[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] github terms of service issues


so, let me start with a introduction on my backgrounds and why I raised
criticism about the switch to GitHub. I am Nik, and more or less here in
two roles:

On the one hand, I am chairman of Teckids e.V., a German organisation
establishing the free software movement among children and students. As
part of our work, we use Python to teach coding to hundreds of children
every year, and PyGame is our core tool for that since our first tutor
(tutors at Teckids are children themselves) got into programming with
the excellent book Hello, World by Carter Sande. However, teaching
coding is only one aspect of our work - our most important goal (as
voted by our members last weekend) is improving free software to make it
suitable for educational use and use by children, and foster these

On the other hand, I am the current maintainer of PyGame in Debian
(starting only recently). My package version is not yet available,
because the upload was rejected due to copyright uncertainties
(unrelated to those discussed here). This is of course somewhat mixed
with the Teckids role as it is part of our efforts to make and keep free
software tools for children available.

So, the issues with GitHub are twofold as well. First of all, without
looking at the BitBucket ToS, I assume that the switch to GitHub
actually does not make the situation *worse* - this is something that
would need to be found out¹.

Please let me explain the two issues and how they relate.

The first issue is children under the age of 13 years not being allowed
to register with GitHub. This issue already existed before GitHub
updated their ToS, and they claim it is because of COPPA. I do think
that they could easily fix this by not requiring a legal name, which is
the only data thewy colelct that falls under COPPA, but they don't
listen. Then, COPPA only "protects" US children, and GitHub are, in my
opinion, wrong in putting this age restriction in their ToS explicitly.
They could simply tell users "you need to be legally able to accept our
privacy terms". This would mean that in the US, the restrictions by
COPPA would apply, and in e.g. Germany, a child aged seven and above
could register given parental consent. I had a lengthy discussion about
that with GitHub Legal, but with no result.

Now you might wonder whether contributors younger than 13 years do
matter at all. Please note that this is primarily opinion-based - this
aspect of my criticism is therefore explicitly opinionated. I *do* think
that excluding a certain age group is plain discrimination against a
subgroup of people. Furthermore, I have seen children as young as nine
or ten years contribute to free software, both with bug reports and with
actual code patches. This is something that is not widely seen, as
Teckids is the only organisation (according to people at international
conferences) actually helping young users to become *active* members of
the community, but it does exist and I am strongly against adding
hurdles to it.

I would personally love to see PyGame get more use in education, and I
do think that if children use it, they should be able to contribute.

There are many ways to circumvent that - e.g., I could pass on any
reports and code by young contributors, but it's not the same. Many
people get rewarded for their work on free software with attribution,
and this is even more true for children. There are certainly things that
children should not have published on the internet, but a cool history
of contributions visible under their names and accounts sure is
something that could be beneficial in later life.

Another way to circumvent this would be to accept patches on a second
channel, e.g. mail, and merge Git commits with their original author and
push them to the repository, without requiring the contributor to
register with GitHub, which leads us to the second issue.

As of 2017-02-28, GitHub changed their ToS, adding an even clearer ban
on children, and a requirement to dual-license all work to them. A quite
good analysis of that can be found here
https://www.mirbsd.org/permalinks/wlog-10_e20170301-tg.htm and here

I have spoken to two lawyers about that, and they basically say that on
first glance, the ToS are indeed very problematic.

The FSF, in the meantime, has published a post stating that the new ToS
do not conflict with the GPL license family here
(but they still discourage use of GitHub), I (and others) do not think
their view is correct, because the ToS explicitly say that they may use
works without attribution, and the GPL licenses explicitly require
copies to carry attribution. Also, even if the FSF is correct, this only
applies to GPL, and probably not to CC-BY-SA and other licenses
requiring attribution, or even prohibiting sub-licensing under other

In any case, with GitHub imposing special terms on a license granted to
them, all contributors also need to grant this license, for past *and*
new contributions. *If* the separate terms do not conflict with GPL,
this might be a non-issue for GPL code, but it might be an issue with
other licenses. As I see that, in order to merge code into the
repository hosted on GitHub from an outside contributor would require
them to expclicitly grant a license as required by the GitHub ToS, or
even accept the ToS even if they do not register with GitHub.

At the very least, all these issues and open questions make
contributions for all contributors, but especially children, more
complicated. Granting a license to a project is not easy for a child (or
an adult, dfor that matter) anyway, both due to legal and pedagogic
aspects. If they succeed, you don't want to go on and still accidentally
infringe their rights.

So, what's my proposed solution? None, to be honest. As a German, I'd
propose a cool code hosting platform hosted under German law, which
would solve many issues due to German privacy protection laws. Also, a
platform specially for software projects that are used in education and
who want to make contributions by young users easy would probably make
sens. That would need a joint effort by some projects. But these are
only ideas - I do not have a working solution right now, and it also
affects me (I am also still struggling to get some projects away from
GitHub myself).

At the current time, I would, however, *not* move to GitHub. If there
are no reasons that would endanger the project, I would not do anything
right now, until those who are affected by that have found a solution
(mind that many projects probably don't know that they are affected by
the "children issue").

I would very much appreciate if the PyGame devs considered the topic
around young contributors.


¹: I have quickly scanned the Atlassian ToS and it looks like they have
neither the attribution nor the age issue. While US children under the
age of 13 years still cannot register due to COPPA, this at least means
that children elsewhere can register, given parental consent. BitBucket
has issues of their own, but at least hey are the same for everyone ;).
So right now I'd eevn stay with them because it's at least clear what
you get.

PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)

Attachment: signature.asc
Description: PGP signature