> Well, then I have to repeat myself: Signed-off source code (in form of > patches) in a well-known programming language for a (nowadays) > well-known GPLv2 licensed project mailed on "everyone can subscribe" > mailinglists, (thus) to be found in several $SEARCH_ENGINE-indexed > mailinglist archives, if accepted to be found in lots of publicly > accessible git repos can be not intended to be published? > > I wonder what else must happen.
There is a bigger problem in the ambiguity. It's easy to deal with signed off by lines because I had the sense to make sure that the DCO covered us for EU data protection and thus it's explicit. It's relatively easy to deal with the case of 'I contributed some code'. It's really not at all obvious what happens with 'I got some code from another project that contains it's authors name'. The wording IMHO just needs tightening up - and that's a useful discussion that ought to he bad. I tihnk everyone understands the *inent* of such wording - don't go around doxing people, or posting their home address on facebook and calling for people to attend with pitchforks. There's a second related area that needs sorting out in wording which is the implication of any kind of privacy in a complaint - which is really bad in two ways As it is set up now the tab is not a lawyer so the tab could not claim any kind of legal privilege. That means in the event of a complaint the tab would be powerless not to release almost all the info in the complaint if hit by a data protectin request in many jurisdictions. Sure they'd have to (and be required to) remove some of the information that might identify the complainant. Secondly one thing that we've learned repeatedly (and notably from the church scandals) is that there are some complaints that should upon receipt be handed directly to law enforcement, but there is no carve out for this. The other issue is that whoever handles any complaint system needs a budget and lawyers because they will potentially have to field judicial reviews and other challenges. That means the TAB needs to have exemplary record keeping and process because anyone who stands up in a legal challenge and says 'Umm.. we read it and talked about it and kind of decided X but I don't remember why and there are no minutes and there is on process document' is going to get fried. Someone needs to have that process in place well in advance. Alan