Hacker News new | ask | show | jobs
by zbentley 3149 days ago
This was thought provoking. Questions that arise after reading:

- How do you verify proof-of-death of developers who may be working from an environment where they can't easily separately verify their identities (e.g. house arrest, or people who are working in secret due to legal or cultural barriers to their being OSS engineers)?

- What happens to people whose death is faked, e.g. by a government wishing to take control of a project in order to introduce vulnerabilities or be an obstacle to further development?

- What happens when someone dies and people impersonate their family/inheritors in order to take control of their projects for unethical reasons? Given that a lot of the value here is political ("lead maintainer"-type titles) as opposed to physical (data on servers somewhere), are there any laws that affect this behavior? This is a regrettably common phenomenon with non-software inheritances; can developer communities do better?

- What happens when someone dies who didn't leave instructions for the event of their death, and the legally- or traditionally-entitled inheritors harm their project or otherwise act unethically with it? Is the answer just "fork it" with all of the FUD that entails? Or can something else be done?
2 comments
searls 3149 days ago
Disclosure: I was a developer interviewed and quoted in the piece.

These are all good questions. I'd suggest that the trickier edge cases you outlined are indeed very tough scruples as they pertain to open source (but also as they pertain to all property & copyright law).

I would say based on the experience I shared in the article with Jim that it's very likely that a very large proportion of open source contributors have _relatively simple_ situations but near-zero planning in place for the inevitable. The best someone like GitHub could hope to ask for is a death certificate and an executor of the estate being able to produce a document that assigns the rights of digital assets to some named individual. It wouldn't take very long to do (and I did it myself shortly after I had this experience following Jim's passing).

But even that is a pretty blunt, communication-intense implement. The much, much easier solution for maintainers to simply share access & knowledge as soon as a project gains any amount of significance at all with people they can trust. Platforms like GitHub & npm could introduce pretty simple "inactive account" features that allow named beneficiaries to be added as owners in the event an account goes dark, without needing to bring family & estate attorneys into all this.

link
zbentley 3147 days ago
Thanks for the thoughtful response!
link
sn9 3149 days ago
The solution to many of these questions might be for the "dead-man's switch" discussed in the article to require interacting with an email account with a public/private key system.

E.g., if someone doesn't log in to an email account after, say, a year, it starts auto-replying with that information suggesting the person might have died or is otherwise incapacitated, setting into motion a process to verify what happened (like just being burnt out on open source development). It could also trigger a similar email to the inheritors of the project.

link