From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2CFFF138334 for ; Tue, 9 Apr 2019 21:05:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5D691E097C; Tue, 9 Apr 2019 21:05:58 +0000 (UTC) Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1F077E097B for ; Tue, 9 Apr 2019 21:05:58 +0000 (UTC) Received: by mail-oi1-x230.google.com with SMTP id i21so14806435oib.11 for ; Tue, 09 Apr 2019 14:05:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=jCHOSIOgRbW9o5N2xvJpYkkce3GzTzlKu9xrGGOPiMc=; b=uv4s44ltD03kmQwxV1N1PZy5qlNRXLyPsmFbde2ipKd3F7sZ/kOnCWRUzbPEMVJS1g RxHm3AyPSn9lKTjI/6kSwntbm7nmQsyiZi5+thPRpZSfEn5KpmBd23oqrdgVJ1rjYZXU rMsBtAQVvI89OuYD2KSJ/d2rVja2xW2jOm1EHg6Y1nGpUHvbuGEma3ulJUfvtGWVWL9r RzCS58nmGJr70xlHVoppwBb1bDDDVT5L80hYaAytOy6D0rMaTU0qDokSF4VgHDqPPDRP 8wVDmaJxpMi5xap80tWYfc7WuEbpxDU/aNYSVc4aSv3zTEyIzKHu7rzALn35tzDNhd2I 0PaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=jCHOSIOgRbW9o5N2xvJpYkkce3GzTzlKu9xrGGOPiMc=; b=uSQRFBPeLHSo3Pw+akmXcayGijdVLYsh5H6U53dbUiKd5RmjYbHlxGMptFDOmi94Sv W+PT2zt/0YaOHy2cQn+kpDUgViMgFCp6Ppuh3Fa1qP6yncPI36WbeSI/7EndgrFa91R2 bRVZ/3+i5gzkeuXqNcugu2qFAEZYC27Q8X2ohp0wxWX/refujFf7BqivnpA5T/7tZPEX 72LlY0OzTvqob39mTAc4qisuQ34Qef35zCw8rCfynxb6mxnMW0AUlLuT6KzHg9sFJe+y qB1fxXBIRzRyUbBVifGuo6itnjI8nGxCuMJTRtuu4nBwgLd9iMJEwDeyylvSiz0KZ+Hy 7wlQ== X-Gm-Message-State: APjAAAVOQD3dIEeQlnvpJInxodND3sCCFMMpTJcvwIDrq7LVdyVfPqVs ltAujvK+XcoFrAt49/ihmrh5QTd8/wuKqhzOpfihCQ== X-Google-Smtp-Source: APXvYqxN8o+edAhp3xlO1kSJbw6oRYe1YKqSHPkS07Jmg2r8K/PlBYKhwGpH0Ub7DR7/uO4aVHh9wYS9zry9mNFQUmw= X-Received: by 2002:aca:d54f:: with SMTP id m76mr227686oig.149.1554843957019; Tue, 09 Apr 2019 14:05:57 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <20190401032055.GA9497@linux1.home> <4bbfc34f-335f-5521-310a-b66ffd0d9a9a@gentoo.org> <5e30d658-80c8-b608-1505-dc08db3625bf@gentoo.org> <20190403174315.32615d3b9574571e3ed4a399@gentoo.org> <80ed2e482e96c96555bf4fd9331731c4c9ad0d7f.camel@gentoo.org> In-Reply-To: From: Raymond Jennings Date: Tue, 9 Apr 2019 14:05:20 -0700 Message-ID: Subject: Re: [gentoo-project] call for agenda items -- council meeting 2019-04-14 To: gentoo-project@lists.gentoo.org Content-Type: multipart/alternative; boundary="000000000000bd4b5105861f51a6" X-Archives-Salt: 7d02333f-f332-4026-8ea0-5f1a8f4db0b7 X-Archives-Hash: 431e7ecdbd082cbb932999402221ea38 --000000000000bd4b5105861f51a6 Content-Type: text/plain; charset="UTF-8" On Tue, Apr 9, 2019 at 2:03 PM Raymond Jennings wrote: > The only thing that I can say is that obfuscating one's real identity > could cause problems in the following areas: > > 1. Accountability in terms of any problems caused, either by malice or > incompetence. For analogy, using caller ID to trace someone who may or may > not have been spoofing their ID > 2. copyright law, which is likely to be obvious in terms of grants or > licenses, especially in the face of the GPL (of any version), and who owns > which copyright can possibly be traced by the inclusion of real life > identity. This also relates to point 1. > 3. people doing gentoo work on company time may well forfeit their > copyright interest to their employer under "work for hire", depending on > jurisdiction and/or what arrangements are made. Said employer may be able > to veto the wishes of the actual author, and may have their own legal > department/law firm on retainer, and have deeper legal pockets to sue with > if they want to object. In my opinion, having a "paper trail" of sorts to > follow is essential both to track down legal problems and discourage anyone > from causing them, also in relation to points 1 and 2 above. > > The details of how this is achieved is of course up to the proper people, > but my personal opinion is that requiring a linux kernel style "sign-off" > that at a minimum includes the real, legal name of the author of the change > being committed is an important part of the process that at a minimum makes > sure that said author is involved in the process of accountability, > especially if any problems arise from it (legal or technical or otherwise) > Relatedly, I would opine that anyone who intentionally uses a false name (especially if they get caught) has a possibly rebuttable presumption against them that they are acting in bad faith and thus less trustworthy. Accordingly I certainly would not object to punitive/remedial measures being taken against people who intentionally obfusecate their identity, especially if it causes problems or makes it harder for them to be held accountable for it. > > On Tue, Apr 9, 2019 at 1:56 PM Rich Freeman wrote: > >> On Tue, Apr 9, 2019 at 4:45 PM Alec Warner wrote: >> > >> > That being said I don't intend to forge a policy that is bullet-proof. >> If I cannot trust fellow project members to act well, they might as well >> just leave the project now. >> >> ++ >> >> Ultimately if somebody with commit access wants to create trouble >> there are a lot of things they can do that are far more harmful than >> using a fake name. I think we just need to be reasonable. >> >> Usually the standard that is used in courts at least in the US is >> reasonable care, and it has no hard definition, other than basically >> being the amount of care a normal person would exercise to do the >> right thing. If you want to find out whether something is or isn't >> reasonable care the easiest way is to get sued, or sue somebody else, >> and then after a few years you get an answer, and maybe a judgment. >> >> I think there are probably some legal benefits to requiring a real >> name, but personally I think there are more benefits beyond that. I >> think it tends to create a more professional atmosphere when people >> are conversing with "Alec Warner" and not "Boaty McBoatface" or >> whatever. Also, having some kind of reputational risk probably does >> help cut down on the trolling somewhat. Maybe... >> >> If you wanted to put Gentoo on your resume would you really want a >> potential employer to Google it and find articles by people like >> "420forlife?" I think this sort of thing can help set the tone for >> the community. >> >> That's just my opinion... >> >> -- >> Rich >> >> --000000000000bd4b5105861f51a6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Tue, Apr 9, 2019 at 2:03 PM Raymond Je= nnings <shentino@gmail.com>= wrote:
The only thing that I can say is that o= bfuscating one's real identity could cause problems in the following ar= eas:

1. Accountability in terms of any problems caused, = either by malice or incompetence.=C2=A0 For analogy, using caller ID to tra= ce someone who may or may not have been spoofing their ID
2. copy= right law, which is likely to be obvious in terms of grants or licenses, es= pecially in the face of the GPL (of any version), and who owns which copyri= ght can possibly be traced by the inclusion of real life identity.=C2=A0 Th= is also relates to point 1.
3. people doing gentoo work on compan= y time may well forfeit their copyright interest to their employer under &q= uot;work for hire", depending on jurisdiction and/or what arrangements= are made.=C2=A0 Said employer may be able to veto the wishes of the actual= author, and may have their own legal department/law firm on retainer, and = have deeper legal pockets to sue with if they want to object.=C2=A0 In my o= pinion, having a "paper trail" of sorts to follow is essential bo= th to track down legal problems and discourage anyone from causing them, al= so in relation to points 1 and 2 above.

The detail= s of how this is achieved is of course up to the proper people, but my pers= onal opinion is that requiring a linux kernel style "sign-off" th= at at a minimum includes the real, legal name of the author of the change b= eing committed is an important part of the process that at a minimum makes = sure that said author is involved in the process of accountability, especia= lly if any problems arise from it (legal or technical or otherwise)

Relatedly, I would opine that anyone w= ho intentionally uses a false name (especially if they get caught) has a po= ssibly rebuttable presumption against them that they are acting in bad fait= h and thus less trustworthy.

Accordingly I certain= ly would not object to punitive/remedial measures being taken against peopl= e who intentionally obfusecate their identity, especially if it causes prob= lems or makes it harder for them to be held accountable for it.

=
On Tue, Apr 9, 2019 at 1:56 PM Rich F= reeman <rich0@gent= oo.org> wrote:
On Tue, Apr 9, 2019 at 4:45 PM Alec Warner <antarus@gentoo.org> wrote:
>
> That being said I don't intend to forge a policy that is bullet-pr= oof. If I cannot trust fellow project members to act well, they might as we= ll just leave the project now.

++

Ultimately if somebody with commit access wants to create trouble
there are a lot of things they can do that are far more harmful than
using a fake name.=C2=A0 I think we just need to be reasonable.

Usually the standard that is used in courts at least in the US is
reasonable care, and it has no hard definition, other than basically
being the amount of care a normal person would exercise to do the
right thing.=C2=A0 If you want to find out whether something is or isn'= t
reasonable care the easiest way is to get sued, or sue somebody else,
and then after a few years you get an answer, and maybe a judgment.

I think there are probably some legal benefits to requiring a real
name, but personally I think there are more benefits beyond that.=C2=A0 I think it tends to create a more professional atmosphere when people
are conversing with "Alec Warner" and not "Boaty McBoatface&= quot; or
whatever.=C2=A0 Also, having some kind of reputational risk probably does help cut down on the trolling somewhat.=C2=A0 Maybe...

If you wanted to put Gentoo on your resume would you really want a
potential employer to Google it and find articles by people like
"420forlife?"=C2=A0 I think this sort of thing can help set the t= one for
the community.

That's just my opinion...

--
Rich

--000000000000bd4b5105861f51a6--