Slashdot Mirror
Process Improvements in the Kernel Development
Kalki writes "In an e-mail to the Linux kernel mailing list, sent Saturday, Torvalds proposed that kernel developers begin certifying that the code that they contribute is entitled to be included in the Linux kernel as well as a technique for "signing off on patches" that would better track which developers had handled source code contributions. check this Infoworld story on it."
... track which developers ... :P
So Santa Claus and the Tooth Fairy need not be featured on slashdot
The more organisation and delegation in Linux, the better. With the gains being made using Bitkeeper and this, I feel that Linux will make leaps and bounds in the next year. The things I hope for are better hardware detection and working device drivers for more devices (especially multifunction printers). I think Xandros is getting really close to the way things can be. But then again, I run a Debian CLI install on a Pentium II 350. I guess what I meant to say was, for Linux to gain mass market acceptance, it needs to do everything Windows/OS X does, but better, cheaper and faster.
I hate sigs.
This is very speculative, but this looks like the sort of thing somebody does to ease the transition when they turn something over to another leader. Yeah, it's about a 1:10000 chance that I'm right, but remember you heard it here first...
-JT
Good idea, even if some people will say that SCO scared them into doing it (they say it is a factor, but not the driving reason)
Over years, Linux development team has become an enterprise. Finally they realised that they need accounting.
There is an article on this subject at groklaw
It covers more or less the same territory in a bit more depth.
Anything that prevents the possibility of another SCO-type BS lawsuit is a Good Thing.
Hopefully it can avoid patent issues too. If something goes into Linux and later some company (Microsoft?) files a patent lawsuit, there may be evidence of prior art if the code was "certified" on a certain date.
On the reverse side, it can provide exactly who contributed the code (which can already be done mind you), but this time, they certified it for use, which can possibly cause more legal troubles.
There are only 10 kinds of people in this world... those who understand binary and those who don't
"signing off on patches" that would better track which developers had handled source code contributions.
Linus Torvalds' problem is the fact that, as it is currently easy to find out who commited the patch, and often who provided it (which often appears in Bitkeeper's changelog), the whole submission process can be a blackbox - if I send a patch to alsa subsystem's maintainer, he'll probably apply it to alsa's CVS, maybe someone else will modify this patch, and when included in linux' main tree, only the merge information would appear.
blah
Patches submitted as AC will no longer be included in the Linux kernel
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
As taught to almost all people taking the moral high-ground, that are in the public eye:
Avoid even the appearance of wrong doing.
Guys, this is a great idea for accountability in the kernel source. In the next round, the "SCO" of that round might not be so blatently stupid and far more sinister. Please watch your code and keep it clean!
Sounds pretty good. I think Linux needs a basic system of this sort in place as-soon-as-practical. It will bring together a lot of accountability of / for code in the Kernel itself. Plus, it should counter any issue like the SCO created one, in the future.
Another interesting point here seems to be that with this management overhead and the admin work that issue such as this create, how much of time is Linus actually spending with them ? while he might be working with the technical side of things ?
Inspite of all the noise, there are just a handfull of people contributing major code into the Kernel ( would 300 be a fair guess ? ) How are all these admin overheads going to effect their performance ? Also is anyone / everyone expected to research the piles and piles of patenets / copyrights before they make such a declaration ?
Hola! This is a request for discussion.. Some of you may have heard of this crazy company called SCO (aka "Smoking Crack Organization") who seem to have a hard time believing that open source works better than their five engineers do. They've apparently made a couple of outlandish claims about where our source code comes from, including claiming to own code that was clearly written by me over a decade ago. You tell em' go linus
-= Technomancer =-
This is the e-mail itself, as posted to LKML by Linus - on Sunday, not Saturday.
Posted anonymously to avoid karma whoring.
Considering all the code thats been leaked lately, this is a welcome insurance policy to keep Linux on track as free alternative OS.
Do you need a website upgrade?
Here's the post discussed in the article.
maybe they can put some kind of mod system in for the patches. like /. then those who add patches that aren't coded well could get moded down and have bad karma.
Evolution or ID?
The story is a little light on the details. The change management system they use (I remember hearing it was BitKeeper) ought to log the users who contributed the code automatically. What I'm wondering is if Linus is talking about validating the identity of the contributers. If so, this will prevent any anonymous code contribution. I wonder how many people who work for companies that signed NDAs are contributing code that will no longer be able to do so?
That we will soon see SCO/AdTI press-releases saying "we were right! There are serious problems with the way Linux-hackers handle the code! After all, if there are no problems, why are they taking these steps to correct the situation? This proves once and for all that our claims regarding Linux are true!"
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
You may read the lkml thread and Linus post on kerneltrap.
Just thought it could be interesting...
Think about the karma-whoring. Checking the relative length of up-moderated comments on /., one realizes that this system would contribute to a lot of "insightful" bloat. On the other hand, are we interested in getting "funny" one-liners?
Can it run Linux['s development processes]?
IMO, it has its ups and its downs. It allows a greater degree of delegate-the-blame (Good for any large project, Objectively speaking), but it will reduce contributions.
tasks(723) drafts(105) languages(484) examples(29106)
This sounds a lot like the school of thought which suggests that "If you allow yourself to live in fear, then the terrorists have already won."
It isn't much of a stretch to draw a parallel and assert that "If you allow yourself to live in legal paranoia, then SCO has already won."
Tired of FB/Google censorship? Visit UNCENSORED!
text
Rubbish. GNOME wipes the floor with OSX? You're mad. KDE comes close, if set up right (i.e. if redhat haven't been anywhere near it), but GNOME????
Here's the thread in question.
Perhaps this will also help to avoid attempts from hackers to insert backdoors as we have seen recently..
The authentication needs to be done using GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy). This will prevent anyone in the future from inappropriately placing code in the kernel. These two programs provide an excellent means of determining the authenticity of the author. Moreover, the origins of all code submissions can easily be tracked and catalogued using some open source software some friend of mine and I have been working on. In a nutshell it works like this: Code is received either by FTP, E-mail or (virtually) any other mans. At the end of the encrypted code, the code is signed and encrypted with the writer's key. Each of these keys is kept in a database that contains verified information about the writer. This can include their name, and address, or whatever is appropriate. This database is kept as a public record of which code belongs to whom, and when it was created (or submitted). Think about it... anybody who wants to submit code should not be able to do so anonymously. This stands to reason in light of what has been going on lately with SCO. Moreover, this method looks good to executives who have no idea how software is developed and is a legitimate method of proof. So far as being on the Internet, this project is not right now, some friends of mine and I at the University have been beta testing it and it works wonderfully and is very secure. Thank you for your interest!!!! Any thoughts?
Rubbish. GNOME wipes the floor with OSX? You're mad. KDE comes close, if set up right (i.e. if redhat haven't been anywhere near it), but GNOME????
So true. I'm running KDE on Fedora Core 2 and it is simply a dog (1.2MHz uP). I don't know what RedHat has done to KDE, but the diference between it and KDE on other distros is stark!
However, I have no idea which way to go from here. Buck up and learn to stomach Gnome? Find a distro that is more KDE-centric? Fedora still seems to be the best at supplying recent packages and easy server setup.
Excerpt from the first: So anyway, what do people think? Would such a license management approach with tools, protocols, and standards (ensuring every work received or sent comes with a legally binding machine-readable license and related audit trails for derived works) promote more clearly titled (in a legal sense) free software or would it be the slippery slope to the "right-to-read" future? Without explicit licensing handling, are we just setting the free software or open content communities up for legal challenges down the road as people just try to do their best without such tools? Is trying to automate license handling really that much different (in a bad way) from the current situation of often distributing zip files including both content and license?
Excerpt from the second: This need for a license is especially true for making derived works you plan to redistribute, because here your liability seems highest. If we are to have a lot of free software and free content, based on fine grain collaboration made possible by the internet allowing us to rapidly modify each others works, that is a lot of licenses citing a lot of authors. If these licenses get lost (as in the midi file download example I cited), the content can no longer be considered free. Handling lots of papers is what computers are good at. The less time people need to spend thinking about, negotiating, and managing paperwork and extra files related to free licenses, the more time they can spend making free software and free content.
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Here is the full posting by Linus and the live comments thread on LWN: [RFD] Explicitly documenting patch submission
Stefan2100 (http://knowledgebusinessreview.net/)
based on detectability of infringement of IP. Typically patenting something is only useful if usage of it is detectable. Normally you don't have access to source so you have to infer it from behavior and that behavior has to be fairly unique. For example, if all you have is O(log n) and there are ten other algorithms with O(log n) you will have a difficult time making a case for infringement. To say nothing of why you patented something that was not an improvement on existing art.
Not only does having the source make detection of infringement easier, it also makes patenting of otherwise completely indetectable algorithms feasible. Feasible that is if someone (SCO anyone?) can establish a precedent for making money by filing lawsuits against users of open source. This could get really bad given the USPTO's tendency to issue nonsense patents which will really lend themselves to being submarine patents due to their trivialness.
Now that the Linux development is totally transparent when will we be able to audit Microsoft, SCO, and other propriarity code for stolen bits and pieces?
We should shout out of the top of our lungs that the propriarity way foster code stealing because no one can audit it.
HTTP/1.1 400
there is no "development tree" at the moment. the 2.6 kernel tree is being managed by Linus. Andrew Morton is not yet in complete charge of it. development tree will be 2.7.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
And I wonder why the submitter didn't think to link to the same story on Groklaw!
Go figure?
Do companies like Microsoft or Sun make Developers certify that the code they submit in a particular check-in isn't "borrowed" from GPL'd or other open source stuff?
Seems Linux is well ahead of professional organizations in this respect.
I think the main problem with Fedora and/or Redhat and maybe other distros is that they still produce binaries thinking on a i386.
errera hunamum ets
I'm not sure, but I think the Debian project compiles x86-32 packages for i686.
tasks(723) drafts(105) languages(484) examples(29106)
Not quite. The -march flags in gcc will change the ABI so that the programs can only run on that (or better) cpus. Debian compiles with the -mcpu flags which organizes intruction to be nice to certain processors (align on WORD boundaries and whatnot) without actually breaking the support for lower processors. Debian will still boot on a true 386 machine, but you'd have to be a masochist to want that.
The sheer number of significant changes the kernel team is making between releases is amazing. Not bad for amateurs. Legal matters go with the territory however. It is a measure of the fear Linux has created in the industry. I used to think ESR's rhetoric about Linux winning the OS war through sheer numbers was wrong. Not anymore. The constancy of the effort is also amazing. It is very satisfying to be able to download a vanilla kernel to my Gentoo system, build it for my configuration and watch the machine run perfectly.
an ill wind that blows no good