Re: bettering open source involvement

"Charles Eckel (eckelcu)" <> Tue, 02 August 2016 14:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 743AE12D77A for <>; Tue, 2 Aug 2016 07:37:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.788
X-Spam-Status: No, score=-15.788 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IrirLItMgmkt for <>; Tue, 2 Aug 2016 07:37:27 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5BC8212D77F for <>; Tue, 2 Aug 2016 07:37:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=13548; q=dns/txt; s=iport; t=1470148647; x=1471358247; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=MbU6DVC7YlbadlPr9v1XTRmu4jHVsDvFlzLTMswYadY=; b=i10KEEu3IsMCcFabVR/iJc0xUYtjzttw0lvq3bR8YfXOk0MR5FmAe3zV uJuMXCAMD4OGuaUWTR3ZDKbjR57A9AuqJZCdjy2ICfi+IYIjQkan1Sah9 uU/5lszZuYP7FZrvc3TvCUEf6hawA84uGOd0JX8p9726TT/INVwCW/CGF U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DkBgC/rqBX/5FdJa1dg0VWfAesf4sud?= =?us-ascii?q?oF9JIJCgzcCHIEhORMBAQEBAQEBXSeEXwEFIxFFEAIBCBgCAiYCAgIfERUQAgQ?= =?us-ascii?q?OBRQCBYd8AxcOsBuLYQ2EFAEBAQEBAQEBAQEBAQEBAQEBAQEBARyBAYchCIFKg?= =?us-ascii?q?QOCQ4IUI4JHK4IvBZh/NAGGF4YygjUKgWFOhz2FSYgrhAWDdgEfATSCEhyBTG6?= =?us-ascii?q?HGH8BAQE?=
X-IronPort-AV: E=Sophos;i="5.28,460,1464652800"; d="scan'208";a="303951609"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Aug 2016 14:37:26 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id u72EbQs3020738 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 2 Aug 2016 14:37:26 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 2 Aug 2016 09:37:25 -0500
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Tue, 2 Aug 2016 09:37:25 -0500
From: "Charles Eckel (eckelcu)" <>
To: Dave Taht <>, "Eggert, Lars" <>
Subject: Re: bettering open source involvement
Thread-Topic: bettering open source involvement
Thread-Index: AQHR6K34I3OZl5cb/0iWgWTyxuKP86AuoEwAgAXXv4CAAA6fgIABFbaAgAARRgCAAA/cAIAAfTaA
Date: Tue, 2 Aug 2016 14:37:25 +0000
Message-ID: <>
References: <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/f.15.1.160411
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Cc: IETF Discussion Mailing List <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Aug 2016 14:37:31 -0000

On 8/2/16, 2:09 AM, "ietf on behalf of Dave Taht" < on behalf of> wrote:

>On Tue, Aug 2, 2016 at 1:12 AM, Eggert, Lars <> wrote:
>> Hi,
>> On 2016-08-02, at 9:10, Dave Taht <> wrote:
>>> On Mon, Aug 1, 2016 at 4:36 PM, Eggert, Lars <> wrote:
>>>> On 2016-08-01, at 15:44, Livingood, Jason <> wrote:
>>>>> What if, in some future state, a given working group had a code repository and the working group was chartered not just with developing the standards but maintaining implementations of the code?
>>>> as an addition to developing specs, that might be useful, if the spec remains the canonical standards output.
>>>> "Go read the code" is not a useful answer if the code comes under a license (such as GPL) that taints the developer. (This is a major reason what we are doing IETF specs for DCTCP and CUBIC - so that they can be implemented without needing to read Linux kernel code.)
>>> Only 10 (?) years after full support for cubic entered the linux
>>> kernel, and 3 after dctcp.
>> The Linux community had chosen to actively ignore the IETF for about ten years. This only changed relatively recently.
>As one of the people that have "led" that invasion, I did it in part
>because I felt that over the past 16 years many standards processes
>had become equivalent to GIGO, and I still believed in running code
>and rough consensus, and had nowhere else to go. Finding more ways for
>all to work together to bring spaceship earth in for a safe landing
>has always been a goal of mine.
>> And, FWIW, Hagen & friends' DCTCP implementation for Linux is based on the initial versions of our DCTCP I-D, and arguably wouldn't have happened without it.
>> CUBIC has of course existed in independent implementations before, but it is unclear if the BSD licensed ones were actually only done based on Injong's paper.
>And cubic as it exists today in linux has continually evolved. I am
>very grateful to google in particular for working within the ietf
>standards process to make sure that many improvements to TCP in
>general have been made public.
>>> If you define the efforts of this standards body as one to produce BSD
>>> licensed code (which is basically the case), it will continue to lag
>>> behind the bleeding edge and continue to become more and more
>>> irrelevant.
>> I guess we're getting on our soap boxes at this point? :-)
>Believe it or not I am deeply ambivalent about all the "open source"
>license schemes. For code critical to public safety and privacy in
>particular I have called for "public source", and standards for well
>maintained code,  available for inspection by as many as need to look,
>under any license, including "kill yourself after reading".
>We'd discussed this point in a public videoconference (against the
>backdrop of the vw emissions scandal and the fight with the fcc over
>the wifi router lockdown) at length, here:
>We can always keep doing stuff like that, engaging more sides in the
>debates, in the hope that more light than heat emerges. Increasingly
>governments and regulators want a say.
>> But I don't define "the efforts of this standard body" in this way. I remain convinced that textual specs are required.
>Given the complexity collapse and explosion in text size in
>translating code to spec, and the slow progress by which an rfc can be
>evolved, updated, or discarded, I am less and less convinced.
>>Code is a nice addition, but really  only useful if it can be rather freely used - which GPL code can't.
>The LGPL is also out? (I am not being sarcastic, I would merely like
>the ietf to list their approved licensing schemes)

Given the breadth of work done in the IETF, there is not going to be one license that is appropriate in all cases. Code to add support for a new RFC in the Linux Kernel would typically need to be GPL. Code to create a completely new implementation of some experimental draft might be best licensed with a BSD license. Code to add support for STIR to an existing open source SIP implementation would likely need to adopt the license of that open source project. Open source code could implement a protocol stack, mystack, or it could add support for a given protocol to something, perhaps using mystack. Perhaps the IETF can create some guidelines or have some folks who help with license education and selection, but the ultimately the choice of license will depend on the code contributors and what it is they are contributing, or contributing to. My feeling is that the IETF has the most impact when code is added to existing open source projects to support evolving IETF standards. Creating open source code in a vacuum to help people understand a draft and jumpstart their implementations involving that draft are of course great too.


>The effort to develop code that fits certain vendors' IP regime is
>significant. I would support changes to the wg formation process that
>were less vague than polling the room for "is there enough interest in
>the room to do this". I would also like that all experiments' code at
>least, that lead up to a standard's acceptance, be published. I have
>lost endless months to dissecting papers and bad experiments - or
>experiments where I merely wanted to change a few control variables
>and re-run with my own data and tools.
>For the record, flent is a GPLv3 *wrapper* around a multiple other
>tools. It's GPLv3'd, in part, because we'd hoped to make sure that
>experiments published with it, did not game the results in any way.
>Using it does not "taint" anyone. Modifying the tests, does.
>>> It's not just the deployed code in kernels that is a problem, it is
>>> also that the best of the tools available to prototype new network
>>> code are GPL'd. NS3, for example, is gpl.  The routing protocols
>>> incorporated in bird and quagga are GPL. Bind is BSD, but nominum is
>>> proprietary and dnsmasq, GPLd.
>>> There is increasingly no place to design, develop, and test new stuff
>>> without starting from a gpl base.
>> I agree that this is a problem. But we can't all start to use GPL for everything.
>Just as Apple found it necessary to invest in a BSD licensed compiler,
>orgs that wish to have BSD licensed "open source" code that can
>compete with GPL'd versions, need to invest in tools, tests, and
>>> Worse, what happens here at ietf without use of these tools, is that
>>> we end up with non-open-source code's experiments and results being
>>> presented, without any means for an independent experimenter to
>>> verify, reproduce, or extend.
>> That's a stretch. The alternative to GPL is not closed source. There are other, friendlier OSS licenses around.
>And insufficient developers.
>>> I think it would do a lot of semantic good if the ietf would stop
>>> referring to "open source"[1] and always refer directly to the
>>> licenses under which the code it works on that are allowed. There are
>>> certainly new areas of interest like npv, etc, that are proceeding
>>> with more vendor-friendly code licensing schemes, although I am
>>> dubious about the performance benefits of moving all this stuff into
>>> userspace, particularly when a seeming, primary, goal is to avoid
>>> making free software, rather than engineering a good, clean, correct
>>> engineering solution.
>>> It has been my hope that since the alice decision re patents (80% of
>>> disputed software patents being invalidated), the rise of
>>> organizations offering patent pool protections like the open
>>> inventions network, and I think (IANAL), that apis cannot be
>>> copyrighted in google vs oracle - ends up meaning that a developer can
>>> not longer be polluted merely by looking at GPL'd code once in a
>>> while. Because we do.
>> As much as I want to agree, if you work for a commercial entity, the risk is just too great (cf. the GPL clause regarding implicit licenses to patents).
>What can be done to reduce that risk? I already pointed to oin (both
>google and cisco are part of it - there is now quite a large number of
>members, actually:
>>> The actual implementations of anything for anything else will tend to
>>> vary so much due to API differences, and the expressible logic in the
>>> algorithms themselves generally simple, that, particularly when the
>>> authors of the code have presented it for standardization, under any
>>> license, that the exposure to further risk is minimized.
>> Sure. But the risk is incorporating code that may be GPL-tainted into non GPL'ed code bases. In other words, it's not the code itself that is a risk, it is a risk for the codebase it is used from.
>You gotta rewrite it, so what? Copy/paste is a problem for all licenses.
>>> There are powerful advantages to the GPL (and LGPL[2]) over
>>> "standardization". Notably there is an implicit patent grant, and
>>> ongoing maintenance is enforced by an equal spirit of co-operation.
>>> It's a better starting point than to hang with a sword of Damocles
>>> over your head wondering if someone will patent something out from
>>> under you.
>> That's certainly one viewpoint.
>> Lars
>>> I wish we could just get on with making the internet a better place.
>> Sorry, but I really don't understand how this discussion is not trying to help with just that?
>> Lars
>Dave Täht
>Let's go make home routers and wifi faster! With better software!