May 24, 2004

Linux kernel developers to log their trust

Author: Jay Lyman

Linus Torvalds trusts that when any of the 25 or so Linux kernel subsystem maintainers collaborating on the operating system send him
code, it hasn't been stolen from anyone. Starting today, the approval process will be formalized to
document a "chain of trust" to deter intellectual property claims like
those leveled by SCO, according to a proposal from Torvalds and the Open Source Development Labs (OSDL).

On Saturday Torvalds posted a request for discussion to the Linux Kernel Mailing List "suggesting that we put in more of a process to explicitly document not only where a patch comes from (which we do actually already document pretty well in the changelogs), but the path it came through." Torvalds said in the mailing list posting that detail and defense against SCO meant searching archives from more than a decade ago. To avoid the same drudgery in 10 years when SCO's IP attack is taken up by another company with a copyright or contract claim, Linux developers will be able to use the new process to more easily prove the patch's origin and path into the kernel.

Torvalds said the new documentation was also created with companies'
existing "release criteria" in mind, making it ideal for incorporating into
existing processes.

Both Torvalds and OSDL Chief Executive Officer Stuart Cohen indicated the DCO, while an added step, was created to cause as little disruption as possible to the existing process. Cohen said the move would not slow down the
kernel development process. "This is something Linus has been working on with a set of people in the community to make sure it was easy to implement and not restrictive and would not change the way people are doing things," Cohen said.

"It's Linus's process," Cohen told NewsForge. "We have certainly made Linus aware, as have other developers and users, of a need to enhance the process on an ongoing basis."

Cohen said Torvalds had been working with a set of "trusted confidantes"
to formulate the proposed "Developer's Certificate of Origin (DCO)," calling
it "one more step in the process."

"He's had a pretty good tracking system, personally," Cohen said. "The
other system maintainers have their own good tracking systems; Andrew
[Morton] has his own tracking system. I would say [Linus] knew
most of the people and most of the code before, anyway. This is just going
to put a piece of rigor in the process."

Cohen indicated that much of the demand for the new contribution
documentation comes from the increased use of Linux by increasingly larger
enterprises. "There's a lot of big companies deploying Linux in major ways," he said. "They would like to see documentation similar to what they see from other software companies. This is one step closer and it's allowing big business to see the process we use."

Click Here!