Following SCO's allegations regarding the origination of some source code files comprising the Linux Kernel, in May of 2004 Linux creator Linus Torvalds implemented a simple method for tracking how patches reach the source tree [story]. The simple system was further refined in the following months [story], and has become second nature to most kernel developers. However, a recent debate on the lkml illustrated the fact that nothing is simple, in this case with concerns that archiving someone else's email address in the "Signed-off-by:" line could violate the UK's Data Protection Act.

Alan Cox [interview] suggested that to solve for this concern, the DCO, or Developer's Certificate of Origin, be updated to explicitly give permission to include an email address when archiving patch information. Linus agreed, "yes, I'll update the SubmittingPatches [documentation file] to state explicitly that the sign-off is a public record." Alan pointed out that adding a comment to the file alone is not enough, but that the new wording needs to be part of the DCO, "you have to -actively- agree to the DCO to submit a change, and that is what makes it work (whether you put something in submitting patches or not that is more explanatory)." Again, Linus agreed, "I'll also run it past the OSDL lawyer, and if others were to run it past their lawyers, that would be good." Once approved, the update will become version 1.1 of the DCO.

A lengthy and interesting thread was started on the lkml by Chris Wright looking to define a centralized place to report security issues in the Linux Kernel. Chris offered his services in getting things set up, addressing his email to Linus Torvalds, Andrew Morton [interview], Alan Cox [interview] and Marcelo Tosatti [interview]. He explained that he wanted to centralize the information "to help track it, make sure things don't fall through the cracks, and make sure of timely fix and disclosure". The resulting discussion was joined by numerous members of the kernel hacking community, exposing a wide range of opinions.

Linus agreed that it sounded like a good idea, but qualified this by adding, "the _only_ requirement that I have is that there be no stupid embargo on the list. Any list with a time limit (vendor-sec) I will not have anything to do with." An embargo in this case is the time period from when a security problem is first reported to when a fix can be made public. Marcelo pointed out that a certain amount of time is necessary, "for the vendors to catch up", explaining that "it is a simple matter of synchronization". Linus again stressed his dislike for the vendor-sec mailing list suggesting that at times the length of the embargo period is often more about politics than anything else. He then added, "but in the absense of politics, I'd _happily_ have a self-imposed embargo that is limited to some reasonable timeframe (and "reasonable" is definitely counted in days, not weeks. And absolutely _not_ in months, like apparently sometimes happens on vendor-sec)." In a followup comment he clarified, "btw, the only thing I care about is the embargo on the _fix_", noting that he was comfortable if there was a need to delay publishing an explanation of the security hole so long as the fix itself was quickly released.

At the July 2004 kernel summit, it was decided that the current 2.6 development process with teamwork between Andrew Morton [interview] and Linux creator Linus Torvalds was proving quite effective. The process involves using Andrew's test -mm tree [forum] as a staging area for patches prior to going into Linus' mainline tree [forum]. The system has allowed for continued evolution and new features in the 2.6 stable kernel, however it has also lead to a fair amount of discussion and debate [story]. Much of the concern is that with new features constantly being introduced, true stabilization may not be possible.

One theory presented on the lkml was that the process has changed because, "these days nobody wants to be a stable-release maintainer anymore. It's boring." 2.2 maintainer Alan Cox [story] disagreed, "that depends what kind of an engineer you are. Just as there are people who love standards body work and compliance testing/debugging there are people who care about stable trees." When asked if he was willing to maintain a stable 2.6.x kernel, Alan replied, "I'll do it if Linus wants". That is, while 2.6.10 is being developed, the suggestion is to continue to stabalize 2.6.9, releasing 2.6.9.1, 2.6.9.2, etc. And when 2.6.10 is released, to then focus on stabalizing it. Alan already maintains a 2.6-ac patchset [forum] which includes a growing number of bugfixes. However he notes that it is not intended to be all-inclusive, "the goal of -ac is to contain the stuff I personally consider important. A lot of the smaller bugfixes individually are fine but a 'complete set of bugfixes' turns into a large change set and then needs an entire validation and release cycle of its own."

David Weinehall is the maintainer of the Linux 2.0 kernel. Alan Cox [interview] handed over maintainership of the 2.0 kernel over 4 years ago. David explains in his own words:

"In December 1999, a naughty bug that allowed any local user to crash a 2.0-machine surfaced. Alan Cox admitted that he didn't have any time left to work on the 2.0 kernel any longer, and told me that if I wanted to become maintainer for 2.0 and fix this bug (and some other bugs while at it), it was fine with him."

In this interview David talks about his past, and the things he's doing now.

Jasper Spaans recently submitted a patch to the lkml that "changes all occurrences of 'flavour' to 'flavor' in the complete [2.6 development kernel] tree". This quickly led into a lengthy and frequently humorous discussion about the which spelling is better, and if it even matters.

Linux creator Linus Torvalds aknowledged that there are times when such consistency is beneficial, but that overall it was of little importance to him. Regarding the emails that were threatening to quickly grow into a full-fledged flame war, he noted, "I think you guys who care should have a huge free-for-all, an electronic mud-wrestling thing if you will. But not on [the] linux-kernel [mailing list]." In mock newscaster tone, he went on to describe what might happen, "I can see it now:"

".. Alan Cox gets up, and tackles Zwane, who goes down in the mud. Oops. They were on the same side. I guess Alan got caught up in the rush. Jasper tries to take advantage of the situation, but slips in the mud, and goes down in a heap with Alexander..."

Much of the discussion follows.

Kerneltrap has spoken with Linux guru Alan Cox. He is perhaps the second most influential Linux kernel hacker, next only to Linus. In this interview he talks about himself, his history with computers and Linux, working for Red Hat, Marcello and the 2.4 kernel, the DMCA, the future of Linux and much more.