From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4DA36138334 for ; Tue, 25 Jun 2019 06:15:15 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F0791E087D; Tue, 25 Jun 2019 06:15:13 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B3544E0878 for ; Tue, 25 Jun 2019 06:15:13 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id A10C83462F4; Tue, 25 Jun 2019 06:15:11 +0000 (UTC) Message-ID: Subject: Re: [gentoo-project] Questions for Gentoo Council nominees: GLEP 76 From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-project@lists.gentoo.org Date: Tue, 25 Jun 2019 08:15:07 +0200 In-Reply-To: <20190625011818.73fb7c1948a0a3d124a0d9db@gentoo.org> References: <20190615124220.fcf0c08b22481d5bc6c2dbe0@gentoo.org> <20190615124933.b2f20fde0b47509e6b54f989@gentoo.org> <20190625011818.73fb7c1948a0a3d124a0d9db@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-xMt8Z55d+OoG4KMjfipq" User-Agent: Evolution 3.30.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: 0436a0b5-d307-4130-ae8f-db53f73abbf1 X-Archives-Hash: ca3ce56ae5152d4d647b3c97c2eccc8b --=-xMt8Z55d+OoG4KMjfipq Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2019-06-25 at 01:18 +0300, Andrew Savchenko wrote: > Hi all! >=20 > On Sat, 15 Jun 2019 12:49:33 +0300 Andrew Savchenko wrote: > > On Sat, 15 Jun 2019 12:42:20 +0300 Andrew Savchenko wrote: > > > Hi all! > > >=20 > > > Last year we had a good initiative: it addition to (or even instead > > > of) manifests nominees were asked questions by voters. So let's > > > continue this year. > > >=20 > > > I propose to have one question per thread spawned by this e-mail to > > > keep discussion focused. If you have multiple questions, please > > > start multiple threads. If your question was already asked, please > > > join a thread. > > >=20 > > > I'll ask my questions in subsequent e-mails. > >=20 > > In my opinion GLEP 76 is the most controversial decision made by > > running council. While it fixed some long standing issues like > > copyright headers and proper acknowledgement of out of the tree > > contributors, it created grave problems: now some long-time > > contributors and even developer are seriously discriminated because > > they want to keep their privacy. > >=20 > > What is your opinion on this problem? > > Should GLEP 76 be left as is? > > Should GLEP 76 be cancelled? > > Should GLEP 76 be improved and how? >=20 > Since I've accepted the nomination, it's my turn to answer as well. >=20 > I'll tell you frankly that GLEP 76 was the main motivation for me > to accept the nomination. I consider it =E2=80=94 in the way it exists no= w =E2=80=94 > harmful and in need to be fixed. This is how free software works: > if something is broken and nobody repairs it, go and fix it > yourself. >=20 > What is wrong with GLEP 76? It kicks some active contributors and > rejects some of new ones. No, it is not just one developer > affected as someone may assume. We have external contributors > kicked out, we have at least one high quality maintainer who worked > on quizzes, but this work was stopped due to hostility to and > further ban on anonymous contributions. >=20 > I believe that for free software development privacy concern is of > paramount importance, especially when we are dealing with security > or privacy oriented software. >=20 > One may argue that ban on anonymous contributions was to protect > Gentoo from possible copyright claims in the future. But does it > really gives us such protection? In my opinion NO, because: >=20 > 1. GLEP 76 was prepared without legal expertise from experts in > this field. (At least such expertise was not published.) Hereby we > have no evidence that it will work if real case will be opened. >=20 > 2. No law or legal precedent was provided to prove that GLEP 76 > will be useful in alleged case or that we have a legal requirement > to put such restrictive demand on our contributors. What 'legal expertise', 'law' or 'legal precedent' do you have to say otherwise? It's easy to blame others when all you have is your private opinion. >=20 > 3. We objectively have no means to verify developer's credentials. > Current approach is based on realistic-like approach: if someone > names themselve "John Doe" we accept it, if someone names as > "qwerty123" we do not recognize this as an ID. But we have no means > to verify that "John Doe" is real (natural) name. Even GnuPG Web of > Trust doesn't provide such means, because what it really provides > is a link between a person and their GnuPG key, as we're not > authorized legal entities empowered and fully informed to verify > validity of IDs present during GnuPG signing. >=20 > So in my opinion current state of affairs is not acceptable and > must be amended. What I propose to do: >=20 > 1. To mitigate current crisis we should allow developers to commit > under any unique non-offensive id (text string) as long as the > trustees know how it maps to a real name. >=20 > The rationale is that the trustees are the legal body to handle all > legal issues of Gentoo, so even if we agree that real names are > mandatory, there is no practical legal need for anyone outside of > trustees to know them. This way we can include people who agree to > keep their privacy from anyone except trustees and in the same way > this will keep the legal effect of GLEP 76 intact. >=20 How are Trustees supposed to know whether the 'real name' is actually a real natural name? You just said it is apparently impossible to verify. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-xMt8Z55d+OoG4KMjfipq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAl0Ru+tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM3 NkE4NDUwOTQwOThEMjhDQzhCMjZDNTYzOUFEQUUyMzI5RTI0MEUACgkQY5ra4jKe JA5MsQf/TUUWcA0Is2wx/+YCo0ChmN6LKnpkqc+cfGUiEY5V6QbDTTpyuJia+wz5 hCxeVqAFffCwAwm9MZcYoyQlGNx0tYO1dESk6ml0A531dk16QNJtS8PCjlQbvcZj FiEorOwyASFS8nfvBPRtPc/xz7Hl203tWUBtHczsIO65wvGg2swZcMQiwQaL2ptO gqlC8E9t72I0qqlyr2OWYwWqLsbvQ/uQfjN4vHdvqLIyKQGDW7J8OOVhvSAXIqQI S9DRu4o1QBe5LnTo2gB5BLZWh768boqP7F9lRjMU14sO8cYCRT9aV4xf+9aBOaXq Ew7F2Xl/fEUJQXS/F2UuA6joidxzCA== =vbiD -----END PGP SIGNATURE----- --=-xMt8Z55d+OoG4KMjfipq--