Re: [Python-checkins] cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [Python-checkins] cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

"Martin v. Löwis"
Am 18.04.2012 20:52, schrieb antoine.pitrou:
> http://hg.python.org/cpython/rev/f3a27d11101a
> changeset:   76405:f3a27d11101a
> user:        Antoine Pitrou <[hidden email]>
> date:        Wed Apr 18 20:51:15 2012 +0200
> summary:
>   Issue #11750: The Windows API functions scattered in the _subprocess and
> _multiprocessing.win32 modules now live in a single module "_winapi".
> Patch by sbt.

Can we use Real Names, please?

Regards,
Martin
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Antoine Pitrou
On Wed, 18 Apr 2012 21:29:00 +0200
"Martin v. Löwis" <[hidden email]> wrote:

> Am 18.04.2012 20:52, schrieb antoine.pitrou:
> > http://hg.python.org/cpython/rev/f3a27d11101a
> > changeset:   76405:f3a27d11101a
> > user:        Antoine Pitrou <[hidden email]>
> > date:        Wed Apr 18 20:51:15 2012 +0200
> > summary:
> >   Issue #11750: The Windows API functions scattered in the _subprocess and
> > _multiprocessing.win32 modules now live in a single module "_winapi".
> > Patch by sbt.
>
> Can we use Real Names, please?

Do we have a policy about that? sbt seems happy using a pseudonym (and
I personally don't have a problem with it).

Regards

Antoine.


_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

"Martin v. Löwis"
>>>   Issue #11750: The Windows API functions scattered in the _subprocess and
>>> _multiprocessing.win32 modules now live in a single module "_winapi".
>>> Patch by sbt.
>>
>> Can we use Real Names, please?
>
> Do we have a policy about that? sbt seems happy using a pseudonym (and
> I personally don't have a problem with it).

We would have to ask a lawyer. Apparently, he signed a form, and
presumably, that can be traced to a real person. However, we need to
be extremely careful not to accept anonymous contributions, as then
barrier to contribute stolen code is much lower. It took Linux a ten
year copyright lawsuit to go through this; I don't want this to happen
for Python.

In any case, the real policy is that we should not accept significant
changes without a contributor form.

I, myself, feel extremely uncomfortable dealing with pseudonyms in the
net, more so since I committed code from (and, IIRC, gave commit rights
to) Reinhold Birkenfeld. Of course, the issue is different when you
*know* it's pseudonym (and no, I have no bad feelings towards Georg
about this at all).

Regards,
Martin
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Guido van Rossum
On Thu, Apr 19, 2012 at 4:19 AM, "Martin v. Löwis" <[hidden email]> wrote:

>>>>   Issue #11750: The Windows API functions scattered in the _subprocess and
>>>> _multiprocessing.win32 modules now live in a single module "_winapi".
>>>> Patch by sbt.
>>>
>>> Can we use Real Names, please?
>>
>> Do we have a policy about that? sbt seems happy using a pseudonym (and
>> I personally don't have a problem with it).
>
> We would have to ask a lawyer. Apparently, he signed a form, and
> presumably, that can be traced to a real person. However, we need to
> be extremely careful not to accept anonymous contributions, as then
> barrier to contribute stolen code is much lower. It took Linux a ten
> year copyright lawsuit to go through this; I don't want this to happen
> for Python.
>
> In any case, the real policy is that we should not accept significant
> changes without a contributor form.
>
> I, myself, feel extremely uncomfortable dealing with pseudonyms in the
> net, more so since I committed code from (and, IIRC, gave commit rights
> to) Reinhold Birkenfeld. Of course, the issue is different when you
> *know* it's pseudonym (and no, I have no bad feelings towards Georg
> about this at all).

I'd like to copy for posterity what I wrote off-list about this incident:

I'm against accepting anonymous patches, period, unless the core
developer who accepts them vets them *very* carefully and can vouch
for them as if the core developer wrote the patch personally. Giving
an anonymous person commit rights does not meet my standard for good
stewardship of the code base. (But... see below.)

Of course, knowing the name is not *sufficient* to give a person
commit rights -- we know what's needed there, which includes a trust
relationship with the contributor over a long time and with multiple
core committers.

This *process* of vetting committers in turn is necessary so that
others, way outside our community, will trust us. When open source was
new, I got regular requests from lawyers working for large companies
wanting to see the list of contributors. Eventually this stopped,
because the lawyers started understanding open source, but part of
that understanding included the idea that a typical open source
project actually has a high moral code of conduct (written or not).

That said, I can think of plenty of reasons why a contributor does not
want their real name published. Some of those are bad -- e.g. if you
worry that you'll be embarrassed by your contributions in the future
I'm not sure I'd want to see your code in the repository; if you don't
want your employer to find out that you're contributing you might be
violating your employment contract and the PSF could get into trouble
for e.g. incorporating patented code; and I'm not sure we'd like to
accept code from convicted fellons (though I'd consider that a gray
area). But some might be acceptable. E.g. someone who is regularly in
the news might not want to attract gawkers or reveal their personal
email address; someone who is hiding from the law in an oppressive
country (even the US, depending on which law we're talking about)
might need to be protected; someone might have fears for their
personal safety.

In all those cases I think there should be some core contributors who
know the real identity of the contributor. These must also know the
reason for the anonymity and agree that it's important to maintain it.
It must also be known to the community at large that the contributor
is using a pseudonym. If the contributor is not comfortable revealing
their identity to any core contributors, I don't think there is enough
of a trust relationship to build on for a successful career as a
contributor to Python.

--
--Guido van Rossum (python.org/~guido)
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Tshepang Lekhonkhobe
On Thu, Apr 19, 2012 at 17:51, Guido van Rossum <[hidden email]> wrote:
> and I'm not sure we'd like to
> accept code from convicted fellons (though I'd consider that a gray
> area).

This makes me curious... why would that be a problem at all (assuming
the felony is not related to the computing field)?
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Glyph Lefkowitz
In reply to this post by Guido van Rossum
On Apr 19, 2012, at 11:51 AM, Guido van Rossum wrote:

In all those cases I think there should be some core contributors who
know the real identity of the contributor. These must also know the
reason for the anonymity and agree that it's important to maintain it.
It must also be known to the community at large that the contributor
is using a pseudonym. If the contributor is not comfortable revealing
their identity to any core contributors, I don't think there is enough
of a trust relationship to build on for a successful career as a
contributor to Python.

I do think that python-dev should be clear that by "real" identity you mean "legal" identity.

There are plenty of cases where the name a person is known by in more "real" situations is not in fact their legal name.  There are also cases where legal names are different in different jurisdictions; especially people with CJK names may have different orthographies of the "same" name in different jurisdictions or even completely different names in different places, if they have immigrated to a different country.

So there should be a legal name on file somewhere for copyright provenance purposes, but this should not need to be the same name that is present in commit logs, as long as there's a mapping recorded that can be made available to any interested lawyer.

(Hopefully this is not a practical issue, but this is one of my pet peeves - for obvious reasons.)

-glyph


_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Guido van Rossum
In reply to this post by Tshepang Lekhonkhobe
On Thu, Apr 19, 2012 at 9:02 AM, Tshepang Lekhonkhobe
<[hidden email]> wrote:
> On Thu, Apr 19, 2012 at 17:51, Guido van Rossum <[hidden email]> wrote:
>> and I'm not sure we'd like to
>> accept code from convicted fellons (though I'd consider that a gray
>> area).
>
> This makes me curious... why would that be a problem at all (assuming
> the felony is not related to the computing field)?

Because the person might not be trustworthy, period. Or it might
reflect badly upon Python's reputation. But yes, I could also see
cases where we'd chose to trust the person anyway. This is why I said
it's a gray area -- it can only be determined on a case-by-case basis.
The most likely case might actually be someone like Aaron Swartz.

--
--Guido van Rossum (python.org/~guido)
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Guido van Rossum
In reply to this post by Glyph Lefkowitz
On Thu, Apr 19, 2012 at 9:06 AM, Glyph <[hidden email]> wrote:

> On Apr 19, 2012, at 11:51 AM, Guido van Rossum wrote:
>
> In all those cases I think there should be some core contributors who
> know the real identity of the contributor. These must also know the
> reason for the anonymity and agree that it's important to maintain it.
> It must also be known to the community at large that the contributor
> is using a pseudonym. If the contributor is not comfortable revealing
> their identity to any core contributors, I don't think there is enough
> of a trust relationship to build on for a successful career as a
> contributor to Python.
>
>
> I do think that python-dev should be clear that by "real" identity you mean
> "legal" identity.
>
> There are plenty of cases where the name a person is known by in more "real"
> situations is not in fact their legal name.  There are also cases where
> legal names are different in different jurisdictions; especially people with
> CJK names may have different orthographies of the "same" name in different
> jurisdictions or even completely different names in different places, if
> they have immigrated to a different country.
>
> So there should be a legal name on file somewhere for copyright provenance
> purposes, but this should not need to be the same name that is present in
> commit logs, as long as there's a mapping recorded that can be made
> available to any interested lawyer.
>
> (Hopefully this is not a practical issue, but this is one of my pet peeves -
> for obvious reasons.)

Heh. I was hoping to avoid too  much legal wrangling. Note that we
don't require legal proof of identity; that would be an undue burden
and more than I would personally put up with as a contributor. The
primary concept here is trust, and identity can be seen as an
approximation of that at best.

--
--Guido van Rossum (python.org/~guido)
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Tshepang Lekhonkhobe
In reply to this post by Guido van Rossum
On Thu, Apr 19, 2012 at 18:55, Guido van Rossum <[hidden email]> wrote:

> On Thu, Apr 19, 2012 at 9:02 AM, Tshepang Lekhonkhobe
> <[hidden email]> wrote:
>> On Thu, Apr 19, 2012 at 17:51, Guido van Rossum <[hidden email]> wrote:
>>> and I'm not sure we'd like to
>>> accept code from convicted fellons (though I'd consider that a gray
>>> area).
>>
>> This makes me curious... why would that be a problem at all (assuming
>> the felony is not related to the computing field)?
>
> Because the person might not be trustworthy, period. Or it might
> reflect badly upon Python's reputation. But yes, I could also see
> cases where we'd chose to trust the person anyway. This is why I said
> it's a gray area -- it can only be determined on a case-by-case basis.
> The most likely case might actually be someone like Aaron Swartz.

Even if Aaron submits typo fixes for documentation :)

I would think that being core developer would be the only thing that
would require trust. As for a random a contributor, their patches are
always reviewed by core developers before going in, so I don't see any
need for trust there. Identity is another matter of course, but no one
even checks if I'm the real Tshepang Lekhonkhobe.
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Guido van Rossum
On Thu, Apr 19, 2012 at 10:13 AM, Tshepang Lekhonkhobe
<[hidden email]> wrote:

> On Thu, Apr 19, 2012 at 18:55, Guido van Rossum <[hidden email]> wrote:
>> On Thu, Apr 19, 2012 at 9:02 AM, Tshepang Lekhonkhobe
>> <[hidden email]> wrote:
>>> On Thu, Apr 19, 2012 at 17:51, Guido van Rossum <[hidden email]> wrote:
>>>> and I'm not sure we'd like to
>>>> accept code from convicted fellons (though I'd consider that a gray
>>>> area).
>>>
>>> This makes me curious... why would that be a problem at all (assuming
>>> the felony is not related to the computing field)?
>>
>> Because the person might not be trustworthy, period. Or it might
>> reflect badly upon Python's reputation. But yes, I could also see
>> cases where we'd chose to trust the person anyway. This is why I said
>> it's a gray area -- it can only be determined on a case-by-case basis.
>> The most likely case might actually be someone like Aaron Swartz.
>
> Even if Aaron submits typo fixes for documentation :)
>
> I would think that being core developer would be the only thing that
> would require trust. As for a random a contributor, their patches are
> always reviewed by core developers before going in, so I don't see any
> need for trust there. Identity is another matter of course, but no one
> even checks if I'm the real Tshepang Lekhonkhobe.

I don't think you're a core contributor, right? Even if a core
developer reviews the code, it requires a certain level of trust,
especially for complex patches.

--
--Guido van Rossum (python.org/~guido)
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Antoine Pitrou
On Thu, 19 Apr 2012 10:21:00 -0700
Guido van Rossum <[hidden email]> wrote:

> On Thu, Apr 19, 2012 at 10:13 AM, Tshepang Lekhonkhobe
> <[hidden email]> wrote:
> > On Thu, Apr 19, 2012 at 18:55, Guido van Rossum <[hidden email]> wrote:
> >> On Thu, Apr 19, 2012 at 9:02 AM, Tshepang Lekhonkhobe
> >> <[hidden email]> wrote:
> >>> On Thu, Apr 19, 2012 at 17:51, Guido van Rossum <[hidden email]> wrote:
> >>>> and I'm not sure we'd like to
> >>>> accept code from convicted fellons (though I'd consider that a gray
> >>>> area).
> >>>
> >>> This makes me curious... why would that be a problem at all (assuming
> >>> the felony is not related to the computing field)?
> >>
> >> Because the person might not be trustworthy, period. Or it might
> >> reflect badly upon Python's reputation. But yes, I could also see
> >> cases where we'd chose to trust the person anyway. This is why I said
> >> it's a gray area -- it can only be determined on a case-by-case basis.
> >> The most likely case might actually be someone like Aaron Swartz.
> >
> > Even if Aaron submits typo fixes for documentation :)
> >
> > I would think that being core developer would be the only thing that
> > would require trust. As for a random a contributor, their patches are
> > always reviewed by core developers before going in, so I don't see any
> > need for trust there. Identity is another matter of course, but no one
> > even checks if I'm the real Tshepang Lekhonkhobe.
>
> I don't think you're a core contributor, right? Even if a core
> developer reviews the code, it requires a certain level of trust,
> especially for complex patches.

I would say trust is gained through previous patches, not through
personal knowledge of the contributor, though.

Regards

Antoine.
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Guido van Rossum
On Thu, Apr 19, 2012 at 10:30 AM, Antoine Pitrou <[hidden email]> wrote:

> On Thu, 19 Apr 2012 10:21:00 -0700
> Guido van Rossum <[hidden email]> wrote:
>> On Thu, Apr 19, 2012 at 10:13 AM, Tshepang Lekhonkhobe
>> <[hidden email]> wrote:
>> > On Thu, Apr 19, 2012 at 18:55, Guido van Rossum <[hidden email]> wrote:
>> >> On Thu, Apr 19, 2012 at 9:02 AM, Tshepang Lekhonkhobe
>> >> <[hidden email]> wrote:
>> >>> On Thu, Apr 19, 2012 at 17:51, Guido van Rossum <[hidden email]> wrote:
>> >>>> and I'm not sure we'd like to
>> >>>> accept code from convicted fellons (though I'd consider that a gray
>> >>>> area).
>> >>>
>> >>> This makes me curious... why would that be a problem at all (assuming
>> >>> the felony is not related to the computing field)?
>> >>
>> >> Because the person might not be trustworthy, period. Or it might
>> >> reflect badly upon Python's reputation. But yes, I could also see
>> >> cases where we'd chose to trust the person anyway. This is why I said
>> >> it's a gray area -- it can only be determined on a case-by-case basis.
>> >> The most likely case might actually be someone like Aaron Swartz.
>> >
>> > Even if Aaron submits typo fixes for documentation :)
>> >
>> > I would think that being core developer would be the only thing that
>> > would require trust. As for a random a contributor, their patches are
>> > always reviewed by core developers before going in, so I don't see any
>> > need for trust there. Identity is another matter of course, but no one
>> > even checks if I'm the real Tshepang Lekhonkhobe.
>>
>> I don't think you're a core contributor, right? Even if a core
>> developer reviews the code, it requires a certain level of trust,
>> especially for complex patches.
>
> I would say trust is gained through previous patches, not through
> personal knowledge of the contributor, though.

You don't have to have face-to-face meetings (I never may most Python
contributors face-to-face until many years later, and some I've never
met) but you do gain insight into their personality through the
interaction *around* patches. To me, that counts just as much as the
objective quality of their patches.

--
--Guido van Rossum (python.org/~guido)
_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cpython: Issue #11750: The Windows API functions scattered in the _subprocess and

Antoine Pitrou
Le jeudi 19 avril 2012 à 10:40 -0700, Guido van Rossum a écrit :

> >>
> >> I don't think you're a core contributor, right? Even if a core
> >> developer reviews the code, it requires a certain level of trust,
> >> especially for complex patches.
> >
> > I would say trust is gained through previous patches, not through
> > personal knowledge of the contributor, though.
>
> You don't have to have face-to-face meetings (I never may most Python
> contributors face-to-face until many years later, and some I've never
> met) but you do gain insight into their personality through the
> interaction *around* patches. To me, that counts just as much as the
> objective quality of their patches.

Agreed.

Regards

Antoine.


_______________________________________________
Python-Dev mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/lists%2B1324100855712-1801473%40n6.nabble.com