Re: Copyright verification service

[Bastien]

Hi Clément,

Clément Pit-Claudel <cpitclaudel@gmail.com> writes:

> On 25/05/2020 03.58, Bastien wrote:
>> Hi Tim,
>> 
>> I've toyed with this idea myself for a while.
>> 
>> I don't know if it is a good idea for the GNU project in general, but
>> as someone who sometimes need to check the copyright status of some
>> contributors for Org/Emacs, the current setup is fine for me.
>> 
>> Although, I don't think authentication would be optional as we should
>> by default assume that the list of signed contributors should be kept
>> private, shouldn't we?
>
> The API idea was discussed in depth two weeks ago, as part of the very
> long thread on packages not getting included in ELPA; see
> https://lists.gnu.org/archive/html/emacs-devel/2020-05/msg01909.html.

Thanks for the pointer.

> The conclusion was that email addresses are not private, since they
> appear in commits anyway.  

Well, privacy is about the *link* between an email and a person.

If I am using an address like batman@pm.me for my contributions (i.e.
for both the emails I send to a mailing list and for my patches), then
only those who can access the copyright list know I am Bruce Wayne and
I trust them not to disclose this information publicly.

So the question seems rather: shall the FSF preserve the possibility
for someone to consider his copyright assignment as private info?

I think the FSF should let contributors decide whether they want their
assignment to be public or not.

> rms said he would talk to the FSF sysadmins to see if something was
> feasible.

OK, thanks.

-- 
 Bastien