Hi, so, let me start with a introduction on my backgrounds and why I raised criticism about the switch to GitHub. I am Nik, and more or less here in two roles: On the one hand, I am chairman of Teckids e.V., a German organisation establishing the free software movement among children and students. As part of our work, we use Python to teach coding to hundreds of children every year, and PyGame is our core tool for that since our first tutor (tutors at Teckids are children themselves) got into programming with the excellent book Hello, World by Carter Sande. However, teaching coding is only one aspect of our work - our most important goal (as voted by our members last weekend) is improving free software to make it suitable for educational use and use by children, and foster these projects. On the other hand, I am the current maintainer of PyGame in Debian (starting only recently). My package version is not yet available, because the upload was rejected due to copyright uncertainties (unrelated to those discussed here). This is of course somewhat mixed with the Teckids role as it is part of our efforts to make and keep free software tools for children available. So, the issues with GitHub are twofold as well. First of all, without looking at the BitBucket ToS, I assume that the switch to GitHub actually does not make the situation *worse* - this is something that would need to be found out¹. Please let me explain the two issues and how they relate. The first issue is children under the age of 13 years not being allowed to register with GitHub. This issue already existed before GitHub updated their ToS, and they claim it is because of COPPA. I do think that they could easily fix this by not requiring a legal name, which is the only data thewy colelct that falls under COPPA, but they don't listen. Then, COPPA only "protects" US children, and GitHub are, in my opinion, wrong in putting this age restriction in their ToS explicitly. They could simply tell users "you need to be legally able to accept our privacy terms". This would mean that in the US, the restrictions by COPPA would apply, and in e.g. Germany, a child aged seven and above could register given parental consent. I had a lengthy discussion about that with GitHub Legal, but with no result. Now you might wonder whether contributors younger than 13 years do matter at all. Please note that this is primarily opinion-based - this aspect of my criticism is therefore explicitly opinionated. I *do* think that excluding a certain age group is plain discrimination against a subgroup of people. Furthermore, I have seen children as young as nine or ten years contribute to free software, both with bug reports and with actual code patches. This is something that is not widely seen, as Teckids is the only organisation (according to people at international conferences) actually helping young users to become *active* members of the community, but it does exist and I am strongly against adding hurdles to it. I would personally love to see PyGame get more use in education, and I do think that if children use it, they should be able to contribute. There are many ways to circumvent that - e.g., I could pass on any reports and code by young contributors, but it's not the same. Many people get rewarded for their work on free software with attribution, and this is even more true for children. There are certainly things that children should not have published on the internet, but a cool history of contributions visible under their names and accounts sure is something that could be beneficial in later life. Another way to circumvent this would be to accept patches on a second channel, e.g. mail, and merge Git commits with their original author and push them to the repository, without requiring the contributor to register with GitHub, which leads us to the second issue. As of 2017-02-28, GitHub changed their ToS, adding an even clearer ban on children, and a requirement to dual-license all work to them. A quite good analysis of that can be found here https://www.mirbsd.org/permalinks/wlog-10_e20170301-tg.htm and here https://joeyh.name/blog/entry/what_I_would_ask_my_lawyers_about_the_new_Github_TOS/ . I have spoken to two lawyers about that, and they basically say that on first glance, the ToS are indeed very problematic. The FSF, in the meantime, has published a post stating that the new ToS do not conflict with the GPL license family here https://www.fsf.org/blogs/licensing/do-githubs-updated-terms-of-service-conflict-with-copyleft (but they still discourage use of GitHub), I (and others) do not think their view is correct, because the ToS explicitly say that they may use works without attribution, and the GPL licenses explicitly require copies to carry attribution. Also, even if the FSF is correct, this only applies to GPL, and probably not to CC-BY-SA and other licenses requiring attribution, or even prohibiting sub-licensing under other licenses. In any case, with GitHub imposing special terms on a license granted to them, all contributors also need to grant this license, for past *and* new contributions. *If* the separate terms do not conflict with GPL, this might be a non-issue for GPL code, but it might be an issue with other licenses. As I see that, in order to merge code into the repository hosted on GitHub from an outside contributor would require them to expclicitly grant a license as required by the GitHub ToS, or even accept the ToS even if they do not register with GitHub. At the very least, all these issues and open questions make contributions for all contributors, but especially children, more complicated. Granting a license to a project is not easy for a child (or an adult, dfor that matter) anyway, both due to legal and pedagogic aspects. If they succeed, you don't want to go on and still accidentally infringe their rights. So, what's my proposed solution? None, to be honest. As a German, I'd propose a cool code hosting platform hosted under German law, which would solve many issues due to German privacy protection laws. Also, a platform specially for software projects that are used in education and who want to make contributions by young users easy would probably make sens. That would need a joint effort by some projects. But these are only ideas - I do not have a working solution right now, and it also affects me (I am also still struggling to get some projects away from GitHub myself). At the current time, I would, however, *not* move to GitHub. If there are no reasons that would endanger the project, I would not do anything right now, until those who are affected by that have found a solution (mind that many projects probably don't know that they are affected by the "children issue"). I would very much appreciate if the PyGame devs considered the topic around young contributors. Cheers, Nik _____ ¹: I have quickly scanned the Atlassian ToS and it looks like they have neither the attribution nor the age issue. While US children under the age of 13 years still cannot register due to COPPA, this at least means that children elsewhere can register, given parental consent. BitBucket has issues of their own, but at least hey are the same for everyone ;). So right now I'd eevn stay with them because it's at least clear what you get. -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security)
Attachment:
signature.asc
Description: PGP signature