From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CA9CA138334 for ; Thu, 27 Sep 2018 13:43:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9B0B0E0825; Thu, 27 Sep 2018 13:43:23 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 561D7E0824 for ; Thu, 27 Sep 2018 13:43:23 +0000 (UTC) Received: by mail-pf1-f178.google.com with SMTP id p12-v6so1974542pfh.2 for ; Thu, 27 Sep 2018 06:43:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=hyHRBdxVuSoog9D9gtQ7HHGOa+Q2RVjRk65c+Os6Mr0=; b=LSN8/0tHqO6BJOpY1ecOyM/7mV+8WOXjYVJH2s21cBpnWOec2QIR3XWcndG8L/IzcI WRAZUGqn+5rVs63i/WWzL0ByabyaZf6ECTz0vVAhuTlrTJ6x10eHRByn+g5ho87E4lW/ 4jOASwVCi1+fQOsVafBbsWtZyXm+xBHkv1ngBoEW9/ckKpj+6TMpcYX4fyqAIN4OfAfJ Nn/7bgCPqqDsEBQCfOOmoTobwIs40N3yib7/y4fJUhNQWANJ2WpudYT1faXJfuJHTGdD eKkdqktG8SQVayCHEdp8ThM9eMw2Qj5LPwEomTd7otjuTW+hkqJTuvZt6FUnuhjgzL3z SH7Q== X-Gm-Message-State: ABuFfoju/mQsckHGlmlN5lvRG99FO7pCZuEnAfYGsSGkUr2U1spf1MZm PnitOonyKS9bFyzBQsbtILsmvOjCt/myegOwUG025Q== X-Google-Smtp-Source: ACcGV62lLpqb7GwAbIUsZZ37VtodSmjt+79ZP1NlfBDnWnmRTMV2QYStSGrLHZZ1E+YYtr5BQfJFLmCJeQtfhBezGCE= X-Received: by 2002:a17:902:722:: with SMTP id 31-v6mr11174145pli.207.1538055801286; Thu, 27 Sep 2018 06:43:21 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 References: <23325.35685.793702.267278@a1i15.kph.uni-mainz.de> <23337.15822.698153.812236@a1i15.kph.uni-mainz.de> <2faff4c2-ed97-5a52-5078-365d1c6cf2a1@gmail.com> In-Reply-To: <2faff4c2-ed97-5a52-5078-365d1c6cf2a1@gmail.com> From: Rich Freeman Date: Thu, 27 Sep 2018 09:43:09 -0400 Message-ID: Subject: Re: [gentoo-project] [RFC] GLEP 76: Copyright Policy [v4] To: gentoo-project Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: fedd2c08-ae83-4802-beac-ca067ca57a14 X-Archives-Hash: 310f4e86662cb8200f1666dee214c8ac On Thu, Sep 27, 2018 at 9:08 AM kuzetsa wrote: > > in this case, the GCO (or the DCO from which it borrowed it's ideas) > should explicitly state its purposes, rather than relying on the > assumption that a person can be tracked down if the license was is ever > in doubt. While I'm all for having background, I don't see how it actually changes the situation. Also, there is no need to track people down, ever. The purpose of the GCO/DCO is to make the contributor liable for their contributions, and this is already accomplished. If the true copyright holder wants to try to track them down that is their problem. If somebody provides us evidence that they are the true copyright holder and ask us to remove their code, we simply have to remove their code. No stack of licenses/certificates/attestations/etc will ever change that. It is like buying a house. If you buy a house from somebody, and it later turns out that they never owned the house, then the owner is going to be able to take his house back from you free of charge. It doesn't matter how many documents the "seller" signed in the process - it was never their house to sell. However, those documents CAN place some liability on them for such things, or provide you with due diligence / reasonable care so that it shows that you acted in good faith and the owner won't go after you beyond just getting back their house. You're still out the house either way. I believe this is the basic principle behind these kinds of documents. It is basically an affirmation of compliance, which is a form of showing reasonable care on the part of the recipient. > > people can and do physically relocate from time to time, and if they're > no longer a contributor there's no way to track them down, should the > need arise for any legal or ethical questions (the kind of purpose which > the policy makes no mention of: a way to reach the contributor) > See above. Tracking down the contributor is unlikely to really get us far, and it really makes no sense. The purpose of the DCO is to collect the affirmation of compliance up-front so that we don't have to try to get it later. It doesn't change who owns copyright. If it turns out somebody lied to us then bad things will always happen, but they just won't be as bad as they could have been. -- Rich