Linus on documenting patch provenance
Posted May 24, 2004 0:16 UTC (Mon) by Eudyptes
Parent article: Linus on documenting patch provenance
I seems that Linus wants to track the "chain of custody" as it were. This
is standard with any org that needs to do investigations. From what I can
gather it's seems to go something like this:
A. D. Veloper submits the orignal patch for kpatch.h
B. D. Veloper changes this patch (still read as) kpatch.h
C. D. Veloper and D. D. Veloper, etc..
Now some Company screams "foul" and states that this was ripped of their
"proprietary" work. How do you prove or disprove this?
So it comes to light that "C. D. Veloper" worked for or had access to said
company's source code and got lazy and folding in a piece of code for said
company's stuff. Well, now you have a fairly good idea where the "taint"
came from. This would afford you knowledge of who got lazy or careless
(you just didn't get it). Furthermore, should you need to take out that
part that tainted code you could concievably do this without having to
rewrite the entire code for "kpatch.h".
Another thing to consider is moles. Yes, moles!. Is it inconcievable
that some business/corp that takes considerable exception to the work and
success of Linux-F/OSS want to see it derailed? Let's say there's a
particular piece of work that has been difficult to work with. Then
somebody (let's call them X. D. Veloper) submits a patch that solves this
problem, or moreover seems to submit several pieces of code to a number of
projects. Then in time it is contended that these several projects code
bases are tainted with proprietary work/IP stuff. Well, with a chain of
custody a pattern could be seen, such as every project touched by X. D.
Velopers appears to be tainted. This would call into question just who
this person is and where/why he/she has been able to provide so much code
to solve problems.
On the otherhand, the positive aspect of this is that someone that has
"cleanly" provided several fixes can be recognized. Y. D. Veloper has
repeatedly submitted patch work that has indeed solved a good many
problems and provides very cogent and clean work. This person may be
someone that has a yet unrecognized talent that the Dev team may wish to
When the whole SCO fiasco started. Many, including my self, did
exhaustive searches to find who from SCO/Caldera had submitted work, as
well as to what and when. Given that people from almost every corner of
the globe and having varied backgrounds have submitted work to Linux and
F/OSS it think it only prudent to have a clear "chain of custody" without
having a cumbersome and overbearing impact on the process.
Just MHO. :)
to post comments)