From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DB615138334 for ; Thu, 27 Sep 2018 14:32:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BD10EE083E; Thu, 27 Sep 2018 14:32:42 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 73804E082B for ; Thu, 27 Sep 2018 14:32:42 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 3E83E335CE4; Thu, 27 Sep 2018 14:32:39 +0000 (UTC) Message-ID: <1538058755.26937.7.camel@gentoo.org> Subject: Re: [gentoo-project] [RFC] GLEP 76: Copyright Policy [v4] From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-project@lists.gentoo.org Date: Thu, 27 Sep 2018 16:32:35 +0200 In-Reply-To: <4683a4e7-c752-8735-4bcf-1ee7cb4837f9@gentoo.org> References: <23325.35685.793702.267278@a1i15.kph.uni-mainz.de> <23337.15822.698153.812236@a1i15.kph.uni-mainz.de> <4683a4e7-c752-8735-4bcf-1ee7cb4837f9@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-vijFDA6gDAjm9I6/i60E" X-Mailer: Evolution 3.26.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: cadc4cc0-879a-4348-a05c-dd04a77b4986 X-Archives-Hash: bbe2da8e29eeffd1333bf4e2860dce4d --=-vijFDA6gDAjm9I6/i60E Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 2018-09-27 at 09:52 -0400, NP-Hardass wrote: > On 09/27/2018 08:42 AM, Rich Freeman wrote: > > On Thu, Sep 27, 2018 at 8:00 AM NP-Hardass wrot= e: > > >=20 > > > On 09/26/2018 03:25 PM, Ulrich Mueller wrote: > > > > Here is another small update of the copyright GLEP, resulting from = a > > > > recent discussion on IRC. This is not a change of policy, but merel= y > > > > a clarification of the real name requirement: > > > >=20 > > > > - The Signed-off-by line must contain the name of a natural person. > > > >=20 > > > > - A copyright holder can be a legal entity (e.g., a company) in som= e > > > > jurisdictions. > > > >=20 > > >=20 > > > IANAL, but as per the Berne Convention, anonymous and pseudonymous wo= rks > > > are granted copyright protection. What's the rationale behind mandat= ing > > > a real name? > >=20 > > The DCO/GCO have nothing to do with obtaining copyright protection. > > This is always present if not waived. > >=20 > > It is about showing due diligence in the event somebody claims that > > somebody ripped off their work and contributed it to Gentoo without > > authorization. > >=20 > > If your real name is attached to a statement saying that you didn't > > steal the work, and you did steal the work, then they can go after you > > as well as Gentoo. That deters contributing stuff without checking on > > its legality. That same deterrence also helps show good faith on > > Gentoo's part. This is why organizations generally pursue these > > policies. > >=20 > > If somebody violates a copyright anonymously, then they have no skin > > in the game. They can just disappear if anything bad happens. If a > > contributor isn't willing to stake their own money and reputation on > > the statement that something is legal to contribute, then why should > > Gentoo assume that they've put a lot of effort into the accuracy of > > that statement? > >=20 >=20 > And, AFAICT, this only applies to the Signed-off-by line (the > committer). The author may be anonymous or pseudonymous... So, your > statement is that people making commits to Gentoo must have real > names... and be public. This doesn't have any impact on whether the > source of the code is legit, just gives you a point of blame for who > actually committed it (which, TBH, doesn't mean much). I can say John > Doe committed code that wasn't legal. But i_steal_code_1337 authored > it... I guess we know not to accept code from him... or do we... since > we have no way of vetting authors. Making the restriction of names for > committers and not authors, IMO, has no weight. Requiring that all > contributions be from real named sources is a pretty drastic change, and > not what is being proposed, TTBOMK. >=20 > But that's really besides the point... The current status quo (as is the > case with me) is that a committer may be pseudonymous under the > condition that the Foundation have that individual's name in the event > of a copyright issue. So, I still don't understand how forcing everyone > to publicly use a real name achieves something that we aren't currently > achieving... Is that incorrect? >=20 Gentoo publishes a number of open source projects. The code of those projects is used beyond Gentoo and beyond Gentoo Foundation. Therefore, it is natural that we need all the copyright assessments and agreements to be *public* and not hidden behind some opaque Foundation which may or may not actually have the data (how can a regular Gentoo user be sure of that?), and which may or may not choose to actually disclose it. As for the case with you, I think the 'status quo' is more complex but that's beside the point, and I don't think it would be helpful to anyone expanding on that. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-vijFDA6gDAjm9I6/i60E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEXr8g+Zb7PCLMb8pAur8dX/jIEQoFAlus6gNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVF QkYyMEY5OTZGQjNDMjJDQzZGQ0E0MEJBQkYxRDVGRjhDODExMEEACgkQur8dX/jI EQqzuBAAotEaVbmzTAjR3eMzcXfStuLxhSigqOUUWssWRqpaBB8mAXmTMii+NJ9p pSnZfiuHBB4dZP8wuQrgdKG+SP1whsmNvzd5icRSD8nC6XmvfvfSowMo+dzTUBJl 0UtB2LN5xJnpJwglBchDbJfaNmOVkLf79tBCo7NWKUwxWnNx4DNpDoxWk24MRH3M 8lZoC/QWgTJBQc3XlblB424nh0WEukKG8NazJLd9EAthINMx0EDnefL7NTXrwGUa aY5t11+ZtoXjfsOKTDeFHWjfObrvfen51PYDF9c4AC+qCyhS6VKnMM6ZeyPaAgMw VZ48pdtSu2l1s8+31qeizwoKnfzGV72fOE5CGUrp4mAOb1NGVq2w7inrdXCtHlWB EBudMsM+beViIWKcIlkzoPHKKZghNxwsE2SDTn7OfFyqUX8soapFp6dNoZ6KVMV5 22eY8P1pt82N6d71RrWUiDmTfGnSVUKP1xK1eIrspfpO7MBIlVjiW5ngCvAaLTF2 el/0cYlGscSzEgEe8E/E2AGLItdDkSZ9/Uk0miZLqwyiaWxP5l+xP4/WOS+Xk9Vj rx4TEzOhA80m9xj+kyx0xbutDWWjN4ZfhkYW046bs3AX3cPxDVqzS5dfsFMX9uzC GDM+uEsJOPjFNltE0s6pOwTpR4k5JdV3QjBbvJ7+yYeJsmVFlTs= =dtJI -----END PGP SIGNATURE----- --=-vijFDA6gDAjm9I6/i60E--