Real Name For Open Source Development?

An anonymous reader writes "Do you contribute to open source projects under your real name or a nickname? The openness of open source can be encouraging, but software patents you have never heard of can become a nightmare if a patent troll sues for implementing 'their' scroll bar. A real name also means you end up in the big index we call search engines. An assumed name could be an additional layer of protection, but what are its pros and cons and is it worth the hassle when asked to participate in a meatspace meeting?"

Re:probably overkill

[Ethanol-fueled]

Simple. Use pseudonyms such as "John Smith" or "Robert Johnson" which are natural enough to be used in the meatspace and popular enough to be a needle in a haystack as far as Google Searches are concerned. This is a popular technique for restaraunt critics and the like whose reviews necessitate unbiased anonymity.

If you use hacker-ish sounding names like CapnCrunch or Dildog then you're asking for notoriety and your ass will be laughed at in a LUG.

Sadly enough, if anybody really wanted to track you down then they'd just throw money at a P.I. or at a buddy who works for your ISP.

Err on the side of caution

[moore.dustin]

When in doubt, go the safe route where you have some degree of control over your personal information. I contribute to a few sites here and there, not to mention the few I run myself, and I write every single word under a pen name. There are a few reasons why I do this, mostly privacy issues related to avoiding unwarranted judgment/stigma from something I wrote. A pen name/alias/handle protects from this problem, but also has the added benefit of being able to 'reveal yourself' at a later date if you decide to forgo the privacy stuff.

That being said, I specifically choose to NOT assume an alias here on slashdot. I have my reasons for doing so, but they are of no consequence. The point is, you should think about your choice and the consequences of it. After weighing the information, if you are still on the fence, you should err on the side of caution and assume an alias.

Anonymously

[wagr]

I post anonymously because I'm an insensitive clod.

Actually, I tend to answer questions on forums with my real id, or with a login that easily leads back to me. But I submit complete code blocks under one of several fake ids, and from my home system. Though I doubt I'd get fired for any of the code I've shared, we don't have any explicit policy at my job, and I don't want to test my boss's understanding of "trade secrets."

Two sides to this question

[Bruce Perens]

If you want to be protected by the patent terms of Open Source licenses, which for example was important in the JMRI case, you need to be properly identified. Otherwise, you may have a hard time proving to some judge that you should be protected because the plaintiff should have known that you were "Blue Salad".

Also, the project should make your identity known in the software package as copyright holder. Apache is terrible about this, they strip attribution from most stuff.

And I have a problem with anonomously-donated or anonymously-licensed Open Source, because how do you know the anonymous person actually had the right to donate and you won't run into trouble down the line.

Probably the best thing you can do is assign your copyright to an organization that keeps your identity private. Maybe FSF and some of the incorporated Open Source projects would do this.

Bruce

Let it slip out

[m50d]

I found some horrible prejudice when I submitted things under my real name, so I'll always use a pseudonym for my first few patches. But while I never actually *stop* using the pseudonym, I'll gradually start e.g. signing emails with my real name; that avoids trouble and lets me get some credit for my actual self.

Sometimes

[Anonymous Coward]

I often use my real name when contributing to open source projects, and have contributed to many over the years.

However there have been specific cases where I wanted to submit a patch but not have it tied to my name (in some cases for fear of unjust litigation, in others just so that my name wouldn't be associated with the project for personal reasons). I've never to my knowledge submitted patches that were generated by illegal means.

I used to use an obviously fake name (like 'Anonymous Coward') for submitting such posts (always with a valid e-mail address so I could be contacted), however The Linux Kernel folks decided they didn't want such pseudonyms in their Signed-off fields, so now I just use a made-up real looking name for those types of cases.

To me it is pretty ridiculous to require a real name, when there is no method of verifying such a thing for most projects. I understand a valid e-mail address, and I've always used one, but what did the kernel (or Wine, or any of other such projects) gain by requiring me to make up a real looking name instead of using an obviously fake one?

Re:probably overkill

[JWSmythe]

    I resemble that remark.

    I use "JW Smythe" as my online name. It's all over the place. Luckly, there are a few other people who use that or variations of it "J.W. Smythe", "John W. Smythe", "Jon Smythe". Pick out the real me. Of course, it's not my real name, but it sounds reasonable. If someone I'm not expecting calls me by my alias, I ignore them, or ask them who they're talking about.

    My real name oddly enough is even more popular, by Google searches. There are lots of "me" all around the world, all doing different things. It keeps people wondering if my real name is yet another pseudonym, or it's really me. :)

    Only clients and friends know my real name. They also have read my little essay on why I use an alias. Some people still ask for clarification of why. Why? Because there are a lot of weird people out there, and I don't want to go around to the millions of freaks out there saying "Hi, my name is ____ , come look for me." I've known call center folks who have been harassed, threatened, and stalked, because they've used their real names. Even when I've answered phones, they get my pseudonym of the day (or of the job). I use names like some guys use girlfriends. Use it until it's burnt, then pretend it never existed.

    The reason of liability when some corporate lawyer decides to play rough applies too, but that's pretty low on my priority list. I worry more about the millions of lunatics floating around the Internet. :)

   

Re:Another Con

[Bandman]

Radio shack used to have a clause like that too. They even claimed everything you produced for a year after you left. Laughable. As if my sales training there would lead to creating something useful.

What about PGP?

[bkazaz_gr]

What if you generate a PGP key and use it's ID as you "name". In that case, anyone holding the private key is essentially the copyright holder, right? ;-)

Re:Another Con

[rev_g33k_101]

they still have that clause.....

Re:For Employment Purposes

[quanticle]

That one time you got drunk and went off on some insane rant 5 years ago WILL come back to haunt you no matter how many other positive things there are.

I'm not sure about that. With the increasing omnipresence of search engines, you're going to see everybody's drunk insane rant posted and accessible online. If any prospective employer held that sort of thing against me, I doubt that I'd accept the job. Also, there are consequences to not having information about yourself online. After all, if I'm an employer and I don't see any work or any references to you online, I might wonder what you have to hide.

Re:probably overkill

[epee1221]

There is no need to do something "very illegal", you just have to contribute to something a little "borderline"

You don't even have to do anything questionable. There just has to be someone who objects noisily to it, which is a depressingly low threshold.

Re:Really?

[brainnolo]

My name, Michele when read with non-italian rules (ch = k in Italian) is considered a female name and you cannot even image how many people (almost exclusively Americans I must say) at first think I am a girl, yet nobody had problems looking at my code. And yes, is an awkward situation anyways.

Embed your real name in your fake

[drix]

Contribute using the SHA1 hash of your real name as your anonymous nickname. If you ever want to be identified you can verify that it was you who made the contributions.

Re:Really?

[JWSmythe]

    I have a female friend who programs. She runs into the problem of people know she's a girl, so she obviously can't program. I've worked with her, and know she can. Sometimes I run into problems that she can solve. Sometimes she runs into problems that I can solve. That's teamwork though, not a failure of either of us to be able to do our work.

    Sometimes I've gone talked to her clients, and said exactly what she said, and they believe it when I say it, because I'm a guy and must know what I'm saying. It's not good, but I don't mind backing her up when she needs it. Really, she shouldn't need it though. Now we just have to convince the rest of the world of that.

Re:Two sides to this question

[Bruce Perens]

Obviously I don't have proof of every developer's identity. The major projects generally do, however, use some sort of public-key ID to make sure they know who their folks are. Debian does ID their developers as part of the key-signing process. Thus I've looked over a number of developers passports and drivers licenses.

So, if one of those people committed some sort of deliberate crime like inserting a trojan, or uploading their employers code without permission in a way that seriously messes up the project, you can find and prosecute them. In practice, we have never had to do that. I'm a little surprised, actually.

Here's an article I wrote about this 10 years ago! [lwn.net].

Bruce

Re:Apache does this right.

[Bruce Perens]

I agree with everything you said. There's one problem, though.

It's Apache policy that contributions to Apache remain copyrighted by their authors or their employers. They don't belong to the Apache project.

Consider that Acme is using some Apache program.
Acme sues Developer X for some patent infringement because Developer X is using the same Apache program, which Acme claims infringes their patent.
Developer X appears as a defendant, and says (as Jacobsen said) Acme has a license from me that terminates because of their actions in bringing this suit.
Acme tells the judge "there was nothing delivered with this program that would lead me to believe that I had any license with Developer X, and because Developer X did not mark his ownership of the copyright property I could not act on that information when considering whether to bring this suit, thus this license should not terminate".
Developer X could lose that.

So, I believe that Apache should deliver a list of contributors with each program, so that it is clear to all whose copyrights they are using and who the license is from.

It's useful to note that some of Apache's largest corporate contributors or sponsors probably feel better if the license isn't enforcible. But protecting Apache and its developers from software patent lawsuits is important. I don't think it's being done as well as it could be.

Bruce

That is SO annoying!

[Anonymous Coward]

I tried to make some patches for WINE a while ago. You know, just for the sake of contributing and fixing bugs in the code. Nothing else. Didn't care about fame, recognition or whatsoever. Yet these bastards demanded a real name to commit the patch... so I had to make one up!

Sorry state of affairs IMHO.