1 |
On 03/04/19 19:12, Andrew Savchenko wrote: |
2 |
> On Wed, 3 Apr 2019 17:43:15 +0300 Andrew Savchenko wrote: |
3 |
>> On Wed, 3 Apr 2019 10:04:36 -0400 NP-Hardass wrote: |
4 |
>>> On 4/3/19 8:43 AM, Alec Warner wrote: |
5 |
>>>> |
6 |
>>>> On Wed, Apr 3, 2019 at 7:31 AM NP-Hardass <NP-Hardass@g.o |
7 |
>>>> <mailto:NP-Hardass@g.o>> wrote: |
8 |
>>>> |
9 |
>>>> On 3/31/19 11:20 PM, William Hubbs wrote: |
10 |
>>>> > Hi all, |
11 |
>>>> > |
12 |
>>>> > two weeks from today (2019-04-14) the Gentoo Council will meet at |
13 |
>>>> > 19:00 UTC in the #gentoo-council channel on freenode. |
14 |
>>>> > |
15 |
>>>> > Please reply to this message with any items you would like us to |
16 |
>>>> put on |
17 |
>>>> > the agenda to discuss or vote on. |
18 |
>>>> > |
19 |
>>>> > Thanks much, |
20 |
>>>> > |
21 |
>>>> > William |
22 |
>>>> > |
23 |
>>>> |
24 |
>>>> I'd like the council to discuss the issue and general trend of actions |
25 |
>>>> (particularly recent) to restrict the ability of developers to |
26 |
>>>> contribute to Gentoo. In my view, efforts are being made to make |
27 |
>>>> contributions as users substantially easier, while efforts are being |
28 |
>>>> made to make being a developer substantially harder. The months of |
29 |
>>>> studying, quiz taking, and interviews set a bar that should make |
30 |
>>>> contributions from those individuals that become developers easier than |
31 |
>>>> the average user, not more difficult. |
32 |
>>>> |
33 |
>>>> |
34 |
>>>> This is a pretty vague statement, are there particular things you want |
35 |
>>>> the council to review; or just the 'general trend'? |
36 |
>>>> I'm not aware of any recent changes to the developer onboarding process. |
37 |
>>>> |
38 |
>>>> -A |
39 |
>>>> |
40 |
>>>> |
41 |
>>>> |
42 |
>>>> -- |
43 |
>>>> NP-Hardass |
44 |
>>>> |
45 |
>>> Not just the onboarding, but the retention too. General trend is what |
46 |
>>> I'm proposing should be discussed publicly during the meeting. |
47 |
>>> |
48 |
>>> Three points: |
49 |
>>> |
50 |
>>> At present time, everyone needs a "Real Name" to contribute. A user, |
51 |
>>> with a new email address, can allege to be "Foo Bar" and contribute |
52 |
>>> without impediment, but, as recent proposals would have it, developers |
53 |
>>> would need to show proof of ID over video call to become part of the web |
54 |
>>> of trust for committing. That effectively allows any user to remain |
55 |
>>> anonymous by using a false name, obviating a huge portion of the alleged |
56 |
>>> benefit to requiring names in the first place. So, developers can be |
57 |
>>> held to such a high standard that they can either no longer contribute, |
58 |
>>> while we trim eligible pool of new developers and compare that to the |
59 |
>>> ease with which any "named" contributor on github or bugzilla can do as |
60 |
>>> they please. |
61 |
>>> |
62 |
>>> We currently have a RFC, just posted two days ago, for developers to be |
63 |
>>> regularly tested to maintain commit status. Again, if the developer |
64 |
>>> feels like it, maybe it is easier for him/her to just become a plain old |
65 |
>>> user and submit patches, waiting on the (as I see it, dwindling,) amount |
66 |
>>> of active other developers ready to commit instead. |
67 |
>> That RFC was issued on 1st April, so I assume it to be an ill joke. |
68 |
>> |
69 |
>>> Totally anecdotal, I've seen developers that have fairly decent QA on |
70 |
>>> their own commits merge PRs from users without full review and |
71 |
>>> introducing a whole host of issues because code from users isn't always |
72 |
>>> vetted as thoroughly as ones own work. So, I'd argue, the QA standards |
73 |
>>> of being a dev don't quite apply to you as stringently once you |
74 |
>>> downgrade to being a user... |
75 |
>>> |
76 |
>>> At the end of the day, holding developers to higher standards than users |
77 |
>>> is a given, but it shouldn't be more onerous to be a developer than to |
78 |
>>> be a user contributing. |
79 |
>> As you already noted, users also have to sign-off contributions with |
80 |
>> their real names, though we have no way to verify those names, as |
81 |
>> well as for developers actually. |
82 |
>> |
83 |
>> Will all due respect GLEP76 was prepared by people without much |
84 |
>> legal expertise and creates more problems than solves. The part of |
85 |
>> GLEP76 mandating real name signatures *must* be amended. |
86 |
>> |
87 |
>> Why? We have no way to verify that provided names are valid or that |
88 |
>> provided ID's are valid. At least in my jurisdiction such |
89 |
>> information collected can't be used for legal action or protection |
90 |
>> without following established government-assisted verification |
91 |
>> procedure. In other jurisdictions similar problems may and will |
92 |
>> arise. Additional problem is personal data collection, it is |
93 |
>> restricted or heavily regulated in many countries. One can't just |
94 |
>> demand to show an ID via electronic means without following |
95 |
>> complicated data protection procedures which are likely to be |
96 |
>> incompatible between jurisdictions. |
97 |
>> |
98 |
>> So the real name requirement gives us no real protection from |
99 |
>> possible cases, but creates real and serious problems by kicking |
100 |
>> active developers and contributors from further contributions. |
101 |
>> NP-Hardass is not the only one. I invited some gifted people with |
102 |
>> high quality out-of-tree work to become contributors or developers, |
103 |
>> but due to hostile attitude towards anonymous contributors they |
104 |
>> can't join. And people want to stay anonymous for good reasons, |
105 |
>> because they are engaged with privacy oriented development. |
106 |
>> |
107 |
>> We are loosing real people, real contributions and real community. |
108 |
>> What for? For solving imaginary problems with inappropriate tools. |
109 |
> Since the Council usually makes decisions on some specific proposals |
110 |
> and not on vague ideas, here is my proposal on this subject: keep real |
111 |
> name as a recommendation, not as a requirement. See a draft patch to |
112 |
> GLEP 76 below. It is not intended to be a final wording, but it |
113 |
> shows the idea. |
114 |
> |
115 |
> diff --git a/glep-0076.rst b/glep-0076.rst |
116 |
> index 9d5aa79..b16fae7 100644 |
117 |
> --- a/glep-0076.rst |
118 |
> +++ b/glep-0076.rst |
119 |
> @@ -137,8 +137,9 @@ the Certificate of Origin by adding :: |
120 |
> Signed-off-by: Name <e-mail> |
121 |
> |
122 |
> to the commit message as a separate line. The sign-off must contain |
123 |
> -the committer's legal name as a natural person, i.e., the name that |
124 |
> -would appear in a government issued document. |
125 |
> +either the committer's legal name as a natural person, i.e., the name |
126 |
> +that would appear in a government issued document or the pseudonym. |
127 |
> +Usage of the legal name is recommended. |
128 |
> |
129 |
> The following is the current Gentoo Certificate of Origin, revision 1: |
130 |
> |
131 |
> @@ -242,10 +243,9 @@ to protect the Gentoo infrastructure owners and improve consistency. |
132 |
> |
133 |
> The copyright model is built on the DCO model used by the Linux kernel |
134 |
> and requires all contributors to certify the legitimacy of their |
135 |
> -contributions. This also requires that they use their real name for |
136 |
> -signing; an anonymous certification or one under a pseudonym would not |
137 |
> -mean anything. This policy is derived from the Linux project's policy |
138 |
> -[#SUBMITTING-PATCHES]_. |
139 |
> +contributions. This also requires that they use their real name |
140 |
> +(recommended) or a pseudonym for signing. This policy is derived from the |
141 |
> +Linux project's policy [#SUBMITTING-PATCHES]_. |
142 |
> |
143 |
> In the future, a second stage of this policy may use a combination of |
144 |
> the DCO model and an FLA model [#FLA]_ as it is used by different open |
145 |
> |
146 |
> |
147 |
> Best regards, |
148 |
> Andrew Savchenko |
149 |
I would also note, that I know several people using pseudonyms whose real |
150 |
identity I don't, and have no wish to, know; who have documents verifying |
151 |
their right to use said pseudonym as their legal identity. Therefore if you |
152 |
were insistent on pursuing copyright claims, you could equally use said |
153 |
identity to carry out such procedures. In reality, I don't see Gentoo |
154 |
pursuing any legal cases, nor having to address any copyright claims, as I |
155 |
have certainly seen no requests to either the Council as governing body NOR |
156 |
trustees as the legal entity representing Gentoo Linux. |
157 |
|
158 |
IANAL, but I certainly agree with the synopsis that the council is somewhat |
159 |
obsessed with "... solving imaginary problems with inappropriate tools". |
160 |
|
161 |
Let's see some Real World examples of situations that have caused the |
162 |
council a problem (no I don't want a whole bunch more straw men made), and |
163 |
I invite the trustees to present real world cases of enquiries they have |
164 |
received relating to such issues. |