Hi On Fri, Apr 18, 2025 at 9:04 PM Sai Liu <ma...@thomasbley.de> wrote:
> > > Jakub Zelenka <bu...@php.net> hat am 18.04.2025 18:37 CEST geschrieben: > > > Hi, > > We just had some private discussions about the implication of contributing > under pseudonym. This is in general fine and we should not have problem > with it and we actually never verified the contributors so this is possibly > happening already. > > The only thing about it is that it might raise questions why the pseudonym > is used. This is quite likely completely fine and it might be just that the > author does not want to share their personal details. We should not be > asking those authors to provide their identity because it's their personal > choice and we should respect it. > > That said we also need to think about the project and possible risk that > this can also bring. One of those is potentially hiding the identity > because the author does not have rights to contribute (e.g. their employer > has that right). Even though this unlikely, it's a problem that we should > consider. There is quite easy solution for such problem though - it's a > Developer Certificate of Origin. It's pretty easy to integrate and I put > together a quick PR to add it: https://github.com/php/php-src/pull/18350 > . > > The implication of that is that it means that all commits (except the > merge ones) in the PR will need to have signed-off-by header with the > author of the commit. This is still fine to be signed off by the pseudonym. > This also applies to users with legal name because the same issue applies > to them too potentially. > > Please let me know if you have any concerns or thoughts about this! > > Kind regards, > > Jakub > > > > > According to the license (see > https://github.com/php/php-src/blob/master/LICENSE): > IN NO EVENT SHALL THE PHP > DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE > > From my understanding there is no liability for the project if people > contribute that are not allowed to contribute, or contribute code without > proper IP rights. > If there are valid complains from any third party, the project can remove > the code that is questioned. > The problem is that if the author does not have rights to contribute the code under that license, it might be problematic and the owner might request removal of the code or there might be potentially other implications. Kind regards, Jakub
