Re: bettering open source involvement

"Eggert, Lars" <> Tue, 02 August 2016 08:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B763912B043 for <>; Tue, 2 Aug 2016 01:13:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.208
X-Spam-Status: No, score=-8.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CYyCDQL3vcNp for <>; Tue, 2 Aug 2016 01:13:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 31B4E12B026 for <>; Tue, 2 Aug 2016 01:13:33 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.28,459,1464678000"; d="asc'?scan'208";a="127740364"
Received: from ([]) by with ESMTP; 02 Aug 2016 01:12:31 -0700
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 2 Aug 2016 01:12:22 -0700
Received: from ([::1]) by ([fe80::2c76:6bc2:2216:a24d%21]) with mapi id 15.00.1210.000; Tue, 2 Aug 2016 01:12:23 -0700
From: "Eggert, Lars" <>
To: Dave Taht <>
Subject: Re: bettering open source involvement
Thread-Topic: bettering open source involvement
Thread-Index: AQHR6K30mzYLY3uRb0GfmE12kkFygKAuwdMAgAXXv4CAAA6kgIABFbGAgAARTQA=
Date: Tue, 2 Aug 2016 08:12:22 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-mailer: Apple Mail (2.3124)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/signed; boundary="Apple-Mail=_05941FA5-B109-43D9-8A47-84D54D6AAEEB"; protocol="application/pgp-signature"; micalg=pgp-sha256
MIME-Version: 1.0
Archived-At: <>
Cc: IETF Discussion Mailing List <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Aug 2016 08:13:35 -0000


On 2016-08-02, at 9:10, Dave Taht <> wrote:
> On Mon, Aug 1, 2016 at 4:36 PM, Eggert, Lars <> wrote:
>> On 2016-08-01, at 15:44, Livingood, Jason <> wrote:
>>> What if, in some future state, a given working group had a code repository and the working group was chartered not just with developing the standards but maintaining implementations of the code?
>> as an addition to developing specs, that might be useful, if the spec remains the canonical standards output.
>> "Go read the code" is not a useful answer if the code comes under a license (such as GPL) that taints the developer. (This is a major reason what we are doing IETF specs for DCTCP and CUBIC - so that they can be implemented without needing to read Linux kernel code.)
> Only 10 (?) years after full support for cubic entered the linux
> kernel, and 3 after dctcp.

The Linux community had chosen to actively ignore the IETF for about ten years. This only changed relatively recently.

And, FWIW, Hagen & friends' DCTCP implementation for Linux is based on the initial versions of our DCTCP I-D, and arguably wouldn't have happened without it.

CUBIC has of course existed in independent implementations before, but it is unclear if the BSD licensed ones were actually only done based on Injong's paper.

> If you define the efforts of this standards body as one to produce BSD
> licensed code (which is basically the case), it will continue to lag
> behind the bleeding edge and continue to become more and more
> irrelevant.

I guess we're getting on our soap boxes at this point? :-)

But I don't define "the efforts of this standard body" in this way. I remain convinced that textual specs are required. Code is a nice addition, but really  only useful if it can be rather freely used - which GPL code can't.

> It's not just the deployed code in kernels that is a problem, it is
> also that the best of the tools available to prototype new network
> code are GPL'd. NS3, for example, is gpl.  The routing protocols
> incorporated in bird and quagga are GPL. Bind is BSD, but nominum is
> proprietary and dnsmasq, GPLd.
> There is increasingly no place to design, develop, and test new stuff
> without starting from a gpl base.

I agree that this is a problem. But we can't all start to use GPL for everything.

> Worse, what happens here at ietf without use of these tools, is that
> we end up with non-open-source code's experiments and results being
> presented, without any means for an independent experimenter to
> verify, reproduce, or extend.

That's a stretch. The alternative to GPL is not closed source. There are other, friendlier OSS licenses around.

> I think it would do a lot of semantic good if the ietf would stop
> referring to "open source"[1] and always refer directly to the
> licenses under which the code it works on that are allowed. There are
> certainly new areas of interest like npv, etc, that are proceeding
> with more vendor-friendly code licensing schemes, although I am
> dubious about the performance benefits of moving all this stuff into
> userspace, particularly when a seeming, primary, goal is to avoid
> making free software, rather than engineering a good, clean, correct
> engineering solution.
> It has been my hope that since the alice decision re patents (80% of
> disputed software patents being invalidated), the rise of
> organizations offering patent pool protections like the open
> inventions network, and I think (IANAL), that apis cannot be
> copyrighted in google vs oracle - ends up meaning that a developer can
> not longer be polluted merely by looking at GPL'd code once in a
> while. Because we do.

As much as I want to agree, if you work for a commercial entity, the risk is just too great (cf. the GPL clause regarding implicit licenses to patents).

> The actual implementations of anything for anything else will tend to
> vary so much due to API differences, and the expressible logic in the
> algorithms themselves generally simple, that, particularly when the
> authors of the code have presented it for standardization, under any
> license, that the exposure to further risk is minimized.

Sure. But the risk is incorporating code that may be GPL-tainted into non GPL'ed code bases. In other words, it's not the code itself that is a risk, it is a risk for the codebase it is used from.

> There are powerful advantages to the GPL (and LGPL[2]) over
> "standardization". Notably there is an implicit patent grant, and
> ongoing maintenance is enforced by an equal spirit of co-operation.
> It's a better starting point than to hang with a sword of Damocles
> over your head wondering if someone will patent something out from
> under you.

That's certainly one viewpoint.


> I wish we could just get on with making the internet a better place.

Sorry, but I really don't understand how this discussion is not trying to help with just that?