FWICS the policy currently doesn't say anything special about the email addresses used for signoff. In context of enforcing it for contributors, I'd like to request clarification whether we should require working email addresses, or whether uniquely identifying addresses are sufficient. I'm asking because I've seen people using the same 'noreply' addresses GitHub uses when creating commits via webui. I haven't verified but by name I'd presume they don't forward mail to the account owner but uniquely identify the account nevertheless. If we should reject addresses that don't receive mail, should we update the policy to state that explicitly?
*sigh* Do we really have to specify things that are self-evident? By RFC 2822, "an address may either be an individual mailbox, or a group of mailboxes" and "a mailbox receives mail".
So, to address your questions (IMHO): (In reply to Michał Górny from comment #0) > FWICS the policy currently doesn't say anything special about the email > addresses used for signoff. In context of enforcing it for contributors, > I'd like to request clarification whether we should require working email > addresses, Yes. > or whether uniquely identifying addresses are sufficient. No. They aren't e-mail addresses if they don't receive mail. > If we should reject addresses that don't receive mail, should we update the > policy to state that explicitly? No, "e-mail address" is clear enough. Also I don't want to go through the approval process with council and trustees again, only because some people think that they have found a loophole in the spec and that they can get away with it.
(In reply to Ulrich Müller from comment #2) > > [...] whether we should require working email > > addresses, > > Yes. Keep in mind: A rule you cannot enforce shouldn't be a rule. And the only (legal) way to ensure an email address is valid is doing double opt-in. While I agree that a 'valid name' will require a 'valid email address' or we don't need any of these details at all, keep it simple and apply same check like we do for names (really, we shouldn't start validating email addresses -- what's next? Are we going to reject freemailers because we cannot be sure if this address will be still valid and in contributor's control tomorrow?): Unless we know for sure an used address is invalid (because we know a mail to @users.noreply.github.com won't reach user or that @bigfoot.invalid went out of business...) and of course, somebody must pay attention first, there's no reason to care about email address. Keep in mind that this is a per dev decision in most cases: I.e. if contributor "c1" will only interact with developer "d1", d1 maybe won't notice or don't care that much about c1's details like another developer "d2". Unless d2 will notice something for unknown reason, escalate and notify other developers that he/she has serious doubts about c1 identity which prevent acceptance of further contribution according to current policy until proper validation through foundation, contribution will continue.
Council & Trustees: This is provably technical impossible, on the simple ground that even if a given email address is valid with double-opt-in confirmation today, there's zero guarantee that it will continue to be valid tomorrow or at some point in the future. This is true even for retired Gentoo developers: even before the forwarding period ends their mail has started bouncing if they even had one. After we have accepted some contribution with a given email, there's no way to take it back, or say "oops". To that end, I think trying to impose a requirement that an email address works, even at the time of submission, provides minimal value, and restricts otherwise valid contributions
From 20190512 Council meeting summary: b. #684170 "Copyright policy: should we require working (delivering) e-mail addresses?" All council members agreed that it is common sense that GLEP 76 will require a valid email address. However, we are not going to implement or require verification. Closing.
(In reply to Ulrich Müller from comment #5) > From 20190512 Council meeting summary: > > b. #684170 "Copyright policy: should we require working (delivering) > e-mail addresses?" > > All council members agreed that it is common sense that GLEP 76 will > require a valid email address. However, we are not going to implement > or require verification. > > Closing. The board also voted this down. In my personal opinion the email address is a string, just like the Author's name. We don't intend for it to be contact information. It should, as Ulm notes, look like an email address per the RFC. -A
