FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Advisory Board

 
 
LinkBack Thread Tools
 
Old 01-19-2008, 02:28 AM
Josh Boyer
 
Default Fedora account restrictions

On Fri, 18 Jan 2008 19:55:35 -0500
"Tom "spot" Callaway" <tcallawa@redhat.com> wrote:

>
> On Sat, 2008-01-19 at 08:48 +0800, David Woodhouse wrote:
> > For whatever reason, this potential contributor chooses to remain
> > anonymous. And I for one do not think that's appropriate for a Fedora
> > contributor.
>
> I agree. His age is irrelevant, but we cannot have anonymous
> contributions and still be accountable.

I agree as well.

josh

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-19-2008, 02:33 AM
Matt Domsch
 
Default Fedora account restrictions

On Fri, Jan 18, 2008 at 07:55:35PM -0500, Tom spot Callaway wrote:
>
> On Sat, 2008-01-19 at 08:48 +0800, David Woodhouse wrote:
> > For whatever reason, this potential contributor chooses to remain
> > anonymous. And I for one do not think that's appropriate for a Fedora
> > contributor.
>
> I agree. His age is irrelevant, but we cannot have anonymous
> contributions and still be accountable.

Agreed. Other projects (Linux Kernel for example) have the same
rule, for the same reason.

-Matt

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-19-2008, 05:10 PM
"Jeff Spaleta"
 
Default Fedora account restrictions

On Jan 18, 2008 6:33 PM, Matt Domsch <matt@domsch.com> wrote:
> Agreed. Other projects (Linux Kernel for example) have the same
> rule, for the same reason.


Does the upstream linux kernel require a CLA? Or CLA model is closely
modeled on apache, I wonder if Apache allows it. But regardless...
let's figure out what exactly are we talking about in context.

We are talking about not making the real name of a person publically
known. All the same information is in the FAS system, including the
person's name, physical address and phone number. Out of all the
personal identifying information the only thing we currently leak
through publically accessible interfaces is the peron's real name. If
we, on request, allowed a nickname to be displayed in place of the
real name how is that less accountable? We rely primarily on emails
and irc nicks for the majority of communication for day-to-day
business. That stuff has absolutely no correlation with a person's
real name, even the fas account name is not required to encode the
person's real name.

If there was ever a problem that required tracking down a contributor,
we would be relying on privileged information to do it... either the
phone number or the physical address... things we aren't making
publically searchable.

-jef"fakemaxspevack"spaleta

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-19-2008, 07:48 PM
Matt Domsch
 
Default Fedora account restrictions

On Sat, Jan 19, 2008 at 09:10:03AM -0900, Jeff Spaleta wrote:
> On Jan 18, 2008 6:33 PM, Matt Domsch <matt@domsch.com> wrote:
> > Agreed. Other projects (Linux Kernel for example) have the same
> > rule, for the same reason.
>
>
> Does the upstream linux kernel require a CLA? Or CLA model is closely
> modeled on apache, I wonder if Apache allows it. But regardless...
> let's figure out what exactly are we talking about in context.
>
> We are talking about not making the real name of a person publically
> known.

We can't guarantee that the real name won't become publically known.
What are the repercussions if the name _does_ somehow become
publically known, against the contributor's wishes?

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-19-2008, 07:58 PM
seth vidal
 
Default Fedora account restrictions

On Sat, 2008-01-19 at 14:48 -0600, Matt Domsch wrote:
> On Sat, Jan 19, 2008 at 09:10:03AM -0900, Jeff Spaleta wrote:
> > On Jan 18, 2008 6:33 PM, Matt Domsch <matt@domsch.com> wrote:
> > > Agreed. Other projects (Linux Kernel for example) have the same
> > > rule, for the same reason.
> >
> >
> > Does the upstream linux kernel require a CLA? Or CLA model is closely
> > modeled on apache, I wonder if Apache allows it. But regardless...
> > let's figure out what exactly are we talking about in context.
> >
> > We are talking about not making the real name of a person publically
> > known.
>
> We can't guarantee that the real name won't become publically known.
> What are the repercussions if the name _does_ somehow become
> publically known, against the contributor's wishes?
>

I think the concern here is about disclosing the name of a minor in the
US. IIRC there are federal laws about that.

-sv


_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-19-2008, 08:18 PM
"Jon Stanley"
 
Default Fedora account restrictions

On Jan 19, 2008 3:58 PM, seth vidal <skvidal@fedoraproject.org> wrote:

> I think the concern here is about disclosing the name of a minor in the
> US. IIRC there are federal laws about that.

IANAL, but I think that you're talking about COPA here, which
regulates the collection of "personally identifiable information" from
children under the age of 13. The only bar to someone that is >13 but
<18 is the ability to enter into a legally binding contract (the CLA).

Perhaps the original poster could enlighten us on exactly what
he/other people believe the problem is.

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-19-2008, 09:16 PM
"Jeff Spaleta"
 
Default Fedora account restrictions

On Jan 19, 2008 11:48 AM, Matt Domsch <matt@domsch.com> wrote:
> We can't guarantee that the real name won't become publically known.
> What are the repercussions if the name _does_ somehow become
> publically known, against the contributor's wishes?


I don't know if there are repercussions in any legal sense... but if
there are... then surely information like physical address and phone
number are already covered by those legalities.
In for a penny... in for a pound.

What I'm really not seeing, is the downside of holding a contributor's
real name as privileged information in the same way we hold their
phone number if requested? Even if there is no legal requirement to
do so, this can certainly fall into the 'not being an ass' when it
comes to managing the personal information of minors.

If you wanted to set a bar to meet to keep these types or requests low
in number, then I would go further and say that any contributor
requesting to have their real name hidden in fas, would need to find
another contributor with a non-hidden name who will vouch for them. If
something goes wrong, then that non-hidden contributor and all the
hidden-name contributors being vouched for lose access. With a policy
like this we could have a highschool or middleschool teacher with a
non-hidden real name vouch for a group of students they personally
know.

-jef

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-19-2008, 10:37 PM
"Russell Harrison"
 
Default Fedora account restrictions

On Jan 19, 2008 5:16 PM, Jeff Spaleta <jspaleta@gmail.com> wrote:
> If you wanted to set a bar to meet to keep these types or requests low
> in number, then I would go further and say that any contributor
> requesting to have their real name hidden in fas, would need to find
> another contributor with a non-hidden name who will vouch for them. If
> something goes wrong, then that non-hidden contributor and all the
> hidden-name contributors being vouched for lose access. With a policy
> like this we could have a highschool or middleschool teacher with a
> non-hidden real name vouch for a group of students they personally
> know.

+ 1

Russell

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-20-2008, 07:30 AM
Axel Thimm
 
Default Fedora account restrictions

On Sat, Jan 19, 2008 at 06:35:08AM +0800, David Woodhouse wrote:
> Others may disagree with me and allow you to contribute, of course -- s
> I said, it's not my decision. Or maybe you can find a package-monkey to
> volunteer to do the Fedora commits/builds/etc. for you, while you do the
> real work of maintaining the package?

I agree with David and Tom - if a package screws up my system I need
to be able to identify immediately from the changelogs who messed up
with it and be able to conmtact him/her. And not have some pseudonyms
making me hunt through FAS or possibly even with a request to a real
person protecting this data.

David's suggestion of a Fedora proxy/guardian who will review any
submitted work (i.e. will be able to vouch on this like if it were his
submission and therefore be held accountable at the end) is perhaps
the golden compromise here. In this sense it is not just a package
monkey, as the proxy will have to be able to sign off this work as if
it were his own, so needs to dig as deep into it as possible
(reviewing patches, verifying tarballs and the whole package)

So my advise to ffm: Find one or two Fedorans that you can trust your
identity with and that are working on the same subject like you do
(OLPC?) and submit them your work for review until you get 18. The
changelogs should be under the Fedorian guardian's name, but can
mention the sourse with a pseudonym. For example

* Sun Jan 20 2008 David Woodhouse <some@mail> - 1.1.1-1
- Upgrade to 1.1.1 (by ffm).

Once you turn 18 you can officially ask for taking over the packages
you have been indirectly maintaining and the Fedora guardian(s) will
pass them over.

Given that the Fedora guardian will have to invest some work to pass
your work through you usually would not be able to find too many
volunteering people, but the echo in this thread has been very
positive, so you still have very good chances!
--
Axel.Thimm at ATrpms.net
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 
Old 01-20-2008, 10:42 AM
Michael Schwendt
 
Default Fedora account restrictions

On Sun, 20 Jan 2008 10:30:36 +0200, Axel Thimm wrote:

> On Sat, Jan 19, 2008 at 06:35:08AM +0800, David Woodhouse wrote:
> > Others may disagree with me and allow you to contribute, of course -- s
> > I said, it's not my decision. Or maybe you can find a package-monkey to
> > volunteer to do the Fedora commits/builds/etc. for you, while you do the
> > real work of maintaining the package?
>
> I agree with David and Tom - if a package screws up my system I need
> to be able to identify immediately from the changelogs who messed up
> with it and be able to conmtact him/her. And not have some pseudonyms
> making me hunt through FAS or possibly even with a request to a real
> person protecting this data.

A question unanswered on fedora-devel-list, is it currently possible
with the FAS to display a contributor's sponsor?

With the following advertised page it isn't:
http://fedoraproject.org/wiki/Infrastructure/AccountSystem/QueryAccount

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 

Thread Tools




All times are GMT. The time now is 11:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org