Slashdot Mirror
ReactOS Code Audit
reub2000 writes to tell us that in response to talk of "tainted" code within ReactOS Steven Edwards, ReactOS and Wine developer, has called for a complete audit of the entire source tree in addition to procedure and policy changes. From the article: "One final note, this audit of the code is going to take a long time. It could take years, but it will happen, this project will come out better than it was before. I don't believe anything anyone has done while working on this project was really wrong. Every decision has three possibilities, being moral, ethical and or legal. Sometimes the law in itself is unethical and immoral. If people made mistakes and there was a violation of the law, I question the justice of the law and or anyone that would try to prosecute any of the developers who just want the freedom to learn and create a more free system."
The summary seems to be implying that leaked windows source is the issue which brought on the audit, when in fact it's a technicality about the law regarding reverse engineering. In a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code. In other countries the same person can do both jobs. The summary makes it sound a lot worse than this.
Anyone at microsoft who looked at their source code would be considered "tainted" and could never work on any microsoft operating system. (otherwise microsoft could be accused of copying their source). Something similar happened with their Java engine and developers who had seen the licensed Sun code.
ReactOS is an attempt to build a full Windows clone including kernel and everything. Not just the Win32 API but a full-fledged OS that does not require an underlying OS like Wine on Linux.
It looked very promising to the point where several Windows applications and I was about to start playing with it. Then someone in the core developers group found some suspicious additions of code fragments that did not make sense at all at first but started to work later. These code fragments compile into machine code that is identical to fragments of leaked Windows source code. The developer smelled a rat, jumped the project and now the main guy is calling a halt.
To Terminate, or not to Terminate, that's the question - SCSIROB
Here is an article which explains it.
For us in the US when you speak of clean-room reverse engineering it means that one person tears apart the implementation of a device, writes documentation and another reads that documentation and implements. Other countries do not require this invisible great wall of development and allow the same person that disassembles the interface to also write the replacement implementation.
If it's legal to do so in those countries, then it's legal to release it in them as well.
Erik Dalén
http://www.reactos.org.nyud.net:8090/forum/viewtop ic.php?t=1627
It seems all started here.
Yeah, they could presume all they want but they could still be sued for infringement. You can't force anyone to audit your code for you...
"These code fragments compile into machine code that is identical to fragments of leaked Windows source code."
This isn't about the leaked Windows source code, its about possible invalid reverse engineering (i.e. decompiled windows code)
Hi, I am pretty close to some of the ReactOS goings-on, and I am posting anon, even though nothing I say here should really be too controversial. I just want to cut this PR fiasco in the bud.
This is more about some technicalities, and friction between developers.
You've also got to understand that a *few* of the devs are still relatively young, and while they have made great technical contributions, may not have all the working-in-a-team skills they need yet.
If you know about programming, and binary interfaces, you will know that for ReactOS to work like windows, some small bits of the compiled code MUST be EXACTLY the same. The question is how that knowledge came to be in certain people's heads, when they wrote the affected parts of ReactOS. It is extremely unlikely that infringing code will be found in ReactOS. None of the people I know there are stupid enough to use actual leaked code in the project.
However, there is a deeper aspect to the problem. There are roughly 2 factions. The first I'll call the windows-enamored folk (WE). The second I'll call the external-interface (EI) folk. The EI folk only care that the user-visable parts of reactos are compatible with windows. This will allow the Reactos code to be even better that windows code in some areas, if it can be re-achitected. The WE fold want ReactOS to work EXACTLY like windows, on every level. This may be what Hartmut was referring to in his cryptic email.
On a practical note, ReactOS is not going to be any kind of threat to or replacement for win2k for at least another 2 years. MS will not waste the effort.
ReactOS is not in danger of dying. Maybe 3 years ago some FUD could kill it, but at this point, it has come so far, and there are enough stakeholders that it's going to continue.
Coders from all over the world work on this system. People from Europe, Canada, and the Caribbean, and that's just the ones that speak english.
To ReactOS people reading this: I do think we should look at staging releases from a country with different reverse-engineering laws, though. Certain precedents have been set in US law that do not apply elsewhere.
Anon-Reactos-guy (who hates melodrama)
Basicly, what happened is that someone found code (assembler code) in the kernel that looked suspiciously like what you get if you disassemble the same piece of microsoft code (with similar "magic numbers" for stack adjustments and stuff) and cried foul. So now, they are going to audit the code to look for possible suspect code. And they are going to tighten their rules to prevent anything bad from happening in the future.
Acording to what I saw on the mailing list, most of the potentially suspect code is in the kernel and device drivers rather than all the upper level user bits.