Hello, On Fri, Mar 23, 2012 at 13:15, Jean-Michel Pouré - GOOZE <jmpo...@gooze.eu> wrote: > In the past, main OpenSC developers used to have write access to the > main trunk or at least to their development. > > This is no longer the case. The new collaboration tools like GIT are > used to limit the power of the main developers.
The question is not about "trunk access" or trying to hinder or grow someones power (have you read [1] where the policy of "write access" is described (which was, by the way, never made clear in writing before that paragraph and should not apply in case of Git either, but nevertheless, it is still something to stick to and if you see deviations, voice out) but about making sure that we somehow improve the code quality, actually review what gets added and maybe even at least adhere to somewhat common code formatting and stick to comments and variable names in English. Git is supposed to make that all easier, but it also has some drawbacks, as is seen. It also requires possibly more work from code authors. > * pcsc-lite project is asking some companies to pay for review and I am > worried about that. Also I don't trust the way tokend is managed, as I > can see activity around Gemalto drivers, not elsewhere. You don't trust Apple. Fine. Me neither. There's nothing I can do about it. Do you know that Tokend is deprecated/obsoleted by Apple, since July last year ? I don't know what will happen next, nor do I know anyone who would know. I don't know what do you refer to by "pcsc-lite project is asking some companies to pay for review". If you mean "asking money before listing this as "tested as working by me"" on his website, Ludovic has every right to do that. Also, somehow the time that is spent on working on something, needs to be supported and money made to support families or whatever somebody chooses to do and asking money for services delivered (throughout testing and "signing"/personally endorsing something) is a nice way of supporting open source activities. You seem to achieve this by selling cards and readers. Also an option, which nobody has questioned this far. If you mean that somebody is asking money before code can be commited somewhere, then yes, there is a problem. And you are free to fork to work around this problem. I have no indications of such problems and I believe that Ludovic has been one of the most active, supportive and knowledgeable persons in the open source smart card field, ever (judging this from my experience dating back to around 2003) > I know several > companies releasing their own libccid and this is not good. Can you list them and can you bring out the differences? If you name ACS, then the reason is obvious: they don't adhere to CCID spec on their descriptor and that's a sign from the company, that they do not *want* to be supported by libccid. But they have done CCID readers as well, so they do know how to do that, in general. But then again, this is the their choice which they are free to make. > So to make > it clear, I don't trust Ludovic Rousseau to defend our interest, > although he is a good developer. This starts to be rude. I think the only reasonable answer to this is: this is open source software, you are free to fork pcsc-lite and ccid if you want. End of story. > For example, there never was a speed > detection algorithm in libccid, so that some smartcard readers do > initialize at low speed. But some Gemalto readers do initialize thanks > to some libccid hack in code. Last time I remember this discussion, it was about being more complicated than it seems at first. Maybe if you have a patch against a specific reader with a specific problem, it is more suitable. I've also seen Gemalto products, where the speed is awful, because the reader in fact does not advertise better speeds. The list of readers supported by libccid is quite huge, so instead of possibly breaking all of them a specific model related patch might be better. > * For me the next step is a company like Apple or Gemalto taking over > OpenSC. Sorry, that's not legally possible. This starts to call for tinfoil hats. How would you envision that would happen? Do you know that there is a history of companies like Gemalto abusing OpenSC? And the effort and not the friendliest words that have been said to *fix* that (I've done that, I must admit), instead of trying to "sell out and cash away". I would envision Apple or Gemalto actually pouring money and development resources into forking OpenSC and releasing their own branded version, much as Apple does with many things, and being hugely successful in multimillion government business and releasing smooth installers with killer features. They would have the right to do that, based on LGPL. OpenSC would benefit, because of LGPL (but Apple or Gemalto would possibly reap the cream from that). And they would deserve that, as they poured in resources. > Some reviewers are already Gemalto contractors, this is not a > secret. Sorry, everybody is free to work for whoever they think they would like to work for. Coming public with affiliations is desirable but can not be required. If you have reasonable proofs that someones affiliations do result in certain conflict of interests, then you should do that. I'm not the payroll of Gemalto nor have been. Best, Martin [1] https://www.opensc-project.org/opensc/wiki/DevelopmentPolicy#Gitworkflowandversioning _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
