[proposal] Samba Software Foundation
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Wed Dec 15 01:28:37 GMT 2004
dear samba users and developers,
i'd like to put to you a proposal for your respectful
consideration: it is an idea that i believe has strategic
merit for the open source community and OS users as a whole.
these words are chosen carefully and the reasons will become
apparent later: that i begin as an example.
as you are no doubt aware, there have been some seriously
damaging (but not obviously so) decisions made for which the
parties involved, myself included, owe you quite a debt,
because the down-side of those decisions has led, in my
opinion, to significant delays in "opening windows to a
wider world".
what i am proposing is the introduction of a "Samba Software
Foundation", which would be modelled on the well-known "Apache
Software Foundation"'s charter.
to kick-start that process - to bring some incentive to carrying
it forward, what i propose to do is: if the SSF is set up in
line with the way i envisage here, i promise to assign all
samba-related code that i have ever written _to_ the SSF -
with some conditions that will be aimed at protecting YOU -
the samba community - not me, as i will point out later.
now, as you are no doubt aware, i believe the ASF charter to
have the following key points:
1) that all contributors treat each other with mutual
respect.
2) that all code contributed is DUAL copyrighted
assigned: one copy is kept by the contributor, and
one identical copy is kept by the ASF
3) that acceptance of contributions are judged on TECHNICAL
merit.
4) voting and karma.
note the contrast between 2) and what i propose to contribute,
above: namely that i will assign _all_ my samba-related code to a
newly formed SSF (without holding dual copyright myself).
one of the key conditions on that happening as follows:
that 3) above, for the Samba Software Foundation, would need to be:
3) that acceptance of contributions are considered
for STRATEGIC as WELL as technical grounds.
for example:
if some code is dog-slow and therefore would normally
be rejected on technical grounds, if it opens up some
strategically important area, then despite its technical
abominability, it would STILL go ahead and be included.
... and probably given a high priority for optimisation
and/or replacement with a better solution, should
some poor sucker turn out to be actually using it and
suffering greatly, but having no other choice, they carry
on regardless.
you get the idea, i am sure.
now, here comes the difficult bit for me - namely that i
have to give you some reasons as to _why_ i am advocating the
introduction of an SSF, because i have to write about matters
that i have written about many times, initially because i was
very very hurt by what happened, later because i was concerned
that the things that happened to me would happen to other
people, and later _still_ because i was concerned that the samba
project, despite its progress in so many ways, has not, in my
opinion, progressed in any _really_ new or innovative areas
that make a significant difference to Open Source OS users.
particularly business users who are still totally dependent on
windows environments to do day-to-day activities, in constant
fear of wrecking their career or business prospects not because
of something they did but because of something they _didn't_
do and didn't _know_ could happen or didn't believe it would
happen to them, today - a virus or a spyware attack.
[you only have to look at the two or more open source exchange
projects which have been initiated on sf.net in the past four
years and have both stalled, and the fact that they are based on
samba tng not samba 3, to recognise that samba's usefulness is
seriously curtailed.
and also the sf.net freedce project which has had DCOM
development environment support since 2000, but no integration
with NT security or _any_ version of samba, and so consequently
is completely useless.]
so i am going to outline, under each of the headings above
(1, 2 and 3) what _has_ happened - briefly - and i think you
will see very clearly that if the SSF _had_ been in place,
history would be totally totally different.
1) that all contributors treat each other with mutual respect.
for the people who know their samba history,
it is an understatement for me to say that i
do not need to say _anything_ more on this one.
2) that all code contributed is DUAL copyrighted
assigned: one copy is kept by the contributor, and
one identical copy is kept by the ASF
this one _does_ need some background explanation.
i began working on samba's nt domain code
in august 1997 with paul ashton (mr "welcome
to the samba domain"). i was _delighted_ -
and a little scared.
paul and i had begun to take a swing at
microsoft (nyer, nyer) and yet, strangely,
they were quietly encouraging. i found a
question the other day in the september 1997
ntbugtraq archives from paul leach, asking if
we'd considered such-and-such a case.
as the amount of exploration and coding
increased, my concentration on wholesale
cut-and-paste of previously written header files
and c files decreased - and the original files
i cut/paste from, even though they contained
no code contributions from andrew or jeremy:
due to a misunderstanding, i often included
their names at the top of the Copyright notices.
100,000 extra lines of code, spread across
over sixty or eightly extra source code files,
and over three years later, code that i had
written, a large number of which i own exclusive
copyright over, contained copyright notices
of people who had not contributed a single line.
against this background, when as you know
things started to turn a bit nasty, at the
third CIFS conference andrew mistakenly said
"jeremy's code" in connection with my first
six months experimental work on the samba ntdom
project - code which saw first production usage
in samba 2.0 for the Domain Membership functionality
and _reeaaally_ basic PDC functionality,
amongst other things.
as you can imagine, i was pissed.
so pissed that, in about 2001 i conceived the
idea of "Disputing" copyright of the samba
source code - and in my opinion, with good
grounds, too.
now, the consequences of _that_ would be
that all users of Samba source code would
need to cease and desist use and distribution
until the matter was resolved!
due to a former case, as far as i am aware,
i am still registered with a US civil
department as one of the joint copyright
holders of samba's source code [it's a long
and completely different story where some
bastards tried to steal samba and sell it
for $USD 10k a shot to sun microsystems, and
the reason why none of the copyright holders
could claim compensation from the bastards was
because in order to make a copyright claim in
the U.S. you have to _register_ the product
and its copyright holders!! no other country
that respects copyright law requires this bloody
stupid registration]
so you see now why i promise to assign all
copyright of all samba-related code i have
ever written to a Samba Software Foundation,
should it ever come into being in the form
that i outline here.
the purpose of 2) is to protect the community
and the foundation from creating exactly these
kinds of purple nasties.
[a purple nasty is what you get if you
mix a blue-coloured aniseed liqueur with
a red-coloured cream liqueur. the cream
happily curdles and also goes purple. sadly,
purple nasties are also undrinkable: i did try
because i didn't want an entire glass of 40%
cocktail to go to waste without knowing what
it tasted like. pfh.]
3) that acceptance of contributions are considered
for STRATEGIC as WELL as technical grounds.
i've hinted at some examples in the form of
the two stalled exchange for unix projects and
the freedce project (all are on sf.net), but i
haven't given any details or justifications as
to why i believe 3) is really, REALLY important.
this is going to be difficult: andrew, jeremy,
please bear with me while i work out how to
say this, and PLEASE, PLEASE think just as
carefully should you choose to reply.
i'll start with things that i know, with
something that jeremy once said to me: i
believe that will help.
jeremy once said to me, in 2000 - about march or
so - at one time when i was having particular
difficulties in communicating a number of
complex issues - that both he and andrew are not
managers, they're strongly technically minded.
he also said that he, too, had difficulties
convincing andrew of key issues, and that
he had to stick to his guns and simply say,
"andrew, you're wrong".
also, recently, andrew reiterated that he makes
decisions based on technical merit, and that the
standards set are being continuously raised.
the trouble with that approach is that,
in combination with the level of technical
expertise required to even BEGIN to contribute
to the samba project, the standards that andrew
has set appear _extremely_ intimidating.
it also leaves andrew in the unfortunate
position of having to make all the decisions,
and the bar _can_ be raised, and moved sideways,
and moved again... i'm sorry to have to raise
this, but you see what i am hinting at _could_
happen, and, unfortunately, difficult as it is
to believe because andrew is so well respected,
there were times in 2000 where i felt that
the bar _was_ being moved sideways, upwards,
crossways and any way possible.
to mitigate against the down-side of such high
expertise and standards and risks, something
has got to give, but also in such a way that
the quality of work that reaches production
environments is not adversely affected (except
where admins or developers actively CHOOSE to
deploy potentially foot-shooting code!)
so, i believe i've laid out enough for people
to be able to draw the obvious conclusion:
namely that by allowing code contributions
based on "strategic" grounds, there at least
exists the possibility to add in experimental
or radically innovative work that suffers from
technical warts and down-right stupidity,
working happily alongside and often using
services and components that have been in
production use for nearly a decade, with
distribution measured in millions of units.
3) is about future-proofing, opening up
possibilities that would otherwise be closed -
and remain closed on "technical" grounds - and
it's about weighing and balancing ease-of-use
(for developers and users) against potential
"technical optimisation and innovation".
a simple example that is easily understood is
that a potential coding optimisation which
is technically brilliant could be delayed
indefinitely under 3), due to the optimisation
somehow making life genuinely difficult for
new developers to _begin_ to understand how
to get their new project up-and-running using
the samba4 runtime developer environment,
as opposed to requiring a few weeks or even
months preparatory learning, should this
"brilliant" technical optimisation be added.
4) voting and karma.
i'm not _entirely_ sure exactly how ASF
karma works, but from empirical observation,
i believe voting to be involving project
developers sending a digitally signed +1,
0 or -1, and karma to be involved with "who
breaks the automated builds on checkins".
the thing is that both these things are
actually ingrained into the checkin scripts
of the source repository, with an automatic
link [cvs blame] back to the "karma" thing.
i'm simply mentioning 4) for completeness but
i am not sufficiently clued up on its details
to be able to advise on it or advocate its use.
so.
as you can see, if a Samba Software Foundation _had_ been in place in
1996, the following things would almost certainly not have happened:
1) my code checkins would had to have improved because my
karma would be absolute mud otherwise.
2) i would have been able to propose the TNG named pipes architecture
for inclusion in samba 2.0, in order to open up a really important
strategic avenue - for:
a) in 1999 / 2000, Sun Microsystems to be able to drop
the crap bits (the file server) of the AFPS code they
bought from AT & T for $USD N million, and use smbd
along with all the _working_ NT Domain services they
bought that didn't rely on anything to do with POSIX.
b) the exchange for unix project to proceed using a
stable production environment samba - without any
code modifications.
c) cliffs, samba 3, samba 4 and samba tng's services
to be able to progress and help bootstrap each other
in an accelerated manner
d) other people wishing to get an introduction to
samba to be able to bite off a small self-contained
30,000 line project instead of being intimidated by
350,000 lines of GPL code
e) FreeDCE and other MSRPC-compatible projects to
utilise the best components of all worlds.
f) the Wine team to be able to hook in to the samba
project at some critical interface points _without_
having to worry about licensing issues, instead of
having to consider writing their own non-GPL'd version
of smbd!
3) it would have been impossible for me to swear in quite
so much frustration - not least because the reasons _why_
i was getting so agitated would have been tempered, but also
because it demonstrates lack of respect, and that would, if
it had continued, resulted in me being banned from contributing.
4) all my code contributions would have been dual-copyrighted
owned, just like everyone else, to the SSF, and the issue of
getting pissed off _at all_ at things like "this is jeremy's
code" simply would be moot [i would likely have said "oi!" and
left it at that]
as you can clearly see, history would be radically, _radically_
different had there been an SSF in place.
now.
there is one thing left for me to outline: it's the conditions
that i seek for the samba-related code i own to be assigned
to the SSF, should it be created. on careful consideration,
i believe that they make a lot of sense and the reasons why
i am proposing them are pretty abundantly obvious.
1) the strategic thing.
2) that if any SSF project developer even _thinks_ of breaking
the charter's conditions of the SSF (especially the one about
mutual respect), copyright of the code i assign AUTOMATICALLY
reverts unconditionally to dual-ownership (to me and to the SSF,
from being owned wholly by the SSF).
3) if it's either andrew or jeremy who does the breaking
(privately, publicly or to _any_ third party),
then copyright AUTOMATICALLY reverts unconditionally to me
(i.e. _from_ being owned wholly by the SSF, _to_ being wholly
owned by _me_)
4) if _i_ ever break the charter's conditions, 2) and 3)
AUTOMATICALLY become null and void conditions (but 6) remains
still in effect, always)
5) condition 4) cannot become null or void at any time - ever.
not even if there's some stupid dickhead country, planet
or universe under which agreements and conditions like the
one's outlined here don't apply.
6) if a full-blown bun-fight occurs, and both myself AND
either andrew or jeremy or both break the charter's conditions
(not necessarily at the same time), then on permanent and
irrevocable resignation of the party / parties that did the
breaking, the code will again become assigned ownership of the
SSF [and, obviously, lose it again if the breaker(s) is(are)
allowed to rejoin the SSF].
7) if another project has an OSI-approved license that happens
to be incompatible with the SSF's license, the board of the
SSF will, if it proves significant and relevant, give serious
consideration to licensing relevant parts of the code assigned
by me under an alternative OSI-approved that _is_ compatible
with that projects's license - _or_ - the developers associated
with SSF projects will give priority to writing code and
putting in place strategically designed interfaces that will
help accomodate the OSI-approved-license-conflicting project.
it should be made absolutely clear, because it isn't made
explicitly clear above, that one of the conditions is most
definitely NOT that i must be made a member of the SSF board.
all of these conditions are open to negotiation.
if you grok the concept i'm trying to put across, and can
think of some better way to achieve it, i'm all ears.
good grief. over three hours later.
anyway.
as is probably abundantly clear by now, this isn't about me
(as i have often been accused of in the past, which hasn't been
the case for quite some time now).
this is about moving forward, and ensuring a framework in
which progress can be made.
i'm fed up with the arbitrary way in which critical open source
projects aren't, if you look at it critically, really making
any _significant_ progress in _significant_ leaps or bounds
to further _real_ business needs and problems, at a time when
windows is moving inexorably further up its own behind, and
people are just ... lapping it up because they don't BELIEVE
they have any CHOICE [or they actually don't: e.g. where is
the Open Source Passport clone for Mono to use?].
windows is getting more insidious, providing more and more
"features" enabled by default that hackers can count on
being available on 90 to 95% of all computers in homes and
businesses today.
my favourite virus which, should it become a reality i almost
certainly literally _will_ fall on the floor with laughter
about, will be when "Longhorn" gets - as a standard component
that is activated all the time - the long-awaited clued-up
and mega-fast document "search" capability.
and a convenient Win32 and .NET API for virus writers to use it.
industrial espionage made easy.
"build your own virus" kit, available from lithuania for only
$99 euros [dollar having fallen through the floor due to too
much unexplained IP leakage to russia, china, iraq, india and
the far east.]
download a free demo _NOW_ from smb://295.128.53.29...
l.
--
--
<a href="http://lkcl.net">http://lkcl.net</a>
--
More information about the samba-technical
mailing list