1 |
>>>>> On Wed, 28 Jul 2021, Andrew Ammerlaan wrote: |
2 |
|
3 |
> 4 applies, but here's the catch. It only applies if the contributor |
4 |
> has also included a sign-off. |
5 |
|
6 |
Exactly. |
7 |
|
8 |
> So if we allow contributions without a sign-off from the contributor |
9 |
> the sign-off from the developer is meaningless since neither 1, 2, 3, |
10 |
> or 4 applies to the commit. |
11 |
|
12 |
Typically, the committer would certify the contribution under 2. It's |
13 |
the same situation when adding a patch taken from somewhere else, you |
14 |
must certify it's free software "to the best of [your] knowledge". |
15 |
|
16 |
So if there's even the slightest chance that the contribution could be |
17 |
taken from proprietary software, you are well-advised _not_ to accept it |
18 |
unless it carries a sign-off of its contributor. |
19 |
|
20 |
> Which brings me to my second point. As far as I know, pseudonyms can |
21 |
> in fact hold (and therefore transfer and sign-off) copyright. There |
22 |
> are many examples of books and other texts written by authors using a |
23 |
> different name then their 'legal name'. Such texts are not treated |
24 |
> (fundamentally) different under copyright law simply because the |
25 |
> author chose to use a pseudonym. Now a book is not an ebuild, but why |
26 |
> wouldn't the same apply here? |
27 |
|
28 |
This isn't about defending the copyright of the contributor (for which |
29 |
a pseudonym would be fine, or at least it would be a problem of the |
30 |
contributor). It is about due diligence when accepting contributions, |
31 |
to make sure their origin is traceable. |
32 |
|
33 |
Ulrich |