<div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
>> This seems to fall afoul of lots of privacy law and possibly GDPR<br></blockquote><div><br></div><div>I don't know much about GDPR yet, but this is yet another reason that we use contributor license agreements. Nobody's going to rule that you can't require the identity of a party to an agreement.</div><div> </div><div>Elmar wrote:</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Nobody is forced to contribute. If a contributor has read the license <br>
he can then decide thereupon whether he wants to contribute or not.</blockquote><div><br></div><div>It is an unfortunate fact that most of the developers do not have access to legal counsel, and are poorly equipped to parse the license on their own. So "caveat emptor" isn't a really good argument here. OSI should not approve a license with language that works as a trap for the unwary developer.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This statement is crucial for maintaining the quality of the <br>
software. If someone has contributed various times introducing blatant <br>
security risks future contributions of that author may f.i. need to be <br>
examined in detail.<br></blockquote><div><br></div><div>This is why projects like Debian establish a cryptographic web of trust for their developers. No check-in goes unidentified, and if something malicious is done, it can be traced (and the law enforced, if necessary). If you really want to enforce this sort of security, you should do it as part of your operational process, not in your license.</div><div><br></div><div>And finally, the entire purpose of a license is for a judge to parse it correctly in court and thus decide whether a party has complied with its terms (and thus avoided infringing copyright) or not. "<span style="color:rgb(80,0,80)">you</span><span style="color:rgb(80,0,80)"> need to leave your name" is not the sort of legal language that we could ever count on a judge parsing correctly.</span></div><div><span style="color:rgb(80,0,80)"><br></span></div><div><span style="color:rgb(80,0,80)">Another license, the original Artistic License written by a non-attorney got to court and the lower court parsed it in a completely unintended fashion, costing an Open Source developer some money and years of pain, and requiring various lawyers and I to spend a lot of time helping the appeals court get it straight. So, OSI should not accept licenses written by non-attorneys any longer.</span></div><div><span style="color:rgb(80,0,80)"><br></span></div><div><span style="color:rgb(80,0,80)"> Thanks</span></div><div><span style="color:rgb(80,0,80)"><br></span></div><div><span style="color:rgb(80,0,80)"> Bruce</span></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Bruce Perens K6BP - CEO, Legal Engineering<br>Standards committee chair, license review committee member, co-founder, Open Source Initiative<div>President, Open Research Institute; Board Member, Fashion Freedom Initiative.<br></div></div></div></div></div></div></div></div>