lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Sep 2018 14:07:43 -0400
From:   "jonsmirl@...il.com" <jonsmirl@...il.com>
To:     Max Filippov <jcmvbkbc@...il.com>
Cc:     Joey Pabalinas <joeypabalinas@...il.com>,
        Theodore Tso <tytso@....edu>,
        Mark Rosenblitt-Janssen <dreamingforward@...il.com>,
        fche@...hat.com, Rik van Riel <riel@...riel.com>,
        Edward Cree <ec429@...tab.net>,
        Olof Johansson <olof@...om.net>,
        Jonathan Corbet <corbet@....net>,
        lkml <linux-kernel@...r.kernel.org>
Subject: Re: Code of Conduct: Let's revamp it.

On Mon, Sep 24, 2018 at 1:43 PM Max Filippov <jcmvbkbc@...il.com> wrote:
>
> On Fri, Sep 21, 2018 at 5:24 PM, jonsmirl@...il.com <jonsmirl@...il.com> wrote:
> > On Fri, Sep 21, 2018 at 8:05 PM Joey Pabalinas <joeypabalinas@...il.com> wrote:
> >> On Fri, Sep 21, 2018 at 07:31:05PM -0400, jonsmirl@...il.com wrote:
> >>> How do you reconcile working on a public project while keeping email
> >>> address secret?
> >>
> >> This is a little more delicate, and I admit that I can't really
> >> think of any real solutions for this part...
> >
> > But... it this bothers you, simply don't use your private, personal
> > email address when working on the kernel. Anyone with the skills to
> > work on the kernel should know enough to be able to create email
> > aliases. No rule says you have to use your real name either.
>
> There is such rule:
>   https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html
>
> chapter "Developer’s Certificate of Origin 1.1" says

So the "Developer’s Certificate of Origin 1.1" appears to require
permission be given to use the names and email addresses. Those
anonymous commits in the logs pre-date the Certificate of Origin.

This line in the CoC still looks likely to be a source of future
conflict.  Say an LWN article reprints a thread on LKML and attributes
the quotes.  Could the author (a kernel contributor) of the LWN
article be attacked via the CoC for attributing the quotes? How can
journalism function if public statements can't be quoted without
permission? Not everyone participating on LKML has submitted a patch
under the Certificate of Origin (thus giving permission for use of
name/email).

It seems inconsistent to me that the name/address you use to publish
messages to a public email list can be considered private information.

>From CoC...
* Publishing others’ private information, such as a physical or
electronic address, without explicit permission

>
>   then you just add a line saying:
>   Signed-off-by: Random J Developer <random@...eloper.example.org>
>   using your real name (sorry, no pseudonyms or anonymous contributions.)
>
> And in general, Developer’s Certificate of Origin
>   https://developercertificate.org/
>
> says
>
>   By making a contribution to this project, I certify that:
>   ...
> (d) I understand and agree that this project and the contribution
>     are public and that a record of the contribution (including all
>     personal information I submit with it, including my sign-off) is
>     maintained indefinitely and may be redistributed consistent with
>     this project or the open source license(s) involved.
>
> --
> Thanks.
> -- Max



-- 
Jon Smirl
jonsmirl@...il.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ