EthicalSource / contributor_covenant

Pledge your respect and appreciation for contributors of all kinds to your open source project.
http://www.contributor-covenant.org/
Other
1.92k stars 1.19k forks source link

Free software licensing and "code of conduct" #217

Open adulau opened 8 years ago

adulau commented 8 years ago

Thank you for your initiative.

When reading the code of conduct, I was wondering what is the legal implication and especially compatibility with free software licensing (as described by the FSF or the OSI) when using the code of conduct. Especially the following section:

Publishing other's private information, such as physical or electronic
addresses, without explicit permission

It's very common for free software projects to include email address, name of contributors without explicit consent. As an example, when a contributor does a pull request, the contributor details are added in the commit logs and even sometime in a CONTRIBUTORS file. Even sometime, the ones doing the pull is not the contributor by herself/himself but another upstream manager of a repository.

Another potential issue is the authorization of modifying copyright statement by a project maintainer:

Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.

An example, you might have a new file added to a project including the following copyright notice:

/* 
 This code is licensed under the GNU General Public License version 2 or later.
 Copyright (c) 2016 Alexandre "aka Alex big nose" Dulaunoy
/*

So the contributor is basically having fun of himself (yes I have a big nose ;-) but the project maintainer feels that is inappropriate and fall into the category of " personal appearance harassment". So the code of conduct gives the right to the project maintainer to modify this copyright statement but this could be conflictual with the copyright (and author rights) of the contributor. By so, introducing a potential incompatibility with the free software license.

Have you considered the potential incompatibilities between the code of conduct and free software licensing?

I hope this helps to improve your work.

achadwick commented 8 years ago

Information which is freely given in the form of a copyleft statement comes with only implicit permission to redistribute it, sure. The associated license encourages copying and transitive licensing, and when such copying happens requires copying of the original copyleft statement unmodified.

However, the information is no longer private if the contribution was published online publicly by its author. A github PR is an example of something published online publicly.

For contributions sent privately, the maintainer has a CoC obligation to ask first.

It's still up to the maintainer to be certain that all their contributors understand the license they applied and the CoC they agreed to, so perhaps it is wisest to ask them up front or even each time. You could use a CLA for that if you must.

[EDIT: punctuation]

achadwick commented 8 years ago

Self-deprecating humour is fine, provided it doesn't do splash damage¹. Most CoC enforcers would surely allow a comment like the above even though it's an immutable copyright statement. Despite it not being the person's full legal name: some people need to use 'nyms for basic safety.

However, to hypothetically extend the example above, if the person was comparing their appearance to stereotypical features of a named ethnic group at the receiving end of systemic oppression, that would be different. A CoC enforcer should notice, and would have the obligation and right to reject a PR containing it and/or ask for it to be changed at a later date if it was grandfathered in for some reason. Commits can be reverted, and doing so helps send the message that the project gives a damn


¹ From the VG and RPG "term":https://en.wikipedia.org/wiki/Splash_damage, meaning thoughtless actions that cause damage beyond the target. In this case the author of the self-dep humour is the target, but does their action cause others grief? Moral: take care when dropping stink bombs at your own feet, you may harm your friends.

sigmavirus24 commented 8 years ago

Hi @adulau

When reading the code of conduct, I was wondering what is the legal implication and especially compatibility with free software licensing (as described by the FSF or the OSI) when using the code of conduct. Especially the following section:

Publishing other's private information, such as physical or electronic addresses, without explicit permission

It's very common for free software projects to include email address, name of contributors without explicit consent. As an example, when a contributor does a pull request, the contributor details are added in the commit logs and even sometime in a CONTRIBUTORS file. Even sometime, the ones doing the pull is not the contributor by herself/himself but another upstream manager of a repository.

I think there's a misunderstanding here that might be based in the fact that there's nuance to this statement in the covenant that requires some knowledge of harassment techniques online.

When harassing a person, it is common to "dox" them by obtaining addresses (physical or electronic), government issued identification numbers (Social Security Numbers, etc.), and information about the target's family online. This is what the covenant refers to, not the overly-literal interpretation you provide.

Another potential issue is the authorization of modifying copyright statement by a project maintainer:

Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.

An example, you might have a new file added to a project including the following copyright notice:

/* 
 This code is licensed under the GNU General Public License version 2 or later.
 Copyright (c) 2016 Alexandre "aka Alex big nose" Dulaunoy
/*

So the contributor is basically having fun of himself (yes I have a big nose ;-) but the project maintainer feels that is inappropriate and fall into the category of " personal appearance harassment". So the code of conduct gives the right to the project maintainer to modify this copyright statement but this could be conflictual with the copyright (and author rights) of the contributor. By so, introducing a potential incompatibility with the free software license.

Self-deprecation is one form of humor and one that the author/creator owns. I don't see how this would cause someone else to have to modify that copyright statement. Since copyright statements are not modified, it should be rather clear who wrote that and it would be clear that this was not an insult.

You seem to also be unfamiliar with how people engaging in harassment tend to bombard a target with comments on their personal appearance to cause them emotional harm.

Have you considered the potential incompatibilities between the code of conduct and free software licensing?

There are none when the covenant is read with the proper context. You seem to be the first person to have read these paragraphs this particular way. I wonder if this indicates a need for a separate place that has some context for these paragraphs.

kemitchell commented 8 years ago

Conversation has taken a different direction, but I'd like to point out a parallel to the concerns behind the new subsection (d) of the Developer's Certificate of Origin added in version 1.1. Kernel Trap covered the change in a writeup that mentions UK data privacy law in particular.