Re: rewriting history; Was: Concerns/questions around Software Heritage Archive

[indieterminacy <indieterminacy@libre.brussels>]

On 2024-03-18 15:14, Andreas Enge wrote:
> Am Mon, Mar 18, 2024 at 04:33:49PM +0200 schrieb MSavoritias:
>> Actually gitlab already is facing something like that and they are 
>> doing
>> what was proposed elsewhere: mapping of UUIDs to display names
>> https://gitlab.com/gitlab-org/gitlab/-/issues/20960
> 
> Interesting, thanks! It is something that maybe could be implemented by
> Savannah, but it would probably require a bit of thought. And yet 
> again,
> somehow the mapping uuid<->"real" names would have to be public (people
> would "git clone" commits with uuids, and would need to locally replace
> them by "real" names); so people can always keep copies of the mapping
> over time.
> 
> I am also not quite sure about the signing process for committers;
> in principle keys are enough, but in GPG they are tied to email 
> addresses,
> and I do not know whether we use this in Guix.
> 
> In the end, my impression is this will not achieve much more than what 
> we
> already have with the .mailmap approach. In a sense, everyone would use
> a pseudonym (their uuid), and then we would keep a mapping between 
> these
> pseudonyms and, well, "real" names or other pseudonyms chosen by the
> contributors...
> 
> Hm, this could indeed be implemented exactly with .mailmap, no?
> We would need to enforce that authors use a uuid of a specific format,
> and potentially an empty or dummy email address, or another uuid.
> Then we could keep a .mailmap file. The history of "real" identities
> would still be visible in the git history, but as said above, anyway
> we could not prevent people from storing the association information
> over time.
> 
>> Right fair. As I have said before SWH does break Guix CoC effectively 
>> right
>> now.
>> So what Guix does from this point on will effectively dictate if the 
>> CoC is
>> valid or not.
> 
> Well, the CoC is valid on our communication channels; so what SWH does 
> with
> our software is outside its scope (that is governed by the license).
> 
> Andreas

I have happened to stumble across a new initiative concerning UUIDs for 
academic researchers.

Here is their description:
```
ORCID, which stands for Open Researcher and Contributor ID, is a free, 
unique, persistent identifier (PID) for individuals to use as they 
engage in research, scholarship, and innovation activities. We provide 
ORCID to researchers free of charge so that we may realize our vision of 
connecting all who participate in research, scholarship, and innovation 
are uniquely identified and connected to their contributions across 
disciplines, borders, and time.
```

Here are its guiding principles:
```
Our Founding Principles

     ORCID will work to support the creation of a permanent, clear, and 
unambiguous record of research and scholarly communication by enabling 
reliable attribution of authors and contributors.
     ORCID will transcend discipline, geographic, national, and 
institutional boundaries.
     Participation in ORCID is open to any organization that has an 
interest in research and scholarly communications.
     Access to ORCID services will be based on transparent and 
non-discriminatory terms posted on the ORCID website.
     Researchers will be able to create, edit, and maintain an ORCID 
identifier and record free of charge.
     Researchers will control the defined privacy settings of their own 
ORCID record data.
     All data contributed to ORCID by researchers or claimed by them will 
be available in standard formats for free download (subject to the 
researchers’ own privacy settings) that are updated once a year and 
released under a CC0 waiver.
     All software developed by ORCID will be publicly released under an 
Open Source Software license approved by the Open Source Initiative. For 
the software it adopts, ORCID will prefer Open Source.
     ORCID identifiers and record data (subject to privacy settings) will 
be made available via a combination of no-charge and for-a-fee APIs and 
services. Any fees will be set to ensure the sustainability of ORCID as 
a not-for-profit, charitable organization focused on the long-term 
persistence of the ORCID system.
     ORCID will be governed by representatives from a broad cross-section 
of stakeholders, the majority of whom are not-for-profit, and will 
strive for maximal transparency by publicly posting summaries of all 
Board meetings and annual financial reports.
```

While I do not have the focus to make a further evaluation,
I should point out that ORCID is a component of the nascent Open Science 
Network
https://openscience.network/

FWIW, recognising an academic in OSN and being aware of the quality of 
the tooling Bonfire Networks make me wonder whether ORCID has some good 
design principles
https://bonfirenetworks.org/

In any case, it may provide a practical point for comparison given the 
thicket of governance issues this thread has discovered.


Warmest regards,


fsnjfkjlffffjcjcjcdnmddfnfdfnlzxvcllnjnrejvns  v fjfdsjhsv