From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id jYZlIlgmnWdihiAAWB0awg (envelope-from ) for ; Fri, 31 Jan 2025 14:36:56 -0500 Received: by simark.ca (Postfix, from userid 112) id 777641E105; Fri, 31 Jan 2025 14:36:56 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-6.3 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=4.0.0 Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 87F2A1E08E for ; Fri, 31 Jan 2025 14:36:55 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 26D4C3858C33 for ; Fri, 31 Jan 2025 19:36:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 26D4C3858C33 Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id BB802385840E for ; Fri, 31 Jan 2025 19:36:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BB802385840E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BB802385840E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=45.83.234.184 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738352172; cv=none; b=TMolEPu/i4zw+dk+ERPoOJqoKoA896ck//F7c/eCH38eY+xXj0CSl9ZNIcLk/V0iksq9N6I5GQDcnPJ++DNozMXne5VSkhVZnhMwU8XWM99M5h9ootTrxs6sWa0bZVSp0PkpxYWALJVV7LneGqVGMtHullMeedacf8qSjLVh9yU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738352172; c=relaxed/simple; bh=sNcgVgdWKHIpZMjqnDT5R5FWGaoEs/IGz/OPbVeLgwc=; h=Date:From:To:Subject:Message-ID:MIME-Version; b=XoU8yh7Po/O43wugVAxdLGNGl9MLdej/+s1ZMAoHQDYHbC/r0Mc8I25uCNYdX2xDzGlXr5ZUdwTV1RE1fSUaG/Ac/kal++oQNJi1SM39+ONeR0dZYnO33drdl+UkdeudV/22WZLN+1RY7W7o6knVy5kVw+ymNyu1M1feNdouAMo= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by gnu.wildebeest.org (Postfix, from userid 1000) id C6398301D131; Fri, 31 Jan 2025 20:36:11 +0100 (CET) Date: Fri, 31 Jan 2025 20:36:11 +0100 From: Mark Wielaard To: Guinevere Larsen Cc: "Bradley M. Kuhn" , GDB Development , Andrew Burgess , Luis Machado , Tom Tromey , Andrew Pinski , Eli Zaretskii , zoe@fsf.org, ksiewicz@fsf.org Subject: Re: DCO Message-ID: <20250131193611.GL6731@gnu.wildebeest.org> References: <86538dac-6c3a-4b9e-9de9-3906e645fa4d@redhat.com> <87y16vwbzl.fsf@tromey.com> <74c8b867-f5bb-48f7-9849-11d06e63a3d7@arm.com> <87tta2r5z2.fsf@redhat.com> <1fc456f48c4c6f8aa852c911c6234e219a356434.camel@klomp.org> <87jzatwwl0.fsf@oldenburg3.str.redhat.com> <867b733b-e2fa-4e44-9105-82444100de08@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <867b733b-e2fa-4e44-9105-82444100de08@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-bounces~public-inbox=simark.ca@sourceware.org Sender: "Gdb" Hi Gwen, On Mon, Jan 27, 2025 at 02:22:57PM -0300, Guinevere Larsen wrote: > On 1/27/25 12:55 PM, Bradley M. Kuhn wrote: > >My position is nuanced: copyright assignment to a trusted non-profit is a > >really good tool for defending users' rights, but it has to be weighed > >against the convenience and ease of contribution, and that calculation is > >very hard to do. > > There is another factor that you did not include in your > calculation, which is the user actually finding the FSF a trusted > non-profit. Regardless of any personal opinions I can have on the > matter, I know that several programmers don't think that, and some > of them are potential contributors to the GDB project (a personal > acquaintance of mine has said so explicitly, and more than one > implicitly). > > By only having the copyright assignment we are implicitly reducing > the pool of contributors to those that trust the FSF. Thanks for bringing up the elephant in the room. I think you are right and I agree that the FSF has not shown itself very trustworthy. Personally I struggle a lot with this. The FSF should be there for all GNU developers, contributors and maintainers. But in practice they are protecting someone who harasses anybody who even dares to say they feel abused or theatened by him or the people around him. https://gnu.wildebeest.org/blog/mjw/2021/03/24/fsf-associate-membership/ While that issue hasn't been dealt with I don't think we can require anybody assigning their copyright to the FSF. So we do need some other way to increase the pool of contributors. Maybe that is some kind of DCO, or finding another organization that people can trust to assign copyright to. I do hope that the FSF being willing to at least discuss this issue now is a first step to reconciliation. > Another option for relaxing the need for CA could be that, if a user > is doing contributions in their free time and unrelated to any work, > they could use DCO, while someone contributing in a professional > capacity would need to sign the CA. This would be enforced through > emails: If it is something that looks professional (ie something > that looks like emailcompanyTLD) we'd know this goes > through their employment, while something that looks end-user (ie, > something like whatevergmail/yahoo/universitycom), DCO > would suffice, and for emails that we can't be sure, we could just > ask the user. > > This would lower the bar immensely for students or unemployed > people, while not allowing for-profit companies to have most of the > copyright of the project. We should still incentivize people who are > employed but contributing in their free time to talk to their > employer, but I think it isn't standard practice for employers to > have copyright over things you do in your free time (at least not in > Brazil), so I would think that DCO would still be acceptable in that > case. Sadly it is standard practice for employers (and even universities) to claim rights over their employers or students even when done outside "work hours". This isn't actually legal in various jurisdictions. And then you might win if the company sues you. So it would be much better if you just talked to your employer about what you are going to do, even if it is outside "work". That way there is no confusion and your Signed-off-by really means that it is your own work and there are no other people making claims on you work. I do think we should trust people making such a statement. But we should also make the text of the DCO (explanation/example) really clear that we expect someone to have had that difficult conversation. Cheers, Mark