|
|
Subscribe / Log in / New account

Introducing RedPatch (Ksplice Blog)

[Posted November 10, 2012 by jake]

Back in early 2011, we looked at changes to the way Red Hat distributed its kernel changes. Instead of separate patches, it switched to distributing a tarball of the source tree—a move which was met with a fair amount of criticism. The Ksplice team at Oracle has just announced the availability of a Git tree that breaks the changes up into individual patches again. "The Ksplice team is happy to announce the public availability of one of our git repositories, RedPatch. RedPatch contains the source for all of the changes Red Hat makes to their kernel, one commit per fix and we've published it on oss.oracle.com/git. With RedPatch, you can access the broken-out patches using git, browse them online via gitweb, and freely redistribute the source under the terms of the GPL." (Thanks to Dmitrijs Ledkovs.)
to post comments

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 3:39 UTC (Sat) by geofft (subscriber, #59789) [Link] (4 responses)

The irony is that Red Hat did this primarily to inconvenience Oracle. But Oracle can just have their kernel hackers spend some time to deal with the problem on an ongoing basis (and hire more kernel hackers if needed), and if they didn't want to release the reverse-engineered split patches, the rest of us wouldn't be able to figure out what Red Hat's kernel contains.

I have approximately zero sympathy for Oracle, but ... you have to wonder if Red Hat thought this trick would actually work against Oracle.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 5:05 UTC (Sat) by devferret (guest, #77830) [Link] (3 responses)

All true. But really: "At Oracle, we feel everyone in the Linux community can benefit from the work we already do to get our jobs done, so now we’re sharing these broken-out patches publicly..."

I mean, there's spin, and then there's propaganda, and then you sort of fall off the end of the scale and the tummy trouble starts...

Introducing RedPatch (Ksplice Blog)

Posted Nov 16, 2012 8:28 UTC (Fri) by jrn (subscriber, #64214) [Link] (2 responses)

> I mean, there's spin, and then there's propaganda, and then you sort of fall off the end of the scale and the tummy trouble starts...

What is misleading about it? I might be naïve, but to me it *does* seem useful to be able to conveniently look up what changes went into the kernel a large number of users are testing. It also means there is a git repository I can point to and ask people to bisect in. And if I end up needing to develop against RHEL for some reason, "git blame" will finally work.

Introducing RedPatch (Ksplice Blog)

Posted Nov 16, 2012 14:53 UTC (Fri) by smurf (subscriber, #17840) [Link] (1 responses)

> What is misleading about it?

At the very least, it's misleading propaganda because Oracle is doing to MySQL this very same thing which RedHat does to the kernel. So Oracle being self-righteous about it won't wash.

RH does it to annoy Oracle, and Oracle does it to annoy MariaDB.

Introducing RedPatch (Ksplice Blog)

Posted Nov 19, 2012 3:40 UTC (Mon) by mathstuf (subscriber, #69389) [Link]

I don't know that its fully analogous since Oracle is MySQL upstream and can fully deny/hide patches while Red Hat is not kernel upstream and pushes applicable patches upstream, so its not as if there's *no* information there.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 3:46 UTC (Sat) by jcorgan (subscriber, #47213) [Link] (8 responses)

Anyone want to bet that the RedHat devs will start using this internally?

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 4:34 UTC (Sat) by brouhaha (subscriber, #1698) [Link] (7 responses)

Not at all likely. Red Hat already has individual patches in their internal repository. They only mash them together when they build the packages for release.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 0:29 UTC (Sun) by misc (subscriber, #73730) [Link] (6 responses)

In fact, people with subscription can also access them.

Introducing RedPatch (Ksplice Blog)

Posted Nov 12, 2012 9:07 UTC (Mon) by lkundrak (subscriber, #43452) [Link]

Unfortunately, subscribers can access the patches, but not the Git repository. It takes extra work to reconstruct the tree.

Introducing RedPatch (Ksplice Blog)

Posted Nov 19, 2012 15:22 UTC (Mon) by leromarinvit (subscriber, #56850) [Link] (4 responses)

Then why doesn't Oracle simply buy a Red Hat subscription and redistribute the patches? Surely they must be allowed to do that under the GPL.

Introducing RedPatch (Ksplice Blog)

Posted Nov 19, 2012 15:42 UTC (Mon) by nix (subscriber, #2304) [Link] (3 responses)

Because as soon as they redistribute them, *poof* the RHEL subscription goes away, since its contract says they can't do that without losing the subscription.

Introducing RedPatch (Ksplice Blog)

Posted Nov 19, 2012 15:46 UTC (Mon) by leromarinvit (subscriber, #56850) [Link] (2 responses)

Doesn't that violate the GPL's "no additional restrictions" clause?

Introducing RedPatch (Ksplice Blog)

Posted Nov 19, 2012 16:11 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

There are no additional restrictions on patches themselves. Oracle is free to redistribute them under the GPL.

Introducing RedPatch (Ksplice Blog)

Posted Nov 19, 2012 16:12 UTC (Mon) by mpr22 (subscriber, #60784) [Link]

Conceivably. To find out, you need to find someone who has the standing and funding to bring a lawsuit over the matter and an interest in doing so.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 7:15 UTC (Sat) by rodgerd (guest, #58896) [Link] (2 responses)

So it includes the ksplice patches that Matthew Garret's been trying to get from Oracle for months, right?

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 13:50 UTC (Sat) by mjg59 (subscriber, #23239) [Link] (1 responses)

That actually got resolved a while back. All ksplice updates should now include a source offer and they'll supply the complete source.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 20:49 UTC (Sun) by mcgrof (subscriber, #25917) [Link]

Jiri's ksplice fork on github seems to be better than their current 0.9.9 code drop.

https://github.com/jirislaby/ksplice

Will others *cough R* use this as well or will they fork out... again?

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 8:45 UTC (Sat) by danpb (subscriber, #4831) [Link] (3 responses)

The split up of patches is not quite as perfect as the blog might lead you to believe. It looks like they try to identify individual upstream patches which match code in the RHEL source, and they then create cherry-pick commits for those. eg

https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=64f...

Once that's complete, they just create a giant commit lumping together all the remaining pieces they can't match up against upstream.eg "The rest of RHEL 2.6.32-279.5.2.el6 to 2.6.32-279.9.1.el6"

https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=278...

wouldn't be at all surprised if this is just done using a simple automated script.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 0:41 UTC (Sun) by misc (subscriber, #73730) [Link] (2 responses)

Wouldn't have Oracle published the script under a free software license if it was the case ? I mean, that's what a company working to advance free software would do, no ?

Introducing RedPatch (Ksplice Blog)

Posted Nov 12, 2012 22:01 UTC (Mon) by Felix (guest, #36445) [Link] (1 responses)

And you think Oracle is such a company? Seriously?

fs

Introducing RedPatch (Ksplice Blog)

Posted Nov 13, 2012 9:00 UTC (Tue) by tpetazzoni (subscriber, #53127) [Link]

modprobe irony

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 8:46 UTC (Sat) by lkundrak (subscriber, #43452) [Link] (19 responses)

Someone please explain this to me. Red Hat already makes these patches available to RHEL subscribers (https://access.redhat.com/knowledge/sources/). Would it be illegal or risky in any other way if a RHEL subscriber (and I would be surprised if Oracle did not own a single RHEL subscription) to just publish the patches?

What Oracle does now is not the above. Their repository obviously contains hand-crafted commits of stuff they could not match with anything in public git repositories and could not break out by hand (e.g. https://oss.oracle.com/git/?p=redpatch.git;a=commitdiff;h...).

Also, did someone else notice that Red Hat started to obfuscate RHS glusterfs packages in this way? I could not even find it in the patch browser, but it might be that it does not list it because I don't have a RHS subscription (could someone confirm this?).

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 9:44 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (18 responses)

That'd be legally very risky. I'd be surprised if Oracle hasn't made sure that all engineers working on the RedPatch patch are uncontaminated from exposure to RedHat patches.

Otherwise, RedHat could sue Oracle for breach of copyright. Which (as we all know) carries very stiff penalties.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 9:52 UTC (Sat) by lkundrak (subscriber, #43452) [Link] (17 responses)

This is what puzzles me.

So, is it that a development history in between two GPL-licensed trees is not licensed by GPL? Or is the patch file not considered a derived work of the tree itself? Or am I completely missing the point?

I could not find conditions for use or redistribution of the patch files on Red Hat web site.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 10:02 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (16 responses)

You can redistribute publicly accessible RedHat patches under the GPL, no problem. However, RedHat exploits a clever trick here.

Oracle can redistribute the information about individual patches in RHEL, however they obtain it (by subscribing to RHEL, for example). But they can do it exactly once.

Because publishing the patches terminates the contract between RHEL and Oracle. And without a contract it's illegal to access the RHEL systems that carry patch information.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 10:34 UTC (Sat) by boklm (guest, #34568) [Link] (2 responses)

Does the contract allow sending the patches to a 3rd person that will redistribute the patches ?

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 13:51 UTC (Sat) by khim (subscriber, #9252) [Link]

Yes and no. You can distribute it, no problem (patches are GPLed, after all), but contract is terminated in this case (and can not be renewed).

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 14:14 UTC (Sat) by bahomet (guest, #87773) [Link]

That most likely would work with a covet 3rdparty.

However, what Oracle aims at and RH tries to prevent is:
- neither access to the knowledge base meant by the patches
(that's fairly accomplished by an RHN subscription)
- nor a crusade for making this knowledge base public
- rather, making a business that builds on this knowledge base

... for which Oracle would need an authentic public distribution of that
knowledge base, and that's exactly what RH stopped to give out.

RedPatch is a clever trick though -- while Oracle cannot publicly use the original knowledge base, it's certainly possible for them to reverse engineer it from public sources and arrive at a freely usable by-and-large equivalent of the original.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 13:26 UTC (Sat) by cyanit (guest, #86671) [Link] (1 responses)

Why is that an issue?

Surely Oracle can afford to either incorporate a new company or pay a new individual every time RedHat updates their kernel, subscribe to RHEL with it, release the patches, and then terminate the contract.

Also, couldn't that contract term be construed as an additional restriction on the patches, and thus a violation of the GPL by RedHat?

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 13:49 UTC (Sat) by khim (subscriber, #9252) [Link]

This only works in countries where it's easy to bribe court to look the other way. In any sane country after few repeats all the lawsuits will be connected together and there will be looong investigation which will try to see if Oracle instigated these repeated violations in some way.

Think recent Apple in UK fiasco. Apple was pretty sure that since they found clever way to issues non-apology without violating a letter of law they were in the clear. Court was not amused.

Introducing RedPatch (Ksplice Blog)

Posted Nov 14, 2012 2:02 UTC (Wed) by Lennie (subscriber, #49641) [Link] (10 responses)

So basically this is kind of like adding extra terms or conditions to the GPL ? Which isn't allowed by the GPL.

So how do they do that ?

Introducing RedPatch (Ksplice Blog)

Posted Nov 14, 2012 2:51 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link] (9 responses)

They're not adding anything additional to the GPL.

Oracle would be totally free to redistribute patches they receive from RHEL subscription. However, nothing in the GPL forces RH to continue providing Oracle with further patches - that's not a question of copyright.

FSF had decided that it's legal quite a time ago.

Introducing RedPatch (Ksplice Blog)

Posted Nov 14, 2012 20:58 UTC (Wed) by paulj (subscriber, #341) [Link] (8 responses)

Where the GPL applies RedHat do however have to provide sources to any 3rd party though (given they distribute in binary only form in at least some situations). Which they do, hence CentOS.

Regarding the patches: Either the GPL applies to these patches, in which case RedHat must supply them to any 3rd party, and the RHEL contract makes no odds. Alternatively, the patches are not supplied because of GPL obligations, in which case this discussion above about the GPL and contract re the patches has been moot.

You can't get around the GPL "binary-distribution: supply preferred source to any 3rd party condition" via support contracts, just to be clear.

Introducing RedPatch (Ksplice Blog)

Posted Nov 15, 2012 5:22 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (6 responses)

Again, wrong. GPL forces you to supply source code if you distribute a product to a some other entity.

GPL does NOT force you to distribute it in the first place. For example, I might have some personal code under the GPL. I can give it to you and say: "If you distribute this code to someone else, I won't give you any more of my code". That's totally legal under the GPL and it's what RedHat is doing.

Introducing RedPatch (Ksplice Blog)

Posted Nov 15, 2012 6:31 UTC (Thu) by raven667 (subscriber, #5198) [Link]

That doesn't seem exactly right. RedHat isn't withholding any code from anybody, that are just distributing their kernel changes as a single patch and aren't providing an annotated changelog publicly. If you want the changelog and annotated individual change sets then you can be a subscriber, a subscription that can be terminated. The code is under the GPL, the bug tracker data is not.

IIts kind of silly as well because in most cases the individual change sets are also submitted and integrated into the mainline kernel. I don't know how many changes are only made in customer facing redhat kernels that aren't upstream, if any. Its probably hard to tell automatically because the same bug fix or feature might be coded slightly differently between different kernel versions

Introducing RedPatch (Ksplice Blog)

Posted Nov 15, 2012 8:52 UTC (Thu) by paulj (subscriber, #341) [Link] (4 responses)

If you're distributing personal code, then you're not subject to the GPL. Nothing you do with that code can violate the GPL, for you're not reliant on GPL right to distribute the work (though, it may make it hard or impossible for others to exercise the GPL rights you say you're giving them). RedHat are largely distributing other peoples' code, exercising GPL rights given to them, a different situation.

Distributing under the GPL *does* force you to distribute the source, if you distribute the work at all. Further, if at any point you distribute in binary-only form, then you are obliged to provide source to *any* 3rd party, for a specified period. This obligation, once incurred, can not be terminated.

Anyway, the point I wanted to make was more about the patches, and whether RedHat making split-out kernel patches available had anything to do with honouring their GPL commitments. If it does, then RedHat should be providing those split-out patches to *any 3rd party*, and if they do not do this then they are in breach of the GPL.

Introducing RedPatch (Ksplice Blog)

Posted Nov 15, 2012 8:58 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

> Distributing under the GPL *does* force you to distribute the source, if you distribute the work at all.

Can you please read this article again?

RedHat distributes source code of all patches. Under the GPL. You can get a RHEL subscription and you'll get access to them. Under the GPL.

You can then take these patches and re-distribute them. That's not a problem at all, you're totally free to do it. Under the GPL.

However, RedHat will revoke your access to the RHEL repository should you do this. I.e. they won't give you any further updates - neither in binary form nor in source-code form.

> If it does, then RedHat should be providing those split-out patches to *any 3rd party*
Can you provide a reference to that in the GPL? I'm under impression that GPL kicks in during the moment of distribution only.

Introducing RedPatch (Ksplice Blog)

Posted Nov 24, 2012 5:12 UTC (Sat) by steffen780 (guest, #68142) [Link] (2 responses)

"Further, if at any point you distribute in binary-only form, then you are obliged to provide source to *any* 3rd party, for a specified period."

Are you sure about this? Unless I'm severely mistaken the GPL requires you to make the sources available to the party/parties to whom you shipped GPLd stuff. It does not require you to make anything available to anyone else.

Introducing RedPatch (Ksplice Blog)

Posted Nov 24, 2012 5:29 UTC (Sat) by mjg59 (subscriber, #23239) [Link] (1 responses)

3(b) requires that you provide a written offer valid for any third party if you only distribute binaries. You can avoid that requirement by distributing under 3(a) instead (ie, provide binary *and* source simultaneously)

Introducing RedPatch (Ksplice Blog)

Posted Nov 25, 2012 1:18 UTC (Sun) by steffen780 (guest, #68142) [Link]

My bad, so I was severely mistaken.

Introducing RedPatch (Ksplice Blog)

Posted Nov 15, 2012 15:35 UTC (Thu) by jschrod (subscriber, #1646) [Link]

Where is it stated in the GPL that patches (internal intermediate results) must be published?

AFAIU, the source must be published, but not the internal commits that lead to that source. And the kernel source is published, as srpm.

FTR: I'm neither connected to RH, nor do I use RHEL or Oracle's dist privately or at my company. I think RH's policy concerning kernel source distribution is ethically wrong, but not illegal.

Introducing RedPatch (Ksplice Blog)

Posted Nov 10, 2012 8:50 UTC (Sat) by stressinduktion (subscriber, #46452) [Link]

Perhaps they use a new nifty git merge strategy to reproduce these results from the upstream git repos, -s hadoop-whole-datacenter or something.

The git tree is the source code

Posted Nov 10, 2012 12:04 UTC (Sat) by epa (subscriber, #39769) [Link] (26 responses)

The GPL requires that you distribute source in "the preferred form of the work for making modifications to it". If the workflow of programmers is heavily based on git, then the preferred form of the work is the git tree and that is what the GPL requires Red Hat (and others) to distribute. Flattening it into a tarball is no more acceptable than running it through a source mangler to strip all the comments. In both cases you no longer have the work in the form you prefer for modifying it.

Certainly, when Red Hat receive the code from Linus and pals it is in the form of a git tree, and if they distribute their changed version in a different form the onus is on them to show that this is now the "preferred" form for making modifications.

The git tree is the source code

Posted Nov 10, 2012 12:41 UTC (Sat) by branden (guest, #7029) [Link] (3 responses)

That's what I said about two years ago. The few people at Red Hat who could be troubled to respond to my argument at all basically told me to go pound sand.

It will be interesting see if the definition of "preferred form for modifying the work" now changes for the sake of whacking Oracle with a stick.

Which, to be fair, is not without its appeal...

The git tree is the source code

Posted Nov 10, 2012 14:03 UTC (Sat) by khim (subscriber, #9252) [Link] (2 responses)

It will be interesting see if the definition of "preferred form for modifying the work" now changes for the sake of whacking Oracle with a stick.

Not at all. “Closed internal repo with only occasional tarballs drop for outside consumption” is how FSF developed it's flagship products (Emacs, GCC, GLiBC) for years starting from the very beginning. And they created the GPL, remember?

P.S. You may say that FSF eventually opened their repos but remember that this was political decision, not copyright-dictated one.

The git tree is the source code

Posted Nov 10, 2012 19:51 UTC (Sat) by donbarry (guest, #10485) [Link] (1 responses)

The "preferred form for modifying the work" has changed with time as the state of the art has developed. In the 1980s and 1990s, there was sccs, rcs, and eventually cvs. Most development was done by small teams, and the growth of larger free software communities, and a social environment accompanied by effective source management tools to support that social environment -- was in the future. Did the FSF lag behind some other organizations in moving to these tools? Yes and no. Though some of their projects, which are often quite "loosely" within the FSF umbrella, moved faster than others, the FSF also promoted early DVCS efforts like GNU Arch, and made sure that alternatives to the early proprietary social programming sites like sourceforge (which was briefly free software) were available.

We owe them our gratitude. Remember that their resources are often orders of magnitude less than that of even the free software companies.

The git tree is the source code

Posted Nov 15, 2012 13:36 UTC (Thu) by vonbrand (subscriber, #4458) [Link]

I can get Linus' kernel source as a tarball, unpack it and make a git repo for my own use, and thus have a set up that makes my development more productive. I might even throw in some other, closed source tools for my own pleasure. That doesn't mean anybody is entitled to said tools results. What GPL demands is the source code to study and modify, not random gossip on who wrote what line and changed what else. The same way it doesn't require anybody to ship the editor, compiler and whatnot the developers require for their work.

The git tree is the source code

Posted Nov 10, 2012 13:01 UTC (Sat) by paulj (subscriber, #341) [Link] (1 responses)

If no kernel copyright holder objects, then RedHat have no problem, regardless of the merit of this argument (I think it's pretty clear that RedHats' preferred form for working on their kernel package is NOT a single, unified tarball). So a kernel hacker would have to notify them to desist and be prepared to sue them if they do not. How likely is that?

The git tree is the source code

Posted Nov 10, 2012 13:18 UTC (Sat) by dowdle (subscriber, #659) [Link]

I'm sure a handful of Oracle employees have some code in the kernel that they hold copyright on. I definitely favor Red Hat here, but I'm just saying. At the very least, think btrfs.

What is weird to me... is that btrfs is the "zfs for Linux" but it so happens that Oracle also owns zfs. They could change (or dual license) zfs for Linux if they wanted to, but no... they'd prefer to have one product that is ok with the GPL (btrfs) and one that is not (zfs).

The git tree is the source code

Posted Nov 10, 2012 13:59 UTC (Sat) by khim (subscriber, #9252) [Link] (13 responses)

If the workflow of programmers is heavily based on git, then the preferred form of the work is the git tree and that is what the GPL requires Red Hat (and others) to distribute.

Many developers don't use git (Linus himself used just a series of tarballs for years). And since in court you'll be confronted by FSF (it developed gcc, glibc and many other things in exactly this fashion for years—the only difference was that they used CVS and not git back then) who wrote GPL in the first place… I wish you luck—you'll need it.

The git tree is the source code

Posted Nov 10, 2012 16:48 UTC (Sat) by epa (subscriber, #39769) [Link] (12 responses)

The FSF is not relevant here - as the copyright holders of the code they wrote, they could not get in trouble for violating the GPL no matter what they did. I think that if it ever did get to court, showing "the preferred form for making modifications to the program" would be pretty straightforward.

Counsel: And so during your time at Red Hat you normally worked on changes to the software using the git tree?

Witness 1: That's right.

Counsel: But why didn't you just use a tarball instead?

Witness 1: That would make my job more difficult, because...

Counsel: So you would say that you preferred to operate on the git source tree rather than a tarball?

Witness 1: Yes.

The git tree is the source code

Posted Nov 11, 2012 2:31 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

How far down the rabbit hole do you want to go? I prefer to modify the source I work on with Vim using a directory setup which I have Vim and zsh configured to work with easily via custom scripts, aliases, and commands, at least 2 monitors if possible, and so on. How do I enforce that those I distribute to receive this "preferred form for making modifications to the program"?

The line has to be drawn somewhere. IANAL, but I'd think it'd be close to the form which implies the fewest number of "tools" given a "clean system" and is such that a "reasonable modification" could be made. For example, a standard tarball requires tar, one of the decompression binaries, and an editor (which could likely be assumed since modifications need to be made). These "tools" should probably be generally accessible (though not necessarily free), but that's another definition that would need pinned down.

The git tree is the source code

Posted Nov 11, 2012 18:27 UTC (Sun) by khim (subscriber, #9252) [Link] (10 responses)

The FSF is not relevant here - as the copyright holders of the code they wrote, they could not get in trouble for violating the GPL no matter what they did.

FSF set the standard. Others (for example Cygnus) worked in this fashion also.

Counsel: And so during your time at Red Hat you normally worked on changes to the software using the git tree?

Witness 1: That's right.

Counsel: But why didn't you just use a tarball instead?

Witness 1: That would make my job more difficult, because...

Counsel: So you would say that you preferred to operate on the git source tree rather than a tarball?

Witness 1: Yes.

And now for the cross-examination:

Counsel: Was your repo a replica of the official tree?

Witness 1: No.

Counsel: You imported the official tarball and applied local patches on top of that to make repository smaller.

Witness 1: That's right.

Counsel: And you have not used the full replica of the official repo, because...

Witness 1: It'll be too large and unwieldy and it was easier to start with tarball.

As I've said: I wish you luck—you'll need it. I'm not saying it's impossible to prove that git is "the preferred form for making modifications to the program", but it'll be quite hard. You'll need to collect statistic and prove that most developers use replica of the official git tree (I'm not sure if that's even true at all and to use this argument in court you need to prove that it's true without any shadow of doubt), then you'll need to somehow explain why kernel developers themselves don't think git repo is essential, etc.

Fell free to do that if you have too many millions of dollars to burn.

The git tree is the source code

Posted Nov 11, 2012 19:03 UTC (Sun) by Jonno (subscriber, #49613) [Link]

> to use this argument in court you need to prove that it's true *without any shadow of doubt*

Actually, that would be a civil case, so you only have to prove it *on the balance of probabilities* (eg. that is more likely than not) but that is still quite a hurdle.

And BTW, even criminal cases only require *beyond reasonable doubt*, not beyond any doubt, as that would generally be impossible...

The git tree is the source code

Posted Nov 11, 2012 21:22 UTC (Sun) by epa (subscriber, #39769) [Link] (1 responses)

OK, I wasn't aware that developers working on the Linux kernel preferred to start with the tarball rather than fork from Linus's git tree or the git tree of some other kernel developer. If that is the case, then it's fair to say that they are distributing the code in the same form they received it, which is also the preferred form for making further changes.

The git tree is the source code

Posted Nov 12, 2012 15:59 UTC (Mon) by khim (subscriber, #9252) [Link]

It may be surprising, but yes, not all developers use Git. That's well-known fact. And the ones who use it not always use replica of the official repo.

It's hard to find out solid numbers, of course.

The git tree is the source code

Posted Nov 11, 2012 23:06 UTC (Sun) by viro (subscriber, #7872) [Link] (6 responses)

> Counsel: Was your repo a replica of the official tree?

> Witness 1: No.

Perjury is generally frowned upon... I do *not* think that "preferred form" argument would fly, since the general practice is what it is, but your "defence" is a load of horse manure. Anybody who starts a tree by importing a tarball instead of doing git clone is an idiot; "too large and unwieldy" being what, ~500Mb for full history? _And_ that's ~500Mb that only has to be present in a local clone of mainline tree; setting alternates to point to it eliminates that from yours, so unless you seriously propose a workflow that consists of git show or git format-patch on another box + mail or scp to the box where you work on your tree for each backport... *shudder*

In any case, I don't think that "RH kernel team does not consist of hopeless idiots" can be considered confidential information, so... No, rhel6 kernel git tree is *not* set up in such a cretinous way.

The git tree is the source code

Posted Nov 12, 2012 12:03 UTC (Mon) by nix (subscriber, #2304) [Link] (5 responses)

Quite. I suppose it might make sense, if you were doing development on a really space-constrained embedded box or something -- but I hope you're never running a compile on that sort of machine, or you'll be waiting for hours and hours.

(Alternates aren't ideal -- one fetch in the wrong place and oops you suddenly have heaps of redundant objects since you need to pull in the other place too and you probably don't have them set as alternates of each other. You need to be quite rigid in your fetching habits if this is really to save you a lot of space. But, heck, I do that sometimes and it just vanishes in the oceans of space on my multiple-year-old obsolete small disks. Even the *Chromium* source tree vanishes in the oceans of space on those disks. Disks you can actually buy nowadays will be even larger. This argument will never fly.)

The git tree is the source code

Posted Nov 12, 2012 16:05 UTC (Mon) by khim (subscriber, #9252) [Link] (4 responses)

It makes sense when kernel is only part of the package. "~500Mb for full history" may not seem like much, but take 500Mb for kernel, 600Mb for gcc, 100Mb for binutils, etc and you soon arrive at gigabytes.

And if you throw aways history of other projects to save space, then why will you want to offer special treatment to kernel?

The git tree is the source code

Posted Nov 12, 2012 17:13 UTC (Mon) by peter.todd (guest, #63121) [Link] (1 responses)

Git offers a method to do a git checkout without getting full history known as a shallow clone. It's fast and allows you to later get the rest of history if you need to merge the tree later on. Secondly if you haven't been importing binary files into your repository even years worth of changes tends to compress very effectively to the point where the space taken up by old revisions is a small multiple of the most recent revision.

I find it hard to believe that arguing tarballs are the preferred form of source code for a project otherwise developed with git would pass the balance of probabilities test in a civil case. After all, as mentioned elsewhere the other side just needs to ask your developers what they use to work with the source code. Even if they reply with a different revision control system, that indicates that you should be publishing your changes from it instead.

Having said that, if internally you *actually* don't use *any* revision control system, then yeah, maybe for you the preferred form really is tarballs.

The git tree is the source code

Posted Nov 12, 2012 19:34 UTC (Mon) by tzafrir (subscriber, #11501) [Link]

A shallow clone removes all the history from a project. I suspect you'll find it hard to believe that arguing shallow clones are the preferred form of source code for a project otherwise developed with git would pass the balance of probabilities test in a civil case.

The git tree is the source code

Posted Nov 12, 2012 21:43 UTC (Mon) by viro (subscriber, #7872) [Link] (1 responses)

FWIW, I don't believe that such a requirement would fly in a court; at least not for quite a few years. Said that, size arguments are BS:
$ du -s .
652664 .
$ du -s .git
118828 .git
and that - on a tree with alternates pointing to straight mirror of kernel.org linux-2.6.git (which obviously doesn't need to be distributed). Note that unpacked kernel source eats about 4.5 times more than everything in .git. IOW, it's really noise. Granted, that's unpacked (i.e. working tree, not package being distributed), but packed (tar.bz2) will give only ~2 times increase compared to that of source without history - more than 1.2, but not very much more.

_Legally_ git doesn't qualify as "preferred source", but for all practical purposes it is strongly preferred as far as kernel work is concerned. gcc is a different story - they prefer suckversion and _that_ is a space hog, indeed. binutils... IIRC, they also use svn these days.

I don't know how to express that in license without running into insane corners, like "you must never rebase / cherry-pick / fold incremental fixes". On the other hand there's patently obnoxious behaviour several groups used to demonstrate - once a year or so they ran diff between the mainline and whatever had been in their CVS tree and post megabytes of non-differentiated garbage to e.g. l-k, usually reverting a bunch of fixes in process. Hell knows... TBH, I doubt that license is the right tool here...

The git tree is the source code

Posted Nov 13, 2012 12:12 UTC (Tue) by jwakely (subscriber, #60262) [Link]

> gcc is a different story - they prefer suckversion

It's true the repo lives in subversion, but some (many?) of us use git-svn to work with it. I certainly don't prefer subversion and can't remember the last time I used subversion to commit anything.

The git tree is the source code

Posted Nov 10, 2012 14:00 UTC (Sat) by Otus (subscriber, #67685) [Link]

> If the workflow of programmers is heavily based on git, then the preferred
> form of the work is the git tree and that is what the GPL requires Red Hat
> (and others) to distribute.

The problem I (IANAL) see with that argument is that the GPL allows you to
keep undistributed versions private. Those intermediate versions in the git
tree were not distributed, and could in theory even include upcoming
features that were later taken out and still count as trade secrets.

The git tree is the source code

Posted Nov 10, 2012 14:14 UTC (Sat) by pbonzini (subscriber, #60935) [Link] (4 responses)

The keyword here is *modification*. You do not need patches to modify the Red Hat tree.

You need patches to analyze a process (the creation of the Red Hat kernel) and replicate the same changes to *another* program (the Oracle kernel).

I see it the other way round: the actual preferred form of modification is flattened source code. To modify something you work on a checkout, not on a source tarball + some patches. "Source code + patches" is only acceptable because it is easily flattened.

Think of it. Suppose you have a bug in a Fedora package and you found that there is a fix upstream for it, for example via a Bugzilla search. Roughly speaking, Fedora packages are distribute as a tarball and a possibly empty set of patches.

The first things you do in order to test the fix are "fedpkg prep" to flatten the Fedora package and "git clone" to fetch the upstream change. You do not need the patches that build up the Fedora package (which is what you're modifying), but you need the patches that build up upstream (which is what you're analyzing.

The git tree is the source code

Posted Nov 10, 2012 16:50 UTC (Sat) by epa (subscriber, #39769) [Link] (2 responses)

I see it the other way round: the actual preferred form of modification is flattened source code.
There's some merit in that argument. Even when people do fetch a git tree to modify the code, they don't usually look at the history of past patches but just work on their change based on the state of the code as it is now.

The git tree is the source code

Posted Nov 10, 2012 21:48 UTC (Sat) by apoelstra (subscriber, #75205) [Link] (1 responses)

>There's some merit in that argument. Even when people do fetch a git tree to modify the code, they don't usually look at the history of past patches but just work on their change based on the state of the code as it is now.

Most code I changes to code, it's usually because

(a) I am a project developer, and I need git to keep track of all the work I'm doing, or
(b) I am not a project developer, so I'm just doing a small bugfix. Then I'd like 'git log' or 'git blame' to find out where the bug came from.

The git tree is the source code

Posted Nov 15, 2012 12:08 UTC (Thu) by pbonzini (subscriber, #60935) [Link]

> (a) I am a project developer, and I need git to keep track of all the work I'm doing, or

Just use quilt, you do not need the history.

(Devil's advocate, of course---nowadays I'm spoiled by the ease of doing "git init", but I was doing the above a lot in CVS/svn days).

> (b) I am not a project developer, so I'm just doing a small bugfix. Then I'd like 'git log' or 'git blame' to find out where the bug came from.

Nice to have, but definitely not a requirement for modification.

(Not devil's advocate here, I rarely do "git clone" if I'm just fixing something for myself. I just work on top of the Fedora package).

The git tree is the source code

Posted Nov 11, 2012 11:34 UTC (Sun) by cyanit (guest, #86671) [Link]

Well, some kinds of modifications like removing or altering a specific set of changes are much better done on the git tree, and the original work (Linux) is also provided as a git tree.

It seems to me they might very well be in violation of the GPL.

The preferred form discussion has already been done (to death)

Posted Nov 10, 2012 14:36 UTC (Sat) by paulj (subscriber, #341) [Link] (2 responses)

There's unlikely to be much value in resurrecting this argument. It's been done to death already in:

http://lwn.net/Articles/432012/

At a minimum, anyone starting a discussion here needs to read all of that previous discussion first.

The preferred form discussion has already been done (to death)

Posted Nov 10, 2012 15:53 UTC (Sat) by branden (guest, #7029) [Link]

I concur. I certainly do not intend to repeat myself to khim, even if he/she has no problem repeating him- or herself to me.

The preferred form discussion has already been done (to death)

Posted Nov 10, 2012 16:51 UTC (Sat) by epa (subscriber, #39769) [Link]

Thanks for the link. I fondly imagined I was making a new point, but of course I should have checked the earlier discussion first.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 12:20 UTC (Sun) by johannbg (guest, #65743) [Link] (12 responses)

So Oracle has now an workaround for Red Hat's obfuscating their patch set move which means Red Hat will make another business move which leads to Centos and other RHEL clones ( including Oracle ) having to adapt to those changes ( and delay their release up to several months ) which leads to what I have been advocating for some time now that those maintaining RHEL Clones should just come to Fedora and maintain an Fedora LTS release with ca 3 years release lifecycle ( or more if they want ) instead and simply stop cloning RHEL ...

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 13:41 UTC (Sun) by seyman (subscriber, #1172) [Link] (11 responses)

Did the clones really have to adapt? Rebuilding the binary rpm is as complicated with an empty patch set as with a non-empty one so I'm not sure there's much to adapt to.

The only issues were would be if you're selling support (like Unbreakable) and if you're using Red Hat's efforts to maintain another kernel over the same stretch of time.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 16:06 UTC (Sun) by johannbg (guest, #65743) [Link] (10 responses)

It took Centos several month to catchup after Red Hat's last major release

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 17:48 UTC (Sun) by rahulsundaram (subscriber, #21946) [Link] (9 responses)

That has nothing whatsoever to do with the changes Red Hat did to the kernel. CentOS developers publicly said that long back that Red Hat changes don't affect them in anyway.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 18:25 UTC (Sun) by johannbg (guest, #65743) [Link] (8 responses)

I beg the differ if it takes them what 6 - 7 months to play catchup from the inital rhel 6 release so I would say that Red Hat's business move surely did affect them.

Care to share with audience which Red Hat changes caused it to be if not the obfuscation manoeuvre?

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 18:45 UTC (Sun) by mjg59 (subscriber, #23239) [Link] (5 responses)

Correlation is not causation. You're the one making the claim - you demonstrate how flattening the patches made it harder for CentOS to rebuild the SRPMs.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 18:59 UTC (Sun) by johannbg (guest, #65743) [Link] (4 responses)

No I said Red Hat's business move did cause the Centos delay are you saying that the only change they did was obfuscating their patch set?

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 19:08 UTC (Sun) by mjg59 (subscriber, #23239) [Link] (2 responses)

The story you're responding to is purely about the patch flattening. What other changes are you thinking of?

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 19:18 UTC (Sun) by johannbg (guest, #65743) [Link] (1 responses)

Yes which I'm pretty sure affected their plus repository directly but I'm might be entirely wrong that Red Hat did any other change and the reason that the Centos got delayed for all those months was entirely the Centos teams own fault...

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 19:20 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

I'm not aware of any changes that Red Hat made which were likely to have held up the CentOS releases.

Introducing RedPatch (Ksplice Blog)

Posted Nov 11, 2012 19:08 UTC (Sun) by johannbg (guest, #65743) [Link]

Surely this move must have affected "CentOS Plus" which last time I checked ( which arguably was long time ago since I stopped recommending and using Centos when the project grounded to an halt of a missing admin ) was the repo where they applied their own patch set...

Introducing RedPatch (Ksplice Blog)

Posted Nov 12, 2012 0:48 UTC (Mon) by rahulsundaram (subscriber, #21946) [Link] (1 responses)

Are you claiming that CentOS developers are wrong and you know better than them what caused their delay? If you are going to make assumptions and insist that it must be true, you must be willing to provide evidence that it was the cause of the delay or it affected them in any way public claims from them non-withstanding. Otherwise, be willing to admit you were wrong and move on.

Introducing RedPatch (Ksplice Blog)

Posted Nov 12, 2012 1:01 UTC (Mon) by dlang (guest, #313) [Link]

the CentOS folks have not been particularly speedy in getting a release out for quite some time. Plus the kernel is a rather small part of the OS. As a result of both of these, it's hard to attribute all (or even much) of the delay in the last release to the patch granularity


Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds