DCO and Pseudonyms

Status

PROPOSED 

Outcome
Minutes Link

What is the policy on accepting DCOs from contributors operating under pseudonyms?

Some possibilities:

  • Always.
  • Never, DCOs fields must have "Real Names".
  • If the real identity is known to the TSC, it is acceptable.
  • If the real identity is known to a maintainer of the project, it is acceptable.
  • If the real identity is known to the maintainer merging the commit, it is acceptable.
  • If the commit contains a signed-off-by for someone using their real identity and who knows who the person represented by the pseudonym is, it is acceptable.
  • If the commit contains at least one signed-off-by by someone using their real identity, it is acceptable.

Background

Blockchains, cryptocurrencies, and cryptography in general have had a long history of people contributing and operating under pseudonyms: from Captain Crunch to Satoshi Nakamoto.  Some contributors prefer to operate under a pseudonym in order to avoid online harassment because they have been or have reason to believe they would be subject to harassment. 

Regardless of the reasons for contributors "masking" themselves we would benefit from clarity regarding how to handle contributions from anonymous and pseudonymous contributors.  Are they required to "unmask" and if so to what degree and to whom (completely or to trusted parties).

To complicate things there are also individuals who operate under pseudonyms that appear and act like real identities.  If the policy is anything but "always" what duties do maintainers have when they discover a contributor with a pseudonym that passes as a real identity is contributing or has contributed?

A related issue would be whether maintainers would be able to operate under a pseudonym and what degree of unmasking would be required if allowed.

Reviewed By