Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Process Improvements in the Kernel Development

Hemos posted more than 10 years ago | from the changing-the-process dept.

Operating Systems 124

Kalki writes "In an e-mail to the Linux kernel mailing list, sent Saturday, Torvalds proposed that kernel developers begin certifying that the code that they contribute is entitled to be included in the Linux kernel as well as a technique for "signing off on patches" that would better track which developers had handled source code contributions. check this Infoworld story on it."

Sorry! There are no comments related to the filter you selected.

First Improvement (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9236636)

Oh yeah...

fp bb (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9236641)

fp bb

xxx (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9236642)

xxx

Santa Claus (1, Funny)

Anonymous Coward | more than 10 years ago | (#9236647)

... track which developers ...
So Santa Claus and the Tooth Fairy need not be featured on slashdot :P

Re:Santa Claus (1)

smatt-man (643849) | more than 10 years ago | (#9237068)

that would better track which developers had handled source code contributions.

To find out who's naughty or nice.

heheh (5, Funny)

RupertJ (520598) | more than 10 years ago | (#9236650)

"..."signing off on patches" that would better track which developers had handled source code..."

.... and Linux joined the world of professional software development!! =)

/me ducks

Re:heheh (1)

bigdady92 (635263) | more than 10 years ago | (#9236658)

So finally it would become a cathedral instead of a bazzar? That in and of itself would be amazing! :)

Re:heheh (1)

Nutria (679911) | more than 10 years ago | (#9238669)

So finally it would become a cathedral instead of a bazzar?

How does that make it a cathedral? Linux is still open; it will just be "tracked" in the future.

Re:heheh (4, Insightful)

drooling-dog (189103) | more than 10 years ago | (#9237554)

.... and Linux joined the world of professional software development!! =)

I hope not, since the "unprofessional" model has worked so well (and I'm not being sarcastic). This is more an acknowledgement that GNU/Linux is swimming in dangerous waters, and has enemies with money to burn. Even though SCO's claims have apparently turned out to be lame, you have to assume that intellectual property traps are being set left and right.

Re:heheh (2, Interesting)

bfields (66644) | more than 10 years ago | (#9238207)

This is more an acknowledgement that GNU/Linux is swimming in dangerous waters, and has enemies with money to burn.

On the other hand, the SCO case also showed that even a well-funded company given a year (so far) and great incentives to find intellectual property problems in the linux source has been unable to do so.

Not that it's bad for the linux developers to be careful and think ahead.

--Bruce Fields

Re:heheh (2, Insightful)

AnuradhaRatnaweera (757812) | more than 10 years ago | (#9237810)

.... and Linux joined the world of professional software development!! =)

Signing patches alone may not entitle kernel development to be called "professional". Don't forget that many patches are sent over SMTP, and it is possible for spoof a real kernel contributor. Of course, most of the spoof attempts will fail, but with the present and potential future scale of the kernel development, Father Brown's `unnoticed' theory might manifest.

Heh... (2, Informative)

Anonymous Coward | more than 10 years ago | (#9238453)

And I wonder why the submitter didn't think to link to the same story on Groklaw [groklaw.net] !

Go figure?

Do "professional" organizations do this? (3, Insightful)

ron_ivi (607351) | more than 10 years ago | (#9239242)

"Linux joined the world of professional software development!!"

Do companies like Microsoft or Sun make Developers certify that the code they submit in a particular check-in isn't "borrowed" from GPL'd or other open source stuff?

Seems Linux is well ahead of professional organizations in this respect.

A good thing. (5, Interesting)

Raven42rac (448205) | more than 10 years ago | (#9236652)

The more organisation and delegation in Linux, the better. With the gains being made using Bitkeeper and this, I feel that Linux will make leaps and bounds in the next year. The things I hope for are better hardware detection and working device drivers for more devices (especially multifunction printers). I think Xandros is getting really close to the way things can be. But then again, I run a Debian CLI install on a Pentium II 350. I guess what I meant to say was, for Linux to gain mass market acceptance, it needs to do everything Windows/OS X does, but better, cheaper and faster.

Linux is just the kernel (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9236938)

Debian and Xandros are the distributions. In fact, if you want a really usable and poweful distribution, you should try Fedora Core [redhat.com] 2, a recently released distribution. It is simply amazing. GNOME 2.6 literally wipes the floor with OSX and Windows in terms of usabillity (New file dialog and spatial nautilus, as well as the HIG), Looks (Bluecurve and Nuvola are really slick looking) and Speed. I run it on a 1.2Ghz processor and it is comparable to my brother's 3.0Ghz machine running Windows XP!

Visit Fedorafaqs [fedorafaq.org] and get all the cool stuff such as Java, Flash, MP3 support and you will be really pleased indeed. It has replaced Mandrake 10 as my primary distribution. Its not just a leap, its a whole mile ahead of other distros. So try it today and see why not all distros are created equal. You can even get Debian's apt-get for Fedora!

Re:Linux is just the kernel (0)

Anonymous Coward | more than 10 years ago | (#9237027)

Rubbish. GNOME wipes the floor with OSX? You're mad. KDE comes close, if set up right (i.e. if redhat haven't been anywhere near it), but GNOME????

Re:Linux is just the kernel (1, Offtopic)

soloport (312487) | more than 10 years ago | (#9237598)

Rubbish. GNOME wipes the floor with OSX? You're mad. KDE comes close, if set up right (i.e. if redhat haven't been anywhere near it), but GNOME????

So true. I'm running KDE on Fedora Core 2 and it is simply a dog (1.2MHz uP). I don't know what RedHat has done to KDE, but the diference between it and KDE on other distros is stark!

However, I have no idea which way to go from here. Buck up and learn to stomach Gnome? Find a distro that is more KDE-centric? Fedora still seems to be the best at supplying recent packages and easy server setup.

Linus retiring? (3, Interesting)

johnthorensen (539527) | more than 10 years ago | (#9236657)

This is very speculative, but this looks like the sort of thing somebody does to ease the transition when they turn something over to another leader. Yeah, it's about a 1:10000 chance that I'm right, but remember you heard it here first...

-JT

Re:Linus retiring? (4, Funny)

xlyz (695304) | more than 10 years ago | (#9236737)

This is very speculative, but this looks like the sort of thing somebody does to ease the transition when they turn something over to another leader. Yeah, it's about a 1:10000 chance that I'm right, but remember you heard it here first...

you know what? I agree
in 50 year max Linus will hand over his responsability
please add me to the credit list of the future-tellers

Re:Linus retiring? (5, Informative)

skidv (656766) | more than 10 years ago | (#9236746)

Remember that Linus "retires" from a version of the kernel when he thinks it is stable enough for a maintainer to supervise. Once he is freed from maintaining the current "release" version of the kernel, he starts working on the next development version.

He'll pass version 2.6 to someone and then start work on 2.7, just as he passed 2.4 to Marcelo Tosatti and then began working on 2.5.

Re:Linus retiring? (4, Informative)

Anonymous Coward | more than 10 years ago | (#9236808)

He's already handed over much of the release management for 2.6 to Andrew Morton. Linus is more focused on the development tree at the moment.

Re:Linus retiring? (0)

Anonymous Coward | more than 10 years ago | (#9237097)

Yeah. Unfortunately, that dev tree is still 2.6.

MODERATOR MADNESS (1)

hummassa (157160) | more than 10 years ago | (#9238109)

there is no "development tree" at the moment. the 2.6 kernel tree is being managed by Linus. Andrew Morton is not yet in complete charge of it. development tree will be 2.7.

Re:Linus retiring? (0, Redundant)

BinaryJono (546830) | more than 10 years ago | (#9236974)

2.6 is maintained by andrew morton, the keeper of the mm patchset

Re:Linus retiring? (0)

Anonymous Coward | more than 10 years ago | (#9237200)

And in case you were wondering after reading the three previous posts to the parent, Andrew Morton handles much of 2.6. Just in case you didn't get it the third time.

Re:Linus retiring? (0)

Anonymous Coward | more than 10 years ago | (#9238079)

Andrew Morton.

Re:Linus retiring? (0)

Anonymous Coward | more than 10 years ago | (#9238112)

What, like 2.6 and Andrew Morton?

Re:Linus retiring? (0)

Anonymous Coward | more than 10 years ago | (#9238141)

Don't quote me on this, but I think it's going to be Andrew Morton.

Re:Linus retiring? (1)

italiannavigator (769943) | more than 10 years ago | (#9236810)

I think you may be on to something. A man of Linus's talents is not going to remain with one project indefinitely; something else will grab his attention. Also, look at the recent allegations that Linus may not be the real "father" or Linux (I'm not trying to start a flamewar; I don't buy into much of this). Being barraged by stuff like that must get old.

His aim is different (3, Interesting)

lazy_arabica (750133) | more than 10 years ago | (#9236823)

Taken from Linus post (talking about SCO claims) :
People have been pretty good (understatement of the year) at debunking those claims, but the fact is that part of that debunking involved searching kernel mailing list archives from 1992 etc. Not much fun.
I suppose having lawyers read your private mail in order to find some clue about the origine of a piece of code make you a much more careful man.

Re:His aim is different (2, Interesting)

Xzzy (111297) | more than 10 years ago | (#9236881)

LKML is hardly private. Type darn near anything about linux into google and 50% of the results (or more) are going to be hits off that mailing list.

It's gotta be one of the most mirrored lists out there.

Good Idea (3, Insightful)

Anonymous Coward | more than 10 years ago | (#9236662)

Good idea, even if some people will say that SCO scared them into doing it (they say it is a factor, but not the driving reason)

Accounting (4, Insightful)

dimss (457848) | more than 10 years ago | (#9236666)

Over years, Linux development team has become an enterprise. Finally they realised that they need accounting.

Re:Accounting (4, Insightful)

xlyz (695304) | more than 10 years ago | (#9236708)

Over years, Linux development team has become an enterprise. Finally they realised that they need accounting.

now if only the "proprietary" software developer will accept external audit to verify they are not using sources they are not entitled to, we will be all set

Open source has different risks (1)

xyote (598794) | more than 10 years ago | (#9237819)

based on detectability of infringement of IP. Typically patenting something is only useful if usage of it is detectable. Normally you don't have access to source so you have to infer it from behavior and that behavior has to be fairly unique. For example, if all you have is O(log n) and there are ten other algorithms with O(log n) you will have a difficult time making a case for infringement. To say nothing of why you patented something that was not an improvement on existing art.

Not only does having the source make detection of infringement easier, it also makes patenting of otherwise completely indetectable algorithms feasible. Feasible that is if someone (SCO anyone?) can establish a precedent for making money by filing lawsuits against users of open source. This could get really bad given the USPTO's tendency to issue nonsense patents which will really lend themselves to being submarine patents due to their trivialness.

Re:Open source has different risks (0)

Anonymous Coward | more than 10 years ago | (#9238338)

Normally you don't have access to source so you have to infer it from behavior and that behavior has to be fairly unique. For example, if all you have is O(log n) and there are ten other algorithms with O(log n) you will have a difficult time making a case for infringement.

Uh, what?

Have you heard of this little thing called a "disassembler", which lets you examine the inner workings of a program without access to source code?

What disassemblers don't do is make it trivial for you to modify or use the code. They do make it possible for you to see what it does, and that's enough for you to prove what algorithm it's using.

Re:Open source has different risks (1)

xyote (598794) | more than 10 years ago | (#9238610)

I've done that with DOS 1.0. Present kernels are quite a bit larger than that now. I don't know how practical that would be unless you had a pretty good idea where to look. Sometimes that's possible but there wounldn't be any guarantee.

Re:Accounting (1)

cerberusss (660701) | more than 10 years ago | (#9236844)

Well, well mr. know-it-all. If you had bothered to RTFA, you'd see it's just an extra line in the accounting that's called source control.

Re:Accounting (4, Informative)

swillden (191260) | more than 10 years ago | (#9237233)

Over years, Linux development team has become an enterprise. Finally they realised that they need accounting.

Just a clarification: What Linus is doing is making the accountability easier and somewhat more complete, not adding it. As he pointed out in his LKML post, Linux developers have been able to find the origin of every bit of code they've needed to, but the process has been painful and has required a little guesswork, particularly for the oldest stuff.

What he's proposing here is just a slight formalization and elaboration of the process that has been used for years. Currently, if I submit a patch to LKML to fix, say, a VFS bug, it will get poked, prodded and adjusted on the mailing list until people think it's clean and solid. Then the subsystem maintainer (Al Viro, in this case) will pick it up, probably tweak it some more, attach a "From" comment, stating that I am the author and forward it to Linus. Linus will review it, accept it, and his scripts will add my name into the changelog and the CREDITS file.

Since all of this happens on the public, archived, mailing list, there's plenty of accountability, but figuring out the sequence of events requires digging through the archives, and there may not be any obviously ideal search criteria.

Now, Linus wants me to attach my name myself, and to do it in a standardized format so that it's more searchable. Further, he wants everyone else who modifies the patch in any way to add their stamp as well, providing a change history in the patch itself. It's a weak change history, since it doesn't describe what changed, but it provides the starting point for searching the archives.

So, what Linus is asking for isn't so much to create a better accountability trail as it is to make the existing trail easier to follow. It's an ease-of-use optimization.

Well, there is one way in which this is perhaps a significant enhancement, and that is that Linus wants to formally define the legal commitment a contributor makes. In a reasonable world, this should be unnecessary, since if I contribute some code that I don't own, I should be the one held liable for the copyright infringement, not the others who used it in good faith. In the litigious world we live in, however, it's a good idea to formally spell it out, and make clear to everyone that by attaching their name to a patch, they're providing a certain warranty of their right to contribute it.

Re:Accounting (0)

Anonymous Coward | more than 10 years ago | (#9237763)

Yeah, but do they have human resources yet? How about janitors?

Groklaw article (5, Informative)

jadel (746203) | more than 10 years ago | (#9236670)

There is an article on this subject at groklaw [groklaw.net]
It covers more or less the same territory in a bit more depth.

like they didn't have enough to do (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#9236672)

Just say th easter bunny gave it top them
or was it santa?

A Good Thing(tm) (4, Insightful)

Alizarin Erythrosin (457981) | more than 10 years ago | (#9236675)

Anything that prevents the possibility of another SCO-type BS lawsuit is a Good Thing.

Hopefully it can avoid patent issues too. If something goes into Linux and later some company (Microsoft?) files a patent lawsuit, there may be evidence of prior art if the code was "certified" on a certain date.

On the reverse side, it can provide exactly who contributed the code (which can already be done mind you), but this time, they certified it for use, which can possibly cause more legal troubles.

Re:A Good Thing(tm) (2)

colinleroy (592025) | more than 10 years ago | (#9236711)

On the reverse side, it can provide exactly who contributed the code (which can already be done mind you), but this time, they certified it for use, which can possibly cause more legal troubles.

Well, the submitter would certify that he has right to write and submit $patch - (a) or (b) of Linus' certificate example. People touching and applying $patch would certify (c): that the previous hop in the chain certified (a), (b) or (c). They wouldn't verify the original submitter's claims.

Re:A Good Thing(tm) (3, Insightful)

Spoing (152917) | more than 10 years ago | (#9236774)

  1. Anything that prevents the possibility of another SCO-type BS lawsuit is a Good Thing.

Prevent? Nothing will do that short of turning SCO corp. into a legal crater as an example of any other company foolish enough to attempt the same stunt.

The kernel development process is about as public, auditable, and open as I can imagine. (Yes, there are some with better audit controls, though most of those projects are quite private or secret!)

Any code that has substance goes in has a name associated with it in the change log, and historic versions of the kernel are available going back 10+ years. I don't know of any closed commercial application I've ever worked with that can say the same...usually, it's a couple years, major releases (maybe), and forks. That's it!

Re:A Good Thing(tm) (2, Interesting)

Deusy (455433) | more than 10 years ago | (#9238025)

Prevent [another SCO-type BS lawsuit]? Nothing will do that short of turning SCO corp. into a legal crater as an example of any other company foolish enough to attempt the same stunt.

Fortunately SCO and Darl McBride are doing a great job of cratering themselves. Short of turning up and denying the crap SCO is flinging at people, IBM and the like have had to do almost nothing.

Is it only me who gets the impression, lately, that everything SCO does digs their grave a little deeper?

Re:A Good Thing(tm) (1)

Spoing (152917) | more than 10 years ago | (#9239267)

  1. Is it only me who gets the impression, lately, that everything SCO does digs their grave a little deeper?

Agreed...though I'm very puzzled why the stock price is still above the $3 mark (the price when they started this mess about 13 months ago).

Why isn't it at $2 or even lower?

If someone is pumping up the stock price, they can't do it forever...it's got to collapse sometime! (Doesn't it?)

Re:A Good Thing(tm) (1)

iabervon (1971) | more than 10 years ago | (#9238531)

The real point is to make it easier to look up. Proving that Linus wrote the code which SCO claimed to own took a weekend of looking through history and it was only distinctive due to characteristic bugs. The goal with this is to be able to be able to report the entire history of the code back to the original authors of each line by the question and answer section. "But that code was donated by Christopher Hellwig and signed off on by Robert Love. Do you mean to claim that the CEO didn't have the authority to do so?" It's quite beneficial to have the real story worked out while the press is still there.

No Anonymous Code (5, Insightful)

Short Circuit (52384) | more than 10 years ago | (#9236979)

So what happens to people who want to contribute code, but don't want their name attached to it, for various reasons?

  • Such as encryption development in France or China, where unauthorized encryption is illegal, IIRC.
  • Or some employee whose boss wants to own all his creative work, on and off the clock.
  • Or people who simply don't want to take the risk of being unfairly targeted by some software company for writing code that looks vaguely like the company's.
  • Or people who had a great idea, but couldn't possibly know someone else had come up with the idea and copyrighted or patented it.


    IMO, it has its ups and its downs. It allows a greater degree of delegate-the-blame (Good for any large project, Objectively speaking), but it will reduce contributions.

Re:No Anonymous Code (2, Insightful)

Atzanteol (99067) | more than 10 years ago | (#9237172)

Those reasons are pretty good ones to have such a system in place. If you're submitting to the kernel, you should be *sure* there is nothing that can come back and bite you in the ass.

Re:No Anonymous Code (1)

Short Circuit (52384) | more than 10 years ago | (#9237436)

So we're protecting potential developers from themselves? What about people who don't want that protection? Such as political dissidents in China?

Re:No Anonymous Code (1)

Atzanteol (99067) | more than 10 years ago | (#9237732)

Then they don't donate code. I thought that was obvious.

Re:No Anonymous Code (0)

Anonymous Coward | more than 10 years ago | (#9238587)

Simple: Use a pseudonym.

Re:A Good Thing(tm) (2, Funny)

Eccles (932) | more than 10 years ago | (#9237300)

Anything that prevents the possibility of another SCO-type BS lawsuit is a Good Thing.

One horse's head in Darl McBride's bed comin' up!

Re:A Good Thing(tm) (0)

Anonymous Coward | more than 10 years ago | (#9237707)

Hopefully it can avoid patent issues too. If something goes into Linux and later some company ... files a patent lawsuit, there may be evidence of prior art if the code was "certified" on a certain date.

The question with prior art against patents is "what does it do" and "when did it do it publicly". Unlike copyright, prior art against patents usually doesn't care "who wrote it" or "where did they get it". This new certification plan is generally no better at creating prior art than plain old dated submissions. That's not what it's for.

IANYL--GYOGDLYMNO

tracking (5, Interesting)

colinleroy (592025) | more than 10 years ago | (#9236677)

"signing off on patches" that would better track which developers had handled source code contributions.

Linus Torvalds' problem is the fact that, as it is currently easy to find out who commited the patch, and often who provided it (which often appears in Bitkeeper's changelog), the whole submission process can be a blackbox - if I send a patch to alsa subsystem's maintainer, he'll probably apply it to alsa's CVS, maybe someone else will modify this patch, and when included in linux' main tree, only the merge information would appear.

Re:tracking (1)

justsomebody (525308) | more than 10 years ago | (#9236826)

Quite contrary my dear Watson, patches can be traced in colective manner much easier.

Re:tracking (2, Informative)

manWorkSucks (745760) | more than 10 years ago | (#9237163)

Linus' original email [iu.edu] linked further down [slashdot.org] makes clear the intention to track where the code came from start to finish.

Its official then (5, Funny)

Timesprout (579035) | more than 10 years ago | (#9236680)

Patches submitted as AC will no longer be included in the Linux kernel

Re:Its official then (5, Funny)

Anonymous Coward | more than 10 years ago | (#9236699)

Patches submitted as AC will no longer be included in the Linux kernel

Damn, bad news for Alan Cox ...

Re:Its official then (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9236724)

You mean Anal Cocks.

Avoid even the appearance.. (5, Insightful)

hot_Karls_bad_cavern (759797) | more than 10 years ago | (#9236691)

As taught to almost all people taking the moral high-ground, that are in the public eye:

Avoid even the appearance of wrong doing.

Guys, this is a great idea for accountability in the kernel source. In the next round, the "SCO" of that round might not be so blatently stupid and far more sinister. Please watch your code and keep it clean!

Re:Avoid even the appearance.. (4, Interesting)

BinLadenMyHero (688544) | more than 10 years ago | (#9236828)

I wonder if this is in any way related to this [slashdot.org] .

From FSF:
We have just begun a project here at FSF to document and codify our process, so that it can be disseminated in the form of a policy manual and accompanying software, to all other Free Software projects who wish to solidify their legal assembly process. Distilling nearly two decades of organizational know-how into easy-to-understand software and documentation is no easy task, and we will rely greatly on your financial support to aid us in carrying out this momentous task.

Professional Approach coming to Linux ? (5, Interesting)

kbsingh (138659) | more than 10 years ago | (#9236692)

Sounds pretty good. I think Linux needs a basic system of this sort in place as-soon-as-practical. It will bring together a lot of accountability of / for code in the Kernel itself. Plus, it should counter any issue like the SCO created one, in the future.

Another interesting point here seems to be that with this management overhead and the admin work that issue such as this create, how much of time is Linus actually spending with them ? while he might be working with the technical side of things ?

Inspite of all the noise, there are just a handfull of people contributing major code into the Kernel ( would 300 be a fair guess ? ) How are all these admin overheads going to effect their performance ? Also is anyone / everyone expected to research the piles and piles of patenets / copyrights before they make such a declaration ?

This quote says it all (4, Informative)

Henrik S. Hansen (775975) | more than 10 years ago | (#9236702)

I think this quote really says it all about why this is a good idea:

"People who don't understand how I interact with the people I work with literally feel better just having it down more as a documented process," he [Linus] said.

Re:This quote says it all (4, Insightful)

gosand (234100) | more than 10 years ago | (#9236811)

I think this quote really says it all about why this is a good idea: "People who don't understand how I interact with the people I work with literally feel better just having it down more as a documented process," he [Linus] said.

Take my comments with a grain of salt, because I am up to my eyes in process development because we are trying to get CMM Level 2 certification where I work.

I don't see a problem at all with documenting the way things are done. I know a lot of people resist it, but think about it. How hard would it be for Linus to just write down how he does things. You'd be surprised how many times you uncover problems (or potential problems) when you have to write down your processes. Sometimes, you immediately see ways to improve things. If not, then at most you are out a little bit of effort.

But I really think that Linus wants to do this so that when he is on the stand and a SCO attorney asks him how code is added to the kernel, he can just say "RTFM!".

Re:This quote says it all (2, Interesting)

Spoing (152917) | more than 10 years ago | (#9236874)

  1. "People who don't understand how I interact with the people I work with literally feel better just having it down more as a documented process," he [Linus] said.

That's exactly it. Why is it that most of the comments here say "Good...Linux needed more professionalism/riggor/process/...."

I'm Mr Process myself. I ~love~ the SEI-CMM, will quote you hymn and verse from project plans, will dog you if you are sloppy and can't file a defect report on stuff you yourself wrote or if you mis-categorize it. Process is important because it makes people focus on doing the right thing when they don't want to.

OTOH...I've also been following Linux (the kernel) for years and how it is managed. The added test suite is fantastic, as is Linus' stand on using the best tools for the task. Linus and the other core Linux developers are already motivated to do the right thing so adding more formal processes in that don't help with development is not a good thing. It's sad. I have no doubt that this extra layer will not get in the way...so it's not too sad!

I like this bit the best (0, Flamebait)

technomanceraus (653563) | more than 10 years ago | (#9236705)

Hola! This is a request for discussion.. Some of you may have heard of this crazy company called SCO (aka "Smoking Crack Organization") who seem to have a hard time believing that open source works better than their five engineers do. They've apparently made a couple of outlandish claims about where our source code comes from, including claiming to own code that was clearly written by me over a decade ago. You tell em' go linus

[RFD] Explicitly documenting patch submission (4, Informative)

Anonymous Coward | more than 10 years ago | (#9236721)

This [iu.edu] is the e-mail itself, as posted to LKML by Linus - on Sunday, not Saturday.

Posted anonymously to avoid karma whoring.

Re:[RFD] Explicitly documenting patch submission (2, Informative)

jap (24325) | more than 10 years ago | (#9237604)

Um, no, as his message with the original date-header [lkml.org] shows, it was written saturday linustime.

Good Idea (5, Interesting)

Whitecloud (649593) | more than 10 years ago | (#9236722)

This sounds like a good way to ensure accountability on who made what changes, and when they did it. Linus says the SCO debacle "have provided a "big impetus" for the changes", this will make sure similar legal action can be shot down immediately.

Considering all the code [cnn.com] thats [slashdot.org] been leaked [pcworld.com] lately, this is a welcome insurance policy to keep Linux on track as free alternative OS.

Re:Good Idea (1)

Anonymous Bullard (62082) | more than 10 years ago | (#9239018)

Several academic and corporate friends of Linux have legal access to source code from hostile parties (e.g. MS), or simply access to other comparative/competitive code that is either proprietary or semi-open under incompatible license. Someone could probably even "handle" proprietary code that has been leaked illegally

These friendly parties should establish automated processes for line-by-line comparison between all Linux code (and as much major GPL'd code as feasible) and potentially illegal code.

On the other hand FSF and pro-Linux parties should begin lobbying the-powers-that-be for corporate responsibility on the part of the developers of proprietary software. Say, upon releasing a new version of a product, a vendor of proprietary product should be encouraged to perform a line comparison between their application and FSF's bank of GPL'd software. Such certification could be conducted by the vendor itself, FSF or a trusted 3rd party. Heck, the proprietary vendors should establish a neutral bank for their proprietary code for similar purposes; to prevent industrial theft by an unscrupulous competitor or insider.

Such monitoring of proprietary code combined with stricter accountability monitoring on Linux' behalf should help both prevent licensing and illegality issues and help solve them quicker if any should arise.

Source code is the major if not only asset a software vendor has, and yet it seems only OSS developers treat it with the respect their customers/users deserve, i.e. with openness and especially accountability (which should further improve with the suggested measures).

Would such a source bank for proprietary vendors ever be accepted? Could its confidentiality, neutrality and security be guaranteed? Hmmm, maybe proprietary vendors would still prefer to keep their (dark?) secrets to themselves but all available (through licensing or leakage) non-GPL-compatible code should still be compared.

moderation of patches (3, Funny)

millahtime (710421) | more than 10 years ago | (#9236728)

maybe they can put some kind of mod system in for the patches. like /. then those who add patches that aren't coded well could get moded down and have bad karma.

Bad idea... (1, Funny)

mangu (126918) | more than 10 years ago | (#9236800)

Think about the karma-whoring. Checking the relative length of up-moderated comments on /., one realizes that this system would contribute to a lot of "insightful" bloat. On the other hand, are we interested in getting "funny" one-liners?

Re:moderation of patches (1)

magefile (776388) | more than 10 years ago | (#9236937)

But then we'll have Linus and Co deciding they don't need to read patches, leading to Goatse in splash screens everywhere, ASCII/ncurses Goatse in the kernel compiling utilities.

Worse, we'll have the same "Soviet Russia" and "hot grits" patches released over and over!

Details? (3, Insightful)

gpinzone (531794) | more than 10 years ago | (#9236748)

The story is a little light on the details. The change management system they use (I remember hearing it was BitKeeper) ought to log the users who contributed the code automatically. What I'm wondering is if Linus is talking about validating the identity of the contributers. If so, this will prevent any anonymous code contribution. I wonder how many people who work for companies that signed NDAs are contributing code that will no longer be able to do so?

Re:Details? (2, Informative)

hughk (248126) | more than 10 years ago | (#9236878)

I think it is more about having someone say that they own the copyright of the work and have the right to GPL it. It doesn't mean no anonymous contribs, but somebody (one of the people with BK commit access would have to be able to certify it on behalf of the other person so they should knwo the person even if it is never identified publicly.

Re:Details? (1)

gpinzone (531794) | more than 10 years ago | (#9238366)

Guess how fast the person who certifies the anonymous contributor will flip when he/she gets a subpoena from SCO? Like I said, it's the end of anonymous contributions.

Re:Details? (1)

miffo.swe (547642) | more than 10 years ago | (#9237785)

Not many i would presume since its the contributors ass who gets fried and not Linus. To my knowledge most contributors is working with their companys blessing.

Why do I get the feeling.... (4, Insightful)

10Ghz (453478) | more than 10 years ago | (#9236757)

That we will soon see SCO/AdTI press-releases saying "we were right! There are serious problems with the way Linux-hackers handle the code! After all, if there are no problems, why are they taking these steps to correct the situation? This proves once and for all that our claims regarding Linux are true!"

Re:Why do I get the feeling.... (1)

tfbastard (782237) | more than 10 years ago | (#9236883)

And I've got a feeling SCO/AdTI would do the same should Linus decide to tie his shoes differently.

"Look! Linux suffers from clothing-related instabilities, why would Linus Torvalds do something like this unless Linux sucks?"

They're certainly not above it.

Re:Why do I get the feeling.... (4, Insightful)

linuxdoctor (126962) | more than 10 years ago | (#9236899)

The problem is that SCO, Microsoft or any other company have even worse problems.

Unless and until a company has in place a development process that conforms to independent and internationally recognized standards such as ISO-9000 and has been certified as such you have no guarantee that what they are doing conforms to good engineering practices.

The truth is Linux development has always been open. SCO and other private companies keep their development process secret. Who knows what they are hiding behind all that secrecy.

For my money, I'd like to see Linux development conform to ISO-9000.

Re:Why do I get the feeling.... (1)

jejones (115979) | more than 10 years ago | (#9237140)

For my money, I'd like to see Linux development conform to ISO-9000.

Who would volunteer to be the official Linux Stupid Label Guy [dilbert.com] ?

Re:Why do I get the feeling.... (2, Insightful)

pe1rxq (141710) | more than 10 years ago | (#9237146)

Unless and until a company has in place a development process that conforms to independent and internationally recognized standards such as ISO-9000 and has been certified as such you have no guarantee that what they are doing conforms to good engineering practices.

Conforming to the ISO standards is no guarantee at all that a company isn't producing crap... The only thing you know is that they have followed a documented procedure to make crap.

Jeroen

Thread on kerneltrap (4, Informative)

lazy_arabica (750133) | more than 10 years ago | (#9236796)

You may read the lkml thread and Linus post on kerneltrap. [kerneltrap.org]
Just thought it could be interesting...

Re:Thread on kerneltrap (0)

Anonymous Coward | more than 10 years ago | (#9237127)

The only difference between root and God is that I exist.

Which one are you, then?

This sounds good, but ... (1)

magefile (776388) | more than 10 years ago | (#9236964)

Can it run Linux['s development processes]?

I see a parallel... (1, Funny)

IGnatius T Foobar (4328) | more than 10 years ago | (#9237004)

This sounds a lot like the school of thought which suggests that "If you allow yourself to live in fear, then the terrorists have already won."

It isn't much of a stretch to draw a parallel and assert that "If you allow yourself to live in legal paranoia, then SCO has already won."

Google link to full text (1, Informative)

quixoticsycophant (729112) | more than 10 years ago | (#9237013)

text [google.com]

The original thread (3, Informative)

42forty-two42 (532340) | more than 10 years ago | (#9237046)

Here's [google.com] the thread in question.

Hacking attempts (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9237253)

Perhaps this will also help to avoid attempts from hackers to insert backdoors as we have seen recently..

Authentication Process (4, Insightful)

Master Eclipse (782488) | more than 10 years ago | (#9237254)

The authentication needs to be done using GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy). This will prevent anyone in the future from inappropriately placing code in the kernel. These two programs provide an excellent means of determining the authenticity of the author. Moreover, the origins of all code submissions can easily be tracked and catalogued using some open source software some friend of mine and I have been working on. In a nutshell it works like this: Code is received either by FTP, E-mail or (virtually) any other mans. At the end of the encrypted code, the code is signed and encrypted with the writer's key. Each of these keys is kept in a database that contains verified information about the writer. This can include their name, and address, or whatever is appropriate. This database is kept as a public record of which code belongs to whom, and when it was created (or submitted). Think about it... anybody who wants to submit code should not be able to do so anonymously. This stands to reason in light of what has been going on lately with SCO. Moreover, this method looks good to executives who have no idea how software is developed and is a legitimate method of proof. So far as being on the Internet, this project is not right now, some friends of mine and I at the University have been beta testing it and it works wonderfully and is very secure. Thank you for your interest!!!! Any thoughts?

Re:Authentication Process (0)

Anonymous Coward | more than 10 years ago | (#9237308)

So you are talking about using a PKI solution to sign the data, providing identification and integrity. Yes, these systems are ever so slightly common already.

Re:Authentication Process (1)

mike260 (224212) | more than 10 years ago | (#9237578)

Something similar was discussed and rejected by Linus on LKML.
Read the original thread, pointed to by several posters.

Just what I've been on about! (3, Insightful)

Paul Fernhout (109597) | more than 10 years ago | (#9237654)

And it did not attract much interest back then. Maybe now is the time for such a peer-to-peer repository tool with related free licensing affirmations. 2001 posting to gnu.misc.discuss [google.com] and further: second 2001 posting to gnu.misc.discuss [google.com]

Excerpt from the first: So anyway, what do people think? Would such a license management approach with tools, protocols, and standards (ensuring every work received or sent comes with a legally binding machine-readable license and related audit trails for derived works) promote more clearly titled (in a legal sense) free software or would it be the slippery slope to the "right-to-read" future? Without explicit licensing handling, are we just setting the free software or open content communities up for legal challenges down the road as people just try to do their best without such tools? Is trying to automate license handling really that much different (in a bad way) from the current situation of often distributing zip files including both content and license?

Excerpt from the second: This need for a license is especially true for making derived works you plan to redistribute, because here your liability seems highest. If we are to have a lot of free software and free content, based on fine grain collaboration made possible by the internet allowing us to rapidly modify each others works, that is a lot of licenses citing a lot of authors. If these licenses get lost (as in the midi file download example I cited), the content can no longer be considered free. Handling lots of papers is what computers are good at. The less time people need to spend thinking about, negotiating, and managing paperwork and extra files related to free licenses, the more time they can spend making free software and free content.

[RFD] Explicitly documenting patch submission (2, Informative)

Stefan2100 (772829) | more than 10 years ago | (#9237674)

Here is the full posting by Linus and the live comments thread on LWN: [RFD] Explicitly documenting patch submission [lwn.net]

When? (4, Interesting)

miffo.swe (547642) | more than 10 years ago | (#9237837)

Now that the Linux development is totally transparent when will we be able to audit Microsoft, SCO, and other propriarity code for stolen bits and pieces?

We should shout out of the top of our lungs that the propriarity way foster code stealing because no one can audit it.

Re:When? (3, Funny)

vijaya_chandra (618284) | more than 10 years ago | (#9238926)

when MS decides to replace kernel.dll with vmlinuz-2.x.x-xx
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?