Slashdot Mirror
Linus Adopts Enhanced Tracking Process
millette writes ""Under the enhanced kernel submission process, contributions to the Linux kernel may only be made by individuals who acknowledge their right to make the contribution under an appropriate open source license. The acknowledgement, called the DCO, tracks contributions and contributors. The DCO ensures that appropriate attribution is given to developers of original contributions and derivative works, as well to those contributors who receive submissions and pass them, unchanged, up the kernel tree. All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel."
From the press release. Also seen in the New York Times"
Software methodology comes to open source.... Mind as well can the project now.....
Hmm, did the toothfairy whisper this in his ear last night?
"Honey, I feel a certain distance between us..." "Really? A 31ms ping ain't that bad..."
I wonder how this will affect the speed of the development process.
The name is kind of ironic, yes? You say DCO, I say SCO, let's call the whole thing off.
Reminds me of a documentary called "Why Planes Fall" which shows how planes are built. Each part, component and the tool used is logged to a person who created/assembled it. The system logs the tester/auditors which sign off on the work. It's amazing!
The only think I see different from this Linux process is that whoever created the code is not liable for anything that happens when you use the operating system. I see the 'auditors' of the Linux process are those that signoff on the code that are written by authorised contributors. There is no 'finger pointing' as so to speak when something goes wrong.
Is this going to be applied to the existing kernel sources or just new submissions? I think it'd be quite a job to track down all the people who still have their names at the top of kernel files after all these years. Especially those who have died (there must be at least one) or companies that no-longer exist (quite a few).
Regardless, I wonder whether this will slow down kernel contributions? Here's hoping it won't. People will still be able to create unofficial patch sets (like mm, ck and love sources) to test their ideas before actually contributing modifications to the authoritative source.
This article seems to just confirm that Linus did what he said he was thinking of doing.
/. posting is here.
The original
Bureaucracy loves company.
I keep saying this, and I am so surprised this is not broguht up more often, but if folks donate code to the project, are they not liable rather than the users of the project? I know I am talking about SCO, yes, it just seems so silly that anyone takes them seriously. Maybe this is a terrible metaphor, as I am only just starting to intake the coffee... but I sometimes thnk of this as if I gave someone a book, but inside the book there was tickets to a show. Then after giving the book I say to the person, by the way, I did not realize my tickets were there, can you pay up please? Sorry to rant, now back to the grindstone...
photoplankton
Now all I need to do, is get hold of some code, claim it's mine, and I'm now officially the owner!
Now, what is this "Linux" thing? Does it run under Windows 98, or will I need to upgrade to XP?
NYT comes out of nowhere with this idiotic, inflammatory headline. It's disheartening that mainstream technology journalists are still attributing anarchy, punk rock and anti-establishment to Open Source.
DCO is a wonderful idea. Steve Lohr, on the other hand, needs to get his head out of his ass.
That is a pretty interesting certificate; I may end up using it too. However, the second and (esp.) third options seems a little unspecific: Shouldn't it require the contributing developer to name the origional work and its author(s)/entity(ies)? That way the lead developer could independently confirm that there are no copyright problems, if needed.
It is impossible to enjoy idling thoroughly unless one has plenty of work to do.
- Jerome Klapka Jerome
What is it about? It's about putting information that was already mostly available (by scrounging in mail archives) in a structured form. So that the next SCO doesn't waste so much developer time, and (as a bonus) so that Linus can figure out which maintainer sent some code when debugging.
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
But, more importantly, you have to realize--this has nothing to do with giving (positive) "props" to the kernel authors and everything to do with identifying sources of blame when it all goes to hell.
Forget whether or not you like software patents for a moment; the fact is that right now they exist. Previously, you could in theory contribute some patented or even copyrighted (direct copied) source into the kernel and it might go unnnoticed for years. Now, the theory goes, once the infringing bit is noticed, IBM or Autozone can't be sued as easily anymore--rather, what they will do is say "no, look - this piece of code came from monkeyboy332, a programmer in serbia".. sue him instead!
In short, this is a nice way for large companies attempting to wash their hands of responsibility for a linux kernel that they arguably have access to because it's open. In simpler terms still, this is corporate welfare by linus to try to win wider adoption of linux. It's not a bad strategy, but accept it for what it is.
It has nothing to do whatsoever with giving authors "credit." That is already well handled by other mechanisms.
Talk about feature creep...
Isn't this just like admitting that Linus has no idea what's in the kernel and SCO code could be in there?
By summer it was all gone...now shesmovedon. --
The timing on this being formally announced is a bit unfortunate, in that it comes so soon after the new De Toqueville Institute article, but the whole procedure is a measured response to older situations (SCO), and has been carefully evaluated by a pretty sharp legal team.
Unfortunately, one of the basic doctrines of modern warfare is that you win battles by maneuvering within the decision making radius of the enemy. Right now, Linux is facing the problem of responding through the legal system, which produces such delays they end up looking like they are still fixated on fighting the last war. A good military-style strategy here would be to respond in some totally unexpected way, so that their detractors have to slow the pace of operations while they evalueate the new situation.
Such options are limited. For example, Linus could escalate by seeking criminal charges for defamation on the De Toqueville article, but the chance he could make it stick is what should determine whether that's worth persuing, and not just whether it would make 'them' blink.
Who is John Cabal?
Although I'm not an expert in law (and certainly not US law since I live in the EU with different laws regarding to this), my gut feeling says I would never, never, nerver ever sign a document like that even if my work would be 100% original and not copied.
...) for any damages. Since most of the programmers probably do not have their assets split between their personal property and some form of 'company property' this might get dangerous. Please excuse me for not knowing the correct legal terms for 'private property' and property as part of an "inc." or "ltd.".
Just the mere fact that you sign a document that proves you wrote part of the Linux code, makes you liable for litigation. If any company thinks its rights are violated by a Linux component they can easily sue the contributors of this (and more) components personally. Given the track record of US litigation, I would never sign it.
Signing the document means that the author of the code will have to seek expenive legal support in case a lawsuit is started. Even if he can prove in court the code is original and written by himself, the bill for legal advice can be quite substanstial. If an author programmed in his spare time, this means he personally is liable... personally as in 'with your own personal assets'...
As an employee of a software firm (or worker at any other firm), your work is done "acting as a part of the company". Hence the company itself and not the individual employee is (financially) responsible for his/her mistakes. In case of litigation the company will have to seek legal council and incurr the damages. In my country the company could try to sue the employee for the incurred damages afterwards, but it will have to prove very extensively that the employee made very serious professional errors. And even then, companies rarely do so.
But a private author is personally responsible with his own assets (wage, house, car,
That this article was on the front page of Google News in the Sci/Tech section? Perhaps it'll still be there. Google News Sci/Tech
I still miss my ex. But my aim is getting better.
Wuestion is will this be ammo for SCO ... "look the previous process was bad and allowed our code through ..thats why they changed it"
..a rational person would laugh, but highly paid attorneys versus dumb judges and jury.
Yes
For example, you could imagine a SCO-wannabe taking their commercial code (that nobody is buying anymore but which they for some reason believe has real IP value), and putting one line (seemingly innocuously, effectively no-op'ed by some never-happens if cases) in an obscure kernel module (maybe a driver for some crufty ancient device). Then repeat (possibly under the guise of a different developer). Soon the module is working, with all the sleeper code inside. Then submit a patch that gets rid of all the intervening lines and voila, a big chunk of proprietary code is in the kernel and nobody noticed.
There are probably simpler ways to sneak stuff in if you want to be malicious. Maybe I've been watching "The Manchurian Candidate" too often!
Slashdot Comment Submitter's Certificate of Origin 1.0
By submitting a comment to this slashdot story, I certify that:
(a) The comment was created in whole or in part by me and I have the right to submit it under the copyright laws; or
(b) The comment is based upon a previous comment from a dupe story, and to the best of my knowledge, is covered under an appropriate copyright law and I have the right to submit that comment with modifications, whether created in whole or in part by me; or
(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
Doesn't this create a dangerous precedent ?
Around the next corner some authority may start
to require kernel maintainers to CHECK contributors credentials,
then later at the next crossroad, Open Source maintainers may be held responsible for each and
every bit that they "could have checked".
And this way we end up getting patent searches as a mandatory part of OS dev., effectively handing over all the software control to nuisance patenters and (in the best of times) doing OS stuff at the temporary mercy of some big benefactor like IBM...
scary!
This system would be excellent for situations against SCO/liability/whatever suits. The beauty is that the code in question can be tracked. SCO or whoever who decides to sue can't just say "Hey...[the whole of] Linux is ours!"
With tracking, the code written by the author can be reviewed and resolved if necessary!
Mission critical: Well buy mission critical support from Redhat/Suse/Mandrake etc... Don't like that? Signup and offer patches or fixes to contributors.
As said previously, this process is not a 'finger pointing process'. Its a process that helps the development of linux to enable it to progress to new heights! If code needs modification/optimisation, communicate and help the contributor! If you find a particular component is really helpful or beneficial, write to the contributor and thank them, or you may even paypal or donate..etc.etc.etc.etc!
Have fun.
This is a very bad precedent: the OSS community now has to follow processes that in the past, only large corporations could afford: audit trail, overkill documentation, etc. The fact that SCO/MS has managed to move Linus on *their* turf and make him play by *their* rules alas without their resources makes me really nervous: whoever gets to frame the debate always has a disproportionate advantage. What's next? More FUD campaign to fuel the fire, more hoops we'll have to jump through. While OSS people have to play lawyers, they don't write any code.
there's no place like ~
By creating this paper trail of responsibility, the work on Linux will be externally auditable. This will help reassure big business that they will not legally shaft themselves.
Sincerely, Stormcrow309
Remember, free is only free when you consider support and hardware costs.
In God we trust, all others require data.
Does this mean that an individual writing code would now get sued by the SCOs of the world instead of companies that deploy Linux? Is this a good thing?
jrjBlog
Or Apache's?
Will this be a growing trend across open-source projects, to push accountability down to the contributors?
Bot Assisted Blogging
If it is truly open source, can't anyone do anything they want and call it a kernel ? Computing power grows out of the barrel of a fork !!
The Linux kernel process is now better, and it probably wouldn't have happened if not for SCO, or at least not this soon.
You heard me!
I want an mp3 codec included! I want some P2P software included!
I want a pirated copy of office included.
Where's my fat32 where's my NTFS!
Bring me the head of Bill Gates!
All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel.
I don't say it currently is, but in future it *may* be a step towards elitarian class establishment, as well as political control tool for technology. How well-defined should be an identity of a GPL project contributor?
When signing on will be obligatory for contribution, a simple rejection to sign on a person for some "external" reason may have such political consequences. For the first, I believe it is in direct contradiction to the spirit of GPL.
Example: what about potential kernel developpers from countries politically inacceptable in United States?
Currently, it is not possible for major distro releasers from the new continent to export a linux technology to the Iran, Lybia or Northern Korea. Does the U.S. government violate the GPL license? Yes, it does.
What if some kernel contributors will actually become from these countries? Should be all farsi and arabic localisation contributors to the any of the sourceforge projects be perlustrated for not actually being an al-Quaeda operatives?
There you are, staring at me again.
The New York Times article is interesting.
It is written in such a way that it reads like SCO does own what it claims to own and that IBM took an extra liberty under some sort of agreement.
Quite the opposite tone and bias from the tech journals ("what is SCO smoking??!!").
Given that most business people are more likely to read NYT then Slashdot or Groklaw I can now understand why SCO got as far as it did with its stock scam.
Steve
this is too important to be ignored, most comments here are of the humorous kind,
few address the slippery slope issues that will now gradually entangle Open Source
Care to address the points that were really presented, instead of some irrelevant straw man?
Especially those who have died (there must be at least one)
Unfortuatly you are right, Manuel Estrada Sainz died recently in a car accident together with Andrés García while returning from a Free Software conferenc in Spain.
The announcement on debian-announce
May they rest in peace.
You seem to disagree with Linus as to how much work is involved in this kind of tracking.
I dissagree with you about what turf and rules belong to "SCO/MS".
Lawyers may care a lot about precedent, but I don't know any programmers who do.
Are they *that* stupid, or what?
I don't say it currently is, but in future it *may* be a step towards elitarian class establishment, as well as political control tool for technology. How well-defined should be an identity of a GPL project contributor?
The thing is, these DCOs or whatever only apply to submissions to the main kernel tree. Thanks to the GPL, you can still fork the Linux kernel and distribute it on your own website and legally do what you like with your own copy of the code without ever actually having to talk directly to the lkml people.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
LINUS: Hello, Alan. What's happening? Um... yeah. We need to talk about your DCO reports. We have sort of a problem here. Yeah. You apparently didn't put one of the new coversheets on your DCO reports.
ALAN: Yeah, the coversheet. I know, Andrea talked to me about it
LINUS: Yeah. Uh, did you get that memo?
ALAN: Yeah, I got the memo, and I understand the policy. The problem is, I just forgot the time. I've already taken care of it so it's not a problem anymore
LINUS: Yeah. It's just that we're putting new coversheets on all the DCO reports before they go out now. So I'd really appreciate it if you could just do that. Right. Remember to do that from now on. That'd be great.
This isn't a war. A war would be among equals.
You can't call the barking of a dog at an elephant as war.
and I hope Mr.Torvalds and co. won't have to waste any more time on such crap in the future
The submission of patches is supposed to continue like it has always done. It is all about two things, people passing the patch on putting their name on it, so you can see the path. And certifying that you are allowed to submit the patch, which you were already implicitly stating by submiting it. The orignial message is on the mailing list. The media have blown this news up completely out of proportion. If just the media had something like this we could track who made this feather into five chickens. I doubt all the media covering this, actually read what Linus wrote.
Do you care about the security of your wireless mouse?
Linus stubbornly held out for years that using no version control at all was better than using CVS. Looks like he was wrong. Records? We don't need no steenkin' records!
This might be a precedent in the Open Source community, but certainly not for the Free Software community. Don't you know how has The GNU Project been working for years?
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
would write a script to let their system for patch submission automatically add the required line. In marketspeak, a highly-customizable, integrated subsystem for tracking submission versions and is totally compatible with the DCO protocol.
I would have left it alone, but a +5 informative is 5 points too much for the parent.
What shoppa is talking about is impossible. No maintainer would accept one-line patches that didn't do anything useful. Nor would the maintainer blindly pass through some new functionality without looking to see what it does. The premise that the maintainers are incompetent is, to put it one way, itself uninformed.
Mod the parent down.
Why is everyone getting all upset now that Linus is following suit? Am I the only one that realizes this? Go read http://www.gnu.org/copyleft/why-assign.html for details. Copied text below: Why the FSF gets copyright assignments from contributors by Professor Eben Moglen, Columbia University Law School Under US copyright law, which is the law under which most free software programs have historically been first published, there are very substantial procedural advantages to registration of copyright. And despite the broad right of distribution conveyed by the GPL, enforcement of copyright is generally not possible for distributors: only the copyright holder or someone having assignment of the copyright can enforce the license. If there are multiple authors of a copyrighted work, successful enforcement depends on having the cooperation of all authors. In order to make sure that all of our copyrights can meet the recordkeeping and other requirements of registration, and in order to be able to enforce the GPL most effectively, FSF requires that each author of code incorporated in FSF projects provide a copyright assignment, and, where appropriate, a disclaimer of any work-for-hire ownership claims by the programmer's employer. That way we can be sure that all the code in FSF projects is free code, whose freedom we can most effectively protect, and therefore on which other developers can completely rely.
-- Contradictions only exist in thought - not in reality.
There is some more detail including legal views from one of the FSF lawyers here.
Does the settlement even include any clause that says Microsoft can't do it again? *shady overtones of the antitrust settlement, in which they promised not to do it again, and whose premise was practically laughable*