Slashdot Mirror
Linus Adopts Enhanced Tracking Process
millette writes ""Under the enhanced kernel submission process, contributions to the Linux kernel may only be made by individuals who acknowledge their right to make the contribution under an appropriate open source license. The acknowledgement, called the DCO, tracks contributions and contributors. The DCO ensures that appropriate attribution is given to developers of original contributions and derivative works, as well to those contributors who receive submissions and pass them, unchanged, up the kernel tree. All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel."
From the press release. Also seen in the New York Times"
This article seems to just confirm that Linus did what he said he was thinking of doing.
/. posting is here.
The original
Bureaucracy loves company.
Don't get it? Look here.
However, the second and (esp.) third options seems a little unspecific: Shouldn't it require the contributing developer to name the origional work and its author(s)/entity(ies)?
No. Read the third option carefully: "The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it." [emphasis mine].
Basically, the third option is geared towards people who maintain certain parts of the tree and get patches sent their way rather than straight to Linus. There will be a separate certificate provided to the maintainer.
The second option contains the phrase "as indicated in the file", which means that the origin is already recorded.
This process is really just a formalisation of what was already happening. It's more for the benefit of outsiders who don't understand how this currently works, and want a simple formal process. From a practical perspective very little will change.
For example, you could imagine a SCO-wannabe taking their commercial code (that nobody is buying anymore but which they for some reason believe has real IP value), and putting one line (seemingly innocuously, effectively no-op'ed by some never-happens if cases) in an obscure kernel module (maybe a driver for some crufty ancient device). Then repeat (possibly under the guise of a different developer). Soon the module is working, with all the sleeper code inside. Then submit a patch that gets rid of all the intervening lines and voila, a big chunk of proprietary code is in the kernel and nobody noticed.
There are probably simpler ways to sneak stuff in if you want to be malicious. Maybe I've been watching "The Manchurian Candidate" too often!
The GPL protects you for this sort of thing.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Now, the theory goes, once the infringing bit is noticed, IBM or Autozone can't be sued as easily anymore
Except that neither IBM nor Autozone have been sued for using alleged "infringing" code in Linux...in fact, no one has.
Seems to me that this kind of "paper trail" will only be useful against a hypothetical litigator that points to a piece of code in Linux and said: "this code here, this infringes on my IP". It's not so useful against a SCO-like "we own it all, so pay up" FUD blitzkrieg.
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
And I wonder who will play Record Keeper with all of these DCOs. Kernel development is currently very distributed, but this calls for a single entity who can track the DCOs and be sure that they will never disappear.
No, GPL is a license to DISTRIBUTE, not a license to USE. You may use GPL software any way you see fit, the only restrictions are on distributing it.
Everyone is entitled to their own opinion. It's just that yours is stupid.
No, they don't. They may display the GPL, and present a button labeled "I agree", but (if you actually _READ_ the GPL) the GPL contains this text:
So they do not "force" you to agree to anything.
Just because something is presented as an EULA, by someone who doesn't know what an EULA is, does not make it an EULA.
You seem to disagree with Linus as to how much work is involved in this kind of tracking.
I dissagree with you about what turf and rules belong to "SCO/MS".
Lawyers may care a lot about precedent, but I don't know any programmers who do.
Well.. yeah? Anyone can (and many have) make a fork of the official Linux kernel. Check out the mm and ac branches on kernel.org, for example.
Meep.