| 1 |
On Thu, Sep 27, 2018 at 9:52 AM NP-Hardass <NP-Hardass@g.o> wrote: |
| 2 |
> |
| 3 |
> But that's really besides the point... The current status quo (as is the |
| 4 |
> case with me) is that a committer may be pseudonymous under the |
| 5 |
> condition that the Foundation have that individual's name in the event |
| 6 |
> of a copyright issue. So, I still don't understand how forcing everyone |
| 7 |
> to publicly use a real name achieves something that we aren't currently |
| 8 |
> achieving... Is that incorrect? |
| 9 |
|
| 10 |
Interesting point. |
| 11 |
|
| 12 |
If we were going to go down this road I'd still suggest that the |
| 13 |
Foundation have a policy on when the real names of contributors can be |
| 14 |
disclosed, either privately or publicly. If we were to use the |
| 15 |
defense that we have a statement from a contributor that they checked |
| 16 |
the copyright and it was ok, the first question somebody will respond |
| 17 |
with is, "who?" An answer of "we know who it is but can't tell |
| 18 |
anybody, even a court" probably isn't going to work. |
| 19 |
|
| 20 |
I think there are other arguments to be made against anonymity. |
| 21 |
You're hardly a list troll, but anonymity can breed this sort of |
| 22 |
thing. From a strictly copyright standpoint I don't see why the |
| 23 |
identity of contributors needs to be publicly disclosed, as long as it |
| 24 |
can be disclosed where legally necessary. Of course, if that is a |
| 25 |
court then depending on the jurisdiction it may become public anyway. |
| 26 |
Also, if we were going to go down this route then we also need to have |
| 27 |
better archives of such things, as trying to dig up some trustee email |
| 28 |
from 10 years ago is not the right solution. A secured repository of |
| 29 |
identities/etc would be better (the Foundation already has a place to |
| 30 |
store stuff like bank account details). |
| 31 |
|
| 32 |
Another practical argument against anonymity. If everybody agrees |
| 33 |
everything is public, then we don't have any personal information we |
| 34 |
need to protect under various privacy laws. As soon as we agree to |
| 35 |
keep some info private, then we potentially have obligations under |
| 36 |
such laws. Also, legally the Foundation is a US organization - so I'm |
| 37 |
not sure if things like the US-EU Safe Harbor provisions start to |
| 38 |
apply if we want to collect this sort of info from EU citizens. It is |
| 39 |
just a can of worms you can avoid simply by not hanging onto this kind |
| 40 |
of information. I believe that many of these privacy protections |
| 41 |
cannot be simply waived - we can't get some EU citizen to agree that |
| 42 |
they don't apply to us. If the laws apply then we need to follow |
| 43 |
them. Now, we're obviously not a big fish, so enforcement may never |
| 44 |
happen. Maybe compliance isn't burdensome - I only know enough about |
| 45 |
such things to know that I'd want to know more before going down that |
| 46 |
road... |
| 47 |
|
| 48 |
-- |
| 49 |
Rich |
Archives