For some companies, OSS contributions that can be linked to the company raise a risk of reputational damage. For example, a wealth manager may be unwilling to allow contributions in case they suffer a reputational damage by getting sued by patent troll.
To solve this problem, I would propose patch-based workflow with automatic redaction, replacing a list of words with tokens.
Alternatively, this can be applied to git-push workflows by rewriting commits, though I'd be weary if we can cover all the metadata.
In particular, this functionality interacts with the non-repudiation requirement (#62), which can be retained privately by the contributor in the cases of patch-based workflow.
For some companies, OSS contributions that can be linked to the company raise a risk of reputational damage. For example, a wealth manager may be unwilling to allow contributions in case they suffer a reputational damage by getting sued by patent troll.
To solve this problem, I would propose patch-based workflow with automatic redaction, replacing a list of words with tokens.
Alternatively, this can be applied to
git-pushworkflows by rewriting commits, though I'd be weary if we can cover all the metadata.In particular, this functionality interacts with the non-repudiation requirement (#62), which can be retained privately by the contributor in the cases of patch-based workflow.