From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 62FB6138334 for ; Thu, 27 Sep 2018 14:13:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 04308E08ED; Thu, 27 Sep 2018 14:13:44 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BA79DE08D3 for ; Thu, 27 Sep 2018 14:13:43 +0000 (UTC) Received: by mail-pf1-f169.google.com with SMTP id p12-v6so2035893pfh.2 for ; Thu, 27 Sep 2018 07:13:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=mOEqfmGiZe0DNJLo4ZKW7PmMmd3ojyrUQZLvtl9HJc0=; b=UF2+FphME8Y66kKxAjB5m6un+DB9zCdVScf6bgIlN+YlQYJPm9ulccj7cXenoTMVTq tmzQF9mSJ/GIezAfKChv7fqs1umBjzYxuM5fjI1WZ9m9RZyN0bLqv8DZXSXbbaA0R98A lvHqf6WMLWRJXpquDAlgeUEy0JFRXGUY7ploaNbtWpBvW6R41qTGLYqSj8KACJGWG125 EHI4xQUE/tviEML6afrLP8R9CgzLWTOM6nTCH2MDAd4wy92yOjhuPJ7o2X76zWz0Q9dW woZH6ERMbtWrijZ/PwhY5qfPcw6zUBb4dUZPhwr+hfy783ncgJNKbM38c8pqY/XIYAxn xWpA== X-Gm-Message-State: ABuFfoilCv1x3AHSJDd2wnJvQwVTSeHyMrVzyDB4UfGWVZWpkL9LbCJ5 lzT42HdjHMpsb0b93oq/U55DkdTrGVWo0h0yWAdfEw== X-Google-Smtp-Source: ACcGV63xKrRNMIlpVif89a0y8ww82Ml2DtYBo+niGqqHP1dNRlfet8w7kMIp6iEpewW/vKRspy3K0vtn4pEUqvP/L00= X-Received: by 2002:a62:670a:: with SMTP id b10-v6mr11810427pfc.243.1538057622017; Thu, 27 Sep 2018 07:13:42 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 References: <23325.35685.793702.267278@a1i15.kph.uni-mainz.de> <23337.15822.698153.812236@a1i15.kph.uni-mainz.de> <4683a4e7-c752-8735-4bcf-1ee7cb4837f9@gentoo.org> In-Reply-To: <4683a4e7-c752-8735-4bcf-1ee7cb4837f9@gentoo.org> From: Rich Freeman Date: Thu, 27 Sep 2018 10:13:30 -0400 Message-ID: Subject: Re: [gentoo-project] [RFC] GLEP 76: Copyright Policy [v4] To: gentoo-project Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: c093ee8d-8bd1-45bb-8343-b1153f66cc32 X-Archives-Hash: e6305d77cf5e22b2f7d277da9e4d04de On Thu, Sep 27, 2018 at 9:52 AM NP-Hardass wrote: > > But that's really besides the point... The current status quo (as is the > case with me) is that a committer may be pseudonymous under the > condition that the Foundation have that individual's name in the event > of a copyright issue. So, I still don't understand how forcing everyone > to publicly use a real name achieves something that we aren't currently > achieving... Is that incorrect? Interesting point. If we were going to go down this road I'd still suggest that the Foundation have a policy on when the real names of contributors can be disclosed, either privately or publicly. If we were to use the defense that we have a statement from a contributor that they checked the copyright and it was ok, the first question somebody will respond with is, "who?" An answer of "we know who it is but can't tell anybody, even a court" probably isn't going to work. I think there are other arguments to be made against anonymity. You're hardly a list troll, but anonymity can breed this sort of thing. From a strictly copyright standpoint I don't see why the identity of contributors needs to be publicly disclosed, as long as it can be disclosed where legally necessary. Of course, if that is a court then depending on the jurisdiction it may become public anyway. Also, if we were going to go down this route then we also need to have better archives of such things, as trying to dig up some trustee email from 10 years ago is not the right solution. A secured repository of identities/etc would be better (the Foundation already has a place to store stuff like bank account details). Another practical argument against anonymity. If everybody agrees everything is public, then we don't have any personal information we need to protect under various privacy laws. As soon as we agree to keep some info private, then we potentially have obligations under such laws. Also, legally the Foundation is a US organization - so I'm not sure if things like the US-EU Safe Harbor provisions start to apply if we want to collect this sort of info from EU citizens. It is just a can of worms you can avoid simply by not hanging onto this kind of information. I believe that many of these privacy protections cannot be simply waived - we can't get some EU citizen to agree that they don't apply to us. If the laws apply then we need to follow them. Now, we're obviously not a big fish, so enforcement may never happen. Maybe compliance isn't burdensome - I only know enough about such things to know that I'd want to know more before going down that road... -- Rich