Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linus Adopts Enhanced Tracking Process

Posted by CmdrTaco on from the track-this dept.

millette writes ""Under the enhanced kernel submission process, contributions to the Linux kernel may only be made by individuals who acknowledge their right to make the contribution under an appropriate open source license. The acknowledgement, called the DCO, tracks contributions and contributors. The DCO ensures that appropriate attribution is given to developers of original contributions and derivative works, as well to those contributors who receive submissions and pass them, unchanged, up the kernel tree. All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel." From the press release. Also seen in the New York Times"

13 of 172 comments (clear)

  1. Oh boy..... by wpiman · · Score: 5, Funny

    Software methodology comes to open source.... Mind as well can the project now.....

  2. Great idea by l0wland · · Score: 5, Funny

    Hmm, did the toothfairy whisper this in his ear last night?

    --

    "Honey, I feel a certain distance between us..." "Really? A 31ms ping ain't that bad..."
    1. Re:Great idea by jlp2097 · · Score: 5, Informative

      Don't get it? Look here.

  3. Speed vs. SCO-secure by tfbastard · · Score: 5, Insightful

    I wonder how this will affect the speed of the development process.

  4. DCO? by havaloc · · Score: 5, Funny

    The name is kind of ironic, yes? You say DCO, I say SCO, let's call the whole thing off.

  5. Like building a plane by vchoy · · Score: 5, Interesting

    Reminds me of a documentary called "Why Planes Fall" which shows how planes are built. Each part, component and the tool used is logged to a person who created/assembled it. The system logs the tester/auditors which sign off on the work. It's amazing!

    The only think I see different from this Linux process is that whoever created the code is not liable for anything that happens when you use the operating system. I see the 'auditors' of the Linux process are those that signoff on the code that are written by authorised contributors. There is no 'finger pointing' as so to speak when something goes wrong.

    1. Re:Like building a plane by femto · · Score: 5, Insightful
      > ...whoever created the code is not liable...

      Is this something that will change? With improved contribution tracking, will the next SCO/liability/whatever suit be directed against individual developers?

      What if someone uses Linux in a 'mission critial' situation and it fails due to a bug? The bug is then traced back to an individual developer who is sued. There are countries where 'denial of liability' is a weak defence. Can the fact that a developer didn't get paid, so there was no transaction between teh developer and user act as a defence?

      Just playing devils advocate.

    2. Re:Like building a plane by x-router · · Score: 5, Informative

      The GPL protects you for this sort of thing.

      NO WARRANTY

      11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

      12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  6. I'm not a legal expert, but by denisdekat · · Score: 5, Interesting

    I keep saying this, and I am so surprised this is not broguht up more often, but if folks donate code to the project, are they not liable rather than the users of the project? I know I am talking about SCO, yes, it just seems so silly that anyone takes them seriously. Maybe this is a terrible metaphor, as I am only just starting to intake the coffee... but I sometimes thnk of this as if I gave someone a book, but inside the book there was tickets to a show. Then after giving the book I say to the person, by the way, I did not realize my tickets were there, can you pay up please? Sorry to rant, now back to the grindstone...

    --
    photoplankton
  7. "R.I.P.: The Counterculture Aura of Linux" by Anonymous Coward · · Score: 5, Insightful

    NYT comes out of nowhere with this idiotic, inflammatory headline. It's disheartening that mainstream technology journalists are still attributing anarchy, punk rock and anti-establishment to Open Source.

    DCO is a wonderful idea. Steve Lohr, on the other hand, needs to get his head out of his ass.

  8. What this is not about by The+Pim · · Score: 5, Insightful
    1. This is not about a chain of trust. Nobody is expected to verify the identity or trustworthiness of anyone else.
    2. This is not about preventing unauthorized submissions. There is no process for checking the provenance of code.
    3. This is not about marketing. I'm sure Linus doesn't care if this helps some manager sleep at night.

    What is it about? It's about putting information that was already mostly available (by scrounging in mail archives) in a structured form. So that the next SCO doesn't waste so much developer time, and (as a bonus) so that Linus can figure out which maintainer sent some code when debugging.

    --

    The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
  9. Not "attribution", but ACCOUNTABILITY. by mumblestheclown · · Score: 5, Insightful
    First, it's pretty sad when the NYT scoops slashdot on a major piece of linux news like this.

    But, more importantly, you have to realize--this has nothing to do with giving (positive) "props" to the kernel authors and everything to do with identifying sources of blame when it all goes to hell.

    Forget whether or not you like software patents for a moment; the fact is that right now they exist. Previously, you could in theory contribute some patented or even copyrighted (direct copied) source into the kernel and it might go unnnoticed for years. Now, the theory goes, once the infringing bit is noticed, IBM or Autozone can't be sued as easily anymore--rather, what they will do is say "no, look - this piece of code came from monkeyboy332, a programmer in serbia".. sue him instead!

    In short, this is a nice way for large companies attempting to wash their hands of responsibility for a linux kernel that they arguably have access to because it's open. In simpler terms still, this is corporate welfare by linus to try to win wider adoption of linux. It's not a bad strategy, but accept it for what it is.

    It has nothing to do whatsoever with giving authors "credit." That is already well handled by other mechanisms.

  10. Legal implications to coders by wimbor · · Score: 5, Interesting

    Although I'm not an expert in law (and certainly not US law since I live in the EU with different laws regarding to this), my gut feeling says I would never, never, nerver ever sign a document like that even if my work would be 100% original and not copied.

    Just the mere fact that you sign a document that proves you wrote part of the Linux code, makes you liable for litigation. If any company thinks its rights are violated by a Linux component they can easily sue the contributors of this (and more) components personally. Given the track record of US litigation, I would never sign it.

    Signing the document means that the author of the code will have to seek expenive legal support in case a lawsuit is started. Even if he can prove in court the code is original and written by himself, the bill for legal advice can be quite substanstial. If an author programmed in his spare time, this means he personally is liable... personally as in 'with your own personal assets'...

    As an employee of a software firm (or worker at any other firm), your work is done "acting as a part of the company". Hence the company itself and not the individual employee is (financially) responsible for his/her mistakes. In case of litigation the company will have to seek legal council and incurr the damages. In my country the company could try to sue the employee for the incurred damages afterwards, but it will have to prove very extensively that the employee made very serious professional errors. And even then, companies rarely do so.

    But a private author is personally responsible with his own assets (wage, house, car, ...) for any damages. Since most of the programmers probably do not have their assets split between their personal property and some form of 'company property' this might get dangerous. Please excuse me for not knowing the correct legal terms for 'private property' and property as part of an "inc." or "ltd.".