Slashdot Mirror


Process Improvements in the Kernel Development

Kalki writes "In an e-mail to the Linux kernel mailing list, sent Saturday, Torvalds proposed that kernel developers begin certifying that the code that they contribute is entitled to be included in the Linux kernel as well as a technique for "signing off on patches" that would better track which developers had handled source code contributions. check this Infoworld story on it."

11 of 124 comments (clear)

  1. Accounting by dimss · · Score: 4, Insightful

    Over years, Linux development team has become an enterprise. Finally they realised that they need accounting.

    1. Re:Accounting by xlyz · · Score: 4, Insightful

      Over years, Linux development team has become an enterprise. Finally they realised that they need accounting.

      now if only the "proprietary" software developer will accept external audit to verify they are not using sources they are not entitled to, we will be all set

  2. A Good Thing(tm) by Alizarin+Erythrosin · · Score: 4, Insightful

    Anything that prevents the possibility of another SCO-type BS lawsuit is a Good Thing.

    Hopefully it can avoid patent issues too. If something goes into Linux and later some company (Microsoft?) files a patent lawsuit, there may be evidence of prior art if the code was "certified" on a certain date.

    On the reverse side, it can provide exactly who contributed the code (which can already be done mind you), but this time, they certified it for use, which can possibly cause more legal troubles.

    --
    There are only 10 kinds of people in this world... those who understand binary and those who don't
  3. Avoid even the appearance.. by hot_Karls_bad_cavern · · Score: 5, Insightful

    As taught to almost all people taking the moral high-ground, that are in the public eye:

    Avoid even the appearance of wrong doing.

    Guys, this is a great idea for accountability in the kernel source. In the next round, the "SCO" of that round might not be so blatently stupid and far more sinister. Please watch your code and keep it clean!

  4. Why do I get the feeling.... by 10Ghz · · Score: 4, Insightful

    That we will soon see SCO/AdTI press-releases saying "we were right! There are serious problems with the way Linux-hackers handle the code! After all, if there are no problems, why are they taking these steps to correct the situation? This proves once and for all that our claims regarding Linux are true!"

    --
    Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
    1. Re:Why do I get the feeling.... by linuxdoctor · · Score: 4, Insightful
      The problem is that SCO, Microsoft or any other company have even worse problems.

      Unless and until a company has in place a development process that conforms to independent and internationally recognized standards such as ISO-9000 and has been certified as such you have no guarantee that what they are doing conforms to good engineering practices.

      The truth is Linux development has always been open. SCO and other private companies keep their development process secret. Who knows what they are hiding behind all that secrecy.

      For my money, I'd like to see Linux development conform to ISO-9000.

  5. Re:This quote says it all by gosand · · Score: 4, Insightful
    I think this quote really says it all about why this is a good idea: "People who don't understand how I interact with the people I work with literally feel better just having it down more as a documented process," he [Linus] said.

    Take my comments with a grain of salt, because I am up to my eyes in process development because we are trying to get CMM Level 2 certification where I work.

    I don't see a problem at all with documenting the way things are done. I know a lot of people resist it, but think about it. How hard would it be for Linus to just write down how he does things. You'd be surprised how many times you uncover problems (or potential problems) when you have to write down your processes. Sometimes, you immediately see ways to improve things. If not, then at most you are out a little bit of effort.

    But I really think that Linus wants to do this so that when he is on the stand and a SCO attorney asks him how code is added to the kernel, he can just say "RTFM!".

    --

    My beliefs do not require that you agree with them.

  6. No Anonymous Code by Short+Circuit · · Score: 5, Insightful
    So what happens to people who want to contribute code, but don't want their name attached to it, for various reasons?

    • Such as encryption development in France or China, where unauthorized encryption is illegal, IIRC.
    • Or some employee whose boss wants to own all his creative work, on and off the clock.
    • Or people who simply don't want to take the risk of being unfairly targeted by some software company for writing code that looks vaguely like the company's.
    • Or people who had a great idea, but couldn't possibly know someone else had come up with the idea and copyrighted or patented it.


      IMO, it has its ups and its downs. It allows a greater degree of delegate-the-blame (Good for any large project, Objectively speaking), but it will reduce contributions.
    1. Re:No Anonymous Code by sweede · · Score: 4, Insightful

      This is the whole idea of the accountability thing.

      If you live in china or where ever and dont want to get in trouble for writing encryption code, DONT. I mean how hard is that? If you choose to do something illegal you SHOULD be accountable for your actions and any repercussions from those actions. You probably bitch and moan on how you where going just "5mph" over the speed limit when you get pulled over for doing 50 in a 30 or complain that you were going around the block and didnt need a seatbelt.

      If you sign a contract for work that says your employer owns all of the work you do during non-work hours, you should of read it first. If you did and you signed it anyways, dont bitch about having to give up everything you write.

      If a closed source company tries to sue you for thinking that your code is close to theirs, you must ask yourself, how much water does their claim hold if there is no way you can view the sources? in a court case, you, the defense has a right to see their evidence against you, and the code that you are infringing on. You do have rights you know. This is easily solved by saying "whoops, I didnt know and i'll change/remove, show me which lines". Again, this is taking responsibility for your own actions. why do people think they can do things and not take any responsability for it? Worse yet, what if you where the project maintainer? since no one signed the code and now you submitted it, your name is on it and you are in trouble.

      this last one is just stupid,
      "Or people who had a great idea, but couldn't possibly know someone else had come up with the idea and copyrighted or patented it."

      What about having a great idea, not doing jack about it, then 3 years later some company does the same thing and makes a mint from it? What can you do about it then?
      you: "hey that was my idea 3 years ago and your violating GPL"
      them: "oh ya, wheres your proof"
      you: "oh right, i have none"

      If you have a great idea that might or might not be copyrighted or patended and your too lazy to search around to see if it actually is, you shouldn't be contributing code to any project.

      I guess the only downside that i can think of is that it holds people to take responsibility for what they do.

      damn, I forget that's horrible!

      --
      I follow the SDK and GDN principles.. Spelling Dont Kount, Grammer Dont Neither
  7. Authentication Process by Master+Eclipse · · Score: 4, Insightful

    The authentication needs to be done using GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy). This will prevent anyone in the future from inappropriately placing code in the kernel. These two programs provide an excellent means of determining the authenticity of the author. Moreover, the origins of all code submissions can easily be tracked and catalogued using some open source software some friend of mine and I have been working on. In a nutshell it works like this: Code is received either by FTP, E-mail or (virtually) any other mans. At the end of the encrypted code, the code is signed and encrypted with the writer's key. Each of these keys is kept in a database that contains verified information about the writer. This can include their name, and address, or whatever is appropriate. This database is kept as a public record of which code belongs to whom, and when it was created (or submitted). Think about it... anybody who wants to submit code should not be able to do so anonymously. This stands to reason in light of what has been going on lately with SCO. Moreover, this method looks good to executives who have no idea how software is developed and is a legitimate method of proof. So far as being on the Internet, this project is not right now, some friends of mine and I at the University have been beta testing it and it works wonderfully and is very secure. Thank you for your interest!!!! Any thoughts?

  8. Re:heheh by drooling-dog · · Score: 4, Insightful
    .... and Linux joined the world of professional software development!! =)

    I hope not, since the "unprofessional" model has worked so well (and I'm not being sarcastic). This is more an acknowledgement that GNU/Linux is swimming in dangerous waters, and has enemies with money to burn. Even though SCO's claims have apparently turned out to be lame, you have to assume that intellectual property traps are being set left and right.