ReactOS suspends development for source code review - Linux.com.pdf

(51 KB) Pobierz
8/20/2020
ReactOS suspends development for source code review - Linux.com
ReactOS suspends development for source code
review
By - February 1, 2006
Author:
Stephen Feller
The ReactOS team has suspended development to do a code review amid
concerns that stolen code
from the world’s most used OS found its way into the project.
ReactOS,
the 10-year-old project to create a functional, free, and open source version of
Windows NT,
suspended development on January 27 after a meeting to discuss whether leaked code had been added
to the project’s code base. The OS also will not be available for download while developers perform a full
review of the 3 million or so lines in the ReactOS code base.
A
letter posted to the ReactOS Web site
included three specific tasks developers will take on as a result
of the concerns: Clarify the ReactOS
Intellectual Property Policy Statement
requirements for
clean room
reverse engineering
to conform to those required by US law; audit the ReactOS code base and rewrite
any code that was not implemented along the clarified guidelines; and require developers contributing
major code to the project to sign a document that says they agree to the project’s policies.
According to Steven Edwards, the recently elected project coordinator for ReactOS, developers on the
project have raised the possibility that a developer had reverse-engineered a part of the Windows code in
violation of US copyright and trade secrecy laws and practices.
Leaks of parts of the source code for Windows 2000 and NT have been circulating on the Internet for a
few years, but “there is nothing in the code base that we believe is a copy and paste from a leaked bad
source,” Edwards said. “We just want to standardize our practices in the clean room method to make
sure we can’t get sued down the line. So, just to be sure of that, we’re going to audit the code base.”
The audit is expected to set the project back by about a year, he said, but making the move would be
better for the project in the long term because solidifying and enforcing standards could prevent a lawsuit
being filed against it in the future. While developers comb through the code base, members of the project
will also define what is acceptable for contributors’ interaction with Windows and its code base.
The goal of the ReactOS project, which Edwards said has never made it out of alpha development or
been regarded as a stable product, is to provide a free implementation of the Windows OS. The operating
system implements a Windows-like environment that interacts with users’ hardware and employs code
from the
Wine
project to run Windows applications. Wine allows Windows-based applications to run on
x86-based operating systems such as Linux and FreeBSD by re-implementing Microsoft’s
Win32
application program interface (API).
Jeremy White, founder and chief executive officer of
CodeWeavers,
which develops a commercial
product based on Wine, said a number of developers from ReactOS have contributed to Wine, but
several have been banned from contributing to the project because of concerns about code they offered.
This was not necessarily because the code included something stolen or illegal, but because Alexandre
Julliard, chief technology officer for Codeweavers, reviews the contributed code and was concerned
about what the banned individuals had claimed as their own.
https://www.linux.com/news/reactos-suspends-development-source-code-review/
1/3
8/20/2020
ReactOS suspends development for source code review - Linux.com
White said he was doubtful that a developer could be influenced just by briefly reviewing or accidentally
coming across Windows code, and that it wouldn’t be easy to obtain in any case. “You’ve got to go
looking for the crown jewels of England,” White said. “You don’t just stumble across that stuff. [And]
you’re talking weeks and months of study to do anything with it. So, it’s not accidental.”
While those behind Wine reject any code or developer they are unsure of, the project has been doing a
code review of its own in the past year with the help of the
Software Freedom Law Center
(SFLC).
Edwards said that ReactOS planned to work with the SFLC as well.
Citing lawyer-client confidentiality, SFLC Chairman Eben Moglen said he could not discuss whether his
organization had spoken with anyone from either project, let alone about the nature of his work with them.
Speaking in general terms, however, Moglen said developers could emulate an existing proprietary
product in several ways. For example, by simply watching how the software works, or even setting up
another application to track the way it works, developers could reverse-engineer the software and
implement what they figure out; or, portions of code from the proprietary software could simply be
adopted and replaced with original code over time.
“You can’t infer from the behavior of the emulator anything about its production,” Moglen said.
In the case of Microsoft, Moglen said it is clear that any use of Windows code is improper, and it would be
highly unlikely that a programmer could claim negligence of its being a trade secret. “The area that gets
gray is where the code itself hasn’t been reused, but information gained by the code — know-how — has
been used…. A prudent project would typically establish clean room restrictions,” he said.
ReactOS plans to take stronger efforts to keep Windows code from being integrated into the project.
Edwards said that concerns were raised because developers from around the world contribute to the
project, and all adhere to the laws of the countries they live in.
Developers known to have seen or studied the leaked Windows code are not expected to be barred from
contributing to ReactOS, but Edwards said they at least will not be permitted to work on parts of the
project with functions similar to anything they’ve seen in Windows source code.
No comment from Microsoft
Edwards said ReactOS has had no official contact with Microsoft about the concerns, adding that the
company has not responded to previous efforts by members of the project to contact the company about
potential legal matters.
A spokesperson for Microsoft declined to comment to NewsForge on any leaked Windows code, the
current ReactOS situation, or the project itself.
Though Microsoft refused to comment, White said he is aware of several senior executives at Microsoft
that subscribe to the Wine mailing list, and that he is sure they pay attention to other projects similar to
these two.
White said he saw little chance that Microsoft would come after either Wine or ReactOS so long as
developers are trying to keep Windows code out of their applications.
https://www.linux.com/news/reactos-suspends-development-source-code-review/
2/3
8/20/2020
ReactOS suspends development for source code review - Linux.com
“This is dangerous turf for [Microsoft],” White said. “They’re a convicted monopolist…. It is the perceived
fear that works for them. I find it hard to believe they would ever trigger a lawsuit.”
Regardless, Moglen said concerns like the ones ReactOS developers currently have are common for
software development teams — which is why he recommends regular code audits even without a specific
concern triggering the audit, just to be safe.
“Stuff happens,” Moglen said. “That’s why it gets found out. None of this is unique to free and open
source software. It appears in all industries, and in all software companies.”
Category:
Open Source
https://www.linux.com/news/reactos-suspends-development-source-code-review/
3/3

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin