On Mon, Nov 14, 2005 at 01:51:36AM -0800, Leo Simons wrote: > Rant below. Decided not to tone it down.
Oh that's a nice examplary attitude Leo. Go and behave just a little will you? I spent some more time thinking about this and soul searching and I talked to Geir for a little bit to get more of an idea of what is actually and what is actually not the end of the world as we know it [1]. > On Mon, Nov 14, 2005 at 12:11:57AM -0500, Geir Magnusson Jr. wrote: > > Comments welcome. > > I like everything but the references to "Black Duck Software". I took > a look at their website and their licensing policies and everything > about it "feels" wrong. I don't like basing a big part of our processes > on some commercial black box "service-like" offering. Apologies to Black Duck for taking some cheap shots at 'em but I'll stick to the black box bit. And my dislike of fancy marketing stuff in place of technical facts. Anyway... Lets turn this around. The key with harmony is to be as open and as transparent about anything and everything as humanly possible, and preferably just a little more than that. If someone says, "yo people, I wrote this code and its all mine and lets use it" then that's that. If someone says "we have this code at our company which we've worked on for 5 years but the details of what constitutes 'we' and 'this' is a bit different from what you guys expect", then we say, "err, sure, that's okay too, let's just all take a good look. Here's tools that might help with that". Tools are a good thing. Getting more people using grep on a daily basis seems to be a good thing, too (lets not have a grep vs spotlight debate). Fear of tools or lack of understanding of tools is the bad thing, and basing processes on those tools is worse. > Leading Open Source Foundation Does Not Trust Its Own Processes <snip/> I think I wrote down all of my own FUD about this rather well :-). Luckily the way to dissolve these fears also seems easy enough: > Now, if these tools were open source and I'd be able to take a look at > how they work I might put some trust in them. Perhaps I'm suffering from a bad case of "Not Invented Here" syndrome, but a headline like Open Source Code Analysis Tools Proves Open Source Is Not A Risk At All The Apache Software Foundation recently started offering a new source code analysis tool which can be useful in detecting the origins of software. "Our codebases have always been real shiny and clean and we have now developed some tools that prove this point. Writing and running some automated software is a lot cheaper than lawsuits!", one Apache zealot said. "Besides, we know grep way better than friggin' SCO!" is not inconceivable either. Everything looks so grim on mondays, doesn't it? LSD [1] -- http://www.astro.washington.edu/endsofworld/