The new rule requiring a Developer's Certificate of Origin for Linux Kernel contributions is taking heat. But the DCO isn't just a CYA.

Lori MacVittie, Principal Technical Evangelist, f5

June 9, 2004

2 Min Read

The new rule requiring a Developer's Certificate of Origin for contributions to the Linux kernel has been portrayed as both an obstacle to innovation and a threat to the open-source development process. But nothing could be further from the truth. In fact, the rule could be a boon for Linux users.

The DCO requires developers to certify that the code being submitted:

Is original work; Is based on a previous work covered under an open-source license; or Was received from someone who certifies that it meets one of the above conditions. Although the requirement of "signing" Linux kernel contributions may seem to add to the red tape surrounding code development, it's little different from the process most enterprises go through to ensure their own code does not infringe on an existing patent or copyright. It's an attempt to address industry concerns over code origination within the Linux kernel, which have become public since SCO filed court documents alleging that Linux infringes on its intellectual property rights. The DCO is a CYA measure for Linux, and it may have a feel-good benefit for organizations that are deploying or planning Linux in their IT infrastructures. But it won't preclude suits like SCO's, because it's still unclear whether intellectual property protection extends to the software design or to the actual lines of code. However, DCO limits the liability of Linux distributors and places it squarely on the shoulders of individual developers. If you've put your Linux deployment on hold pending the results of current litigation, the DCO is unlikely to change your position--it applies only to future development and doesn't resolve allegations of past infringement. Looking forward, however, the DCO offers accountability, which is a must for any software vendor that deals with enterprises. It should provide a level of comfort for organizations that want to deploy Linux but need reassurance about the legality of its source.

About the Author(s)

Lori MacVittie

Principal Technical Evangelist, f5

Lori MacVittie is the principal technical evangelist for cloud computing, cloud and application security, and application delivery and is responsible for education and evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She also serves on the Board of Regents for the DevOps Institute and CloudNOW, and has been named one of the top influential women in DevOps. 

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights