Personally, my main area of interest regarding the recent discussions
has been that of reverse-engineering. But what I'm about to say could
probably be applied to the leaked sources, too (this isn't what I'm here
to discuss, however.)
We all know that some bits of Windows' internals are hidden, often
intentionally, and that some product may make use of certain hidden API
function calls, or may interact with the system components in a way
other than that described in the API reference documentation.
Other times, parameters to API function calls are not clear, or not
documented at all.
As a result, to make something that is compatible with Windows (or at
least MORE compatible), it is necessary to use alternative methods (eg:
reverse engineering) to determine what an undocumented function works,
how it behaves, or to investigate undocumented flags, etc.
For the sake of the project, any reverse-engineering should be done as a
2-man job. It seems the case that people often take it upon themselves
to do both jobs - that of the person looking at the disassembly, and
that of the person writing the code.
This is how I wrote most of WDMAUD.DRV.
I was skeptical about the morals/legality of it at the time, but was
told that it doesn't matter.
As this is all now out in the open, and I've exmained the disassembly of
WDMAUD.DRV, it's probably best that I continue to examine it, and
document my findings, for another developer to implement later.
For other modules, it depends who's comfortable doing disassembling. I'm
happy to write code, and would like to do so. But I haven't the first
clue about kernel-mode debugging so things like the Kernel Streaming
API, I'd probably struggle with.
As for the rest of the project, the impression I get is that, rather
than going through the existing code and auditing it, it might be best
to start over.
This has disgruntled a lot of the major developers.
But don't forget, when the project was in its early days it was focusing
on NT4 compatibility... Not a lot worked, and there was no clear-cut
development policy... Then there was an explosion of activity and we've
been racing forward ever since.
Some may claim we're reinventing the wheel again, but we already *have*
a working kernel and this time round it shouldn't be as difficult as it
was previously, provided we can use our original sources as a reference.
There's all sorts of things that can be implemented from the start
rather than being added on later (maybe translations? - I don't know how
this works but AFAIK this was something that was discussed further along
the development line.) We can focus on the current technology and not
aim low (NT4.)
I just think we need to have people who are good at deciphering
disassembly and producing documentation, and people who can code from
that documentation (or other documentation, of course.)
Anyway, those are my thoughts. If any of it doesn't make sense it's
because I'm tired!
What's the location of the new ReactOS SVN repository?
I tried 'svn co svn://svn.reactos.org', and I got an error saying that
no repository existed at that address, so I'm guessing the location of
the repository has moved.
...
I assume SVN is starting from Scratch?
On 1/27/06, chorns(a)svn.reactos.org <chorns(a)svn.reactos.org> wrote:
> Standard repository layout
>
>
> Added files:
> branches/
> tags/
> trunk/
> vendor/
>
> _______________________________________________
> Ros-svn mailing list
> Ros-svn(a)reactos.org
> http://www.reactos.org/mailman/listinfo/ros-svn
>
--
"I had a handle on life, but then it broke"
Hello,
There has been a lot of talk about possible tainted code in ReactOS
and or developers that had access to leaked Microsoft source code.
This has caused a lot of speculation about the future of the ReactOS
Project. I'm going to try to put those fears to rest and explain what
has been going on and where we are going to go from here.
There was one issue that started this discussion and it related to
clean-room reverse engineering of certain code in ReactOS. Due to the
fact we have developers in many different countries the term reverse
engineering can mean many things to many different people. For us in
the US when you speak of clean-room reverse engineering it means that
one person tears apart the implementation of a device, writes
documentation and another reads that documentation and implements.
Other countries do not require this invisible great wall of
development and allow the same person that disassembles the interface
to also write the replacement implementation.
Because of the confusion this has caused and the possible legal issues
this could lead to we have decided to do the following.
1) Amend our Intellectual Property Policy Statement to reflect
clean-room reverse engineering as meaning the US standard method for
reverse engineering and make that the project requirement
2) Audit the entire source tree and rewrite all code found to have
been implemented not using the US method for reverse Engineering
3) Require all developers contributing major code to accept the terms
of our IP Policy Document via signature.
Now as for the issue of leaked source code, I want to try to put all
fears to rest. We don't know what the legal ramifications are for
someone downloading and having leaked code, as the party that
maintains copyright ownership of that code might still try to claim
Trade Secrecy on information contained in the sources in a court of
law. It is our point of view that the source code leaks of Windows
have been spread to a broad enough audience that it would be
impossible to claim the product is still under Trade Secrecy. Because
of this we are not banning any developer who might have had access to
leaked sources from contributing to ReactOS, however they are being
limited as to what area they can contribute. Copyright law still
applies to all leaked Windows sources and no one in ReactOS may copy
code from a Windows source leak and try to apply it to code in the
ReactOS tree.
We know of four developers who have had access to leaked sources prior
to working on ReactOS and while they no longer have copies of the
source code in question, each of the developers have told us in
private which sections of the sources they were exposed to. As such
the project has amending the IP document as a fourth step of
protection
4) any developer that had access to leaked sources is baned from
contributing code to the project for any of the modules that are the
same as leaked sources they examined.
So to clarify that, lets say someone saw some of the leaked Windows
source code in version.dll, then they would be unable to contribute
code to the ReactOS project for that dll.
It is our hope that a court case will arise and declare Microsoft's
Windows code is no longer under Trade Secret protection so these
developers who did have access to some of the leaked sources will be
free to contribute again to all sections of the project.
One final note, this audit of the code is going to take a long time.
It could take years, but it will happen, this project will come out
better than it was before. I don't believe anything anyone has done
while working on this project was really wrong. Every decision has
three possibilities, being moral, ethical and or legal. Sometimes the
law in itself is unethical and immoral. If people made mistakes and
there was a violation of the law, I question the justice of the law
and or anyone that would try to prosecute any of the developers who
just want the freedom to learn and create a more free system.
--
Steven Edwards - ReactOS and Wine developer
"There is one thing stronger than all the armies in the world, and
that is an idea whose time has come." - Victor Hugo
Hello,
Sorry for this general email. I have gotten many personal emails about
the current situation and cannot reply to all of them. In short here
is the deal:
There have been allegations about possible copyright and trade secret
violations in the ReactOS Project. Pending a discussion with legal
council, those members with SVN access who were part of private
discussion and online on IRC on Tuesday Jan 24th 2006 decided by
majority vote to suspend operations of public SVN, forum, discussion
and email archive. Anyone with SVN write access who might have missed
any of the discussion is asked to try to be on IRC today at 3PM EST
(-5GMT). We are going to discuss the matter further and decide how to
proceed.
What started out as a question about development methods mushroomed in
to a much larger issue. The question the looms before us is a simple
one. If one or more developers had at any leaked source code in the
past, does it taint us and the entire project in the future? It is my
point of view based on the AT&T Unix case that it does not however
IANAL. It is my hope the matter can be solved via a simple set of
changes in our IP Policy as well as sworn affidavits by major
contributors stating they do not have access to leaked sources and if
they ever did, no longer possess them.
Rest assured that the project will live on. Every developer I have
spoken with wants the project to survive and be a success. In the
meantime we are filtering email discussion on this matter because we
do not want rumor and hearsay to be spread. When the time comes and we
have proper legal advice we will move forward. No one is trying to
hide the truth, but law regarding Copyright, Trade Secret, Patent, etc
differ from one country to another and we are currently exploring what
US law says regarding the situation.
One final note, no one is denying that mistakes could have been made
and or trying to hide it forever and pretend there is nothing going
on. We just simply do not want people to be accused of breaking the
law if they really did not. There is clearly some violation of our
current IP policy, however depending on what the legal council
suggests we will see how we move forward. Many of the core developers
at some point have either violated small sections of it by mistake or
prior to its ratification.
--
Steven Edwards - ReactOS and Wine developer
"There is one thing stronger than all the armies in the world, and
that is an idea whose time has come." - Victor Hugo
IANAL but from what I understand, there are 2 issues with using the leaked
source code.
The first is that it is (C) Microsoft. This can be handled like any other
copyrighted material.
The second is that it could be considered a trade secret. I dont know that
much about trade secret law but AFAIK once something is widely distributed
(like the MS 2000 & NT4 source leaks are), it cant be considered a trade
secret anymore. I think that what the ReactOS team needs need is for a
lawyer skilled in the area of trade secret law to answer the question as to
whether the leaked MS source code is still a trade secret or not. (although
unless an actual lawsuit happens that provides a usable precedent either
with the leaked MS source code or a similar leak elsewhere, getting clear
usable advice one way or the other might not be possible)
If it is not, there is no problem with people who have seen it contributing
to any part of ReactOS (as long as there is no copyright violation). If it
is, then there is need to be more careful about people who have seen it
contributing.
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .