Slashdot Mirror
Linus Adopts Enhanced Tracking Process
millette writes ""Under the enhanced kernel submission process, contributions to the Linux kernel may only be made by individuals who acknowledge their right to make the contribution under an appropriate open source license. The acknowledgement, called the DCO, tracks contributions and contributors. The DCO ensures that appropriate attribution is given to developers of original contributions and derivative works, as well to those contributors who receive submissions and pass them, unchanged, up the kernel tree. All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel."
From the press release. Also seen in the New York Times"
Reminds me of a documentary called "Why Planes Fall" which shows how planes are built. Each part, component and the tool used is logged to a person who created/assembled it. The system logs the tester/auditors which sign off on the work. It's amazing!
The only think I see different from this Linux process is that whoever created the code is not liable for anything that happens when you use the operating system. I see the 'auditors' of the Linux process are those that signoff on the code that are written by authorised contributors. There is no 'finger pointing' as so to speak when something goes wrong.
Is this going to be applied to the existing kernel sources or just new submissions? I think it'd be quite a job to track down all the people who still have their names at the top of kernel files after all these years. Especially those who have died (there must be at least one) or companies that no-longer exist (quite a few).
Regardless, I wonder whether this will slow down kernel contributions? Here's hoping it won't. People will still be able to create unofficial patch sets (like mm, ck and love sources) to test their ideas before actually contributing modifications to the authoritative source.
I keep saying this, and I am so surprised this is not broguht up more often, but if folks donate code to the project, are they not liable rather than the users of the project? I know I am talking about SCO, yes, it just seems so silly that anyone takes them seriously. Maybe this is a terrible metaphor, as I am only just starting to intake the coffee... but I sometimes thnk of this as if I gave someone a book, but inside the book there was tickets to a show. Then after giving the book I say to the person, by the way, I did not realize my tickets were there, can you pay up please? Sorry to rant, now back to the grindstone...
photoplankton
That is a pretty interesting certificate; I may end up using it too. However, the second and (esp.) third options seems a little unspecific: Shouldn't it require the contributing developer to name the origional work and its author(s)/entity(ies)? That way the lead developer could independently confirm that there are no copyright problems, if needed.
It is impossible to enjoy idling thoroughly unless one has plenty of work to do.
- Jerome Klapka Jerome
Isn't this just like admitting that Linus has no idea what's in the kernel and SCO code could be in there?
By summer it was all gone...now shesmovedon. --
Although I'm not an expert in law (and certainly not US law since I live in the EU with different laws regarding to this), my gut feeling says I would never, never, nerver ever sign a document like that even if my work would be 100% original and not copied.
...) for any damages. Since most of the programmers probably do not have their assets split between their personal property and some form of 'company property' this might get dangerous. Please excuse me for not knowing the correct legal terms for 'private property' and property as part of an "inc." or "ltd.".
Just the mere fact that you sign a document that proves you wrote part of the Linux code, makes you liable for litigation. If any company thinks its rights are violated by a Linux component they can easily sue the contributors of this (and more) components personally. Given the track record of US litigation, I would never sign it.
Signing the document means that the author of the code will have to seek expenive legal support in case a lawsuit is started. Even if he can prove in court the code is original and written by himself, the bill for legal advice can be quite substanstial. If an author programmed in his spare time, this means he personally is liable... personally as in 'with your own personal assets'...
As an employee of a software firm (or worker at any other firm), your work is done "acting as a part of the company". Hence the company itself and not the individual employee is (financially) responsible for his/her mistakes. In case of litigation the company will have to seek legal council and incurr the damages. In my country the company could try to sue the employee for the incurred damages afterwards, but it will have to prove very extensively that the employee made very serious professional errors. And even then, companies rarely do so.
But a private author is personally responsible with his own assets (wage, house, car,
That this article was on the front page of Google News in the Sci/Tech section? Perhaps it'll still be there. Google News Sci/Tech
I still miss my ex. But my aim is getting better.
Wuestion is will this be ammo for SCO ... "look the previous process was bad and allowed our code through ..thats why they changed it"
..a rational person would laugh, but highly paid attorneys versus dumb judges and jury.
Yes
Does this mean that an individual writing code would now get sued by the SCOs of the world instead of companies that deploy Linux? Is this a good thing?
jrjBlog
Or Apache's?
Will this be a growing trend across open-source projects, to push accountability down to the contributors?
Redhat/Suse/Mandrake back up their mission critical support with insurance. One day, they get a big failure and their customer makes a claim against the XYZ insurance company.
XYZ insurance company, in common with most insurance companies, is run by a group of low lifes who would kill their grandmother for a dollar and don't give a damn about the principles of free software. In true insurance company style, XYZ tries to pass the liability and recover its costs by suing the developer who wrote the buggy code.
Despite the best intentions of the free software community, we now have defenceless developer vs. rich insurance company. How to stop this?
All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel.
I don't say it currently is, but in future it *may* be a step towards elitarian class establishment, as well as political control tool for technology. How well-defined should be an identity of a GPL project contributor?
When signing on will be obligatory for contribution, a simple rejection to sign on a person for some "external" reason may have such political consequences. For the first, I believe it is in direct contradiction to the spirit of GPL.
Example: what about potential kernel developpers from countries politically inacceptable in United States?
Currently, it is not possible for major distro releasers from the new continent to export a linux technology to the Iran, Lybia or Northern Korea. Does the U.S. government violate the GPL license? Yes, it does.
What if some kernel contributors will actually become from these countries? Should be all farsi and arabic localisation contributors to the any of the sourceforge projects be perlustrated for not actually being an al-Quaeda operatives?
There you are, staring at me again.
The New York Times article is interesting.
It is written in such a way that it reads like SCO does own what it claims to own and that IBM took an extra liberty under some sort of agreement.
Quite the opposite tone and bias from the tech journals ("what is SCO smoking??!!").
Given that most business people are more likely to read NYT then Slashdot or Groklaw I can now understand why SCO got as far as it did with its stock scam.
Steve