New Standards for Kernel Contributors: Signs of Maturity?
Under the enhanced kernel submission process, contributions to the Linux kernel may be made only by individuals who certify they have the right to make the contribution under an appropriate open-source license. The acknowledgment is called the Developer's Certificate of Origin (DCO).
May 25, 2004 8:30 AM PT
In a move applauded by legal experts in the free software movement, the Open Source Development Labs (OSDL) yesterday announced its support for enhancements to the Linux kernel submission process that it hopes will improve accurate tracking of contributions to the kernel and ensure developers receive credit for their contributions.
"It's not an ecology shift or a cultural shift ... but it's an important step that's appropriate in a mature software development system," said Eben Moglen, professor of law at Columbia University and pro bono general counsel for the Free Software Foundation (FSF).
Moglen said that unlike the FSF developers of the rest of what is commonly called Linux, kernel developers -- led by Linus Torvalds -- generally have been among the least concerned with software rights, and the new policy is a step in the right direction. It means, said Moglen, that "one product is shifting toward a higher [legal] quality-control standard on input -- not the highest, but now no longer among the lowest."
Moglen said he sees the move as necessary because large companies are adopting free software and pressing insurance companies for policies to protect themselves. "The data server crowd has decided that commodity software is the infrastructure of the future because it's such an incredible deal, and free software is getting ready for the entry of the insurance companies," he said.
"But the insurance agents need to be able to set premiums, and to do that, they want to know the software was built to code," Moglen added. "I'm telling developers that's good, you want the insurers to come in.... Houses don't fall down for no reason here, unlike $900 million airports, because houses are built to code because that's what insurers want."
Enhanced Kernel Submission Process
Under the enhanced kernel submission process, contributions to the Linux kernel may be made only by individuals who certify they have the right to make the contribution under an appropriate open-source license. The acknowledgement, called the Developer's Certificate of Origin (DCO), is available online. All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel.
The new process will affect only new code added to the kernel, so it is not expected to affect current litigation concerning previous versions, most notably SCO's legal moves to take legal action against people and organizations it says are involved in infringing upon its Unix rights.
"Mr. Torvalds makes it clear that the purpose of this procedure is to buttress Linux against SCO-like claims in the future. The procedure will certainly help in that process," Thomas Carey, an attorney at Bromberg and Sunstein LLP, a Boston-based intellectual-property law firm, told LinuxInsider.
"Of course, it will not prevent a rogue coder from copying proprietary code, certifying that it is original and passing it on to the Linux kernel," Carey said. "This is what might have happened at IBM if SCO's story had been true."
Fraud is hard to eliminate, said Carey, "but it will make it easier for the folks at Linux to support their claim of originality by being able to point to the unbroken chain of certificates; and to be able to identify exactly where a line of code entered the system, and to discuss with the author the circumstances of that contribution, if need be."
Linux Advocates Voice Reservations
Historically, developers contributing to source had to provide a username and password to check in new code. They also had to document the changes they made and often the reason for the change. "Many people have the idea that this is a wild-and-woolly, totally uncontrolled process now, but it's really not," said Loren Hart, CEO of Data Ace, a Unix and Linux consulting services firm. Hart said he has contributed to the Linux source code in the past.
Some Linux advocates, however, voice concerns that such agreements could chill some software development. Typical is the comment of Bruce Dawson, a member of the Greater New Hampshire Linux Users Group, who said: "Something like this needs to be done in order to protect IP. But all the checks required will slow down the development process. Since everyone will have to do something like this (or risk the ire of IP lawyers), the industry's development speed will also slow down."
Some software firms also are expressing guarded approval. "Novell was involved in the discussions on this issue," Markus Rex, general manager of SuSE Linux at Novell, told LinuxInsider. "We welcome all activities accelerating the adoption of Linux in the market. We will work with Linus and the kernel developers on the realization of this proposal."
Torvalds and Morton
Linux creator Linus Torvalds and Linux 2.6 kernel maintainer Andrew Morton said they adopted the revised process after obtaining input and broad support from key kernel subsystem maintainers and others in the open-source community.
"This process improvement makes Linux even stronger," Torvalds said in a written statement. "We've always had transparency, peer review, pride and personal responsibility behind our open-source development method. With the DCO, we're trying to document the process. We want to make it simpler to link submitted code to its contributors. It's like signing your own work."