A lot of people whos opinions I respect have commented on this and I thank them for their time but that being said I still don't understand how a "real" name policy helps avoid problems, it isn't as if the coreboot leadership meets someone in real life and asks them to present a passport which is then verified by a handy federal officer.
I wish to correct a few small bugs but at the same time I don't want to provide my name, what should I do? (C) Taiidan 2018 all rights reserved? IANAL but I don't see that as any different from an unverified name.
On 08/03/2018 01:05, Taiidan@gmx.com wrote:
A lot of people whos opinions I respect have commented on this and I thank them for their time but that being said I still don't understand how a "real" name policy helps avoid problems, it isn't as if the coreboot leadership meets someone in real life and asks them to present a passport which is then verified by a handy federal officer.
It's not to verify your name, as you pointed out it's not very effective at that.
The measure is there to make sure that a company can't say the code you posted was theirs (which is what happened with SCO).
With a real/plausible name, if they want to claim it's their stuff in court, then they need to pull up someone with that name, using that email, which is also a programmer that could have plausibly done that, and also claim that this person was their own employee at the time the code was posted.
It's not impossible to pull this off, but it is so much harder than if the project accepted nicknames without email (that have no legal value, i.e. you don't have the nickname on your ID card) or totally anonymous contributions.
And any company that told the judge that their man was posting with a fake name would just get laughed out of court.
I wish to correct a few small bugs but at the same time I don't want to provide my name, what should I do? (C) Taiidan 2018 all rights reserved? IANAL but I don't see that as any different from an unverified name.
Human names, even if fake, work for the above thing, nicknames don't.
It's a measure to protect the project from legal trolling, not to confirm the contributors identity.
-Alberto
A lot of people whos opinions I respect have commented on this and I thank them for their time but that being said I still don't understand how a "real" name policy helps avoid problems, it isn't as if the coreboot leadership meets someone in real life and asks them to present a passport which is then verified by a handy federal officer.
I agree.
Same concerns here. I failed to see how a "Real Name" policy would help solve the following problems.
1. There's nothing preventing a developer to use a forged name.
2. Even if all developers are registered with their IDs, there is still nothing preventing developers to copy and paste GPL/BSD code and commit them into the coreboot repository, and as far as I know, a great deal of code snippets are published only with a random online handle. It is entirely possible for coreboot developer to include some code from some free sofware project, which is published pseudonymous.
To avoid these problems, reusing code under a free software license should be forbidden in coreboot, to this point, one purpose of free software is already lost. Otherwise, all developers should be required to investigate before reusing any code so only legitimate code is reused. I don't think it is practical.
3. A "Real Name" policy doesn't transfer the copyright of individual developers to the project manager. It is generally believed the FOSS projects with centralized copyright have much higher chance and confidence to prove or solve a copyright issue on the legal ground. The effectiveness of a "Real Name" without signing the CLA is limited.
Disclaimer:
1. I haven't contributed any code to coreboot but working on related project and may do it in the future.
2. The name I used for most of my projects, including this name, is a nickname and has zero legal validity.
Happy Hacking, Tom Li
On 03/11/2018 09:42 PM, Tom Li via coreboot wrote:
- Even if all developers are registered with their IDs
And you actually have to meet them in person for this due to photoshop existing.
I have always thought it hilarious when a company asks for a scan of a passport or identification card.
On Mon, Mar 12, 2018 at 12:26 PM, Taiidan@gmx.com Taiidan@gmx.com wrote:
On 03/11/2018 09:42 PM, Tom Li via coreboot wrote:
- Even if all developers are registered with their IDs
And you actually have to meet them in person for this due to photoshop existing.
I have always thought it hilarious when a company asks for a scan of a passport or identification card.
There still seems to be some confusion. As Alberto alluded to this isn't about verifying your identity. What matters is protecting coreboot along with its adopters and contributors (including companies who sell coreboot-based products) from legal threats. That is far more valuable than any bug fixes you might have to offer.
Perhaps you can fork the repository elsewhere and post your patches, but please keep them out of upstream unless you're willing to do what has been deemed necessary to protect the project from the SCOs of the world. This means abiding by the DCO (https://developercertificate.org/) including its use of the pronoun "I".
-
Alberto Bursi -
David Hendricks -
Taiidan@gmx.com -
tomli@tomli.me