1 |
On Wed, Jun 20, 2018 at 9:06 AM Ulrich Mueller <ulm@g.o> wrote: |
2 |
> |
3 |
> >>>>> On Wed, 20 Jun 2018, Rich Freeman wrote: |
4 |
> |
5 |
> > The "underlying need" is what I'm getting at. Do we REALLY need to |
6 |
> > track developers post-retirement? If we do, is DOB really the best |
7 |
> > way to do this? |
8 |
> |
9 |
> I would presume that we do, if we need to clarify copyright or |
10 |
> licensing of any files in our repositories. I could provide several |
11 |
> examples where I had to contact retired devs because of license |
12 |
> issues. |
13 |
> |
14 |
> But indeed, knowing their date of birth wouldn't have helped there. |
15 |
|
16 |
Past developers may not be reachable, cooperative, or even alive. |
17 |
|
18 |
If we need information or assurances from them, we should obtain it |
19 |
BEFORE we accept commits, not try to chase it down years later. |
20 |
|
21 |
I'd be interested in any cases where we felt this was necessary. I |
22 |
know that a lot of work was done recently to try to figure out the |
23 |
license history of the tree, but honestly I'm not convinced it was |
24 |
necessary, and legally digging into messy situations can sometimes |
25 |
even be harmful. In general I think forward-looking solutions tend to |
26 |
be best unless there is a clear legal duty to look backwards. |
27 |
|
28 |
|
29 |
> |
30 |
> > And what are we going to do when some retired developer asks us to |
31 |
> > forget about them? I don't think legally we need to go retract |
32 |
> > published info, but that DOB seems very much the sort of thing that |
33 |
> > would be risky to hold on to if somebody explicitly told us they don't |
34 |
> > want us to retain it. We'd probably need justification to do so. |
35 |
> |
36 |
> The only justification I can think of is that we may need to know if |
37 |
> a developer was of legal age when committing any code. But that seems |
38 |
> very theoretical, since we don't even verify anybody's identity. |
39 |
> |
40 |
|
41 |
Even if we did verify somebody's identity, we could document that this |
42 |
was done, and not retain any personally-identifying info. |
43 |
|
44 |
Ultimately it comes down to what constitutes reasonable care, and that |
45 |
largely depends on why we're doing things in the first place. |
46 |
|
47 |
I could elaborate a lot more, but IMO in a copyright case, Gentoo's |
48 |
liability is going to come down a lot more to what Gentoo is doing |
49 |
than what the developer from 10 years ago did. Did Gentoo exercise |
50 |
reasonable care and this is innocent infringement (which is NOT |
51 |
without substantial liability, it just avoids the completely insane |
52 |
statutory provisions in US law cf. 17 USC 504(b) and (c)2)? |
53 |
|
54 |
I'm actually pressed to think of how the testimony of the committing |
55 |
dev could actually help us in a defensive copyright case as the burden |
56 |
of proof is on our side when it comes to proving ownership, and if the |
57 |
plaintiff can prove ownership I don't see how the testimony of a dev |
58 |
would overturn that. It might help more in an offensive one, but in |
59 |
that case we can pick code for our lawsuit where the committing dev is |
60 |
readily available, assuming we ever resorted to an offensive action. |
61 |
|
62 |
-- |
63 |
Rich |