is more likely to take their word and justification for it. |
43 |
> |
44 |
|
45 |
Is your friend interested in being retained? :) |
46 |
|
47 |
No, the DCO does not have an *explicit* clause mandating that a "real |
48 |
name" be used. I am not going to debate the interpretation of it by |
49 |
others, but if I *certify* something under a pseudonym or false name |
50 |
then how can I possibly be held responsible for it? The very essence of |
51 |
names are to associate things to someone. Drivers licenses, passports, |
52 |
library cards, and the list goes on... |
53 |
|
54 |
Note: If found to be using a pseudonym to sign the Linux Kernel DCO... I |
55 |
am quite sure you will be dismissed (I will find the real world example |
56 |
of that happening). |
57 |
|
58 |
If someone were too take you to court could you be held responsible |
59 |
under the guise of a pseudonym or false name? I am not aware of any |
60 |
countries that allow such proceedings, but ultimately I believe the |
61 |
first task would be to *prove* that you were the one involved before |
62 |
proceeding further. Of course, that most likely is some sort of |
63 |
physical attestation that must occur. |
64 |
|
65 |
This is all circumvented by simply using a "believeable" name and |
66 |
staying silent. I could easily submit patches to Gentoo as someone else |
67 |
and certify the DCO. Of course, this simply means that Gentoo can claim |
68 |
some form of ignorance/plausible deniability in the end. Ultimately, |
69 |
this would likely result (IANAL) in the false contributor being held |
70 |
accountable for any potential wrong-doing. |
71 |
|
72 |
-- |
73 |
Cheers, |
74 |
Aaron |