On 4/8/19 4:42 PM, [email protected] wrote: >> On 4/8/19 3:37 PM, Schanzenbach, Martin wrote: >>>> It sounds like you're suggesting that we should have a core team of >>>> developers in official capacity for GNUnet e.V. to look at pull requests >>>> and then say "we think that this doesn't infringe on copyright" and >>>> merge them in. Is that what you're saying? >>> I did not start the copyright argument and am not even sure if we need to >>> address it (see other mails). >>> What I am saying is that GNUnet e.V. is currently (or better: should be) >>> vetting every contributor wrt the CAA _before_ any contribution is done. >> True. >> >>> This vetting process is not transparent and power is quite concentrated >>> (note I am not saying abused). >> I'm not sure how this is not transparent, as the list of people who >> signed it is maintained in the gnunet-ev.git, and the CAA is public as >> well. > I had to ask where this list is. So I have this 1/4 finished document > which is not a good on-boarding document, but a better one than now, > which is nix, nada. So we should mention little details like this on > the website or in this guide.
Sure. >> Also, various people are in principle able to onboard new >> committers. The fact that I collect the printouts is something I'm not >> sure how to fix. I considered putting the signed statements into a Git, >> but figured having scans of people's signatures online was a bad idea (TM). > I remember having to sign a similar document for Erlang contributions, > but they abstracted it into their github-centric organization, so > to have it only digital should be doable if Erlang gets away with it > (also a european business, located in Sweden). Well, for the legality of the CAA, I suspect that's true. As for preventing someone from abusing such a Git as a "free public file hoster" I'm not so sure. Especially stuff in some random developer branch is unlikely to be properly monitored by us. But that could maybe be addressed by a CI check for the upload of 'large' files that triggers an alert.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
