1 |
On Tue, 2019-06-25 at 01:18 +0300, Andrew Savchenko wrote: |
2 |
> Hi all! |
3 |
> |
4 |
> On Sat, 15 Jun 2019 12:49:33 +0300 Andrew Savchenko wrote: |
5 |
> > On Sat, 15 Jun 2019 12:42:20 +0300 Andrew Savchenko wrote: |
6 |
> > > Hi all! |
7 |
> > > |
8 |
> > > Last year we had a good initiative: it addition to (or even instead |
9 |
> > > of) manifests nominees were asked questions by voters. So let's |
10 |
> > > continue this year. |
11 |
> > > |
12 |
> > > I propose to have one question per thread spawned by this e-mail to |
13 |
> > > keep discussion focused. If you have multiple questions, please |
14 |
> > > start multiple threads. If your question was already asked, please |
15 |
> > > join a thread. |
16 |
> > > |
17 |
> > > I'll ask my questions in subsequent e-mails. |
18 |
> > |
19 |
> > In my opinion GLEP 76 is the most controversial decision made by |
20 |
> > running council. While it fixed some long standing issues like |
21 |
> > copyright headers and proper acknowledgement of out of the tree |
22 |
> > contributors, it created grave problems: now some long-time |
23 |
> > contributors and even developer are seriously discriminated because |
24 |
> > they want to keep their privacy. |
25 |
> > |
26 |
> > What is your opinion on this problem? |
27 |
> > Should GLEP 76 be left as is? |
28 |
> > Should GLEP 76 be cancelled? |
29 |
> > Should GLEP 76 be improved and how? |
30 |
> |
31 |
> Since I've accepted the nomination, it's my turn to answer as well. |
32 |
> |
33 |
> I'll tell you frankly that GLEP 76 was the main motivation for me |
34 |
> to accept the nomination. I consider it — in the way it exists now — |
35 |
> harmful and in need to be fixed. This is how free software works: |
36 |
> if something is broken and nobody repairs it, go and fix it |
37 |
> yourself. |
38 |
> |
39 |
> What is wrong with GLEP 76? It kicks some active contributors and |
40 |
> rejects some of new ones. No, it is not just one developer |
41 |
> affected as someone may assume. We have external contributors |
42 |
> kicked out, we have at least one high quality maintainer who worked |
43 |
> on quizzes, but this work was stopped due to hostility to and |
44 |
> further ban on anonymous contributions. |
45 |
> |
46 |
> I believe that for free software development privacy concern is of |
47 |
> paramount importance, especially when we are dealing with security |
48 |
> or privacy oriented software. |
49 |
> |
50 |
> One may argue that ban on anonymous contributions was to protect |
51 |
> Gentoo from possible copyright claims in the future. But does it |
52 |
> really gives us such protection? In my opinion NO, because: |
53 |
> |
54 |
> 1. GLEP 76 was prepared without legal expertise from experts in |
55 |
> this field. (At least such expertise was not published.) Hereby we |
56 |
> have no evidence that it will work if real case will be opened. |
57 |
> |
58 |
> 2. No law or legal precedent was provided to prove that GLEP 76 |
59 |
> will be useful in alleged case or that we have a legal requirement |
60 |
> to put such restrictive demand on our contributors. |
61 |
|
62 |
What 'legal expertise', 'law' or 'legal precedent' do you have to say |
63 |
otherwise? It's easy to blame others when all you have is your private |
64 |
opinion. |
65 |
|
66 |
> |
67 |
> 3. We objectively have no means to verify developer's credentials. |
68 |
> Current approach is based on realistic-like approach: if someone |
69 |
> names themselve "John Doe" we accept it, if someone names as |
70 |
> "qwerty123" we do not recognize this as an ID. But we have no means |
71 |
> to verify that "John Doe" is real (natural) name. Even GnuPG Web of |
72 |
> Trust doesn't provide such means, because what it really provides |
73 |
> is a link between a person and their GnuPG key, as we're not |
74 |
> authorized legal entities empowered and fully informed to verify |
75 |
> validity of IDs present during GnuPG signing. |
76 |
> |
77 |
> So in my opinion current state of affairs is not acceptable and |
78 |
> must be amended. What I propose to do: |
79 |
> |
80 |
> 1. To mitigate current crisis we should allow developers to commit |
81 |
> under any unique non-offensive id (text string) as long as the |
82 |
> trustees know how it maps to a real name. |
83 |
> |
84 |
> The rationale is that the trustees are the legal body to handle all |
85 |
> legal issues of Gentoo, so even if we agree that real names are |
86 |
> mandatory, there is no practical legal need for anyone outside of |
87 |
> trustees to know them. This way we can include people who agree to |
88 |
> keep their privacy from anyone except trustees and in the same way |
89 |
> this will keep the legal effect of GLEP 76 intact. |
90 |
> |
91 |
|
92 |
How are Trustees supposed to know whether the 'real name' is actually a |
93 |
real natural name? You just said it is apparently impossible to verify. |
94 |
|
95 |
|
96 |
-- |
97 |
Best regards, |
98 |
Michał Górny |