IETF Logo Mail Archive

Re: RFC 5378 "contributions"

Theodore Tso <tytso@mit.edu> Fri, 16 January 2009 15:02 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9122D3A6988; Fri, 16 Jan 2009 07:02:11 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D05883A6966 for <ietf@core3.amsl.com>; Fri, 16 Jan 2009 07:02:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[AWL=-0.029, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jyU1pV5tU+kO for <ietf@core3.amsl.com>; Fri, 16 Jan 2009 07:02:09 -0800 (PST)
Received: from thunker.thunk.org (thunk.org [69.25.196.29]) by core3.amsl.com (Postfix) with ESMTP id E9B823A6844 for <ietf@ietf.org>; Fri, 16 Jan 2009 07:02:08 -0800 (PST)
Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1LNqCl-0003T3-4N; Fri, 16 Jan 2009 10:01:51 -0500
Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from <tytso@mit.edu>) id 1LNqCk-00045C-Cz; Fri, 16 Jan 2009 10:01:50 -0500
Date: Fri, 16 Jan 2009 10:01:50 -0500
From: Theodore Tso <tytso@mit.edu>
To: Marshall Eubanks <tme@multicasttech.com>
Subject: Re: RFC 5378 "contributions"
Message-ID: <20090116150150.GF10683@mit.edu>
References: <50E312B117033946BA23AA102C8134C6031B3970@SDCPEXCCL2MX.wilmerhale.com> <20090115035256.GB81320@shinkuro.com> <CFD40B6FB7A87F31F3D9CABE@PST.JCK.COM> <0882F36F-6800-4E5E-BC9F-EBA8C7D1877D@multicasttech.com> <20090115142929.GE30522@mit.edu> <D01F4A5C-9507-4005-B4A0-C00CE2E6973E@multicasttech.com> <20090116002314.GB10683@mit.edu> <19CE7924-59D1-4618-A606-1E52343D5A32@multicasttech.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <19CE7924-59D1-4618-A606-1E52343D5A32@multicasttech.com>
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@mit.edu
X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false
Cc: John C Klensin <john-ietf@jck.com>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On Fri, Jan 16, 2009 at 07:04:13AM -0500, Marshall Eubanks wrote:
> This raises a question. The IETF publishes relatively little code
> compared to the millions of lines of open source code out there. How
> do the large open source projects protect and indemnify themselves
> and their participants in case someone takes some code they don't
> own, post it to a CVS, and it winds up in (say) the Linux kernel ?

For the Linux Kernel, we use the Developer's Certification of Origin
system, which was the Signed-off-by: headers I demonstrated.  There
are also code-scanning tools available at sites such as Fossology.org
(a working group of the Linux Foundation).  A lot of this will be
noticed by humans doing code review; for example, Microsoft code
usually decorates its variables using Hungarian Notation (i.e.,
szName), and most OSS projects don't use that coding convention, so
code which looks horrible and/or causes unpleasant flashbacks will
raise red flags.  :-)

That being said, this is a problem which common to proprorietary
software as well as open source software.  More than once, I have been
contacted by companies doing due-diligence before, during, and after a
corporate acquisition, when they had found copies of GPL'ed code which
I had authored, complete with my copyright statement and "This code
may only be copied under the terms of the GNU Public License"...  in
proprietary code that was shipped as product by the company that had
just been acquired.  Yes, there *are* programmers that clueless out
their writing code for proprietary software companies....

						- Ted
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.41.0 | Report a Bug | By Email | System Status