On Fri, Jan 16, 2009 at 07:04:13AM -0500, Marshall Eubanks wrote: > This raises a question. The IETF publishes relatively little code > compared to the millions of lines of open source code out there. How > do the large open source projects protect and indemnify themselves > and their participants in case someone takes some code they don't > own, post it to a CVS, and it winds up in (say) the Linux kernel ? For the Linux Kernel, we use the Developer's Certification of Origin system, which was the Signed-off-by: headers I demonstrated. There are also code-scanning tools available at sites such as Fossology.org (a working group of the Linux Foundation). A lot of this will be noticed by humans doing code review; for example, Microsoft code usually decorates its variables using Hungarian Notation (i.e., szName), and most OSS projects don't use that coding convention, so code which looks horrible and/or causes unpleasant flashbacks will raise red flags. :-) That being said, this is a problem which common to proprorietary software as well as open source software. More than once, I have been contacted by companies doing due-diligence before, during, and after a corporate acquisition, when they had found copies of GPL'ed code which I had authored, complete with my copyright statement and "This code may only be copied under the terms of the GNU Public License"... in proprietary code that was shipped as product by the company that had just been acquired. Yes, there *are* programmers that clueless out their writing code for proprietary software companies.... - Ted _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf