On Thu, Apr 19, 2012 at 4:19 AM, "Martin v. Löwis" <mar...@v.loewis.de> wrote: >>>> Issue #11750: The Windows API functions scattered in the _subprocess and >>>> _multiprocessing.win32 modules now live in a single module "_winapi". >>>> Patch by sbt. >>> >>> Can we use Real Names, please? >> >> Do we have a policy about that? sbt seems happy using a pseudonym (and >> I personally don't have a problem with it). > > We would have to ask a lawyer. Apparently, he signed a form, and > presumably, that can be traced to a real person. However, we need to > be extremely careful not to accept anonymous contributions, as then > barrier to contribute stolen code is much lower. It took Linux a ten > year copyright lawsuit to go through this; I don't want this to happen > for Python. > > In any case, the real policy is that we should not accept significant > changes without a contributor form. > > I, myself, feel extremely uncomfortable dealing with pseudonyms in the > net, more so since I committed code from (and, IIRC, gave commit rights > to) Reinhold Birkenfeld. Of course, the issue is different when you > *know* it's pseudonym (and no, I have no bad feelings towards Georg > about this at all).
I'd like to copy for posterity what I wrote off-list about this incident: I'm against accepting anonymous patches, period, unless the core developer who accepts them vets them *very* carefully and can vouch for them as if the core developer wrote the patch personally. Giving an anonymous person commit rights does not meet my standard for good stewardship of the code base. (But... see below.) Of course, knowing the name is not *sufficient* to give a person commit rights -- we know what's needed there, which includes a trust relationship with the contributor over a long time and with multiple core committers. This *process* of vetting committers in turn is necessary so that others, way outside our community, will trust us. When open source was new, I got regular requests from lawyers working for large companies wanting to see the list of contributors. Eventually this stopped, because the lawyers started understanding open source, but part of that understanding included the idea that a typical open source project actually has a high moral code of conduct (written or not). That said, I can think of plenty of reasons why a contributor does not want their real name published. Some of those are bad -- e.g. if you worry that you'll be embarrassed by your contributions in the future I'm not sure I'd want to see your code in the repository; if you don't want your employer to find out that you're contributing you might be violating your employment contract and the PSF could get into trouble for e.g. incorporating patented code; and I'm not sure we'd like to accept code from convicted fellons (though I'd consider that a gray area). But some might be acceptable. E.g. someone who is regularly in the news might not want to attract gawkers or reveal their personal email address; someone who is hiding from the law in an oppressive country (even the US, depending on which law we're talking about) might need to be protected; someone might have fears for their personal safety. In all those cases I think there should be some core contributors who know the real identity of the contributor. These must also know the reason for the anonymity and agree that it's important to maintain it. It must also be known to the community at large that the contributor is using a pseudonym. If the contributor is not comfortable revealing their identity to any core contributors, I don't think there is enough of a trust relationship to build on for a successful career as a contributor to Python. -- --Guido van Rossum (python.org/~guido) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
