Linux development goes corporate
- By Joab Jackson
- Aug 13, 2004
To ease policy-makers' concerns about potential legal and security trouble from agency use of the open-source Linux operating system, Linux kernel manager Andrew Morton recently told Senate staff members that most kernel modifications now come from corporations, not individuals.
The stereotypical Linux developer 'is a male computer geek writing code in his spare time in the basement, purely for love of his craft,' said Andrew Morton, whose role is maintaining the kernel in stable form. 'Such people were a significant force up until about five years ago.'
Now, however, most code fixes and improvements come from programmers who punch a corporate time clock.
Earlier this year, SCO Group Inc. of Lindon, Utah, sued several Unix vendors and asked the Energy Department, among others, to pay licensing fees for some of SCO's proprietary Unix code, which it argued had been incorporated into Linux source code. A few vendors paid up.
With Linux code coming from many sources, Morton said, users have asked how they can be certain some isn't an illegal copy'or that it doesn't have secret back doors.
Linux is an open-source project, Morton said, and anyone is free to submit changes to the core development team, which approves changes to the kernel. But though anyone can submit changes, rarely does good code come from just anyone, he said.
About 1,000 developers contribute changes on a regular basis. Of those 1,000, about 100 are paid to work on Linux by their employers, he said, and those 100 have contributed about 37,000 of the last 38,000 changes made to the OS. About half of the 37,000 accepted changes came from a core group of just 20 individuals.
Morton spoke at a recent Washington meeting sponsored by the Forum on Technology and Innovation, the Council on Competitiveness, Sen. John Ensign (R-Nev.) and Sen. Ron Wyden (D-Ore.).
Rarely does a significant change come from someone unknown to the core developers, he said. All submitted code is inspected, so it is unlikely a malicious function could be secretly embedded.
IBM Corp., Red Hat Inc., SGI and other companies that sell Linux products increasingly put their top programmers to work on Linux code, Morton said. In most cases, they split their time between in-house projects and work on the Linux kernel.
Joab Jackson is the senior technology editor for Government Computer News.