> Well, then I have to repeat myself: Signed-off source code (in form of
> patches) in a well-known programming language for a (nowadays)
> well-known GPLv2 licensed project mailed on "everyone can subscribe"
> mailinglists, (thus) to be found in several $SEARCH_ENGINE-indexed
> mailinglist archives, if accepted to be found in lots of publicly
> accessible git repos can be not intended to be published?
> 
> I wonder what else must happen.

There is a bigger problem in the ambiguity.

It's easy to deal with signed off by lines because I had the sense to
make sure that the DCO covered us for EU data protection and thus it's
explicit.

It's relatively easy to deal with the case of 'I contributed some code'.

It's really not at all obvious what happens with 'I got some code from
another project that contains it's authors name'.

The wording IMHO just needs tightening up - and that's a useful
discussion that ought to he bad. I tihnk everyone understands the *inent*
of such wording - don't go around doxing people, or posting their home
address on facebook and calling for people to attend with pitchforks.

There's a second related area that needs sorting out in wording which is
the implication of any kind of privacy in a complaint - which is really
bad in two ways

As it is set up now the tab is not a lawyer so the tab could not claim
any kind of legal privilege. That means in the event of a complaint the
tab would be powerless not to release almost all the info in the
complaint if hit by a data protectin request in many jurisdictions. Sure
they'd have to (and be required to) remove some of the information that
might identify the complainant.

Secondly one thing that we've learned repeatedly (and notably from the
church scandals) is that there are some complaints that should upon
receipt be handed directly to law enforcement, but there is no carve out
for this.

The other issue is that whoever handles any complaint system needs a
budget and lawyers because they will potentially have to field judicial
reviews and other challenges. That means the TAB needs to have
exemplary record keeping and process because anyone who stands up in a
legal challenge and says 'Umm.. we read it and talked about it and kind
of decided X but I don't remember why and there are no minutes and there
is on process document' is going to get fried. Someone needs to have that
process in place well in advance.

Alan

Reply via email to