On Tue, 2005-03-15 at 10:57 -0500, Jeffrey Stedfast wrote: > you have to realise > that trust has to start somewhere. if an open source project can't trust > code from strangers, then open source software as a whole will just die > because no project could ever accept contributions.
I agree. > how did you know you could trust patches being submitted to your > project? did you know all the contributors to be trustworthy? how? Well, I am a co-maintainer for two GNU projects, none of which needs copyright assignments. And I am already extra careful with them. With FriBidi, we haven't ever received a significant patch from someone we didn't already know, and for Miscfiles in the single case that a somehow significant patch was coming my way, I somehow made sure the data is collectible from free online sources and double checked with the contributor. But these are small projects. It can't happen with a large project like Evolution, I know. > at > some point in the past, every open source contributor in the "community" > must have had to submit a patch before he was "well known". if no one > trusted that his code wasn't lifted from somewhere, then his patches > never would have been accepted and he'd never have become "well known". I agree with your reasoning. The point is that not everything is that black and white. You could be more careful in certain cases, like with people who are already under suspicion for infringing copyrights or with code similar in function to the code they sent. I'm not saying "Don't trust anybody". I'm saying "Be careful, as there may be illegally copied code coming your way." You would have been more careful if you heard the source code to Microsoft's Outlook has leaked, wouldn't you? Let me state it this way: I volunteer to thoroughly review any Evolution patch related to alternate calendars for possible copyright problems, if it comes to my attention (I know about many of the implementations already available). I have already created a general bug on bugzilla for alternate calendars and have subscribed to evolution-hackers to increase the chance I hear about such patches. I would very much appreciate it if some kind soul reminds me when such a thing happens. > so you see, we have a chicken & egg problem here. I understand. > the blame goes to the person who signed the legal document saying he > takes responsibility for it, so yes. I don't agree at all, but I guess I should let this rest. It may be too hypothetical. But SCO vs IBM always comes to mind. There may sometime come an SCO with a real case. roozbeh _______________________________________________ evolution-hackers maillist - [email protected] http://lists.ximian.com/mailman/listinfo/evolution-hackers
