Re: [External] Re: [Hyperledger TSC] Agenda items for this week?


Hart Montgomery
 

Hi Everyone,

I'd also like to hear about people's perspectives on anonymous contributors.  I informally and off the record (so it doesn't count as legal advice) spoke to a patent attorney about the ramifications of anonymous contribution to open source projects yesterday, and my conclusion (I am not a lawyer, so cum grano salis) was that this is a large grey area and we should ask for an opinion from lawyers.

The DCO (as currently stated) requires no identity verification.  I can create a pseudonym, contribute code, and sign off.  What if I do this with a fake identity, and in a way that's untraceable or very difficult to trace (i.e. work entirely through tor)?  It might be impossible to ever find my identity.  What if I use this anonymity to try to contribute code that contains patents, and then sue later?  Presumably no one could complete the identity loop, or trace back the contributor that made the malicious code contribution.

At least to me, it's not even clear who could or would be sued over patents (even after the aforementioned conversation yesterday).  I'm guessing, however, that someone could be held accountable for anonymous infringing contributions--otherwise, our optimal legal strategy would be to have fully anonymous contributions, and companies could put together "anonymous" open source implementations of their competitors' patented products.

So I guess I'm with Danno:  I'd like to see a clear statement from the LF's lawyers about what are acceptable policies for DCO and contributor anonymity.  Is there any way we can get an official opinion on this so that we can put all of this discussion to rest?

Thanks, and have a great day.

Hart


From: tsc@... <tsc@...> on behalf of Danno Ferrin <danno.ferrin@...>
Sent: Tuesday, March 30, 2021 2:02 PM
To: Arun .S.M. <arun.s.m.cse@...>
Cc: Tracy Kuhrt <tracy.a.kuhrt@...>; Arnaud Le Hors <lehors@...>; Hyperledger TSC <tsc@...>
Subject: Re: [External] Re: [Hyperledger TSC] Agenda items for this week?
 
Good to hear Arun. I now remember that discussion, but I didn't see it written in the notes, but it wasn't terribly clear from the discussion IIRC (I guess I'll need to go re-play the call).
 
On a slightly different tangent, for the issues in the TSC decision backlog I think it would be useful to document what the next needed action is and who is responsible for moving it forward.  I think being able to refer to those items it would be easier to see if a meeting should be cancelled.  For the last few meetings we have gone mostly to time and that to me indicates there still is back pressure on pending issues.  If no one is sure what needs to be done for an issue or no one has action items for the issue then perhaps it is time to formally have it closed or withdrawn, or perhaps open a TSC vote and formally vote it down.

I'll start with two of the current TSC decision log issues.

First on the DCO Validation during Contribution review I opened last week (https://wiki.hyperledger.org/display/TSC/DCO+Validation+During+Contribution+Review).  Based on comments it looks this will require an opinion from the LF legal team since there is some question as to whether or not what I proposed provides the needed legal protections. So to aid the process the specific question is "Does the proposed process in https://wiki.hyperledger.org/display/TSC/DCO+Validation+During+Contribution+Review meet the standard for Clause C of the DCO (https://developercertificate.org/)?"  If the answer is no then my proposal is dead in the water without further need for TSC discussion.

Second is the DCO and pseudonyms issue. I foresee this being an issue again in the future and we are not well served by an ambiguous policy. HL projects will receive (has already received?) patches from individuals who sign under pseudonym that are either obviously a pseudonym or known to a project maintainer to be a pseudonym.  How do maintainers deal with such contributions?  Summary rejection?  Can they provide a signed-off-by attestation under clause C of the DCO as well?  I would rather have the latter (maintainer attestation) before the former (summary rejection).  But I would rather have a formal summary rejection policy than letting this question fester for another six months.  Arnaud, Brian, who has the next step on this one?


On Tue, Mar 30, 2021 at 2:20 PM Arun .S.M. <arun.s.m.cse@...> wrote:
Hi Danno,

Yes, I wanted an automation solution for the badging proposal.
From initial analysis, it appeared to be that except for one of those badges everything else had a way for automation.
But from the last discussion
1. I remember that we wanted to do a manual run first to understand the difficulties before switching to automation?
2. Brian also brought up a point that this can be supported via the LF analytics/tooling team?

Happy to follow up on these, and will do it tomorrow.

Regards,
Arun

On Tue, Mar 30, 2021 at 9:50 PM Kuhrt, Tracy A. via lists.hyperledger.org <tracy.a.kuhrt=accenture.com@...> wrote:

Hi, Danno.

 

I did not take an action item to work on these requirements.

 

Tracy

 

 

From: <tsc@...> on behalf of Danno Ferrin <danno.ferrin@...>
Date: Tuesday, March 30, 2021 at 9:14 AM
To: Arnaud Le Hors <lehors@...>
Cc: Hyperledger TSC <tsc@...>
Subject: [External] Re: [Hyperledger TSC] Agenda items for this week?

 

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.


 

The badging proposal is stalled on waiting for a proposal for automating the measurements for the badges, how and what numbers.  IIRC it was either Arun or Tracy that had that action item?  Correct me if I'm wrong.

 

On Tue, Mar 30, 2021 at 6:12 AM Arnaud Le Hors <lehors@...> wrote:

Hi,
I'm not sure there is enough to justify having a call this week but maybe you guys have things you'd like to discuss?
Thanks.
--
Arnaud  Le Hors - Senior Technical Staff Member, Blockchain & Web Open Technologies - IBM




This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

Join tsc@lists.hyperledger.org to automatically receive all group messages.