Process Improvements in the Kernel Development 124
Kalki writes "In an e-mail to the Linux kernel mailing list, sent Saturday, Torvalds proposed that kernel developers begin certifying that the code that they contribute is entitled to be included in the Linux kernel as well as a technique for "signing off on patches" that would better track which developers had handled source code contributions. check this Infoworld story on it."
Santa Claus (Score:1, Funny)
So Santa Claus and the Tooth Fairy need not be featured on slashdot
Re:Santa Claus (Score:1)
To find out who's naughty or nice.
heheh (Score:5, Funny)
Re:heheh (Score:5, Insightful)
I hope not, since the "unprofessional" model has worked so well (and I'm not being sarcastic). This is more an acknowledgement that GNU/Linux is swimming in dangerous waters, and has enemies with money to burn. Even though SCO's claims have apparently turned out to be lame, you have to assume that intellectual property traps are being set left and right.
Re:heheh (Score:3, Interesting)
On the other hand, the SCO case also showed that even a well-funded company given a year (so far) and great incentives to find intellectual property problems in the linux source has been unable to do so.
Not that it's bad for the linux developers to be careful and think ahead.
--Bruce Fields
Amateurs (Score:2)
The sheer number of significant changes the kernel team is making between releases is amazing. Not bad for amateurs. Legal matters go with the territory however. It is a measure of the fear Linux has created in the industry. I used to think ESR's rhetoric about Linux winning the OS war through sheer numbers was wrong. Not anymore. The constancy of the effort is also amazing. It is very satisfying to be able to download a vanilla kernel to my Gentoo system, build it for my configuration and watch the mac
Re:heheh (Score:2, Insightful)
Signing patches alone may not entitle kernel development to be called "professional". Don't forget that many patches are sent over SMTP, and it is possible for spoof a real kernel contributor. Of course, most of the spoof attempts will fail, but with the present and potential future scale of the kernel development, Father Brown's `unnoticed' theory might manifest.
Re:heheh (Score:1)
So some company's going to run a black-op to steal the developer's private GPG key?
I won't say it's impossible. But it does sound an awful lot like AntiTrust. (An excellent movie, BTW. I enjoyed it.)
Heh... (Score:2, Informative)
Go figure?
Do "professional" organizations do this? (Score:4, Insightful)
Do companies like Microsoft or Sun make Developers certify that the code they submit in a particular check-in isn't "borrowed" from GPL'd or other open source stuff?
Seems Linux is well ahead of professional organizations in this respect.
Re:Do "professional" organizations do this? (Score:2)
Well, as a matter of fact, yes they do. In a lot of professional contracts it's even stated that people pledge not to plagiarize code. It would make the company liable for something.
It's not like the code for something like, say, Windows, is locked away in a vault where no one will ever know if code was plagiarized or not. Lots of people h
A good thing. (Score:5, Interesting)
Re:A good thing. (Score:3, Insightful)
I'd also add that the kernel lacks nothing that would allow good hardware detection, as thats not really the kernel's job. Device drivers... we
Re:A good thing. (Score:2)
Actually, as far as Linux the kernel goes, hardware detection is already there. It is up to the distro builder to have a good hardware database to know what drivers to load. If you plug in a USB key, /sbin/hotplug gets called with info about the device. Some distros like Fedora pretty much do nothihng. I plug my USB HDD, USB Archos MP3 player/recorder or USB mass storage camera into Fedora and nothing happen
Re:Linux is just the kernel (Score:2, Offtopic)
So true. I'm running KDE on Fedora Core 2 and it is simply a dog (1.2MHz uP). I don't know what RedHat has done to KDE, but the diference between it and KDE on other distros is stark!
However, I have no idea which way to go from here. Buck up and learn to stomach Gnome? Find a distro that is more KDE-centric? Fedora still seems to be the best at supplying
Re:Linux is just the kernel (Score:1)
Re:Linux is just the kernel (Score:1)
Re:Linux is just the kernel (Score:1)
Linus retiring? (Score:4, Interesting)
-JT
Re:Linus retiring? (Score:5, Funny)
you know what? I agree
in 50 year max Linus will hand over his responsability
please add me to the credit list of the future-tellers
Re:Linus retiring? (Score:2)
Re:Linus retiring? (Score:5, Informative)
He'll pass version 2.6 to someone and then start work on 2.7, just as he passed 2.4 to Marcelo Tosatti and then began working on 2.5.
Re:Linus retiring? (Score:4, Informative)
MODERATOR MADNESS (Score:1)
Re:Linus retiring? (Score:4, Informative)
His aim is different (Score:4, Interesting)
Re:His aim is different (Score:3, Interesting)
It's gotta be one of the most mirrored lists out there.
Re:His aim is different (Score:1)
Good Idea (Score:3, Insightful)
Accounting (Score:4, Insightful)
Re:Accounting (Score:5, Insightful)
now if only the "proprietary" software developer will accept external audit to verify they are not using sources they are not entitled to, we will be all set
Open source has different risks (Score:2)
Not only does having
Re:Open source has different risks (Score:2)
Re:Accounting (Score:2)
Re:Accounting (Score:5, Informative)
Over years, Linux development team has become an enterprise. Finally they realised that they need accounting.
Just a clarification: What Linus is doing is making the accountability easier and somewhat more complete, not adding it. As he pointed out in his LKML post, Linux developers have been able to find the origin of every bit of code they've needed to, but the process has been painful and has required a little guesswork, particularly for the oldest stuff.
What he's proposing here is just a slight formalization and elaboration of the process that has been used for years. Currently, if I submit a patch to LKML to fix, say, a VFS bug, it will get poked, prodded and adjusted on the mailing list until people think it's clean and solid. Then the subsystem maintainer (Al Viro, in this case) will pick it up, probably tweak it some more, attach a "From" comment, stating that I am the author and forward it to Linus. Linus will review it, accept it, and his scripts will add my name into the changelog and the CREDITS file.
Since all of this happens on the public, archived, mailing list, there's plenty of accountability, but figuring out the sequence of events requires digging through the archives, and there may not be any obviously ideal search criteria.
Now, Linus wants me to attach my name myself, and to do it in a standardized format so that it's more searchable. Further, he wants everyone else who modifies the patch in any way to add their stamp as well, providing a change history in the patch itself. It's a weak change history, since it doesn't describe what changed, but it provides the starting point for searching the archives.
So, what Linus is asking for isn't so much to create a better accountability trail as it is to make the existing trail easier to follow. It's an ease-of-use optimization.
Well, there is one way in which this is perhaps a significant enhancement, and that is that Linus wants to formally define the legal commitment a contributor makes. In a reasonable world, this should be unnecessary, since if I contribute some code that I don't own, I should be the one held liable for the copyright infringement, not the others who used it in good faith. In the litigious world we live in, however, it's a good idea to formally spell it out, and make clear to everyone that by attaching their name to a patch, they're providing a certain warranty of their right to contribute it.
Groklaw article (Score:5, Informative)
It covers more or less the same territory in a bit more depth.
A Good Thing(tm) (Score:5, Insightful)
Hopefully it can avoid patent issues too. If something goes into Linux and later some company (Microsoft?) files a patent lawsuit, there may be evidence of prior art if the code was "certified" on a certain date.
On the reverse side, it can provide exactly who contributed the code (which can already be done mind you), but this time, they certified it for use, which can possibly cause more legal troubles.
Re:A Good Thing(tm) (Score:2)
Well, the submitter would certify that he has right to write and submit $patch - (a) or (b) of Linus' certificate example. People touching and applying $patch would certify (c): that the previous hop in the chain certified (a), (b) or (c). They wouldn't verify the original submitter's claims.
Re:A Good Thing(tm) (Score:4, Insightful)
Prevent? Nothing will do that short of turning SCO corp. into a legal crater as an example of any other company foolish enough to attempt the same stunt.
The kernel development process is about as public, auditable, and open as I can imagine. (Yes, there are some with better audit controls, though most of those projects are quite private or secret!)
Any code that has substance goes in has a name associated with it in the change log, and historic versions of the kernel are available going back 10+ years. I don't know of any closed commercial application I've ever worked with that can say the same...usually, it's a couple years, major releases (maybe), and forks. That's it!
Re:A Good Thing(tm) (Score:3, Interesting)
Fortunately SCO and Darl McBride are doing a great job of cratering themselves. Short of turning up and denying the crap SCO is flinging at people, IBM and the like have had to do almost nothing.
Is it only me who gets the impression, lately, that everything SCO does digs their grave a little deeper?
Re:A Good Thing(tm) (Score:2)
Agreed...though I'm very puzzled why the stock price is still above the $3 mark (the price when they started this mess about 13 months ago).
Why isn't it at $2 or even lower?
If someone is pumping up the stock price, they can't do it forever...it's got to collapse sometime! (Doesn't it?)
Re:A Good Thing(tm) (Score:2)
No Anonymous Code (Score:5, Insightful)
IMO, it has its ups and its downs. It allows a greater degree of delegate-the-blame (Good for any large project, Objectively speaking), but it will reduce contributions.
Re:No Anonymous Code (Score:3, Insightful)
Re:No Anonymous Code (Score:1)
Re:No Anonymous Code (Score:2)
Re:No Anonymous Code (Score:3, Insightful)
That's infeasible. In today's world with software patents, you expect every developer to do a patent search whenever they submit code? That's essentially what you're proposing you know. Requiring that everyone perform a $5k-50k search is going to cause a bit of a drop in kernel development I suspect.
In some cases I agree that the people shouldn't submit code -- particularly the intellectua
Re:No Anonymous Code (Score:2)
If you're a halfway competent developer I'd hope that you'd be able to tell the difference between code you write that is new and potentially unique, versus run of the mill bugfixes and driver updates. And new
Re:No Anonymous Code (Score:4, Insightful)
If you live in china or where ever and dont want to get in trouble for writing encryption code, DONT. I mean how hard is that? If you choose to do something illegal you SHOULD be accountable for your actions and any repercussions from those actions. You probably bitch and moan on how you where going just "5mph" over the speed limit when you get pulled over for doing 50 in a 30 or complain that you were going around the block and didnt need a seatbelt.
If you sign a contract for work that says your employer owns all of the work you do during non-work hours, you should of read it first. If you did and you signed it anyways, dont bitch about having to give up everything you write.
If a closed source company tries to sue you for thinking that your code is close to theirs, you must ask yourself, how much water does their claim hold if there is no way you can view the sources? in a court case, you, the defense has a right to see their evidence against you, and the code that you are infringing on. You do have rights you know. This is easily solved by saying "whoops, I didnt know and i'll change/remove, show me which lines". Again, this is taking responsibility for your own actions. why do people think they can do things and not take any responsability for it? Worse yet, what if you where the project maintainer? since no one signed the code and now you submitted it, your name is on it and you are in trouble.
this last one is just stupid,
"Or people who had a great idea, but couldn't possibly know someone else had come up with the idea and copyrighted or patented it."
What about having a great idea, not doing jack about it, then 3 years later some company does the same thing and makes a mint from it? What can you do about it then?
you: "hey that was my idea 3 years ago and your violating GPL"
them: "oh ya, wheres your proof"
you: "oh right, i have none"
If you have a great idea that might or might not be copyrighted or patended and your too lazy to search around to see if it actually is, you shouldn't be contributing code to any project.
I guess the only downside that i can think of is that it holds people to take responsibility for what they do.
damn, I forget that's horrible!
Re:No Anonymous Code (Score:1)
As for the rest of this, I'm speaking on behalf of a huge number of projects...not just the Linux kernel.
If a closed source company tries to sue you for thinking that your code is close to theirs, you must ask yourself, how much water does their claim hold if there is no way you can view the sources? in
Re:No Anonymous Code (Score:2)
That's when you get an overly broad patent based on a generic idea, sit on it for a long time or wait for technology to evolve while filing extensions, then sue the pants off people once it becomes a commidity item!
Re:A Good Thing(tm) (Score:2, Funny)
One horse's head in Darl McBride's bed comin' up!
tracking (Score:5, Interesting)
Linus Torvalds' problem is the fact that, as it is currently easy to find out who commited the patch, and often who provided it (which often appears in Bitkeeper's changelog), the whole submission process can be a blackbox - if I send a patch to alsa subsystem's maintainer, he'll probably apply it to alsa's CVS, maybe someone else will modify this patch, and when included in linux' main tree, only the merge information would appear.
Re:tracking (Score:2)
Re:tracking (Score:2, Informative)
Its official then (Score:5, Funny)
Re:Its official then (Score:5, Funny)
Damn, bad news for Alan Cox
Avoid even the appearance.. (Score:5, Insightful)
Avoid even the appearance of wrong doing.
Guys, this is a great idea for accountability in the kernel source. In the next round, the "SCO" of that round might not be so blatently stupid and far more sinister. Please watch your code and keep it clean!
Re:Avoid even the appearance.. (Score:4, Interesting)
From FSF:
We have just begun a project here at FSF to document and codify our process, so that it can be disseminated in the form of a policy manual and accompanying software, to all other Free Software projects who wish to solidify their legal assembly process. Distilling nearly two decades of organizational know-how into easy-to-understand software and documentation is no easy task, and we will rely greatly on your financial support to aid us in carrying out this momentous task.
Professional Approach coming to Linux ? (Score:5, Interesting)
Another interesting point here seems to be that with this management overhead and the admin work that issue such as this create, how much of time is Linus actually spending with them ? while he might be working with the technical side of things ?
Inspite of all the noise, there are just a handfull of people contributing major code into the Kernel ( would 300 be a fair guess ? ) How are all these admin overheads going to effect their performance ? Also is anyone / everyone expected to research the piles and piles of patenets / copyrights before they make such a declaration ?
This quote says it all (Score:5, Informative)
Re:This quote says it all (Score:5, Insightful)
Take my comments with a grain of salt, because I am up to my eyes in process development because we are trying to get CMM Level 2 certification where I work.
I don't see a problem at all with documenting the way things are done. I know a lot of people resist it, but think about it. How hard would it be for Linus to just write down how he does things. You'd be surprised how many times you uncover problems (or potential problems) when you have to write down your processes. Sometimes, you immediately see ways to improve things. If not, then at most you are out a little bit of effort.
But I really think that Linus wants to do this so that when he is on the stand and a SCO attorney asks him how code is added to the kernel, he can just say "RTFM!".
Re:This quote says it all (Score:3, Interesting)
That's exactly it. Why is it that most of the comments here say "Good...Linux needed more professionalism/riggor/process/...."
I'm Mr Process myself. I ~love~ the SEI-CMM, will quote you hymn and verse from project plans, will dog you if you are sloppy and can't file a defect report on stuff you yourself wrote or if you mis-categorize it. Pr
[RFD] Explicitly documenting patch submission (Score:4, Informative)
Posted anonymously to avoid karma whoring.
Re:[RFD] Explicitly documenting patch submission (Score:2, Informative)
Re:[RFD] Explicitly documenting patch submission (Score:1)
Oh great, one more timezone to have to worry about. Question is... does he go along w/ daylight saving time?
Good Idea (Score:5, Interesting)
Considering all the code [cnn.com] thats [slashdot.org] been leaked [pcworld.com] lately, this is a welcome insurance policy to keep Linux on track as free alternative OS.
Re:Good Idea (Score:2)
These friendly parties should establish automated processes for line-by-line comparison between all Linux code (and as much major GPL'd code as feasible) and potentially illegal code.
On the ot
Re:Good Idea (Score:1)
No, similar legal action cannot be shot down imediately, because SCO did not identify the infringing code for a very long time.
Link to Linus' Mailing List Post (Score:3, Informative)
moderation of patches (Score:4, Funny)
Bad idea... (Score:1, Funny)
Re:moderation of patches (Score:1)
Worse, we'll have the same "Soviet Russia" and "hot grits" patches released over and over!
Details? (Score:4, Insightful)
Re:Details? (Score:3, Informative)
Re:Details? (Score:2)
Re:Details? (Score:2)
So, if a person submits some source code from NT to one of Linus's trusted assistents, they should query it. Unless there is a chain of provenance going back to Bill Gates, there is no release. However, Bill gates can still opt to submit code but request that his name is ke
Re:Details? (Score:2)
Why do I get the feeling.... (Score:5, Insightful)
Re:Why do I get the feeling.... (Score:4, Insightful)
Unless and until a company has in place a development process that conforms to independent and internationally recognized standards such as ISO-9000 and has been certified as such you have no guarantee that what they are doing conforms to good engineering practices.
The truth is Linux development has always been open. SCO and other private companies keep their development process secret. Who knows what they are hiding behind all that secrecy.
For my money, I'd like to see Linux development conform to ISO-9000.
Re:Why do I get the feeling.... (Score:2)
Who would volunteer to be the official Linux Stupid Label Guy [dilbert.com]?
Re:Why do I get the feeling.... (Score:3, Insightful)
Conforming to the ISO standards is no guarantee at all that a company isn't producing crap... The only thing you know is that they have followed a documented procedure to make crap.
Jeroen
Re:Why do I get the feeling.... (Score:2)
Thread on kerneltrap (Score:5, Informative)
Just thought it could be interesting...
This sounds good, but ... (Score:1)
I see a parallel... (Score:2, Funny)
It isn't much of a stretch to draw a parallel and assert that "If you allow yourself to live in legal paranoia, then SCO has already won."
Google link to full text (Score:1, Informative)
The original thread (Score:4, Informative)
Hacking attempts (Score:2, Insightful)
Authentication Process (Score:4, Insightful)
Re:Authentication Process (Score:2)
Read the original thread, pointed to by several posters.
Re:Authentication Process (Score:1)
These programs would NOT guarantee authenticity of the author.
As you probably know the whole idea of PGP is based on a web of trust, which in turn is based on signing your public key by peers, after they verified your identity. And this peer-based verification is the weak point of establishing TRUE identities.
Fi
Just what I've been on about! (Score:4, Insightful)
Excerpt from the first: So anyway, what do people think? Would such a license management approach with tools, protocols, and standards (ensuring every work received or sent comes with a legally binding machine-readable license and related audit trails for derived works) promote more clearly titled (in a legal sense) free software or would it be the slippery slope to the "right-to-read" future? Without explicit licensing handling, are we just setting the free software or open content communities up for legal challenges down the road as people just try to do their best without such tools? Is trying to automate license handling really that much different (in a bad way) from the current situation of often distributing zip files including both content and license?
Excerpt from the second: This need for a license is especially true for making derived works you plan to redistribute, because here your liability seems highest. If we are to have a lot of free software and free content, based on fine grain collaboration made possible by the internet allowing us to rapidly modify each others works, that is a lot of licenses citing a lot of authors. If these licenses get lost (as in the midi file download example I cited), the content can no longer be considered free. Handling lots of papers is what computers are good at. The less time people need to spend thinking about, negotiating, and managing paperwork and extra files related to free licenses, the more time they can spend making free software and free content.
[RFD] Explicitly documenting patch submission (Score:2, Informative)
When? (Score:5, Interesting)
We should shout out of the top of our lungs that the propriarity way foster code stealing because no one can audit it.
Re:When? (Score:3, Funny)
Re:When? (Score:2)
Linux has existed for more than 10 years. Is it just now that the process is "totally transparent" to you? What about the whole BitKeeper issue (not that I think it is an issue, but many people do)? Have you decided that this month-old scheme will be absolutely successful?
And further, what exactly gives you the right to demand that Microsoft (or any ot
Re:When? (Score:2)
The thing that bugs me is that Microsoft is running around claming linux is a heaven to pirates and bad people in general when its very hard to find a single