1 |
Hi all! |
2 |
|
3 |
On Tue, 25 Jun 2019 08:15:07 +0200 Michał Górny wrote: |
4 |
> On Tue, 2019-06-25 at 01:18 +0300, Andrew Savchenko wrote: |
5 |
[...] |
6 |
> > Since I've accepted the nomination, it's my turn to answer as well. |
7 |
> > |
8 |
> > I'll tell you frankly that GLEP 76 was the main motivation for me |
9 |
> > to accept the nomination. I consider it — in the way it exists now — |
10 |
> > harmful and in need to be fixed. This is how free software works: |
11 |
> > if something is broken and nobody repairs it, go and fix it |
12 |
> > yourself. |
13 |
> > |
14 |
> > What is wrong with GLEP 76? It kicks some active contributors and |
15 |
> > rejects some of new ones. No, it is not just one developer |
16 |
> > affected as someone may assume. We have external contributors |
17 |
> > kicked out, we have at least one high quality maintainer who worked |
18 |
> > on quizzes, but this work was stopped due to hostility to and |
19 |
> > further ban on anonymous contributions. |
20 |
> > |
21 |
> > I believe that for free software development privacy concern is of |
22 |
> > paramount importance, especially when we are dealing with security |
23 |
> > or privacy oriented software. |
24 |
> > |
25 |
> > One may argue that ban on anonymous contributions was to protect |
26 |
> > Gentoo from possible copyright claims in the future. But does it |
27 |
> > really gives us such protection? In my opinion NO, because: |
28 |
> > |
29 |
> > 1. GLEP 76 was prepared without legal expertise from experts in |
30 |
> > this field. (At least such expertise was not published.) Hereby we |
31 |
> > have no evidence that it will work if real case will be opened. |
32 |
> > |
33 |
> > 2. No law or legal precedent was provided to prove that GLEP 76 |
34 |
> > will be useful in alleged case or that we have a legal requirement |
35 |
> > to put such restrictive demand on our contributors. |
36 |
> |
37 |
> What 'legal expertise', 'law' or 'legal precedent' do you have to say |
38 |
> otherwise? It's easy to blame others when all you have is your private |
39 |
> opinion. |
40 |
|
41 |
This is not blaming, this not how the law works: everything which |
42 |
is not denied is allowed, everything which is not required is not |
43 |
mandatory. Of course this applies to full set of laws: from federal |
44 |
to local level and legal precendents. |
45 |
|
46 |
So, at least for my knowledge, Gentoo Foundation is not forbidden |
47 |
by the law to require real name signatures, but is neither obliged |
48 |
to do so. |
49 |
|
50 |
> > 3. We objectively have no means to verify developer's credentials. |
51 |
> > Current approach is based on realistic-like approach: if someone |
52 |
> > names themselve "John Doe" we accept it, if someone names as |
53 |
> > "qwerty123" we do not recognize this as an ID. But we have no means |
54 |
> > to verify that "John Doe" is real (natural) name. Even GnuPG Web of |
55 |
> > Trust doesn't provide such means, because what it really provides |
56 |
> > is a link between a person and their GnuPG key, as we're not |
57 |
> > authorized legal entities empowered and fully informed to verify |
58 |
> > validity of IDs present during GnuPG signing. |
59 |
> > |
60 |
> > So in my opinion current state of affairs is not acceptable and |
61 |
> > must be amended. What I propose to do: |
62 |
> > |
63 |
> > 1. To mitigate current crisis we should allow developers to commit |
64 |
> > under any unique non-offensive id (text string) as long as the |
65 |
> > trustees know how it maps to a real name. |
66 |
> > |
67 |
> > The rationale is that the trustees are the legal body to handle all |
68 |
> > legal issues of Gentoo, so even if we agree that real names are |
69 |
> > mandatory, there is no practical legal need for anyone outside of |
70 |
> > trustees to know them. This way we can include people who agree to |
71 |
> > keep their privacy from anyone except trustees and in the same way |
72 |
> > this will keep the legal effect of GLEP 76 intact. |
73 |
> > |
74 |
> |
75 |
> How are Trustees supposed to know whether the 'real name' is actually a |
76 |
> real natural name? You just said it is apparently impossible to verify. |
77 |
|
78 |
Please read carefully my original e-mail and do not twist my words. |
79 |
|
80 |
I never stated that the trustees will know better, I stated that |
81 |
their knowledge of what we assume to be real names will be |
82 |
sufficient and there is no need for all developers to know them. |
83 |
This is because the trustees are responsible for legal issues of |
84 |
Gentoo. |
85 |
|
86 |
With such approach we lose nothing, but gain something valuable: we |
87 |
may and will accept more people and more contributions. |
88 |
|
89 |
Best regards, |
90 |
Andrew Savchenko |