Nate Bargmann <n...@n0nb.us> wrote:
> Second, clone that repository locally (dead easy with Git).
Which is what I was thinking ...
In an almost exact parallel, at a previous employer they used a business system
which was effectively bespoke and written in Cobol. The history was that it had
been written in-house at some large company for their own use, and the devs
recognised that it had wider application and got permission to sell it to
others. So they spun off a company selling and supporting this system - each
installation customised.
It was before my time there (or at least, before I was involved in that side of
things), but there was some politics and one of the devs tipped off the
customer (my employer) to make a backup of a load of source files on the system
- and sure enough, over the next few days/weeks the sources all disappeared off
our in-house server ... I think the outfit doing support had got into trouble
and were planning to hike support fees, eventually they folded and the dev that
tipped us off came and worked for us for a while - we were the only ones left
using it. After she left, we then had a handful of freelance contractors look
after it - finding all sorts of "hidden gems"* buried in the code.
A couple of years later we'd switched to an off the shelf system which was much
more capable !
* As the system didn't have support for various stuff, there were all sorts of
hacks. One I recall hearing about was a bit of code that basically said "if
customer code = some_constant then apply 10% discount".
Rick Moen <r...@linuxmafia.com> wrote:
> As has been noted by others, to preserve the ability to fork from other
> versions, wide distribution and mirroring of a codebase's past releases
> (and/or changesets) is necessary.
>
> I'd like to tell a story about how the world got Portable OpenSSH and
> other completely open source implementations of the secsh protocols.
Thanks, that makes sense and is quite interesting.
> To sum, there are things to beware of and watch for. Any important
> open source codebase needs to have a significant number of years of its
> version history widely mirrored, and at least _some_ of the mirrors need
> to be entirely untouchable by the maintainers.
>
> Any sudden mysterious code disappearances / unavailability, any
> mysteriously requested assignments of copyright ownership (_especially_
> if they're deceptively called 'Contributor License Agreements' -- and
> I'm looking at you, Canonical, Ltd.), or anything even remotely like
> that should raise immediate red flags and get people independently
> mirroring everything and preparing to fork if necessary.
Indeed. If you have the source then they can't stop you forking the (GPL)
project.
There was one other thing that came to mind earlier ...
If ${company} decided to do that, and they had previously distributed binaries
... doesn't the GPL mean they are required to provide the sources to anyone
they've distributed the binaries to ? So removing the sources from public
repositories would actually be a breach of the GPL (given some limitations
regarding timing).
And that raises an interesting problem for other people distributing binaries.
If (say) I were distributing binaries for ${foo} and relying on (say) a git
repository for providing the source - where would that leave me if those git
sources suddenly disappear ?
Certainly something for anyone building systems to bear in mind. I know lots of
people who take the attitude - don't keep it, you can download it again.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
