Re: [gentoo-dev] [PATCH data/dtd] metadata.dtd: Add nimble remote-id type
On Wed, 2022-07-13 at 09:16 +0500, Anna Vyalkova wrote: > Add remote-id for packages from the official Nim package list (can be > accessed e.g. via https://nimble.directory), only packaged in ::guru at > the time this was committed. > Please also submit a PR to pkgcore/pkgcheck that adds support for verifying these ids. This should be pretty easy to add based on existing entries. -- Best regards, Michał Górny
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
On Wed, Jul 13, 2022 at 02:26:43AM +0200, Ulrich Mueller wrote: > The "natural person" part was lost in this change. It also doesn't > reappear in the added section below. I think we don't want any corporate > entities there (or at least that's what I had taken from the previous > "Sony" discussion). Will re-add to the name section. For this section, I had a further thought and feel this is cleaner: to the commit message as a separate line. The sign-off must contain -the committer's legal name as a natural person, i.e., the name that -would appear in a government issued document. +the contributor's name as discussed in the next section. > > +Contributor Name > > + > I just notice that it says "contributor" here while it is "committer" > above. Not sure which is better, but maybe we should use the same word > everywhere? I think this might warrant a larger discussion. The Kernel DCO is required for all patches, not just commits. The GCO rev 1 text borrowed the same word: contribution. Specifically the author of the contribution can easily be different from the person committing it into a VCS. Contributors are a superset of committers. At the same time, I've already seen developers ask contributors for a sign-off, even when it's only the developer doing the commit; which isn't required by the Gentoo policy as it's written today. Maybe this specific commit that changes "legal name" should stick to "committer", which the explicit plan to make the text > > +Contributors must sign off on contributions with a name that can be made > > +public and would pass copyright due diligence. > Suggestion: "with their name as a natural person" Agreed & queued. Will incorporate after other discussion above is concluded. > > +For revision 1.2, further thanks are extended to kuzetsa CatSwarm, > > +Richard Freeman, John Helmert III, Ulrich Müller and Alec Warner. > The authors thanking themselves would be very unusual in an > acknowledgement. :) I suggest to just add John Helmert III to the > existing list (keeping alphabetical order). All others are either > authors or are already mentioned. If I do that, the specific contributions of multiple parties already in the author list are not acknowledged for this revision: rich0, antarus, ulm. The new text was substantially written by myself, with the great suggestion from kuzetsa, and then everybody else contributed good edits to it. If you're happy to not take extra acknowledgement that this was for Rev 1.2, I'll just tweak it to add kuzetsa to authors and ajak to thanks list. -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
> On Tue, 12 Jul 2022, Robin H Johnson wrote: > -to the commit message as a separate line. The sign-off must contain > -the committer's legal name as a natural person, i.e., the name that > -would appear in a government issued document. > +to the commit message as a separate line. The Name used is discussed in > +the next section. The "natural person" part was lost in this change. It also doesn't reappear in the added section below. I think we don't want any corporate entities there (or at least that's what I had taken from the previous "Sony" discussion). > +Contributor Name > + I just notice that it says "contributor" here while it is "committer" above. Not sure which is better, but maybe we should use the same word everywhere? > +Contributors must sign off on contributions with a name that can be made > +public and would pass copyright due diligence. Suggestion: "with their name as a natural person" > + > +Nothing further is required if the name matches a government issued > +document of the contributor. > + > +If the name does not match any government issued document, it must be a > +name that can be verified by simple records search, and/or attestable in > +a written statement, with a witnessed signature as before a notary. > + > +For the purposes of this policy, the Gentoo Foundation will not request > +any verification of the name until such time as required by government > +action or legal proceedings. > [...] > Roy Bamford, Kristian Fiskerstrand, Andreas K. Hüttel, Manuel Rüger, > Matija Šuklje, Matthew Thode, and Alec Warner for their input. > +For revision 1.2, further thanks are extended to kuzetsa CatSwarm, > +Richard Freeman, John Helmert III, Ulrich Müller and Alec Warner. The authors thanking themselves would be very unusual in an acknowledgement. :) I suggest to just add John Helmert III to the existing list (keeping alphabetical order). All others are either authors or are already mentioned. Ulrich signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
(CC to gentoo-project as required by the GLEP itself). On Tue, Jul 12, 2022 at 05:28:36AM +0500, Anna Vyalkova wrote: > This patch uses more friendly language towards potential transgender > and plural contributors. > > No other projects require to use a legal name, e.g. Linux says to use > your real name[0]. > > Government issued documents are really a bad example since in some > countries it's really hard to get your name changed there. Hi Anna, There was a very long discussion in #gentoo-council IRC about this today, with many sides represented. I apologize I didn't follow who suggested some of the ideas first, so if something was mis-credited, the fault lies with me. The need is for GLEP76's name requirement to balance copyright protection with complexities of jurisdictional naming complexities [4][5]. The kernel DCO says: "using your real name (sorry, no pseudonyms or anonymous contributions.)" Copyright law itself, at various levels (including US law and WIPO treaty [CR001EN]) treaty does permit copyright held by pseudonyms in many cases. But Copyright law also makes assumptions that some body, be it publisher or government office, holds the "real" identity (which can be discovered by legal or other actions), and the publisher holds some liability in this process. Thus Copyright law tries to impose the need to associate a person with a a copyrightable work. Thus it raises two questions: - Is the open source organization that receives a contribution a publisher in this case? - If the organization is a publisher, does this mean they are required to implement some level of Know-Your-Customer (KYC) system? This is all so messy :-(. Maybe we can approach it from a different angle. The older version of the GLEP did use the term "real name", and it was changed to "legal name" because the advice at the time is that "real name" wasn't well-defined. https://bugs.gentoo.org/653118 https://gitweb.gentoo.org/data/glep.git/commit/glep-0076.rst?id=5713e7e0fbeb37a74743f11c80da2d8bdd87acf2 I previously proposed amending it further: https://archives.gentoo.org/gentoo-project/message/26d68349541e4db54a93edf57d6e7404 But in further discussion, even my proposal didn't go far enough. Neither "real name" or "legal name" correctly convey the underlying intent here, and both of them have additional unwanted baggage [1][2][3], and disproportionately impact some population groups. Tying this back together: The Foundation has *zero* desire to implement a KYC system, or to be the holders of any non-public personal information. Esp. The Foundation does not want to even have to look at ID documents. So it's not acceptable to just have: "send your linkage between pseudonym and name-on-ID to trustees". What's really needed? GLEP76 must show that Gentoo (as a legal entity: the current Foundation, or future umbrella), has undertaken due diligence in accepting the contribution. The discussion in #gentoo-council ended up producing a potential text that I'll attached as a patch. I'd like to thank the following for their contributions to the text. kuzetsa CatSwarm ** significant wording Richard Freeman John Helmert III Ulrich Müller Alec Warner [1] https://en.wikipedia.org/wiki/Battle.net#Privacy_and_Real_ID [2] https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy [3] https://en.wikipedia.org/wiki/Nymwars [4] Depending where you are, it can range from very easy to almost-impossible to change your name. [5] In https://archives.gentoo.org/gentoo-project/message/26d68349541e4db54a93edf57d6e7404, I linked many other examples [CR001EN] https://wipolex-res.wipo.int/edocs/lexdocs/laws/en/cr/cr001en.html -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 From 77a948ffecf97035a42359be0a0b40ad5059fe2f Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Tue, 12 Jul 2022 14:52:23 -0700 Subject: [PATCH] glep-0076: clarify name policy Signed-off-by: Robin H. Johnson --- glep-0076.rst | 29 +++-- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git glep-0076.rst glep-0076.rst index 2216483..ce98ac8 100644 --- glep-0076.rst +++ glep-0076.rst @@ -5,12 +5,13 @@ Author: Richard Freeman , Alice Ferrazzi , Ulrich Müller , Robin H. Johnson , -Michał Górny +Michał Górny , +kuzetsa CatSwarm Type: Informational Status: Active -Version: 1.1 +Version: 1.2 Created: 2013-04-23 -Last-Modified: 2022-07-02 +Last-Modified: 2022-07-12 Post-History: 2018-06-10, 2018-06-19, 2018-08-31, 2018-09-26 Content-Type: text/x-rst --- @@ -136,9 +137,8 @@ the Certificate of Origin by adding :: Signed-off-by: Name -to the commit message as a separate line. The sign-off must contain -the committer's legal name as a natural person, i.e., the name that -would appear in
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
On 12/07/2022 13:47, Ulrich Mueller wrote: On Tue, 12 Jul 2022, Michał Górny wrote: to the commit message as a separate line. The sign-off must contain -the committer's legal name as a natural person, i.e., the name that -would appear in a government issued document. +the committer's real name as a natural person, i.e., the name that +you would use to present yourself to your colleagues. This is insensitive to people who don't have any colleagues. The snarkiness of Michał's comment left aside, in general "the name that you would use to present yourself to your colleagues" won't work. It is one of the examples in [1]: | 4. People have, at this point in time, one full name which they go by. | Not so, even in Western countries, where a woman may choose to retain | her unmarried name at work (where she is already known by that name), | and use her husband’s surname on social occasions, and even on legal | documents such as mortgages and loans. (IIRC, robbat2 had once pointed me to that document, in the context of a contributor from South India with a single-letter name.) Ulrich [1] https://shinesolutions.com/2018/01/08/falsehoods-programmers-believe-about-names-with-examples/ I think this is the third time we've had the "real name" vs "legal name" discussion. I've said it before, and I'll say it again. The "legal name" rule, as it is worded now, has no basis in reality. We do not enforce this, nor could we if we wanted to (unless of course we start requiring scans of e.g. drivers licenses before we accept contributions to Gentoo, which would be stupid). Truth is there is no way for any of us to know if the names we see and use in Gentoo are a persons "legal name". Anna's wording is better, if only for the reason that it reflects reality better. In practice, all we actually do is apply our (unavoidably) biased 'common sense' to determine if some combination of symbols is, or could be, a "real name". And this is good enough because all we really need is some convenient semi-unique identifier to refer to a person in order to contact them, and to determine who is responsible for what. If "real name" is good enough for Linux why wouldn't it be good enough for us? Best regards, Andrew
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
On Tue, Jul 12, 2022 at 12:37 PM Ulrich Mueller wrote: > > > On Tue, 12 Jul 2022, Mike Gilbert wrote: > > >> The snarkiness of Michał's comment left aside, in general "the name that > >> you would use to present yourself to your colleagues" won't work. It is > >> one of the examples in [1]: > >> > >> | 4. People have, at this point in time, one full name which they go by. > >> | Not so, even in Western countries, where a woman may choose to retain > >> | her unmarried name at work (where she is already known by that name), > >> | and use her husband’s surname on social occasions, and even on legal > >> | documents such as mortgages and loans. > > > So what's the problem? That people can have more than one "real name"? > > Can't they just pick one? > > With the suggested new wording she would have to use the name by which > she is known at work. That may not be the name she prefers otherwise. The suggested wording uses that as an example.
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
> On Tue, 12 Jul 2022, Mike Gilbert wrote: >> The snarkiness of Michał's comment left aside, in general "the name that >> you would use to present yourself to your colleagues" won't work. It is >> one of the examples in [1]: >> >> | 4. People have, at this point in time, one full name which they go by. >> | Not so, even in Western countries, where a woman may choose to retain >> | her unmarried name at work (where she is already known by that name), >> | and use her husband’s surname on social occasions, and even on legal >> | documents such as mortgages and loans. > So what's the problem? That people can have more than one "real name"? > Can't they just pick one? With the suggested new wording she would have to use the name by which she is known at work. That may not be the name she prefers otherwise. signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
On Tue, Jul 12, 2022 at 7:47 AM Ulrich Mueller wrote: > > > On Tue, 12 Jul 2022, Michał Górny wrote: > > >> to the commit message as a separate line. The sign-off must contain > >> -the committer's legal name as a natural person, i.e., the name that > >> -would appear in a government issued document. > >> +the committer's real name as a natural person, i.e., the name that > >> +you would use to present yourself to your colleagues. > > > This is insensitive to people who don't have any colleagues. > > The snarkiness of Michał's comment left aside, in general "the name that > you would use to present yourself to your colleagues" won't work. It is > one of the examples in [1]: > > | 4. People have, at this point in time, one full name which they go by. > | Not so, even in Western countries, where a woman may choose to retain > | her unmarried name at work (where she is already known by that name), > | and use her husband’s surname on social occasions, and even on legal > | documents such as mortgages and loans. So what's the problem? That people can have more than one "real name"? Can't they just pick one?
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
> On Tue, 12 Jul 2022, Michał Górny wrote: >> to the commit message as a separate line. The sign-off must contain >> -the committer's legal name as a natural person, i.e., the name that >> -would appear in a government issued document. >> +the committer's real name as a natural person, i.e., the name that >> +you would use to present yourself to your colleagues. > This is insensitive to people who don't have any colleagues. The snarkiness of Michał's comment left aside, in general "the name that you would use to present yourself to your colleagues" won't work. It is one of the examples in [1]: | 4. People have, at this point in time, one full name which they go by. | Not so, even in Western countries, where a woman may choose to retain | her unmarried name at work (where she is already known by that name), | and use her husband’s surname on social occasions, and even on legal | documents such as mortgages and loans. (IIRC, robbat2 had once pointed me to that document, in the context of a contributor from South India with a single-letter name.) Ulrich [1] https://shinesolutions.com/2018/01/08/falsehoods-programmers-believe-about-names-with-examples/ signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH] glep-0076: Require real name instead of legal name
On Tue, 2022-07-12 at 05:28 +0500, Anna Vyalkova wrote: > This patch uses more friendly language towards potential transgender > and plural contributors. > > No other projects require to use a legal name, e.g. Linux says to use > your real name[0]. > > Government issued documents are really a bad example since in some > countries it's really hard to get your name changed there. > > [0]: > https://www.kernel.org/doc/html/latest/process/submitting-patches.html#sign-your-work-the-developer-s-certificate-of-origin > > Closes: https://bugs.gentoo.org/805575 > Signed-off-by: Anna Vyalkova > --- > glep-0076.rst | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/glep-0076.rst b/glep-0076.rst > index 2216483..27db00a 100644 > --- a/glep-0076.rst > +++ b/glep-0076.rst > @@ -137,8 +137,8 @@ the Certificate of Origin by adding :: > Signed-off-by: Name > > to the commit message as a separate line. The sign-off must contain > -the committer's legal name as a natural person, i.e., the name that > -would appear in a government issued document. > +the committer's real name as a natural person, i.e., the name that > +you would use to present yourself to your colleagues. > This is insensitive to people who don't have any colleagues. -- Best regards, Michał Górny
