Giacomo Catenazzi <[email protected]> writes: > A naive question: why does not FSF check identity of contributors? > They must sign a copyright assignment (or disclaimer), send this > document to FSF, but I see no identity check on FSF side. > > They do this for legal reasons! > > For FSF copyright assignment is more important than identity check. > For us seems the contrary, but AFAIK FSF work closely with lawyer then > us!
This may appear counterintuitive, but I believe the FSF is at significant less legal risk for the sorts of problems we're discussing than Debian is. This is because the FSF doesn't distribute binaries and doesn't provide automated updates to systems. You could potentially do a lot of damage by sneaking a back door into FSF-provided code, but it would take a long time for that to make its way into running computer systems. It's a possible attack, but it's an attack that's easier to discover in some respects and much slower to take effect than a Debian Developer uploading a package with a back door (which in most cases would also be automatically synchronized to Ubuntu). This would not necessarily apply to the FSF-sponsored distributions, but I believe none of those are anywhere near as widely used as Debian. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
