On Wed, Dec 16, 2015 at 6:43 AM, Alexander Berntsen <berna...@gentoo.org> wrote: > > I agree with Mike that this isn't kosher. It just isn't honest. >
I don't really have a horse in this race, but I don't see how this is dishonest. What is being proposed is moving from attribution scattered all over the place to attribution in a single place. Nobody who is credited in a file today wouldn't still be credited in the proposed system. They'll just be credited side-by-side with everybody else in once place. I'm sure you'll be able to find somebody who will be offended if we move their name from /src/a/b/randomfile to /AUTHORS but finding people offended by things that happen with FOSS is pretty easy to do. > On 15/12/15 20:37, William Hubbs wrote: >> Multiple entries are what I want to get away from; it is a >> nightmare to maintain, and the vcs shows far better than you or I >> ever could which code belongs to who (see git blame). That is what >> the site I linked talks about. > Using a VCS to track attribution is what's a nightmare. Using git > blame on a source file will usually just tell you who last reindented > the file for stylistic preference. Actually finding out something > worth knowing is a lot more work. Git blame is simplistic, but attribution is a nightmare no matter how you look at it, unless you just define it as a list of anybody who committed to a file, in which case git can answer that question for you rather easily. This is part of why we still haven't come up with a better copyright policy for the main tree - when you try to make things more rigorous the effort to maintain things can go up really quickly (patch authors, people who have assigned/licensed their contributions to Gentoo, borrowed/forked code from other projects, etc). I think part of the problem is that we're looking for perfect solutions, and holding onto bad solutions until one is found, which will probably never happen. There seems to be also a tendency to give advice like "talk to a lawyer or so-and-so" with the perhaps well-intended meaning of only moving forward if there is no risk of problems. It needs to be kept in mind that there are often problems with keeping things as they are, and there are often problems with change. In the area of copyright in the US there are rarely any approaches that are free of risk, and the ones with the least risk may also be the ones which are the most rigorous or inconvenient to implement. No lawyer can tell you what the right level of risk acceptance is, but they can tell you a list of all the bad things that can happen to you with any option. Most companies accept legal risk every day, often intentionally. It has to be balanced against the mission of the organization. That doesn't mean that we should be doing things that are wrong, of course. So, we should of course be talking to a lawyer anytime we add a package with a new license to the tree, or change our copyright policy, or make big changes to attribution like these. However, you need to go into such things with a balanced view, or all you'll end up doing is pursing the most conservative possible approach every time, or maintaining the status quo. I suspect there are MANY accepted practices in Gentoo that a lawyer would advise caution regarding (libdvdcss, just about anything involving -bindist, half of the oddball-license packages in the tree, anything with RESTRICT=mirror/fetch, kernel fat32 support, and so on). So, by all means talk to a lawyer/etc. However, I'd tend to advocate a balanced approach, and not necessarily a zero-risk approach. On the list of risks to Gentoo I'm not sure the way OpenRC authors are tracked really ranks super-high. -- Rich
