Is this not where the use of Review Board ( or preferably, Gerrit IMHO ) comes into play, any patch/commit goes thru the code review system prior to being accepted, and part of that review process is a required signoff that committer X has a contribution license for the project.
On 12/09/2012, at 12:13 AM, Kristian Rosenvold <kristian.rosenv...@gmail.com> wrote: > How is accepting a patch in Jira from user "fuzzyBear" without any > further credentials attached (and no visible identification of a real > or imagined person) different form a github pull request ? So while I > agree about being careful about IP, i can't see our current regime > being a bit different from github. You may argue that we'd want to > tighten this, but this is the current reality for over 1 million > committs. I have no idea of how many "John Smith" accounts there are > in our jira, but we pretend to ignore the fact.