harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Simons <m...@leosimons.com>
Subject Re: [legal] Proposed changes for the Bulk Contributor Questionnaire
Date Tue, 15 Nov 2005 22:38:51 GMT
On Mon, Nov 14, 2005 at 01:51:36AM -0800, Leo Simons wrote:
> Rant below. Decided not to tone it down.

Oh that's a nice examplary attitude Leo. Go and behave just a little
will you?

I spent some more time thinking about this and soul searching and I
talked to Geir for a little bit to get more of an idea of what is
actually and what is actually not the end of the world as we know it

> On Mon, Nov 14, 2005 at 12:11:57AM -0500, Geir Magnusson Jr. wrote:
> > Comments welcome.
> I like everything but the references to "Black Duck Software". I took
> a look at their website and their licensing policies and everything
> about it "feels" wrong. I don't like basing a big part of our processes
> on some commercial black box "service-like" offering.

Apologies to Black Duck for taking some cheap shots at 'em but I'll stick
to the black box bit. And my dislike of fancy marketing stuff in place of
technical facts.


Lets turn this around. The key with harmony is to be as open and as
transparent about anything and everything as humanly possible, and preferably
just a little more than that. If someone says, "yo people, I wrote this code
and its all mine and lets use it" then that's that. If someone says "we have
this code at our company which we've worked on for 5 years but the details of
what constitutes 'we' and 'this' is a bit different from what you guys
expect", then we say, "err, sure, that's okay too, let's just all take a good
look. Here's tools that might help with that".

Tools are a good thing. Getting more people using grep on a daily basis
seems to be a good thing, too (lets not have a grep vs spotlight debate). Fear
of tools or lack of understanding of tools is the bad thing, and basing
processes on those tools is worse.

> Leading Open Source Foundation Does Not Trust Its Own Processes

I think I wrote down all of my own FUD about this rather well :-). Luckily
the way to dissolve these fears also seems easy enough:

> Now, if these tools were open source and I'd be able to take a look at
> how they work I might put some trust in them.

Perhaps I'm suffering from a bad case of "Not Invented Here" syndrome, but a
headline like

  Open Source Code Analysis Tools Proves Open Source Is Not A Risk At All

  The Apache Software Foundation recently started offering a new source
  code analysis tool which can be useful in detecting the origins of
  software. "Our codebases have always been real shiny and clean and we
  have now developed some tools that prove this point. Writing and running
  some automated software is a lot cheaper than lawsuits!", one Apache
  zealot said. "Besides, we know grep way better than friggin' SCO!"

is not inconceivable either.

Everything looks so grim on mondays, doesn't it?


[1] -- http://www.astro.washington.edu/endsofworld/

View raw message