Sindwiller {l Wrote}:So anybody with the internet nick "coolguy", for example, may claim copyright on some contribution some other guy named "coolguy", too, actually submitted? That's rubbish.
No, actually even the original author might be unable to do it. However, what I'm trying to say is that it doesn't really matter who owns the contribution as long as the author went through the necessary steps to give you the permission to use it. If the contributor agrees with your CLA that gives you an irrevocable permission to use the work, or releases the work under an irrevocable license like the GPL, the ownership of the work becomes irrelevant because of the said irrevocable rights granted to you.
As for malice, true, that is extremely rare. I have only ever heard of one malicious patch submitted to the Linux kernel, for example, and even that was caught by a simple patch review. I don't remember if the patch was submitted by someone with a credible looking name, but I don't think it matters much in the end. Reviewing is easier and more reliable than doing background checks, and most likely you wouldn't be able to do anything even if you knew the identity of the contributor.
I don't personally mind submitting patches under my own name, but if I had used a contribution policy that requires people to reveal their names when they contribute to my projects, I'd have rejected most of the contributions I have received. Those were mainly artwork, but I don't think contributing code is different enough to justify a different policy. If the code and the license are good, it's good enough for me.
In any case, I don't think rejecting anonymous and pseudonymous contributions would cause especially serious damage to a project. I don't think accepting them is preposterous enough to warrant caps and extra punctuation either, however. Both are legally and strategically sound policies as far as I know. IANAL, though.