Regarding the real-name-only contribution policy
sudobash418
sudobash418 at gmail.com
Tue Jun 18 12:00:21 PDT 2024
On 2024-06-18 12:43, Arınç ÜNAL wrote:
> After the xz backdoor incident, I don't think it would be very wise to
> start allowing usernames. Not just that, anyone with a full name that
> cannot be tied to a real person through either public knowledge on the
> internet, or information privately provided to the maintainers of the
> project is a potential infiltrator in my eyes.
>
> But, I think usernames should be allowed for submissions, and the
> submissions must be reviewed thoroughly. Becoming a maintainer or a
> member
> of the project on the other hand, must not be possible unless the
> person's
> real life identity is privately provided.
>
> Arınç
IMHO, neither version of the contribution policy ("real-name-only" or
"known identity") matters for malicious (or compromised) contributors.
A malicious "contributor" can simply fake their name, and under the
current policy, it would be accepted at face value.
Note that I am ignoring *committers*, because that is a much more
selective and trusted group, and has different rules from what I understand.
The policy change that I am talking about is for contributors, not
committers (the ~50 people who can merge changes into the project repos).
Proof-of-identity is a valid concern, but I think it's largely
orthogonal from this specific policy.
sudoBash418
More information about the openwrt-devel
mailing list