Jakub Zelenka <bu...@php.net> hat am 18.04.2025 18:37 CEST geschrieben:Hi,We just had some private discussions about the implication of contributing under pseudonym. This is in general fine and we should not have problem with it and we actually never verified the contributors so this is possibly happening already.The only thing about it is that it might raise questions why the pseudonym is used. This is quite likely completely fine and it might be just that the author does not want to share their personal details. We should not be asking those authors to provide their identity because it's their personal choice and we should respect it.That said we also need to think about the project and possible risk that this can also bring. One of those is potentially hiding the identity because the author does not have rights to contribute (e.g. their employer has that right). Even though this unlikely, it's a problem that we should consider. There is quite easy solution for such problem though - it's a Developer Certificate of Origin. It's pretty easy to integrate and I put together a quick PR to add it: https://github.com/php/php-src/pull/18350 .The implication of that is that it means that all commits (except the merge ones) in the PR will need to have signed-off-by header with the author of the commit. This is still fine to be signed off by the pseudonym. This also applies to users with legal name because the same issue applies to them too potentially.Please let me know if you have any concerns or thoughts about this!Kind regards,Jakub
According to the license (see https://github.com/php/php-src/blob/master/LICENSE):
IN NO EVENT SHALL THE PHP
DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE
DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE
From my understanding there is no liability for the project if people contribute that are not allowed to contribute, or contribute code without proper IP rights.
If there are valid complains from any third party, the project can remove the code that is questioned.
Regards
Thomas
