Contribute in personal capacity

[ddimtirov]

For some companies, OSS contributions that can be linked to the company raise a risk of reputational damage. For example, a wealth manager may be unwilling to allow contributions in case they suffer a reputational damage by getting sued by patent troll.

To solve this problem, I would propose patch-based workflow with automatic redaction, replacing a list of words with tokens.

Alternatively, this can be applied to git-push workflows by rewriting commits, though I'd be weary if we can cover all the metadata.

In particular, this functionality interacts with the non-repudiation requirement (#62), which can be retained privately by the contributor in the cases of patch-based workflow.

[matthyx]

@ddimtirov I am very interested in this topic, have you made progress one year after this issue?

[ddimtirov]

No, I haven't heard back.

[matthyx]

That's very unfortunate :( I have added this tool to the https://github.com/todogroup/awesome-ospo list, maybe added traction will make this happen.

[grovesy]

Hey All, apologies just catching up on things, I've been hiding away on an internal mirror for a while (this will soon end and be public working only!)

I think to understand this one a chat might be beneficial to help me understand - we've got the issues around re-signing/re-writing contributors - I guess here we are looking at automatically re declaring commit descriptions? (based on a tokenisation ruleset?)

[matthyx]

Hi @grovesy I think I have the same issues as you, I need re-signing/re-writing contributors. The patch based workflow is secondary. If you want we can chat in the finos slack, I've requested access to it, and can post here my handle once I have one.

[matthyx]

@grovesy I have joined finos slack, "Matthias Bertschy" U03FV4U909H

[JamieSlome]

@matthyx @ddimtirov - new maintainer here 👋 Are we still keen for this feature?

[matthyx]

hi @JamieSlome not for me directly since I've changed company, but could be very interesting for others