Date: prev next · Thread: first prev next last
2017 Archives by date, by thread · List index


Dear Christian,


On 02/06/17 12:17, Christian Lohmaier wrote:

On Mon, Feb 6, 2017 at 11:08 AM, Paul Menzel
<pmenzel+libreoffice@molgen.mpg.de> wrote:
On 02/06/17 10:55, Christian Lohmaier wrote:
On Thu, Feb 2, 2017 at 1:05 PM, Paul Menzel wrote:

It is to prevent people from impersonating somebody else.

Think about someone trying your email to introduce a backdoor ...

In my opinion that’s highly hypothetical.

It is exaggerating to illustrate the point. It doesn't matter what
actual impact that change has.

And if that happens, it’ll be
figured out in no time from the Gerrit log, that it wasn’t really the
impersonated person.

How would you be able to tell?
You might be able to tell that the email address is not matching what
the user has configured. But you cannot tell whether the user he was
claiming to be actually was involved.

Let's say there was no such limitation, and I'd commit something as
"Donald J Trump <potus@whitehouse.gov>" and claim "I talked to him, he
did that patch" - how would you know that'd be the case? And how would
you know he'd be fine with our licencing requirements?
Again exaggerated example.

The coreboot project doesn’t have these restrictions, and in the past there
hasn’t been any problems.

So far nobody stole anything from my car, but I still lock it up.

Sorry, car theft is a reality.

Somebody could shoot me on the street, so I shoot them first? Preventive strikes …?

If there were a way to impersonate as somebody else, then checking for
the licence agreements and other stuff just becomes too hard/you'll
run into the problem of deniability.

Sorry, using the email address as verification is fundamentally flawed. That’s why GPG exists.

I just register `chris.lohmaier` at any free provider, and send in commits for you, without any error from Gerrit.

So, to close my participation in this thread, the current restriction make it hard for people wanting to upstream patches from colleagues.

The LibreOffice people should really think about it again, as from the current arguments, the restriction *cannot by design* enforce the policy it was made for.


Kind regards,

Paul

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.