Doubt concerning releasing code anonymously

Johannes Buchner buchner.johannes at gmx.at
Sun Feb 28 05:17:34 UTC 2010


On Sun, 28 Feb 2010 10:09:17 +0530
"Mahesh T. Pai" <paivakil at yahoo.co.in> wrote:

> Chris Travers said on Sat, Feb 27, 2010 at 11:30:44AM -0800,:
> 
>  > The major reason not to do this however is verifiability.  If you
>  > don't attach your own name to the code, it may be harder for some
>  > folks to verify that you really did a) write the code and b)
>  > license under the described terms.  I don't really see a reason to
>  > release code anonymously though occasionally some of the projects
>  > I have worked on have accepted contributions from long-standing
>  > pseudonymous community members.  This is fairly rare though.
> 
> How many here will 
> 
> (1) sign a pseudonymous GPG key?
> 
> (2) Trust a guy who signs a pseudonymous GPG key?  
> 
> How many here will donwload and use a software which is not signed by
> a GPG key?

About 90%, I would guess. I frequently download Java programs or C/C++
projects from Sourceforge to try them out.

If your software package is widely used, the hash is available
under https, and no bad news about it is known, many people will
download it. 
If Redhat or some other distributer looks through the code and accepts
it by making a package, it's also gaining trust. 
PGP is a technical way of managing trust relations, but it can also
work pretty well without enforcement.

Johannes

PS: You see the irony of signing this?
-- 
Emails können geändert, gefälscht und eingesehen werden. Signiere oder
verschüssele deine Mails mit GPG.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20100228/f0b179e1/attachment.sig>


More information about the License-discuss mailing list