The IBM/SCO ordeal brought to light scary problems about copyright infringement. Namely, what happens if someone contributes copyrighted code to an open source project without permission from the copyright holder?
Some months ago someone advised me against accepting patches for Cobertura that were submitted anonymously, because those patches might contain copyrighted material, and that could be bad. I thought this notion was absurd.
I mean, where do you draw the line? Should I ensure that patch authors have a sourceforge account? How do I know the sourceforge account is valid? Should I request online references? How do I know the references are legit? Should I ask to see a driver’s license or passport? Even if I verify the person is who he says he is, how do I know I can trust him? Even if it’s someone I’ve known my entire life, what if he received unknowingly copyrighted code from someone else?
Some things in life are not black and white. You’ve got to draw a line somewhere, and I choose to trust people. Innocent until proven guilty.