lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <131830164.377678.1625444303416@ichabod.co-bxl>
Date:   Mon, 5 Jul 2021 02:18:23 +0200 (CEST)
From:   "B.R. Oake" <broake@...lfence.com>
To:     linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-sunxi@...glegroups.com,
        Julian Calaby <julian.calaby@...il.com>,
        devicetree@...r.kernel.org
Subject: Re: [linux-sunxi] Re: [PATCH] ARM: dts: sun8i: h3: orangepi-plus:
 Fix Ethernet PHY mode

On Fri Jun 04 08:49:28 CEST 2021, Julian Calaby wrote:
> While I completely sympathise with your points here, the issue isn't a 
> technical or social issue, but a legal one. 
> [...]

Dear Julian,

Thank you for giving your point of view on this issue, and sorry for not 
replying sooner. Thanks also for your work on the Atheros wifi driver, 
which I've used a lot. I think it's a particularly important one since 
it's one of the few wireless chipsets with open firmware.


> The DCO was introduced to provide a mechanism to trace the origin of a 
> piece of code for legal purposes, so my understanding is that the name 
> supplied needs to be your legal name.

Please could you say what you mean by "legal name"? For example, do you 
consider "J.R.R. Tolkien" to be a legal name?

Can you give an example of a legal purpose for which the DCO was 
intended and which fails when the DCO is signed with a name like 
G. Robinson or C.J. Newton?


> Whilst, as you've pointed out, there are a lot of ways that names 
> don't match up to the normal "Firstname I. N. I. T. I. A. L. S. 
> Lastname" format, that is the case for the vast majority of people and 
> exceptions to that are rare.

I'm not sure about that - for example, Mandarin names don't really fit 
that template. But even if exceptions were rare, would that mean those 
people and their contributions didn't matter?


> Your arguments against providing that 
> name haven't exactly helped your case [...]

Well I didn't actually argue against providing a name of the form you've 
specified - I have no objection to authors doing that if they want to. I 
just gave some reasons why an author might sign with a name of the form 
J.K. Smith. When a practice is contested I believe it does help to show 
that it has legitimate reasons.


> Your points about previous instances of this happening also don't hold 
> water either as we don't know the circumstances behind those cases. 
> Git's history is considered immutable once it makes it to an 
> "official" repository (generally one published publicly) so it's 
> likely they were oversights that weren't caught until it was too late.

Although the history might be immutable, offending commits can still be 
reverted. However, I have not found any examples of this happening to 
the commits by the authors I mentioned, which suggests there is no 
problem with having them.

And I think we do know a bit about their circumstances. To take one 
example, over an 18-month period I can see 72 commits authored by KP 
Singh which were variously committed, signed off, acknowledged and 
reviewed by Daniel Borkmann, Yonghong Song, Mimi Zohar, Alexei 
Starovoitov, Andrii Nakryiko, Martin KaFai Lau, Song Liu, Florent 
Revest, James Morris, Andrew Morton, Linus Torvalds, Brendan Jackman, 
Thomas Garnier, Kees Cook, Casey Schaufler and Randy Dunlap.

It doesn't seem very likely that these approvals were all oversights. It 
seems a lot more likely that there is actually no problem with names of 
this form.

Best wishes,
B.R.


-- 
Mailfence.com
Private and secure email

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ