Slashdot Mirror
Usenix President - Linux Needs Better Paper Trail
Anonymous Coward writes "Usenix Association president Marshall Kirk McKusick is a veteran of BSD's intellectual property scuffle with AT&T in the 1990s, and he's got some thoughts and advice for the keepers of the Linux kernel going forward, commenting: 'There isn't a well-documented ownership trail with Linux. So, they have opened themselves up to a swamp of 'he said-she said' about where code came from'."
Dating back to when linux (the kernel) didn't even have a version number, code was always attributed to where it came from. I'm sure everyone is familiar with at least the changelog and its attributions. And of course actual comments with names and email addresses are all over the sourcecode itself.
/. in The Mysterious Future!) In the unlikely event of SCO ever saying which lines are thiers, we may end up with the interesting situation where a Caldera/SCO employee put them there - and get to slap SCO for abusing the legal system.
Now, Mr. McKusick might have a partial point. Its entirely possible that some gremlin over at Caldera took a bunch of SCO's 'Intelectual' Property and threw it into the main kernel under the GPL. In which case once the lines of code are actually identified, I suspect we will know who contributed them in under 20 minutes (10 minutes of which will be the article sitting on
In any event, I'd be willing to put money on Linux's source code source documentation beating SCO's out any day of the week.
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
http://news.com.com/Linux+contributors+face+new+ru les/2100-7344_3-5218724.html?tag=nefd.top
I wrote it, the whole thing. Linus was my roomate at the time, he took credit for all of it. I was the one that worked with Santa Claus and the tooth fairy to develop it, not Linus! Problem solved.
I boycott signatures
About a thousand geeks just simutaneously
wondered what the hell paper is.
Oddly enough, all of those thousand geeks could tell you what a scroll is.
There's nothing Intelligent about Intelligent Design.
Maybe Mr. McKusick should have read this earlier post about how Linus is already on top of it. Can someone mark this story as redundant?
It's not like this is some surprising new insight, see another article posted today: here.
Is intended to allow the developers of Linux, as well as the various UNI*es, to register and tell what they know of their own roles, as well as the development of each feature of each version of UNIX flavored operating system. Stay tuned to Groklaw for the official announcement...we're working on getting the site up within the next couple of days.
Site's a little slow already (darn subscribers), so here's a Mirror.
Note: This doesn't mean I agree with this crap. As a coder, I can certainly understand their wanting to write code more than document everything. Really, shouldn't CVS logs be as much "proof" you wrote it as you need? It's far more work to try to fake writing it by changing other's code, than it is to just do the work itself.
Ehh. Linux /always/ had a version number. Since day one, with v0.01, back in 1991.
Uh, this must be a typo. Linux developers arguing over the source for changes would always be; "he said-he said - then they got into a hissy fit hair-pulling fight"
Glad I could clear that up.
I guess, in the spirit of the GNU GPL, they'll have to come up with something, call it the FDA - a "Full Disclosure Agreement" that you *must* sign before contributing code, stating that you WILL tell everybody about the project and publish your code contribution, sort of a bizarro-world NDA.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Isn't the whole purpose of GPL that no-one can "own" any of the code?
What's wrong with how it's documented now? It just seems like some people want a system in place to enable them more accurate blame a particular person or involved party. Some people also seem to want a better documenting system in order to be able to better defend against copyright and or patent infringement allegations.
I feel that having to deal with an issue like this dimishes the free flowing spirit of open source. Time and energy may be better spent attempting to get governments to legislate exemptions for open source users. Heretical you say? No, I say, and here's why: from time to time we see things that lose trademark/copyright status because they have become generic and an integral part of a society. Now why can't the same concept apply to open source as it pertains to copyrights and patents?
From what I've seen ownership never becomes a problem until large amounts of money become involved or until one group attempts to sandbag another group based upon their ownership. Since this is the open source community, most commonly under the GPL license, there is no worry about this sandbagging unless someone attempts to take a fork and make it commercial.
Is this where the need for a paper trail comes in? Suppose someone takes the kernel and starts their own independent development on it. Hypothetically, in five years, they could rewrite or replace over 50% of the kernel with their own code. From what I understand the GPL license requires that any code that it becomes part of must also be GPL. If the total code package is several million lines, however, who is going to pay to subpoena the source code for a commerical product to prove that it was indeed started from a GPL/open source project? Who will pay to have the code audited and what prevents a potentially unscrupulous commerical entity from playing mix and match with subroutines so carefully that the resulting audit would take more time to arrange properly that to actually audit the lines one by one?
I suppose, in this case, the paper trail wouldn't make a darn bit of difference. The paper trail isn't going to make it any easier to subpoena source code from a commercial entity if they're stonewalling.
Enter my tin-foil argument that Windows9x/2x is nothing more than badly mangled Linux and a customized window manager built with a crytpically designed compiler--but no one ever gets to see the source code so they'll never be able to prove it.
+++ATHZ 99:5:80
Ok, so if I hypothetically had this idea to include a few lines into the kernel...I managed to slip a couple of lines of code into a "thank you" postcard to Linus eons ago. After reading it, he thought it was utter rubbish and tossed it away.
Actually, he was so pissed off about the whole stupidity that it motivated him to stay up an extra two hours hacking away. So technically, some of his code should be attributed to me, right?
Much like how some of that code should be credited to Pizza Hut, Starbucks, and a few different candy bars. So where's the documentation on that?
All the changelogs, the comments, and any other bits of documentation aren't enough. Where's the credit to the pizza delivery guy? He helped develop some of that code! Ingrates, I tell ya.
Slashdot: Process Improvements Wasn't Linus just talking about authors signing kernel submissions?
they have opened themselves up to a swamp of 'he said-she said' about where code came from.
He said "If I tell you, i'd have to kill you".
- "My name is Legion, for we are many" -Mark 5:9
Also, I would imagine that pretty much every kernel code submission is traceable to it's submitter. As far as I know, every specific line of code that has been brought up by SCO has been tracked down and attributed to it's submitter. Beyond that, there's really no way for BSD, Linux or anybody else to _know_ that the person submitting a patch really owns the copyright to it, or is acting as an authorized agent of their employer who owns the copyright to it. At some point, there is good faith. Yes, a well-documented paper trail would be nice, but requiring patch submitters to submit signed documentation with their patches would place an immense administrative burden on somebody, and it wouldn't prove that no copyright infringement has occurred, it would just blame-shift to whoever submitted the patch. I don't think that would legally remove the possibility that an unscrupulous company could go fishing for damages, a la SCO. It would also effectively remove the bazaar-like openness that Linux has, in contrast with more closed, insular projects with their rigid committer lists and uberpolitical machinations (XFree86 anyone?).
But I guess from a PR perspective this guy has a good point. Having some big pile of papers to point to and say "look, this documents that all contributers have copyright to their patches, and every line of code is accounted for" - this might help dissuade outrageous claims like SCOs and allay the fears of the business community, which likes to know that there are reams of bureaucratic documentation proving that the code is clean.
Isn't that sort of like trying to trace the sources of popular fables after years of circulation? I agree that for any new module, the author information should be included. For existing modules, however, trying to figure that out is gonna be really hard. Except for the guy that has the patent on the blinking cursor, and other places where a clear intent to earn $ was present from the get-go. Unlike SCO, which seems to only care since Linux became^H^H^H^H^H^H started looking like a threat to UNIX.
stuff |
How many closed source companies copy code from various places? I would say open source is the least likely place people will do this considering how easy it is to get caught.
Anyone out there have personal knowledge?
Your link is broken.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
You know, I suspect they've already discovered copied code...by a Caldera employee. Possibly even with written permission on file.
But the point of their lawsuit is to prove that at least some of the code in Linux came from SCO's IP through IBM. They're damned sure not to point out any pasting they did. It would point to an apparent flaw in their logic.
(And whether that flaw is really a flaw, and not a dynamic company changing its policies, is a subject for another debate. But I won't represent them.)
tasks(723) drafts(105) languages(484) examples(29106)
The changelog is insufficient documentation. It contains vague attributions that something changed somewhere in the code. It isn't specific as to what lines of code changed. Later, when you go back and try to find where a set of lines came from, a changelog doesn't help much.
With a source code control system, you know that so and so added on such and such a date. You can then go to that person and ask them where they got it from if there's ever any question.
In the BSD world (I do a lot with FreeBSD), this has come in very handy when code disputes come up. Being able to talk to the actual people that inserted the code into FreeBSD has helped to clear up what otherwise might have been viewed as something improper.
I've tried to do similar things with versions of linux in the past, only to discover that I could, at best, find what version they came into the tree at, and who collected the patch and sent it to Linus. I wasn't able to track it further without searching public mailing lists for the information (with mixed results).
while you might believe that it will take 20 minutes to identify the code in question, my guess is that's overly optimistic, unless the code in question was contributed since bk. It usually takes me at least 5 minutes to find out where code comes from in FreeBSD when there's a question, and cvs annotate makes the process *MUCH* faster.
I'm not sure I'd disagree with your comments about SCO being able to come up with where the code came from relative to Linux.
Don't they have the email address and identity of the person who submitted it originally to the linux kernel mailing list?
As long as the maintainers made a good faith effort to get a name and contact information for each contributor, not just a hotmail address or something, I don't see where the problem lies.
In fact, if there weren't strong copyright laws protecting the copyright holder of the code, then the GPL would be useless.
Here is the breakdown. The GPL is a license. A license is permission to do something you would normally not be allowed to do. IN this case, copyright laws expressly forbid anyone other then the copyright holder ("owner") from distributing or publishing the code. (with a few exceptions for fair use, etc...) Now, in order to use that code, the copyright holder has to grant you permission. In this case, the GPL is the grant of permission. The author says, "so long as you abide by the terms of the GPL, you have my permission to use my code." The GPL explains all of this in its preamble. You should read it sometime.
http://news.com.com/Linux+contributors+face+new+ru les/2100-7344_3-5218724.html?tag=nefd.top
When someone submits a potential change to Linux, what mechanisms are in place to verify that the submission is not copyrighted material? Also, what mechanisms are there to eliminate a copyright infringement once one is discovered?
for the s7ate of And its long term [goat.cx]
Right. The link text makes no sense, and the link points to the wrong site. Even the goatse.cx trolls are going downhill these days.
Great. First racial profiling, then TIA, then USA-PATRIOT, now this. What's happening these days is Truly Scary.
Paper? What's paper?
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
It actually is inaccurate to call what the GPL grants you a "right." A right can only be granted to you by a sovern governmental entity, or God. The GPL only grants you permission to share code, modify, fork, etc... Now, that permission comes with the promise that they will never be modified. That, combined with the reality of the hodgepodge of copyright ownership all mixed into a program all work to make it near impossible to revoke that promise; but it is still, nonetheless, a promise.
That we should call this Unix-like operating system Linux.
Get a free ipod.
The FSF has been covering their/our asses on this kind of stuff for years.
We all know Linux hasn't been in any sort of a version control system since version 2.2 after which the issues started alledgedly creeping up.
Marxist evolution is just N generations away!
Sell it to the highest bidder. The only function of government is to guarantee private property (and wage war on selected enemies). By securing Linux in private hands we can guarentee that it will be judged fairly in the marketplace.
Linux Kernel Submission Process Revised and Tightened
Kirk has been involved with FreeBSD since forever and knows damn well that FreeBSD isn't documenting where code contributions come from any differently than Linux is.
Yes, it's an important topic, but Kirk choosing Linux as his example is just plain wacko.
In the end ? I like to think there's no time like the present.
Meanwhile, SCOX is down to 4.74 today. Volume is about a third of the 3-month average; they're falling off the investment radar. IBM's latest set of legal moves put SCO in worst shape than they've been since the litigation started. SCO has an earnings call and webcast on June 2. Tune in and hear Darl try to talk his way out of this one.
'There isn't a well-documented ownership trail with Linux. So, they have opened themselves up to a swamp of 'he said-she said' about where code came from'
So what? There is a basic flaw in this argument! In the USA anyway, you are presumed innocent until proven guilty. Anybody alleging that source was stolen and placed into Linux must prove that source code:
a. existed somewhere prior to being placed into Linux
b. was stolen, not just happens to resemble code that might have been developed independently by someone else
In short, there should be no burden of proof on Linux's part to prove that the source was not stolen; the burden of proof must be on the accuser to prove that the source was stolen!
Knowing who submitted exactly which piece of code to Linux will not drain the swamp of 'he said-she said' about where code came from'. In fact, it will make it a lot worse. Consider: company A claims that some portion of Linux source, submitted by person B, was stolen. Person B had business dealings with company A prior to or during the time that the source was submitted. Company A will say that this proves the source was stolen from them since person B obviously had opportunity! They will claim this even if person B had dealings totally unrelated to software within company A.
It's very easy to document where code did come from. But it's virtually impossible (if not 100% impossible!) to document that code did not come from any commercial source. By definition, to "prove" that any given piece of code didn't come from a commercial source, you'd have to take every single piece of commercial source code written up to and including the day of the disputed source's release, and grep it.
Honey, I shrunk the Cygwin
Was this not one of the reasons the GNU project wanted copyright assigned to it?
>A right can only be granted to you by a sovern governmental entity, or God.
Huh? You carp about inaccuracy and then, in the next breath, you misspell "sovereign" (assuming that is what you meant) and talk about God granting you rights?
In the commercial world, you have change numbers which link to a documentation trail which shows who implemented something and why and who approved it. Linus is trying at least to improve the code provenance by looking at a certification chain between the patch generator, the maintainer and eventually Linus as release manager. Unfortunately, it still looks like a hunt through LKML for the documentation as you suggest.
See my journal, I write things there
This is why the old 4-clause bsd license enforced the notion of not being able to remove the copyright notice itself, and always giving credit for authorship of the code, plus the normal lack of warranty bits. RMS has quotes on the internet and his fsf.org site about this, and to summarize he says that it is too much of a burden to mark the names of each and every contributor to the code. This is just the way the GPL assymilates code, and makes it stink. Marshal is probably right about this since he was at the CSRG when BSD came under the gun about att code infringment..
It isn't a lie if you belive it.
"Isn't Linux documented in this way?
McKusick: Up until fairly recently, Linus [Linus Torvalds, the creator of the Linux kernel] didn't believe in source code control systems. My understanding is that he felt that the source code on his machine was the master source --he knew where everything came from -- and you didn't need to use source code control because he had centralized control."
He (might) know where everything comes from, but does he know where all the forwarders get their code from? (be it either: their brain, their team at work, text books, leaked code, etc...)
Just because a corporation has a SourceSafe system doesn't mean people actually enter into the comments when they steal GPL'd code.
Stoned Beaver might have been an allusion to the Tooth Fairy. Linus was REALLY trying to let the proverbial paternity cat out of the bag. Them Alexis folks were just a bit slow on the uptake, that's all.
Grandparent has a hotmale.com account. Says it all.
At least for patch submissions anyway. new patch submissions It's going to take a while to integrate full blown political ass-covering into the linux kernel process -- if that's even what the developers/Linux want. Adding too much of that stuff eventually makes it hard to even fart without signing-off on a dozen "TPS reports" first. Good luck guys.
boycott slashdot February 10th - 17th check out: altSlashdot.org
Linus has already acted.
Date: Sun, 23 May 2004 06:48:09 GMT
From: Linus Torvalds <torvalds@osdl.org>
To: Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: [RFD] Explicitly documenting patch submission
Hola!
This is a request for discussion..
Some of you may have heard of this crazy company called SCO (aka "Smoking
Crack Organization") who seem to have a hard time believing that open
source works better than their five engineers do. They've apparently made
a couple of outlandish claims about where our source code comes from,
including claiming to own code that was clearly written by me over a
decade ago.
People have been pretty good (understatement of the year) at debunking
those claims, but the fact is that part of that debunking involved
searching kernel mailing list archives from 1992 etc. Not much fun.
For example, in the case of "ctype.h", what made it so clear that it was
original work was the horrible bugs it contained originally, and since we
obviously don't do bugs any more (right?), we should probably plan on
having other ways to document the origin of the code.
So, to avoid these kinds of issues ten years from now, I'm suggesting that
we put in more of a process to explicitly document not only where a patch
comes from (which we do actually already document pretty well in the
changelogs), but the path it came through.
Why the full path, and not just originator?
These days, most of the patches in the kernel don't actually get sent
directly to me. That not just wouldn't scale, but the fact is, there's a
lot of subsystems I have no clue about, and thus no way of judging how
good the patch is. So I end up seeing mostly the maintainers of the
subsystem, and when a bug happens, what I want to see is the maintainer
name, not a random developer who I don't even know if he is active any
more. So at least for me, the _chain_ is actually mostly more important
than the actual originator.
There is also another issue, namely the fact than when I (or anybody else,
for that matter) get an emailed patch, the only thing I can see directly
is the sender information, and that's the part I trust. When Andrew sends
me a patch, I trust it because it comes from him - even if the original
author may be somebody I don't know. So the _path_ the patch came in
through actually documents that chain of trust - we all tend to know the
"next hop", but we do _not_ necessarily have direct knowledge of the full
chain.
So what I'm suggesting is that we start "signing off" on patches, to show
the path it has come through, and to document that chain of trust. It
also allows middle parties to edit the patch without somehow "losing"
their names - quite often the patch that reaches the final kernel is not
exactly the same as the original one, as it has gone through a few layers
of people.
The plan is to make this very light-weight, and to fit in with how we
already pass patches around - just add the sign-off to the end of the
explanation part of the patch. That sign-off would be just a single line
at the end (possibly after _other_ peoples sign-offs), saying:
Signed-off-by: Random J Developer <random@developer.org>
To keep the rules as simple as possible, and yet making it clear what it
means to sign off on the patch, I've been discussing a "Developer's
Certificate of Origin" with a random collection of other kernel
developers (mainly subsystem maintainers). This would basically be what
a developer (or a maintainer that passes through a patch) signs up for
when he signs off, so that the downstream (upstream?) developers know
that it's all ok:
Developer's Certificate of Origin 1.0
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the
It's out now!
GrokLine
Groklaw story on Grokline
No matter how convoluted the system you propose to "track" this stuff, it will *always* come down to whether you beleive or can trust "the first order contributer".
If we knew where every last keystroke came from, there would still be the "bob is lying, that keystroke didn't come from him, he stole it from his bos/frind/company/disassembly-fo-windows or whatever. Or worse, he typed in the code but he got the idea from watching the wonderful-world-of-Disny while reading Cryptonomicon so Eisner and Stephensen are the inventors and deserve X in consideration.
Many jobs worth doing are only worth doing to a certian standard of completeness. The problem with the porely-named Intellectual Property domain is that, reguardless of whether ideas want to be free or $40 a barrel, the boundary and origin of all ideas is undocumented-bastardary at best.
All works of any creative mind are, at least in part, stolen from the fertile field of experience.
There is no fixing that, and the supposition that all the progenitors of what came before do *NOT*, a-prioria, deserve recognition and a stake.
Turning the provenance of each line of code into a preverse kind of Oscal(tm) acceptance speach *still* wont insure that someone isn't slighted somewhere.
"I'd like to thank the academy, and my third grade comp-sci teacher for this for-loop, without them I would have never understood that pre-increment saves a temporary. And of course a shout-out to the CPU manufacturer, without whom I'd have never had a chance at direct increment of non-register memory. And of course my Mom, who never let me leave the table without eating all my peas; if it weren't for her I'd have never learned the value of bounds-checking in the completion of a problem domian. I know I'm forgetting someone, but you have all been so wonderful..." -- Rob White, Linux Kernel 6.2 Changelog for kernel.c line 722.
NOTE: The Above attribution is Under Dispute from the GCC board of optimizers for failure to credit the optimizing community's efforts in envisioning the need for loop unroling and the value of peep-hole allocation of registers...
Really, how bad does "intellectual property" have to get before people get it into their heads that the Founding Fathers *DID* understand that you cannot own an idea. The absence of computer science from their accumen doesn't mean that these topics are sacrocant, wholly new, and innumerable to that prior understanding.
Clue please people...
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
I'm sure this is already done but why not make an actual paper log of the code ? I realize that it is quite long, maybe a few lines or four or more. How about putting it on cd and then archiving it to a library? What about actually publishing the code? Every year or new version or sub-version a new book is published or cd is written.
r u%20les/2100-7344_3-5218724.html?tag=nefd.top) to an extent. I don't like people wasting their time when productive lines of code can be written.
Already the kernel versions are saved and sent via ftp and more but that can be altered. I like the DCO stuff (http://news.com.com/Linux+contributors+face+new+
ignorant fucktard.
> One issue with Linux, is that it has a lot more contributors
> than *BSD, which tends to make things more complicated.
It shouldn't make things more complicated. Linux needs a pr
system like FreeBSD so that contributions from people without
commit privileges can be made and more importantly tracked back
to the contributor
In the past, I could post a patch to the Linux kernel mailing
list and it might be cut and pasted by someone and committed but
without any subsequent trail back to me.
I don't know if this has changed but in the light of SCO it has
to be tightened up if it hasn't been already, or there maybe
further claims of stolen code made against Linux.
The Machine stops.
Off topic; Nope, the link isn't wrong, goatse.cx has actually been taken off-line, says something like "closed by isp", affecionados have created mirrors. I tried to set someone's start page to goatse.cx Saturday evening - goatse.cx wasn't working, had to find a mirror. Easily done with google :-).
They really don't deserve one. This sounds too much like "well, they might have a point about..." SCO should just be laughed and pointed at.
Mix the failings of Usenet with the shortcomings of the World Wide Web and the result is slashdot.
>With a source code control system, you know that so and so added on
>such and such a date. You can then go to that person and ask them where
>they got it from if there's ever any question.
While ofcourse a source control system will help alot, it won't always reveal the whole truth about
where the code comes from. For the 2.6 kernel you can view the changes here.
On thing you might notice is alot of changes from e.g. akpm(Andrew Morton). But he didn't write that all code.
Alot of the changes commited by akpm is patches contributed by other people again. This goes for most kernel
programmers commiting changes to the vanilla tree. So in this case, the question is,
does akpm keep track of all the patches he ever gets ?(often they do include an attribution in the changelog, but it can still be a weak spot.)
There is also lkml and that pretty much existed from day one. What Linus was complaining about is that searching and correlating lkml, the changelogs, and the comments is tedious. Everything can be accounted for, it's just hard. What Linus whats now is to have machine readable assertions of who contributed what and the rights they had to do it.
To quote Linus Torvalds:
Unlike early post BSDi development of the "free" BSD's, almost all of the Linux kernel development took place in the open and over the internet.
In comparison Microsoft has "lost" the source to MSDOS and "deleted" CEOs email from it's servers. There is NO real public provenance to the source code to most of Microsoft's products. If this is, like the threat from patents is an issue then Linux is in a better postion than its competitors in the market.
www.grokline.net just launched!
Unisex President, and began to wonder if someone had taken the knife to W or we had elected Michael Jackson. Gad, some Mondays it's hardly worth chewing through the straps to get out of bed.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
His point is that you need to be able to document that no one else owned the code before it was merged into the kernel. If someone did own it, you need to document that they legally passed rights to the code to your project.
What the GPL says is not pertinent to that issue. Put the SCO hysteria aside momentarily. This guy is speaking from his own experience in a very similar environment: When someone gets a lawyer and says they owned some of the code in your project, you'd better come up with documentation that proves them wrong. If you can't, it is your word against theirs.
-- Slashdot: When Public Access TV Says "No"
Just in case there are any UNIX/Linux history experts here.
SCO couldn't and they spent a lot of Bill's money trying to convince people that they could.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Anyone who doesn't follow the LKML should probably read this.
Isn't life too short to waste time with petty bureaucracy?
Or do you people just want it to *feel* longer?
cvs annotate is an excellent first start to see where code came into the tree. Other tools allow one to see where the code really came from in the face of formatting changes and the like.
Like I've said in prior posts, having this information is invaluable. It also allows one to more easily back out changes that might be tainted, reguardless of where they come from, since you know all the parts to that change, which is impossible with the changelog data. In this respect, bk is better than cvs since bk's change mechanism links multiple files that have changed, while CVS does not.
You *MAY* have this, or you may not. There are many shops that don't have this level of beaurocracy. However, I've never worked for any place that has had this independent of an underlying source code control system (and many places that didn't have source code control systems, let alone change numbers).
The issue can be further complicated if there's been a cross fertilization between projects for things like device drivers. Project A figures out how to do feature Z and project B integrates it. B then figures out Y and project A integrates that. Project C takes code from a data sheet and includes that under license X and Project A then takes it and incldues it under license Y and then Project B wants to bring it it, but is unsure if they can because they see substantially similar code under both X and Y licenses, not being aware of the common datasheet code example being present and gets confused. In situations like this, a clear SCM trail can help sort out who to talk to and how to resolve what might appear to be something bad.
I've seen many organic patches/drivers grow up over the years in linux that are litterally impossible to track down who wrote what originally. Some have email addresses, some do not, some have had them removed, some email addresses are stale, etc. In such a chaotic enviornment, it can be difficult to know where code came from. There are many strengths to this model, but code history isn't one of them.
Warner
With their typical prescience, the FSF discussed this issue. Read the transcript of Eben Moglen's talk or listen to the talk and you'll find this segment about one hour into the talk (during the Q&A section):
Sage words when one's software's source code history is being questioned.
Digital Citizen
This is something like the new system that is being discussed on LKML at the moment. Effectively contributors must sign to the effect that they have rights over the code they have written and are able to donate it to a GPL project.
See my journal, I write things there
Every time I see "Usenix", I think it says "Unisex"... that can't be good.
*sigh*
$nice = $webHosting + $domainNames + $sslCerts
Yes, I'm aware of the problem of 'organic code', something that was based on something from another OS that was cribbed out of a databook. However, when a change is moved from one project to another, you can still trace back by cross referencing the change that you based it on and only importing it if you know where it came from.
The real problem is device black magic. That is where, for example, you have to follow a particular sequence of instructions to get something done. Does that have to be individually tracked? Well if some idiot called Darl comes along later and says that they have the identical sequence in the same driver in their propietary Unix. The question is whether anyone could come up with independent code doesn't hack it in front of a member of the legal profession. Youz had better have a good place like the datasheet for the original reference. Interesting problem as to how that pans out when a question comes up ficve years later.
See my journal, I write things there