| 1 |
On Wed, Apr 3, 2019 at 2:44 PM Michał Górny <mgorny@g.o> wrote: |
| 2 |
|
| 3 |
> On Wed, 2019-04-03 at 17:43 +0300, Andrew Savchenko wrote: |
| 4 |
> > Why? We have no way to verify that provided names are valid or that |
| 5 |
> > provided ID's are valid. At least in my jurisdiction such |
| 6 |
> > information collected can't be used for legal action or protection |
| 7 |
> > without following established government-assisted verification |
| 8 |
> > procedure. In other jurisdictions similar problems may and will |
| 9 |
> > arise. |
| 10 |
> |
| 11 |
> 'Perfect is the enemy of good'. Claiming that you can't be 100% sure |
| 12 |
> that someone's giving his real name doesn't imply that everyone is using |
| 13 |
> fake names. Or that it makes no sense to use them. |
| 14 |
> |
| 15 |
> > Additional problem is personal data collection, it is |
| 16 |
> > restricted or heavily regulated in many countries. One can't just |
| 17 |
> > demand to show an ID via electronic means without following |
| 18 |
> > complicated data protection procedures which are likely to be |
| 19 |
> > incompatible between jurisdictions. |
| 20 |
> |
| 21 |
> Do you have any proof of that, or are you just basing your comments |
| 22 |
> on the common concept of misunderstanding GDPR and extending it to match |
| 23 |
> your private interest? |
| 24 |
> |
| 25 |
> > So the real name requirement gives us no real protection from |
| 26 |
> > possible cases, but creates real and serious problems by kicking |
| 27 |
> > active developers and contributors from further contributions. |
| 28 |
> > NP-Hardass is not the only one. |
| 29 |
> |
| 30 |
> Do you have any proof of that? As far as I'm concerned, we're pretty |
| 31 |
> clear that NP-Hardass can't contribute to Gentoo, and that his previous |
| 32 |
> contributions shouldn't have been accepted in the first place (and why |
| 33 |
> Trustees agreed to them is another problem). Are you going to take |
| 34 |
> legal and financial responsibility if his employer claims copyright to |
| 35 |
> his contributions? And if you say yes, are you going to really take it |
| 36 |
> or go with the forementioned attitude that we can't legally force you |
| 37 |
> to? |
| 38 |
> |
| 39 |
|
| 40 |
Under the current policy we do not accept contributions from contributors |
| 41 |
whose names we believe are not real identities. The current policy says |
| 42 |
nothing about previous contributions; almost everyone who contributed to |
| 43 |
Gentoo over the past 20 years did so without signing anything, without |
| 44 |
identity verification, and with no DCO. Those commits were accepted and |
| 45 |
continue to be accepted until we decide otherwise. I don't like the way you |
| 46 |
construe the previous work of hundreds of people who contributed to the |
| 47 |
project; I find the idea that we should never have accepted these |
| 48 |
contributions to be pretty offensive. |
| 49 |
|
| 50 |
You are free to blame the organization for having bad policies (and you do |
| 51 |
and I'm the board President and I will 1000% take the blame) but don't for |
| 52 |
a minute blame people who are just trying to contribute and following the |
| 53 |
policies that the project had at the time. As you wrote above "perfect is |
| 54 |
the enemy of the good" and if we rejected the previous 20 years of work |
| 55 |
we'd have basically nothing, so we accept that risk as a cost of continuing |
| 56 |
to exist as a Foundation. No business operates with zero risk. |
| 57 |
|
| 58 |
|
| 59 |
> |
| 60 |
> > I invited some gifted people with |
| 61 |
> > high quality out-of-tree work to become contributors or developers, |
| 62 |
> > but due to hostile attitude towards anonymous contributors they |
| 63 |
> > can't join. And people want to stay anonymous for good reasons, |
| 64 |
> > because they are engaged with privacy oriented development. |
| 65 |
> |
| 66 |
|
| 67 |
> This is a very vague statement that sounds like serious overstatement |
| 68 |
> with no proof, aimed purely to force emotional reaction to support your |
| 69 |
> proposal. If you really want to propose something meaningful, I'd |
| 70 |
> really appreciate if you used real evidence to support it rather than |
| 71 |
> vague claims. |
| 72 |
> |
| 73 |
|
| 74 |
> > We are loosing real people, real contributions and real community. |
| 75 |
> > What for? For solving imaginary problems with inappropriate tools. |
| 76 |
> > |
| 77 |
> |
| 78 |
> Thank you for telling us that copyright is an imaginary problem. |
| 79 |
> |
| 80 |
|
| 81 |
Your words are like knives, and this leads to a perception of antagonism. |
| 82 |
|
| 83 |
1) The policies of the project currently prioritize a knowledge of where |
| 84 |
commits come from in order to eventually reduce liability risk for the |
| 85 |
project. |
| 86 |
2) I firmly do not believe the project has anything against anonymous / |
| 87 |
pseudonymous contributors (nor should it; if you think it does I'm happy to |
| 88 |
amend bylaws, GLEPs, and any other charter documents to state that we have |
| 89 |
nothing against that type of contribution.) |
| 90 |
3) The current policy makes it difficult to contribute in this way; because |
| 91 |
we have this trade-off we have made where we want to know where commits |
| 92 |
come from for legal reasons.) |
| 93 |
|
| 94 |
Its OK to say "Hi X, we cannot accept your anonymous / pseudonymous |
| 95 |
contribution because of this policy, and we made this policy to solve a |
| 96 |
problem of copyright liability for the organization." |
| 97 |
I don't think its OK to say "Hi X, its completely unreasonable to want to |
| 98 |
contribute to Gentoo in an Anonymous or Pseudonymous manner; please file |
| 99 |
your identity papers to me immediately!" |
| 100 |
|
| 101 |
My reading is your comments are closer to the latter than the former; I'm |
| 102 |
just not sure why that is. |
| 103 |
|
| 104 |
I think its perfectly sane to ask "how can we build an organization where |
| 105 |
we can accept pseudonymous contributions and contain our liability for code |
| 106 |
from unverified contributors?" and have people interested in that write up |
| 107 |
and vet proposals. I get that its a complex and difficult problem area; |
| 108 |
maybe none of the proposals will work! but that doesn't meant we shouldn't |
| 109 |
try to do it. |
| 110 |
|
| 111 |
|
| 112 |
> |
| 113 |
> -- |
| 114 |
> Best regards, |
| 115 |
> Michał Górny |
| 116 |
> |
| 117 |
> |
Archives