lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <51F22425.6000801@debian.org>
Date:	Fri, 26 Jul 2013 12:54:21 +0530
From:	Ritesh Raj Sarraf <rrs@...ian.org>
To:	target-devel <target-devel@...r.kernel.org>,
	linux-scsi <linux-scsi@...r.kernel.org>
CC:	Andy Grover <agrover@...hat.com>,
	"Nicholas A. Bellinger" <nab@...ux-iscsi.org>,
	James Bottomley <James.Bottomley@...senPartnership.com>,
	targetcli-fb-devel@...ts.fedorahosted.org,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: targetcli -fb now also Apache 2.0 licensed

On Friday 26 July 2013 09:01 AM, Andy Grover wrote:
>
> It's one thing to claim a prerogative of "upstream", but for this to
> make sense, there needs to be an actual community around the upstream.
> And if there's going to be submissions for review, then there needs to
> be someone in charge of the community with a high degree of skill in
> the code base. Nick you have a great deal of technical expertise
> around the C code in drivers/target, but Jerome was the one who wrote
> rtslib, targetcli, and configshell. I believe you can assess the
> technical aspects of how the user library interacts with the kernel
> code, but the maintainer should also be extremely conversant in the
> language the library is written in. In this case, Python. So it's not
> clear to me if submitting the code would actually result in meaningful
> code improvements.
>
> Also, there has been no effort to sustain a community around this
> code. There is no bug tracking, no separate mailing list, no regular
> releases. Debian is running ancient, broken code because nothing's
> been tagged in over two years.
>
> I would love to have you maintain and improve this code, but if you
> aren't then you can't just say "I'm the upstream bow to me!". We're
> shipping this code in Fedora and it needs active maintenance. Now that
> we're all on an even licensing footing, code can flow both ways, and
> even into your commercial version. 

Yes. Apart from reaching out the developers directly, I am not aware of
other communication channels. There is a git and wiki though.

Nick, if you guys have the same license now, nothing should stop you to
pull the changes from the targetcli-fb repo. You can start afresh now
and comply with what the community guidelines are. Licensing is just one
part of it.

And regarding this whole licensing dispute in the open, the kernel
maintainers should have resolved this long ago, when it was decided to
have LIO as the in-kernel target for Linux.
You might say that the target component complied by the kernel's
licensing requirements. But for a subsystem inclusion, you don't look
just at the code, but also the maintainer. Their support tools. And
their long term plans. These rules have been applied, in the past, for
other features in the kernel.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System



Download attachment "signature.asc" of type "application/pgp-signature" (898 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ