Jonathan Corbet <cor...@lwn.net> writes: > On Tue, 29 Jun 2010 09:39:11 -0700 > Ian Lance Taylor <i...@google.com> wrote: > >> I am doing what I can. However, looking at other projects doesn't help >> very much because most other projects simply don't worry about these >> issues. That is, for example, why the Linux kernel was vulnerable to >> the SCO lawsuit > > I think it makes sense to know where your patches come from, but I hate > to see reasoning like this. The Linux kernel wasn't sued - IBM was > sued.
I'm tolerably familiar with the SCO case. I know that the Linux kernel wasn't sued--how could it be? What I said was that the kernel was vulnerable to the lawsuit, and I think that is accurate. You will recall that SCO started selling licenses to use the Linux kernel, and indeed a few people did buy them. I believe that the lawsuit did somewhat crimp Linux adoption by corporations--I heard it mentioned quite a bit on sales calls--and if the lawsuit had been based on something more than hot air it could have been more serious. > Some of the stuff that was vaguely named on the rare occasion > when somebody at SCO could be bothered to specify anything already had > a loooong paper trail behind it - read-copy-update, for example. SCO > was alleging misbehavior by a large corporation which very clearly put > its name behind everything it did. Anonymous contributors had nothing > to do with it. SCO made several different arguments. One of them hinged on the fact that there was no provenance for code contributed to the kernel. This was a key part of their FUD strategy: the kernel developers could not show a paper trail, which gave SCO a wide window to allege that people were taking corporate-developed code and contributing it illicitly. > Despite the lack of a paper trail, the kernel's > code was squeaky-clean. Yes. The point was the FUD, not the reality. > We've gone to the "you must post under something that looks like a > plausible real-world name" approach, along with a requirement for a > signoff line in the patch that says you're authorized to contribute > it. No paper, no ID checks. Thanks for the info. So there is now a provenance, which is the point: there is a more-or-less real person associated with each contribution. I certainly would like the FSF to move to a similar model. One of their concerns is the lack of any international law for electronic signatures. That is part of the reason they require the physical paperwork. Ian
