Contributor agreement

[Martin Pool]

2010/1/28 Stephen J. Turnbull <stephen at xemacs.org>:
>  > So if there is a problem, it's in the legal system, which should
>  > hopefully lay the burden on Canonical to show that they really did get
>  > a valid agreement from you, rather than lay the burden on you to show
>  > that you did not sign any such agreement.
>
> It does lay that burden on Canonical.  However, the presumption is
> that agreements are valid.  I will *need* to deny it, and if Canonical
> chooses not to accept that denial out of court, I lose big.  Think
> about it: Canonical clearly thinks those agreements are worth
> something.  If there's the kind of trouble that justifies the
> existence of an assignment, do you really think they'll accept my
> denial at face value?  Or will they pursue it, at least long enough to
> be really annoying to me?

It somebody engages in an extended project of deception to forge mail
from you to me and to intercept my mail back to you, and also in
copyright infringement, they can cause a certain amount of hassle for
both of us.  Crypto is no silver bullet.

I hope and expect that Canonical would do everything possible to
understand the facts before suing anybody.

Such an attack is equally possible against most projects, since few
require every patch to be strongly authenticated.  The FSF assignment
is not strongly authenticated anyhow (or was not when I did it), and
even if you do sign it people can forge submissions from you of code
you do not wish to or are not allowed to submit.

This is getting off topic for this list.  I take your point that there
is the possibility of mischief through impersonation and we will bear
that in mind as we work on the agreement and the process around it.

-- 
Martin <http://launchpad.net/~mbp/>