| 1 |
Hi all! |
| 2 |
|
| 3 |
On Sat, 15 Jun 2019 12:49:33 +0300 Andrew Savchenko wrote: |
| 4 |
> On Sat, 15 Jun 2019 12:42:20 +0300 Andrew Savchenko wrote: |
| 5 |
> > Hi all! |
| 6 |
> > |
| 7 |
> > Last year we had a good initiative: it addition to (or even instead |
| 8 |
> > of) manifests nominees were asked questions by voters. So let's |
| 9 |
> > continue this year. |
| 10 |
> > |
| 11 |
> > I propose to have one question per thread spawned by this e-mail to |
| 12 |
> > keep discussion focused. If you have multiple questions, please |
| 13 |
> > start multiple threads. If your question was already asked, please |
| 14 |
> > join a thread. |
| 15 |
> > |
| 16 |
> > I'll ask my questions in subsequent e-mails. |
| 17 |
> |
| 18 |
> In my opinion GLEP 76 is the most controversial decision made by |
| 19 |
> running council. While it fixed some long standing issues like |
| 20 |
> copyright headers and proper acknowledgement of out of the tree |
| 21 |
> contributors, it created grave problems: now some long-time |
| 22 |
> contributors and even developer are seriously discriminated because |
| 23 |
> they want to keep their privacy. |
| 24 |
> |
| 25 |
> What is your opinion on this problem? |
| 26 |
> Should GLEP 76 be left as is? |
| 27 |
> Should GLEP 76 be cancelled? |
| 28 |
> Should GLEP 76 be improved and how? |
| 29 |
|
| 30 |
Since I've accepted the nomination, it's my turn to answer as well. |
| 31 |
|
| 32 |
I'll tell you frankly that GLEP 76 was the main motivation for me |
| 33 |
to accept the nomination. I consider it — in the way it exists now — |
| 34 |
harmful and in need to be fixed. This is how free software works: |
| 35 |
if something is broken and nobody repairs it, go and fix it |
| 36 |
yourself. |
| 37 |
|
| 38 |
What is wrong with GLEP 76? It kicks some active contributors and |
| 39 |
rejects some of new ones. No, it is not just one developer |
| 40 |
affected as someone may assume. We have external contributors |
| 41 |
kicked out, we have at least one high quality maintainer who worked |
| 42 |
on quizzes, but this work was stopped due to hostility to and |
| 43 |
further ban on anonymous contributions. |
| 44 |
|
| 45 |
I believe that for free software development privacy concern is of |
| 46 |
paramount importance, especially when we are dealing with security |
| 47 |
or privacy oriented software. |
| 48 |
|
| 49 |
One may argue that ban on anonymous contributions was to protect |
| 50 |
Gentoo from possible copyright claims in the future. But does it |
| 51 |
really gives us such protection? In my opinion NO, because: |
| 52 |
|
| 53 |
1. GLEP 76 was prepared without legal expertise from experts in |
| 54 |
this field. (At least such expertise was not published.) Hereby we |
| 55 |
have no evidence that it will work if real case will be opened. |
| 56 |
|
| 57 |
2. No law or legal precedent was provided to prove that GLEP 76 |
| 58 |
will be useful in alleged case or that we have a legal requirement |
| 59 |
to put such restrictive demand on our contributors. |
| 60 |
|
| 61 |
3. We objectively have no means to verify developer's credentials. |
| 62 |
Current approach is based on realistic-like approach: if someone |
| 63 |
names themselve "John Doe" we accept it, if someone names as |
| 64 |
"qwerty123" we do not recognize this as an ID. But we have no means |
| 65 |
to verify that "John Doe" is real (natural) name. Even GnuPG Web of |
| 66 |
Trust doesn't provide such means, because what it really provides |
| 67 |
is a link between a person and their GnuPG key, as we're not |
| 68 |
authorized legal entities empowered and fully informed to verify |
| 69 |
validity of IDs present during GnuPG signing. |
| 70 |
|
| 71 |
So in my opinion current state of affairs is not acceptable and |
| 72 |
must be amended. What I propose to do: |
| 73 |
|
| 74 |
1. To mitigate current crisis we should allow developers to commit |
| 75 |
under any unique non-offensive id (text string) as long as the |
| 76 |
trustees know how it maps to a real name. |
| 77 |
|
| 78 |
The rationale is that the trustees are the legal body to handle all |
| 79 |
legal issues of Gentoo, so even if we agree that real names are |
| 80 |
mandatory, there is no practical legal need for anyone outside of |
| 81 |
trustees to know them. This way we can include people who agree to |
| 82 |
keep their privacy from anyone except trustees and in the same way |
| 83 |
this will keep the legal effect of GLEP 76 intact. |
| 84 |
|
| 85 |
2. Work together with trustees and possibly some external expertise |
| 86 |
(both legal and risk assessment) to clarify if we are really |
| 87 |
expected to check all these data and search for a way to accept |
| 88 |
private contributions. |
| 89 |
|
| 90 |
My goal is to help Gentoo to be open and inclusive society and not |
| 91 |
some bureaucratic club fighting ghosts (I *don't* claim it is that |
| 92 |
way now, but there are some alarming tendencies...). |
| 93 |
|
| 94 |
Best regards, |
| 95 |
Andrew Savchenko |
Archives