f249adda03
start problem. modified: docs/manifesto/social_networking.md Discussion of gpg has been obsoleted by by git adding its own trust mechanism to deal with the trust problems of gpg. modified: docs/rootDocs/README.md modified: docs/setup/contributor_code_of_conduct.md
265 lines
13 KiB
Markdown
265 lines
13 KiB
Markdown
---
|
||
title: Contributor Code of Conduct
|
||
sidebar: true
|
||
...
|
||
|
||
# Peace on Earth to all men of good will
|
||
|
||
May you do good and not evil. May you find forgiveness for yourself and
|
||
forgive others. May you share freely, never taking more than you give.
|
||
|
||
# Operational Security
|
||
|
||
A huge problem with software that relates to privacy and/or to money is
|
||
that frequently strange and overcomplicated design decisions are made,
|
||
(passive tense because it is strangely difficult to find who made those
|
||
decisions), decisions whose only apparent utility is to provide paths for
|
||
hostile organizations to exploit subtle, complex, and unobvious security holes.
|
||
|
||
McAffee reported that this is a result of plants - the state plants engineers
|
||
in nominally private organizations to create backdoors. Shortly after he
|
||
reported this he was arrested and murdered by the US government. (To be
|
||
precise he was arrested at the instigation of the US government, and then
|
||
"mysteriously" murdered while in prison. Prison murders remain
|
||
"mysterious" only if carried out by the state.)
|
||
|
||
These holes are often designed so that they can only be utilized efficiently
|
||
by a huge organization with a huge datacentre that collects enormous
|
||
numbers of hashes and enormous amounts of data, and checks enormous
|
||
numbers of hashes against an even more enormous number of potential
|
||
pre-images generated from that data.
|
||
|
||
Another huge problem is that if we get penetrated by enemy shills,
|
||
entryists, and buggers, as the Patriot Front is and the Jan Sixth protestors
|
||
were, we are likely to wind up like the January sixth protestors, who as I
|
||
write this are imprisoned indefinitely being tortured by black guards
|
||
recently imported from the northern part of black Africa, awaiting
|
||
trial with no likelihood of any actual trial for years.
|
||
|
||
## No namefags
|
||
|
||
A participant who can be targeted is likely to introduce unobvious security
|
||
flaws into the software architecture. All contributors should make some
|
||
effort to protect themselves against a third party subsequently coercing
|
||
them to use the reputation that they have obtained by contributing to make
|
||
subsequent harmful contributions.
|
||
|
||
All contributors will use a unique name and avatar for the purpose of
|
||
contributing to this project, and shall not link it to other names of theirs
|
||
that are potentially subject to pressure. In the event of videoconferencing,
|
||
the participants shall wear a mask over the lower part of their face that
|
||
conceals the shape of their mouth and jaw and a rigid hat like a fedora that
|
||
conceals the shape of the upper part their head.
|
||
|
||
Apart from your mouth, the parts of your face that communicate non
|
||
verbal information turn out to be surprisingly useless for identifying
|
||
individuals.
|
||
|
||
If you wear glasses, should not wear your usual glasses, because facial
|
||
recognition software is very good at recognizing glasses, and easily
|
||
distracted, confused, and thrown off by unusual glasses.
|
||
|
||
Even if there are gaping holes in our security, which there will be, and
|
||
even if everyone knows another name of a participant, which they will, no
|
||
need to make the hole even bigger by mentioning it in public. People who lack
|
||
security are likely to result in code that lacks security. They come under
|
||
pressure to introduce an odd architecture for inexplicable reasons. We see
|
||
this happening all the time in cryptographic products.
|
||
|
||
# Code will be cryptographically signed
|
||
|
||
[has its own trust model based on *ssh* and gpg keys]:https://git-scm.com/docs/git-config
|
||
{target="_blank"}
|
||
|
||
〔Note that this has been obsoleted and needs to be rewritten
|
||
since git now [has its own trust model based on *ssh* and gpg keys]
|
||
and the file `gpg.ssh.allowedSignersFile`,
|
||
which should be in a repository that only allows signed commits.
|
||
|
||
Git now has a bunch of hooks that are accessed through config entries
|
||
starting with `gpg.` that potentially allow us to supply zooko names
|
||
for git signed commits.〕
|
||
|
||
Of necessity, we will rest our developer identities on GPG keys, until we
|
||
can eat our own dogfood and use our own system's cryptographic keys.
|
||
Login identities shall have no password reset, because that is a security
|
||
hole. If people forget their password, they should just create a new login
|
||
that uses the same GPG key.
|
||
|
||
Every pull request should be made using `git request-pull`, (rather than
|
||
some web UI, for the web UI is apt to identify people through the domain
|
||
name system and their login identities.)
|
||
|
||
The start argument of `git request-pull` should correspond to a signed
|
||
commit by the person requested, and the end argument to a signed and
|
||
tagged commit by the person requesting.
|
||
|
||
When creating the tag for a pull request, git drops one into an editor and
|
||
asks one to describe the tag. One should then give a lengthy description of
|
||
one's pull request documenting the changes made.
|
||
|
||
When accepting a pull request, the information provided by the requestor
|
||
through the tag and elsewhere should be duplicated by the acceptor into
|
||
the (possibly quite lengthy) merge message.
|
||
|
||
Thus all changes should be made, explained, and approved by persons
|
||
identified cryptographically, rather than through the domain name system.
|
||
|
||
# No race, sex, religion, nationality, or sexual preference
|
||
|
||
![On the internet nobody knows you are a dog](../images/nobody_know_you_are_a_dog.webp)
|
||
|
||
Everyone shall be white, male, heterosexual, and vaguely Christian, even
|
||
if they quite obviously are not, but no one shall unnecessarily and
|
||
irrelevantly reveal their actual race, sex, religion, or political orientation.
|
||
|
||
Unnecessarily informing people one is female or Jewish or nonwhite
|
||
should get similar treatment to unnecessarily informing people one is a
|
||
pure blooded Aryan.
|
||
|
||
All faiths shall be referred to respectfully. Even if they happen to be
|
||
making war on us, this software may not be very relevant to that kind of
|
||
warfare, in which case that discussion can be held elsewhere.
|
||
|
||
All sovereigns shall be referred to respectfully, if they are referred to at all,
|
||
which they should not be. If this software is likely to frustrate their
|
||
objectives, or even contribute to their overthrow, no need to make it
|
||
personal, no need to trigger our enemies. War will come to us soon
|
||
enough, no need to go looking for it.
|
||
|
||
# No preaching supererogation
|
||
|
||
Status must be on the basis of code, good code, and clever code, not on
|
||
cheap claims of superior virtue.
|
||
|
||
When someone plays the holier than thou card, he does not intend to share
|
||
what we are sharing. Out of envy and covetousness, he intends to deny us
|
||
what we are sharing, to deny us that which is ours.
|
||
|
||
If he is holier than we are, he not only wants what we have, which we will
|
||
gladly share. He wants us to not have what we have.
|
||
|
||
Christians are required to turn the other cheek, and people attempting to
|
||
maintain a politically neutral environment need to turn the other cheek.
|
||
But you very quickly run out of cheeks, and then it is on. You cannot be
|
||
politically neutral when the other guy is not being neutral. You have to
|
||
bring a gun to a gunfight and a faith to a holy war. People who start
|
||
politics in an environment intended to be politically neutral have to be
|
||
purged, and a purge cannot be conducted in a politically neutral manner.
|
||
You have to target the enemy faith and purge it as the demon worshiping
|
||
heresy that it is, or else those attempting to maintain political neutrality
|
||
will themselves be purged as heretics, as happened to the Open Source and
|
||
Free Software movements. You may not be interested in war, but war is
|
||
interested in you.
|
||
|
||
We want to maintain a politically, racially, religiously, and ethnically
|
||
neutral environment, but it takes two to tango. You cannot maintain a
|
||
politically neutral environment in a space where an enemy faction wants
|
||
their politics to rule. Neutrality cannot actually be neutral. It merely means
|
||
that the quietly ruling faction is quiet, tolerant of its opponents, and does
|
||
not demand affirmations of faith. If an enemy faith wants to take over,
|
||
the ruling faith can no longer be quiet and tolerant of that opponent.
|
||
|
||
## No claims of doing good to random unknown beneficiaries
|
||
|
||
We are doing this for ourselves, our friends, our kin, and our posterity, not
|
||
for strangers a thousand miles away, and we only care about strangers a
|
||
thousand miles away to the extent that they are likely to enable us to make
|
||
money by making them secure.
|
||
|
||
If someone mentions the troubles of people a thousand miles away, it
|
||
should only be in the frame that we will likely have similar troubles soon
|
||
enough, or that those people a thousand miles away, of a different race,
|
||
religion, and language, could use our product to their, and our, mutual
|
||
advantage, not because he cares deeply for the welfare of far away
|
||
strangers that he has never met in places he could not find on a map.
|
||
|
||
## No victim classes, no identity politics, and no globalism
|
||
|
||
The Open Source and Free Software movements were destroyed by
|
||
official victimhood. Status and leadership must be on the basis of code,
|
||
good code, and clever code, not on cheap claims of superior oppression.
|
||
|
||
The experience of the Open Source and Free Software movement
|
||
demonstrates that if victimhood is high status, code and code quality must
|
||
be low status. If victimhood is high status then “you did not build that”.
|
||
Rather, if victimhood is high status, then good code, silicon fabs, and
|
||
rockets spontaneously emerged from the fertile soil of sub-Saharan Africa,
|
||
and was stolen by white male rapists from the brave and stunning black
|
||
warrior women of sub-Saharan Africa, and social justice demands that the
|
||
courageous advocate for the brave and stunning black warrior women of
|
||
sub-Saharan Africa takes what you have, what you gladly would share,
|
||
away from you.
|
||
|
||
Unless, when a female contributor unnecessarily and irrelevantly informs
|
||
everyone she is female, she is told that she is seeking special treatment on
|
||
account of sex, and is not going to get it, no organization or group that
|
||
attempts to develop software is going to survive. Linux is a dead man walking.
|
||
|
||
# Style
|
||
|
||
Contributions should be gpg signed.
|
||
|
||
Never use any email address on a gpg key related to this project
|
||
unless it is only used for project purposes, or a fake email, or the
|
||
email of an enemy. We don't want Gpg used to link different email
|
||
addresses as owned by the same entity, and we don't want email
|
||
addresses used to link people to the project, because those
|
||
identities would then come under state and quasi state pressure.
|
||
|
||
if you add the recommended repository configuration defaults to your local repository configuration
|
||
|
||
```bash
|
||
git config --local include.path ../.gitconfig
|
||
```
|
||
|
||
This will implement signed commits and will insist that you have `gpg` on your path,
|
||
and that you have configured a signing key in your local config.
|
||
|
||
This may be inconvenient if you do not have `gpg` installed and set up.
|
||
|
||
`.gitconfig` adds several git aliases:
|
||
|
||
1. `git utcmt` to do a commit without recording your timezone in the git history
|
||
1. `git lg` to display the gpg trust information for the last few commits.
|
||
For this to be useful you need to import the repository public key
|
||
`public_key.gpg` into gpg, and `‑‑lsign` that key.
|
||
1. `git graph` to graph the commit tree with signing status
|
||
1. `git alias` to display the git aliases.
|
||
|
||
To only pull signed commits from people you have listed:
|
||
|
||
```bash
|
||
git config merge.verifySignatures true
|
||
gpg --import public_key.gpg
|
||
gpg --lsign 096EAE16FB8D62E75D243199BC4482E49673711C
|
||
```
|
||
|
||
We ignore the Gpg Web of Trust model, and instead use the Zooko
|
||
identity model.
|
||
|
||
We use Gpg signatures to verify that remote repository code
|
||
is coming from an unchanging entity, not for Gpg Web of Trust. Web
|
||
of Trust is too complicated and too user hostile to be workable or safe.
|
||
No one ever used it in the intended manner.
|
||
|
||
The web of trust model was written around email, to protect against physhing and
|
||
spearphysh attacks. And who uses email for discussions and coordination these days?
|
||
That was useful in back in the days when when everything important was happening
|
||
on mailing lists like the cypherpunks mailing list. But even back in the day
|
||
the web of trust model had too many moving parts to be very useful. In
|
||
practice people only used Zooko identity, and Web of Trust was a cloud
|
||
of confusing complexity and user hostile interface on top of Zooko identity.
|
||
What gpg identity is primarily used for in practice is to make sure you
|
||
are getting the latest release from the same repository managed by the same person as
|
||
you got the previous release - which is Zooko identity, not Web of Trust
|
||
identity, and has no real relationship to email. Zooko identity is about
|
||
constancy of identity, Web of Trust is about rightful use of email
|
||
addresses. Web of trust was a true names mechanism, and today no one
|
||
speaks the truth under their true name.
|
||
|
||
Web of trust was designed for a high trust society - but in a high trust
|
||
society you don't need it, and in a low trust society, the name servers were
|
||
too vulnerable to enemy action, and died, leaving the Web of Trust user
|
||
interface in every installed copy of gpg a useless obstacle.
|