From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 71C3E138334 for ; Sun, 30 Jun 2019 22:27:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A62DCE076B; Sun, 30 Jun 2019 22:27:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6C645E075F for ; Sun, 30 Jun 2019 22:27:24 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7FF97346D2E for ; Sun, 30 Jun 2019 22:27:23 +0000 (UTC) Received: (qmail 15592 invoked by uid 10000); 30 Jun 2019 22:27:17 -0000 Date: Sun, 30 Jun 2019 22:27:17 +0000 From: "Robin H. Johnson" To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Questions for Gentoo Council nominees: GLEP 76 Message-ID: References: <20190615124220.fcf0c08b22481d5bc6c2dbe0@gentoo.org> <20190615124933.b2f20fde0b47509e6b54f989@gentoo.org> <79783d8a-105e-7583-f319-f3c89a84eccc@gentoo.org> <6e47cd86-826d-4bb8-ffbe-97ea7b638af3@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eFc1cLy+KHTnhpog" Content-Disposition: inline In-Reply-To: <6e47cd86-826d-4bb8-ffbe-97ea7b638af3@gentoo.org> User-Agent: Mutt/1.11.4 (2019-03-13) X-Archives-Salt: b81a5189-dc5d-4a07-ab23-1501a7ed9aa4 X-Archives-Hash: ccb8566554231b8505c18992afc4ead4 --eFc1cLy+KHTnhpog Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 30, 2019 at 10:03:52AM +0200, Patrick Lauer wrote: > Adding an autogenerated "Blessed-by-Krom" has very little *meaning*, so > what do we gain by adding an autogenerated "Blessed-by-Krom"? (No, > eternal battle in the afterlife is not guaranteed) >=20 > Since it's mandatory to continue committing, and autogenerated ... what > does it really do? And how does it do more than requiring people to read > and understand the rules before, and signing their commits? (Which, > legally, shows an equivalent intent) >=20 > (Does anyone actually read *and understand* Terms&Conditions? How do you > verify that? Usually you'd just assume that people are not actively > malicious and that their word is enough) >=20 > So from my perspective GLEP76 doesn't really improve the situation, just > makes everything more complex and causes exhausting discussions about > non-technical topics that don't improve the distro. As a clear example of meaningful agreement to the DCO vs the autogenerated agreement that Patrick is concerned about, look at GnuPG's model: 1. A new contributor must send a OpenPGP-signed copy of the GnuPG DCO text to the public mailing list (the exact wording of the DCO contains only a minor change s/open/free/ per FSF principles). 2. Signed-off-by trailer in the commit message is ALSO required, and is only used to verify against the DCO registry. 3. The documentation says a) no pseudonyms, and b) anonymous contributions can be done with a proxy who is willing to certify for you: https://gnupg.org/faq/HACKING.html#sec-1-3 4. There's a registry of DCO signatories: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=3Dgnupg.git;a=3Dblob;f=3DAUTH= ORS;hb=3DHEAD#l163 However, there are two names that stand out as pseudonyms: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=3Dgnupg.git;a=3Dblob;f=3DAUTHORS= ;hb=3DHEAD#l187 I think is an implicit outcome of the two policy statements together: Pseudonyms are also valid if there is a certifying proxy. --=20 Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robbat2@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 --eFc1cLy+KHTnhpog Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iQKTBAABCgB9FiEEveu2pS8Vb98xaNkRGTlfI8WIJsQFAl0ZN0JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJE RUJCNkE1MkYxNTZGREYzMTY4RDkxMTE5Mzk1RjIzQzU4ODI2QzQACgkQGTlfI8WI JsQgNw//em3xb5712O5Pg3gSIzmaXKVDEfN6S5V5PWhoZT40Sb3kTNqjKaECBLWu EIeF1g7WlH8V9tRoFfu8NwRdqJcDX9QDlLwsa+aklomJgiNYIF//Hve2ptRTUcO3 MKL3lgQRGGjDJ+MXSLITRmyS0vQ4Gto//MbRBPCQc7cKC8bg0n9ViZMgEkQYA/ve 5hJOZGtvy1vrxt+QTfxPgjZd0pDAbIlXYJzX0ZmknhgMMdugu1erlVm7YztFlYhC TFjQxR+UbwX4fv0+gHdUfb1DEO2lQTL6alH2C40w5iCP1L1oHNlW9FFVFayPBEVw 5dgObEtrlDkvFZlKZNfFHE66yzlSSBX0HZYiklt5wip1qU6k+ZrcveIPkv1FfD6Y h9LCrU8vp3aOGa1UPstOYmlhOEOyvaybGt/zpQvUCXNx9PTgQL9KDlM+yn9U5scE PlNfQ5dXdzDhHPHNvFGnyY08MSLCK9YmavFrnaqifLni509a6H8Sq5tXMZ89EO1p r5UVXnGubLqbYJH9zYXdQvl3JqAaIPzqFRZQLacgpv0NBrXwXOV86paswsEnj6Id lymhjcfIrIuNGIENCEGSkoIeaj5UN4OQU0Pg0gJLQ+Bl75eSZ27EIv9KXNozbew0 HnkjrLqFTFOVRkjYaPF6rTQ3o0ZkGX4xuc+iDehAwZJaROQ0TI8= =r2Dc -----END PGP SIGNATURE----- --eFc1cLy+KHTnhpog--