On Mon, Jun 28, 2010 at 7:39 PM, Ian Lance Taylor wrote:
> NightStrike writes:
>> On Mon, Jun 28, 2010 at 7:39 AM, David Edelsohn
>>> On Mon, Jun 28, 2010 at 12:10 AM, NightStrike
>>>> Ian had confidence in me. He also liked the proposal I set for how
>>>> go about it.
>>> So who actually said no?
>> The Frederic guy didn't like my fake-looking fake name, and wanted a
>> real-looking-but-just-as-fake name, or he wouldn't create a sourceware
>> account for me. He then ignored my followup emails asking for
>> You guys need to realize how online identities work in this century.
> The overseers as a whole were not comfortable giving an account to
> somebody who was not willing to provide his real name. I concurred in
> that decision.
It would have been courteous for you -- or Frederic, or anyone else --
to have communicated that to me instead of just ignoring me.
> Giving somebody a shell account on gcc.gnu.org means
> giving them a very high level of trust.
Then you should consider using legitimate account creation policies.
If I just put "John Smith" in the sign up form, I would have gotten an
account. How does that change anything? Again, welcome to 2010.
> There are quite a few people
> who could translate a shell account on gcc.gnu.org into a number of
> difficult-to-detect attacks on the entire FLOSS infrastructure,
> including the kernel, the source code control systems, etc. It's hard
> for us to get to the required level of trust in somebody whom we have
> never met and who won't provide any real world contact information.
No one ever asked for any real world contact information. Frederic
asked for a real-looking name. That's just dumb. If I wanted to
launch attacks on "the entire FLOSS infrastructure," do you really
think I would be going about it this way?
> NightStrike, thanks for volunteering, and thanks for being honest about
> the name issue rather than simply making something up. I'm sorry that
> it won't work out.
What you guys need to realize is that if I did just make something up,
there wouldn't be an issue. Your policies are vintage computer
security circa 1963. That's what's so darn frustrating about this
whole entire thing. You don't have any actual security, but yet you
think I'm going to try to bring down everything GNU. That's just
Recently there was a thread about why people don't contribute to GCC.
Well, here you go. I tried. Twice in quick succession. I was flamed
vigorously, much more off-list than on. I've been getting personal
emails from people angry about my pseudonym since the day I started
posting on your mailing lists. I was lambasted by countless people,
ignored by the ones that matter, and eventually shut out because of a
security policy that has no place in present day computing.
Wonderful. Way to make someone feel welcome.
Why don't people contribute to GCC? I've found my answer.