| > many of those things were outright obvious malice Yeah, exactly what I'm saying. As long as you put software out there in good faith, you won't be convicted of wire fraud. So just ... don't be malicious I guess? That seems like a low bar that all of us can clear. > While it was once much more commonplace ... to vet licenses I don't know why we need to vet licenses? We've mostly come to a consensus. Most software is either MIT/Apache (anything goes), GPL (release your modified source as GPL) or some weird license masquerading as open source (hi Mongo and redis). We don't need more innovation in this space, we need less. And there's not much to discuss when almost all software is one of the first three licenses. > legal underpinnings are largely what enables Open Source I'd argue that if Open Source is continuing to be developed despite us not verifying identities, maybe it isn't necessary anymore? Maybe it was just something we did back in the day, but we don't need to anymore because the landscape has changed. It's possible what we actually needed was authentication - that this PR is actually coming from Armin and not someone masquerading as him. And Github provides that with its username, password and 2FA. As long as there's no account level hacking involved and I know the person who submitted this change is the same the one I think they are, that gives me a lot of confidence. At that point it doesn't matter if the change came from Armin (who I've never had the pleasure of meeting), or Asahi Lina (who I never will meet). |