Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Linux Software

Linus Adopts Enhanced Tracking Process 172

millette writes ""Under the enhanced kernel submission process, contributions to the Linux kernel may only be made by individuals who acknowledge their right to make the contribution under an appropriate open source license. The acknowledgement, called the DCO, tracks contributions and contributors. The DCO ensures that appropriate attribution is given to developers of original contributions and derivative works, as well to those contributors who receive submissions and pass them, unchanged, up the kernel tree. All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel." From the press release. Also seen in the New York Times"
This discussion has been archived. No new comments can be posted.

Linus Adopts Enhanced Tracking Process

Comments Filter:
  • Oh boy..... (Score:5, Funny)

    by wpiman ( 739077 ) on Tuesday May 25, 2004 @07:40AM (#9246333)
    Software methodology comes to open source.... Mind as well can the project now.....
    • Re:Oh boy..... (Score:2, Insightful)

      by dotz ( 683519 )
      Well, it surely comes, but only to *Linux*, not opensource. And, while we're at operating systems: *BSD projects use both CVS and bug tracking system from a long, long time. It's Linus "dislike of versioning systems" (or perhaps, being resistant to good advices), which made Linux-SCO claims as easy. With FreeBSD Web CVS interface, you can do usual things you can do with CVS. For example, review all commits to /README in FreeBSD ( just click here [freebsd.org]) in the last 9 years. Responsible people, commit dates, comm
  • Great idea (Score:5, Funny)

    by l0wland ( 463243 ) <<moc.oohay> <ta> <dnalw0l>> on Tuesday May 25, 2004 @07:41AM (#9246338) Journal
    Hmm, did the toothfairy whisper this in his ear last night?
    • Re:Great idea (Score:5, Informative)

      by jlp2097 ( 223651 ) on Tuesday May 25, 2004 @07:56AM (#9246460) Homepage Journal
      Don't get it? Look here [linuxworld.com].
  • by tfbastard ( 782237 ) on Tuesday May 25, 2004 @07:43AM (#9246346)
    I wonder how this will affect the speed of the development process.

    • by pheared ( 446683 ) <kevin.pheared@net> on Tuesday May 25, 2004 @08:47AM (#9246906) Homepage
      And I wonder who will play Record Keeper with all of these DCOs. Kernel development is currently very distributed, but this calls for a single entity who can track the DCOs and be sure that they will never disappear.
      • The idea is that each patch will contain a set of headers with the names of everyone who passed it along. The DCO is always the same, and essentially amounts to stating "It is legal for me to pass this on and to license it to the recipients under the GPL". As the applied patches get archived, the headers get archived with them, so that the information is kept. People who keep their own trees keep the headers for the patches they applied, so that they can figure out where the patches came from, even if Linus
      • Who will play Record Keeper with all of these DCOs[..]?

        The next SCO.

        They'll have to deal with all the contributor's legislations in their part of the world. There will be [no more|a lot less] "It's my idea, stupid".

        The question is: will it be maintained in Bitkeeper or Ideamonger(tm) ?

    • The intention is that it does not cause a big impact on the development process. It simply requires that anybody making a contribution claim responsibility for it. That way, you have something of an electric paper-trail for Linux.

      The timing of this actually ties nicely with the SCO/IBM trail shenanigans. IBM has just made a request that the Court certify that It's use of Linux (and, in effect, anrybody's use of Linux does not violate any of SCO's purported copyrights. This would apply to pretty much e

    • This has been discussed somewhat on the mailing list. The process is really simple. You add a single line to your message when you send your (or someone else's) patch:

      Signed-off-by: {you}

      If the patch already has some, you include those as well. If you're merging patches, you include all of them. If you get a patch without this, you point the person at doc/SubmittingPatches, which will say to do this along with all of the other guidelines. The DCO is in the docs, and explains what it means it put this h

    • I don't see how it would slow down huge, commercial distros... but the smaller, lesser known ones, maybe.

      I don't see a problem with this though, as long as it's free and we are acknowledged for our efforts in the development of the Linux kernel.

      Another question though... does that mean we have to sign that if we just want to make our own personal distro? Even if it is for personal use? Hm, hopefully it's still open-source, ha..
  • DCO? (Score:5, Funny)

    by havaloc ( 50551 ) * on Tuesday May 25, 2004 @07:43AM (#9246354) Homepage
    The name is kind of ironic, yes? You say DCO, I say SCO, let's call the whole thing off.
    • Ironic, or a well-aimed dig.
      I guess the only guy who really knows isn't telling.
    • Re:DCO? (Score:1, Funny)

      by Anonymous Coward
      The name is kind of ironic, yes? You say DCO, I say SCO, let's call the whole thing off.

      Maybe it's short for DeSCO :-)
  • by vchoy ( 134429 ) on Tuesday May 25, 2004 @07:52AM (#9246422)
    Reminds me of a documentary called "Why Planes Fall" which shows how planes are built. Each part, component and the tool used is logged to a person who created/assembled it. The system logs the tester/auditors which sign off on the work. It's amazing!

    The only think I see different from this Linux process is that whoever created the code is not liable for anything that happens when you use the operating system. I see the 'auditors' of the Linux process are those that signoff on the code that are written by authorised contributors. There is no 'finger pointing' as so to speak when something goes wrong.

    • by femto ( 459605 ) on Tuesday May 25, 2004 @08:00AM (#9246501) Homepage
      > ...whoever created the code is not liable...

      Is this something that will change? With improved contribution tracking, will the next SCO/liability/whatever suit be directed against individual developers?

      What if someone uses Linux in a 'mission critial' situation and it fails due to a bug? The bug is then traced back to an individual developer who is sued. There are countries where 'denial of liability' is a weak defence. Can the fact that a developer didn't get paid, so there was no transaction between teh developer and user act as a defence?

      Just playing devils advocate.

      • So are you saying we need EULAs in Linux? Scary thought.
        • There already is a EULA. Its called the GPL.
          • by Minna Kirai ( 624281 ) on Tuesday May 25, 2004 @08:38AM (#9246820)
            There already is a EULA. Its called the GPL.

            No. No. No! For the last time, moron, the GPL is not an EULA.

            GPLed programs never demand the End User to Agree to a License before using the software.
            • GPLed programs never demand the End User to Agree to a License before using the software.

              You haven't used much Windows based GPL software, have you? A lot of them have installers that force you to agree to the GPL before it will install.

              Rather pointless, if you ask me...
              • by schon ( 31600 ) on Tuesday May 25, 2004 @09:34AM (#9247521)
                A lot of them have installers that force you to agree to the GPL before it will install.

                No, they don't. They may display the GPL, and present a button labeled "I agree", but (if you actually _READ_ the GPL) the GPL contains this text:

                5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works.

                So they do not "force" you to agree to anything.

                Just because something is presented as an EULA, by someone who doesn't know what an EULA is, does not make it an EULA.
            • For the last time, moron

              Wow, that's a great way to talk to people.

              the GPL is not an EULA.
              GPLed programs never demand the End User to Agree to a License before using the software.


              Yes they do. It is called the "GNU Public License", after all...

              Before you can use any GPL'ed piece of software, you have to agree to the terms of the GPL. (If you don't, you don't have the right to copy the software, under copyright law).

              The terms of the GPL are very "generous", but they are still terms that you must agre
              • Before you can use any GPL'ed piece of software, you have to agree to the terms of the GPL. (If you don't, you don't have the right to copy the software, under copyright law).

                No, you're absolutely wrong. The person who made the copy FOR you had to agree to the GPL in order to copy the software. But there is absolutely nothing that you must agree to in order to use that copy that was distributed to you. At your option, you can reject the terms of the GPL, and you have the same copying rights that default

                • No, you're absolutely wrong. The person who made the copy FOR you had to agree to the GPL in order to copy the software. But there is absolutely nothing that you must agree to in order to use that copy that was distributed to you. At your option, you can reject the terms of the GPL, and you have the same copying rights that default copyright law gives you - the right to make one backup copy for personal use only.

                  Sorry, but I think you are wrong here... If a friend of mine burns a copy of Windows XP, he h
                  • All of computer software copyright hinges on the concept that copying the software from your permanent storage to your computer memory in order to run it counts as copying the work.

                    Wrong- unless you happen to live in Britain. If so, then you are correct, but you should've qualified your remarks as only applying to that one country, and not used the word "All".

                    Otherwise, in the USA for instance, people are allowed to make temporary copies of anything as necessary for normal use of a product. When you pl
                  • But, under your argument, I might say that I am allowed to use this copy of Windows XP, and make a backup copy.

                    No, unless you think you can keep a car that your friend gave you after he stole it. Even if "reciept of stolen property" wasn't a crime on its own, the police would still want things returned to their owners.

                    Naturally, once an illegal action occurs, most everything which derives from it is also illegal.

                    (link) (link) (link) (link)

                    Why did you post links that undermine your position? All of
                  • Sorry, but I think you are wrong here... If a friend of mine burns a copy of Windows XP, he has violated copyright to do so, and MS could pursue him for copyright infringement.

                    But of course.

                    But, under your argument, I might say that I am allowed to use this copy of Windows XP, and make a backup copy.

                    Absolutely. You cannot be prosecuted for copyright infringement unless it can be shown that you willingly received an illegal copy. However, if you did know beforehand that the copy was illegal, you are then

              • >>the GPL is not an EULA.
                >>GPLed programs never demand the End User to Agree to a License before using the software.

                >Yes they do. It is called the "GNU Public License", after all...

                You also forget that the EU in EULA is for 'end-user'. An end-user does not distribute the code further, and end-user uses the code and that's not what GPL addresses.

          • by xchino ( 591175 ) on Tuesday May 25, 2004 @09:01AM (#9247074)
            No, GPL is a license to DISTRIBUTE, not a license to USE. You may use GPL software any way you see fit, the only restrictions are on distributing it.
        • Not needed. Because you do not have a right to use Linux as well as its accompanying utilities, the GNU tools - and if you don't have a right to use something, you can hardly sue somebody because that something did misbehave.

          Except of course if you agree to the GNU General Public License, which the software is licensed under. Then you can use it. Obviously only under the terms of the GPL, which explicitly state that you must not hold the author liable for any damages caused.

          Also interesting: In most count
          • Except of course if you agree to the GNU General Public License, which the software is licensed under. Then you can use it.

            Wrong wrong wrong. If somebody gives you software, you can use it from then on. Once the files are in your possession, you can use them, unless you've somehow signed a specific prior contract promising you won't. The only things you can't do with software you possess is break other laws- primarily copyright, which in most countries prohibits you from copying (or redistributing copi
            • Wrong wrong wrong. If somebody gives you software, you can use it from then on. Once the files are in your possession, you can use them, unless you've somehow signed a specific prior contract promising you won't.

              If you download software, then you are actively seeking to acquire that software. Nobody gives it to you. The software is at most being made available to you, but it is not given to you.

              As a metaphor: If I leave my front door open anybody can go in and take stuff from my house. That does not m

      • by vchoy ( 134429 )
        This system would be excellent for situations against SCO/liability/whatever suits. The beauty is that the code in question can be tracked. SCO or whoever who decides to sue can't just say "Hey...[the whole of] Linux is ours!"
        With tracking, the code written by the author can be reviewed and resolved if necessary!

        Mission critical: Well buy mission critical support from Redhat/Suse/Mandrake etc... Don't like that? Signup and offer patches or fixes to contributors.

        As said previously, this process is not a 'f
        • by femto ( 459605 )
          Here's one from the Devil's advocate:

          Redhat/Suse/Mandrake back up their mission critical support with insurance. One day, they get a big failure and their customer makes a claim against the XYZ insurance company.

          XYZ insurance company, in common with most insurance companies, is run by a group of low lifes who would kill their grandmother for a dollar and don't give a damn about the principles of free software. In true insurance company style, XYZ tries to pass the liability and recover its costs by su

      • by x-router ( 694339 ) <`moc.retuor-x' `ta' `drahcir'> on Tuesday May 25, 2004 @08:31AM (#9246765)
        The GPL protects you for this sort of thing.

        NO WARRANTY

        11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

        12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
        • The GPL protects you for this sort of thing.

          It does not. It just says that the warranty provided and liability are the minimums local law permits. In some places, that may be just meaningless legal boilerplate; ask a local lawyer.

          However, I can't see individual developers being held liable by any sane judge for anything short of deliberately malicious coding.
          • by femto ( 459605 ) on Tuesday May 25, 2004 @09:05AM (#9247114) Homepage
            However, I can't see individual developers being held liable by any sane judge for anything short of deliberately malicious coding.

            Good point. It leaves me feeling a little uncomfortable though, as it would still require a defence in court.

            I would think that if the developer did not accept compensation (money) for their code that might remove any liability under consumer law, as no 'transaction' ever took place?

            There is also the curly question of professional indemnity. What if the developer is a professional, coding for free on the side? The judge might then rule that he/she should have known what he/she was doing and so find him/her liable for mistakes?

            • Your absolutely right, I'm no expert in the american/british law system, but from the european one I know a bit.

              There are everywhere exceptions for "openhanded" transcations (oneway). However it is still a transaction in legal sense.

              Some points include:

              * The receiver has no legal right on a faultless "object" whatsoever (most important)

              * In cases of ambiguous interpretations in the contract of transaction it is always ruled for the giver. It is assumed the giver wants to give less. (For example if I pre
        • 1. ... TO THE EXTENT PERMITTED BY APPLICABLE LAW.

          12. ... UNLESS REQUIRED BY APPLICABLE LAW ...

          So if local law doesn't recognise denial of liability, you're liable?

          Given this condition, a claim for liability would seem (to me) to be allowed under the GPL. Thus one couldn't even declare the GPL to have been violated, claim the user was using your code without permission, and countersue for copyright infringement.

          • So if local law doesn't recognise denial of liability, you're liable?

            Sweeping "default liability" laws in this case would realistically limit the copyright holder's liability to whatever amount you paid them. Where free software is concerned, the amount is usually $0.

            Of course, there are plenty of abusable laws out there, this is just a guess.

            • This sounds like an answer!

              So my strategy in writing free software should be to

              1. write code though a limited liability company, or
              2. write code and refuse to accept any form of compensation for the code.

              Think I'll stop playing devil's advocate now, though I'm still a little uncomfortable with the possibility of a professional indemnity claim in the case of a professional coding for free 'on the side'. Might a judge rule that a professional cannot escape their professional obligations under any circumsta

              • Might a judge rule that a professional cannot escape their professional obligations under any circumstances, including writing free software?

                Architects can be held personally liable if the structures that they design ever collapse. EVER.

                Maybe we should do the same to programmers. Of course, how do you define "collapse" where software is concerned?

      • Well if you read the license that comes with the software you would see that it provides no gurantees and no warannty. If someone uses it in a mission critical environment and it fails, liability would fall on the person who implemented it. If you don't want to take that responsability use software that takes it for you, like QNX.
    • Kinda like building a bullet too.
      US Marines fire marine built bullets, which is auditable.

      -dan
  • by Ianoo ( 711633 ) on Tuesday May 25, 2004 @07:52AM (#9246424) Journal
    Is this going to be applied to the existing kernel sources or just new submissions? I think it'd be quite a job to track down all the people who still have their names at the top of kernel files after all these years. Especially those who have died (there must be at least one) or companies that no-longer exist (quite a few).

    Regardless, I wonder whether this will slow down kernel contributions? Here's hoping it won't. People will still be able to create unofficial patch sets (like mm, ck and love sources) to test their ideas before actually contributing modifications to the authoritative source.
  • by hussar ( 87373 ) on Tuesday May 25, 2004 @07:53AM (#9246437) Homepage
    This article seems to just confirm that Linus did what he said he was thinking of doing.

    The original /. posting is here [slashdot.org].
  • by denisdekat ( 577738 ) on Tuesday May 25, 2004 @07:54AM (#9246442) Homepage
    I keep saying this, and I am so surprised this is not broguht up more often, but if folks donate code to the project, are they not liable rather than the users of the project? I know I am talking about SCO, yes, it just seems so silly that anyone takes them seriously. Maybe this is a terrible metaphor, as I am only just starting to intake the coffee... but I sometimes thnk of this as if I gave someone a book, but inside the book there was tickets to a show. Then after giving the book I say to the person, by the way, I did not realize my tickets were there, can you pay up please? Sorry to rant, now back to the grindstone...
  • Horay! (Score:3, Funny)

    by 91degrees ( 207121 ) on Tuesday May 25, 2004 @07:57AM (#9246469) Journal
    Now all I need to do, is get hold of some code, claim it's mine, and I'm now officially the owner!

    Now, what is this "Linux" thing? Does it run under Windows 98, or will I need to upgrade to XP?
  • by Anonymous Coward on Tuesday May 25, 2004 @07:58AM (#9246480)
    NYT comes out of nowhere with this idiotic, inflammatory headline. It's disheartening that mainstream technology journalists are still attributing anarchy, punk rock and anti-establishment to Open Source.

    DCO is a wonderful idea. Steve Lohr, on the other hand, needs to get his head out of his ass.
    • by mumblestheclown ( 569987 ) on Tuesday May 25, 2004 @08:09AM (#9246555)
      NYT comes out of nowhere with this idiotic, inflammatory headline. It's disheartening that mainstream technology journalists are still attributing anarchy, punk rock and anti-establishment to Open Source.

      Yes, it's hard to figure out where they get their ideas, given the well-thought-out and mainstream ideas on copyright (not to mention perhaps-rarer but still around anti-GUI rants we see every so often) we see on slashdot every day. Yes, slashbots spend more time blathering about (as I am doing now) than writing code, but, like it or not, this is seen as a major orifice of the OSS community.

    • NYT comes out of nowhere with this idiotic, inflammatory headline. It's disheartening that mainstream technology journalists are still attributing anarchy, punk rock and anti-establishment to Open Source.

      Translating into NYT-speak, it's a backhanded compliment: Linux is thus judged to be more suitable for the folks they write for. Of course there's the obligatory swipe about Linux being forced into this, but what the heck, if he needs to share his pain, let him.

      The way I see it, it's nice that we've got
  • by Quantum Jim ( 610382 ) <jfcst24&yahoo,com> on Tuesday May 25, 2004 @07:58AM (#9246481) Homepage Journal

    That is a pretty interesting certificate [osdl.org]; I may end up using it too. However, the second and (esp.) third options seems a little unspecific: Shouldn't it require the contributing developer to name the origional work and its author(s)/entity(ies)? That way the lead developer could independently confirm that there are no copyright problems, if needed.

    • by Anonymous Coward

      However, the second and (esp.) third options seems a little unspecific: Shouldn't it require the contributing developer to name the origional work and its author(s)/entity(ies)?

      No. Read the third option carefully: "The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it." [emphasis mine].

      Basically, the third option is geared towards people who maintain certain parts of the tree and get patches sent their way rather than straight to L

      • Basically, the third option is geared towards people who maintain certain parts of the tree and get patches sent their way rather than straight to Linus. There will be a separate certificate provided to the maintainer.

        Good points. It was always ingrained into me (as an engineering major) to document my sources for anything remotely borrowed. So it seems instinctually wrong not to require the contributor to cite explicitly his code's references. I considered that a sloppy developer could use the wrong s

  • by The Pim ( 140414 ) on Tuesday May 25, 2004 @07:59AM (#9246495)
    1. This is not about a chain of trust. Nobody is expected to verify the identity or trustworthiness of anyone else.
    2. This is not about preventing unauthorized submissions. There is no process for checking the provenance of code.
    3. This is not about marketing. I'm sure Linus doesn't care if this helps some manager sleep at night.

    What is it about? It's about putting information that was already mostly available (by scrounging in mail archives) in a structured form. So that the next SCO doesn't waste so much developer time, and (as a bonus) so that Linus can figure out which maintainer sent some code when debugging.

  • by mumblestheclown ( 569987 ) on Tuesday May 25, 2004 @08:01AM (#9246509)
    First, it's pretty sad when the NYT scoops slashdot on a major piece of linux news like this.

    But, more importantly, you have to realize--this has nothing to do with giving (positive) "props" to the kernel authors and everything to do with identifying sources of blame when it all goes to hell.

    Forget whether or not you like software patents for a moment; the fact is that right now they exist. Previously, you could in theory contribute some patented or even copyrighted (direct copied) source into the kernel and it might go unnnoticed for years. Now, the theory goes, once the infringing bit is noticed, IBM or Autozone can't be sued as easily anymore--rather, what they will do is say "no, look - this piece of code came from monkeyboy332, a programmer in serbia".. sue him instead!

    In short, this is a nice way for large companies attempting to wash their hands of responsibility for a linux kernel that they arguably have access to because it's open. In simpler terms still, this is corporate welfare by linus to try to win wider adoption of linux. It's not a bad strategy, but accept it for what it is.

    It has nothing to do whatsoever with giving authors "credit." That is already well handled by other mechanisms.

    • Now, the theory goes, once the infringing bit is noticed, IBM or Autozone can't be sued as easily anymore

      Except that neither IBM nor Autozone have been sued for using alleged "infringing" code in Linux...in fact, no one has.

      Seems to me that this kind of "paper trail" will only be useful against a hypothetical litigator that points to a piece of code in Linux and said: "this code here, this infringes on my IP". It's not so useful against a SCO-like "we own it all, so pay up" FUD blitzkrieg.
      • Seems to me that this kind of "paper trail" will only be useful against a hypothetical litigator that points to a piece of code in Linux and said: "this code here, this infringes on my IP". It's not so useful against a SCO-like "we own it all, so pay up" FUD blitzkrieg.

        Yes, but the thing is, the former is an actual, real legal threat, and the latter is legally harmless and only a threat in the PR sense.

        The former is definitely worth protecting against. Yeah, so it's never happened before, that's OK, all
    • This is not a defense against software patents. If the compiled code infringes a patent, it infringes a patent, and the patent holder can stop anyone they wish from using it. It doesn't matter who contributed the code. The kernel infringes, and you need permission from the patent holder to run the kernel.

      *That's* one reason why software patents are so evil.

      • ...but you don't need permission from the patent holder to remove the code so that only one release version is affected at all. That is why SCO is so evil, they make these claims and refuse to show us the offending code (even though it's a copyright suit, not patent).

        Under this system, you can also point the company at the true guilty party, instead of all of the Linux kernel contributors looking like a bunch of thieves thanks to some greedy-ass corporate fucktard looking to make a quick buck and even quic
    • I'm not too surprised to see slashdot getting scooped. I even started a category on my weblog called Slashdot ESP [waglo.com], for my Extrasensory perception skills. Of course, this time I cheated a little since I submitted this story myself...
  • SCO (Score:2, Interesting)

    by jb.hl.com ( 782137 )
    Isn't this just like admitting that Linus has no idea what's in the kernel and SCO code could be in there?
    • Re:SCO (Score:5, Insightful)

      by Killjoy_NL ( 719667 ) <slashdotNO@SPAMremco.palli.nl> on Tuesday May 25, 2004 @08:17AM (#9246611)
      No, to me this more sounds like a preventative measure, to make sure something like the whole SCO debacle doesn't happen again.

      It could also provide a more improved structure for linux, but I'm not a programmer, so I don't know what the heck I'm talking about.
    • "admitting that Linus has no idea"

      Yes. But the difference is now you can track who CLAIMED what was put in there. As long as the code is good and doesn't have any license patent issues, who cares if Linus knows. All we need is a way to backtrack and say: "Ok, you claim this code is bad? Well Bob over here signed it with this disclaimer so either you are wrong or Bob is wrong, but either way, Linux in general is not liable"
    • No, though SCO are trying to spin it that way. [sltrib.com] It's what Linus said: they tracked down where all the code came from by searching through old mailing lists. It worked, but it was difficult and time consuming. This will make the whole process easier if they need to do it again...

      Who would have thought anything useful could have come out of this whole charade...? ;-)
  • The timing on this being formally announced is a bit unfortunate, in that it comes so soon after the new De Toqueville Institute article, but the whole procedure is a measured response to older situations (SCO), and has been carefully evaluated by a pretty sharp legal team.
    Unfortunately, one of the basic doctrines of modern warfare is that you win battles by maneuvering within the decision making radius of the enemy. Right now, Linux is facing the problem of responding through the legal system, which pr
  • by wimbor ( 302967 ) on Tuesday May 25, 2004 @08:12AM (#9246577)
    Although I'm not an expert in law (and certainly not US law since I live in the EU with different laws regarding to this), my gut feeling says I would never, never, nerver ever sign a document like that even if my work would be 100% original and not copied.

    Just the mere fact that you sign a document that proves you wrote part of the Linux code, makes you liable for litigation. If any company thinks its rights are violated by a Linux component they can easily sue the contributors of this (and more) components personally. Given the track record of US litigation, I would never sign it.

    Signing the document means that the author of the code will have to seek expenive legal support in case a lawsuit is started. Even if he can prove in court the code is original and written by himself, the bill for legal advice can be quite substanstial. If an author programmed in his spare time, this means he personally is liable... personally as in 'with your own personal assets'...

    As an employee of a software firm (or worker at any other firm), your work is done "acting as a part of the company". Hence the company itself and not the individual employee is (financially) responsible for his/her mistakes. In case of litigation the company will have to seek legal council and incurr the damages. In my country the company could try to sue the employee for the incurred damages afterwards, but it will have to prove very extensively that the employee made very serious professional errors. And even then, companies rarely do so.

    But a private author is personally responsible with his own assets (wage, house, car, ...) for any damages. Since most of the programmers probably do not have their assets split between their personal property and some form of 'company property' this might get dangerous. Please excuse me for not knowing the correct legal terms for 'private property' and property as part of an "inc." or "ltd.".

    • by pe1rxq ( 141710 ) on Tuesday May 25, 2004 @08:43AM (#9246857) Homepage Journal
      Just the mere fact that you sign a document that proves you wrote part of the Linux code, makes you liable for litigation. If any company thinks its rights are violated by a Linux component they can easily sue the contributors of this (and more) components personally. Given the track record of US litigation, I would never sign it.


      Signing a document aknowledging that you wrote it doesn't make you more liable...
      Wheter you sign or not doesn't change the fact that you wrote it.
      If you are liable after signing you were liable before. The signing just makes it a little bit easier for the other party to find you.
      Unless you posted all your patches to linux-kernel as anonymous coward this doesn't change anything at all.

      Jeroen
      • Jeroen,

        You are indeed correct that writing and attributing the code is of course the fact that could get you in trouble. Whether or not you sign a document. As you said it is only easier to find you (which is more or less uncomfortable), but the real difference is also that your signature of the DCO makes you vow that you are responsible for the code, that the code is yours in the making. If another party thinks this is not the case, they can also attack you on specifically that: the fact that you knowin
        • your signature of the DCO makes you vow that you are responsible for the code, that the code is yours in the making.

          No, it vows that you either have rights to that code, or you got it from someone else who said they have rights to it.

          That's nothing new. When you submit code to the kernel, you're saying you have rights to it.. if you don't have rights to it, then you're doing something illegal whether you make that vow or not. This just makes the statement of "I am not violating someone else's rights" e
    • "Just the mere fact that you sign a document that proves you wrote part of the Linux code, makes you liable for litigation. ..."

      Duh! This is the whole point: it makes everyone individually accountable. It makes sure that people can't "submarine" Linux as much as it makes sure that individual contributers wake up and think more clearly about how (say) their day job coding employment contract may cover Linux work they produce in the evenings. So it's to the benefit of Linux overall. I'm sure there are plenty
    • Some open source projects, for example all GNU projects, already require you to sign over your copyright to the code.

      I cannot imagine that signing these DCOs would open you up to any sort of liability that a formal copyright transfer would not, since obviously when doing the latter you imply you own the code you are transferring.

      While projects that require copyright transfer do tend to grow slower, liability does not seem to be a significant reason why.

      And if there actually is some kind of legal differen
  • Anyone else notice? (Score:2, Interesting)

    by space77pup ( 743735 )
    That this article was on the front page of Google News in the Sci/Tech section? Perhaps it'll still be there. Google News Sci/Tech [google.com]
  • by shoppa ( 464619 ) on Tuesday May 25, 2004 @08:20AM (#9246654)
    I understand that nothing is foolproof, especially when someone tries malicious tricks.

    For example, you could imagine a SCO-wannabe taking their commercial code (that nobody is buying anymore but which they for some reason believe has real IP value), and putting one line (seemingly innocuously, effectively no-op'ed by some never-happens if cases) in an obscure kernel module (maybe a driver for some crufty ancient device). Then repeat (possibly under the guise of a different developer). Soon the module is working, with all the sleeper code inside. Then submit a patch that gets rid of all the intervening lines and voila, a big chunk of proprietary code is in the kernel and nobody noticed.

    There are probably simpler ways to sneak stuff in if you want to be malicious. Maybe I've been watching "The Manchurian Candidate" too often!

  • Slashdot Comment Submitter's Certificate of Origin 1.0

    By submitting a comment to this slashdot story, I certify that:

    (a) The comment was created in whole or in part by me and I have the right to submit it under the copyright laws; or

    (b) The comment is based upon a previous comment from a dupe story, and to the best of my knowledge, is covered under an appropriate copyright law and I have the right to submit that comment with modifications, whether created in whole or in part by me; or

    (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
  • A bad precedent? (Score:5, Insightful)

    by Petronius ( 515525 ) on Tuesday May 25, 2004 @08:31AM (#9246760)
    This is a very bad precedent: the OSS community now has to follow processes that in the past, only large corporations could afford: audit trail, overkill documentation, etc. The fact that SCO/MS has managed to move Linus on *their* turf and make him play by *their* rules alas without their resources makes me really nervous: whoever gets to frame the debate always has a disproportionate advantage. What's next? More FUD campaign to fuel the fire, more hoops we'll have to jump through. While OSS people have to play lawyers, they don't write any code.
    • The plan is to make this very light-weight, and to fit in with how we already pass patches around--just add the sign-off to the end of the explanation part of the patch. That sign-off would be just a single line at the end (possibly after other peoples sign-offs), saying:

      Signed-off-by: Random J Developer <random@developer.org>

      -- Linus

      You seem to disagree with Linus as to how much work is involved in this kind of tracking.

      I dissagree with you about what turf and rules belong to "SCO/MS".

      Lawy

  • by Stormcrow309 ( 590240 ) on Tuesday May 25, 2004 @08:35AM (#9246798) Journal

    By creating this paper trail of responsibility, the work on Linux will be externally auditable. This will help reassure big business that they will not legally shaft themselves.

    Sincerely, Stormcrow309

    Remember, free is only free when you consider support and hardware costs.

  • Liability (Score:3, Interesting)

    by jrj102 ( 87650 ) * on Tuesday May 25, 2004 @08:36AM (#9246804) Homepage
    Does this mean that an individual writing code would now get sued by the SCOs of the world instead of companies that deploy Linux? Is this a good thing?
  • BSD? (Score:2, Interesting)

    by Anonymous Coward
    How does this compare to BSD's processes?
    Or Apache's?

    Will this be a growing trend across open-source projects, to push accountability down to the contributors?

  • The Linux kernel process is now better, and it probably wouldn't have happened if not for SCO, or at least not this soon.
  • You heard me!

    I want an mp3 codec included! I want some P2P software included!

    I want a pirated copy of office included.

    Where's my fat32 where's my NTFS!

    Bring me the head of Bill Gates!
  • Freedom of coding? (Score:4, Interesting)

    by Maljin Jolt ( 746064 ) on Tuesday May 25, 2004 @09:18AM (#9247276) Journal
    All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel.

    I don't say it currently is, but in future it *may* be a step towards elitarian class establishment, as well as political control tool for technology. How well-defined should be an identity of a GPL project contributor?

    When signing on will be obligatory for contribution, a simple rejection to sign on a person for some "external" reason may have such political consequences. For the first, I believe it is in direct contradiction to the spirit of GPL.

    Example: what about potential kernel developpers from countries politically inacceptable in United States?

    Currently, it is not possible for major distro releasers from the new continent to export a linux technology to the Iran, Lybia or Northern Korea. Does the U.S. government violate the GPL license? Yes, it does.

    What if some kernel contributors will actually become from these countries? Should be all farsi and arabic localisation contributors to the any of the sourceforge projects be perlustrated for not actually being an al-Quaeda operatives?

    • what are you talking about? why bring politics into the Linux kernel at all?

      Currently, it is not possible for major distro releasers from the new continent

      what is this "new continent" you speak of?

      is there any instance where a technically acceptable patch was rejected based on political ideology?
    • I don't say it currently is, but in future it *may* be a step towards elitarian class establishment, as well as political control tool for technology. How well-defined should be an identity of a GPL project contributor?

      The thing is, these DCOs or whatever only apply to submissions to the main kernel tree. Thanks to the GPL, you can still fork the Linux kernel and distribute it on your own website and legally do what you like with your own copy of the code without ever actually having to talk directly to t
  • NYT Bias (Score:3, Interesting)

    by beforewisdom ( 729725 ) on Tuesday May 25, 2004 @09:23AM (#9247343)
    The New York Times article is interesting.

    It is written in such a way that it reads like SCO does own what it claims to own and that IBM took an extra liberty under some sort of agreement.

    Quite the opposite tone and bias from the tech journals ("what is SCO smoking??!!").

    Given that most business people are more likely to read NYT then Slashdot or Groklaw I can now understand why SCO got as far as it did with its stock scam.

    Steve
  • The submission of patches is supposed to continue like it has always done. It is all about two things, people passing the patch on putting their name on it, so you can see the path. And certifying that you are allowed to submit the patch, which you were already implicitly stating by submiting it. The orignial message [google.com] is on the mailing list. The media have blown this news up completely out of proportion. If just the media had something like this we could track who made this feather into five chickens. I doub
  • would write a script to let their system for patch submission automatically add the required line. In marketspeak, a highly-customizable, integrated subsystem for tracking submission versions and is totally compatible with the DCO protocol.

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...