Geir Magnusson Jr. wrote: > > On Nov 15, 2005, at 8:20 PM, Dalibor Topic wrote:
>> Stuff beyound that would probably go beyound uncovering simple >> accidents, and would require quite a bit of cooperation from Sun to >> disclose the pedigree of their implementation's code and equivalent >> copperation from the contributors. >> > > Why? The source is available under the JRL. But not its history, and that's the interesting part about code pedigree: where does this particular line come from in code base X and do they come from a common source and if so, was that OK? I don't know if one can find out the pedigree of JRLd code (or Microsoft's implementation, or IBM's closed source stuff, any other closed implementation we'd like to avoid having enter our code base by accident) without extensive (and presumably expensive) cooperation from people who own the code. >> How do we determine for sure who wrote what when, and who copied what >> from whom, if that was OK then, and if the contributor has the right to >> contribute his changes? In case of conflicting opinions, what do we do? >> Or even worse, if code comes from a now defunct and dead open source >> project from 1997 [1], with noone around any more, the web site and >> archives wiped out, what do we do? :) >> > > I presume that the answer isn't "stick head in sand". > No. Have a process, etc.:) > Let me ask you this - if the above software did exist and it made it > into Harmony's SVN, would you prefer that > > a) we knew about it and could explain the decision to include it > > b) We were surprised at some future date > I'd prefer a all the time over b. But I don't think it's possible to avoid b, no matter how advanced keyword scanning (or other) tools we use. Mistakes are bound to happen and to slip through, we're dealing with humans. > I agree that it *can* get very complicated in the hypotheticals, but > I'd bet that the majority of what we'd find - if we'd even find > anything at all - would be due simple misunderstandings and mistakes. Yeah, I wouldn't expect anything other than that, either. > I'd sleep better knowing that we at least tried. One of our best > defenses in the event something went wrong would be a demonstrable, > good faith effort to do reasonable oversight. Sure. I've misintepreted your original post to put a lot more faith into tools than I'd be confortable with, and your subsequent posts have made it clearer what the rationale is, and how it is supposed to work out. Thaks for taking your time to do clarify it. cheers, dalibor topic
