Anonymous contributions

[Harald Sitter]

On Thu, Apr 11, 2019 at 8:04 PM Nate Graham <nate at kde.org> wrote:
>
>  ---- On Thu, 11 Apr 2019 11:55:42 -0600 David Edmundson <
david at davidedmundson.co.uk> wrote ----
>  > There are legal implications as the copyright is ultimately held by
real people.
>
> Could we require that anonymous contributors relinquish copyright claims
to KDE?

+1 to David when he says this needs a lawyer. Relinquishing claims is not
necessarily a thing. I, as Austrian, cannot relinquish claims. I can grant
exclusive rights to my copyrighted work that takes away my rights, but I
cannot get rid of my copyright. That could be achieved by e.g. require
licensing the software under a super permissive license. But mind you,
every single piece of code I'd contribute needs to be very clearly marked
as contributed under a permissive free software license, every single
commit, there must not be a single commit for which the question could
arise what license the code was originally contributed under.

And copyright in free software has more implications than just being able
to use the code. What do we do if the code's copyright was never held by
the unreachable anonymous contributor? IOW: what if someone gives us
"stolen" code. So, also +1 to what Christoph said. We never had actual
checks to verify if a contributor's name is in fact their real name and we
may well have anonymous contributors without anyone realizing. Even if we
knew the real names were real enough, that'd be of limited help when we
need to look up the contributor for whatever reason. This even goes beyond
finding a person, how do you proof that the person you found is in fact the
person who contributed the code. They could well deny it and we'd not
necessarily have proof as we have no signed papers or anything.

These two points I expect are why contributor agreements are written the
way they are. Which is likely what we need to have to solve all open
concerns. If we need them solved that is. The unverified contributor scheme
worked for 20 years perhaps it is fine, or maybe we have just been lucky
that it has not caused problems so far. We as a community should figure out
what we want here. Future proof legal documentation or informal trust or
something in between. Personally I'd rather have a more legally verifiable
entry procedure.

As for Eike's concerns. I think he has a point, I also think that
ultimately the "community impact" is somewhat limited. If a person works
under a pseudonym John Smith you can still call them John, you can still
refer to them by name, for all intents and purpose that's just their name.

HS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20190412/82a07321/attachment.htm>