Linked by Thom Holwerda on Thu 28th Oct 2010 20:07 UTC, submitted by poundsmack
Legal Now, this is an interesting development in the ongoing war against Android. Oracle didn't just sue Google for allegedly infringing its Java patents; it also claimed copyright infringement. Oracle has amended its complaint, and, fair is fair, they've got the code to prove it: indeed, Android contains code that appears to be copied verbatim from Java - mind you, appears. However, the code in question comes straight from Apache's Harmony project, which raises the question - would a respected and long-established cornerstone of the open source world really accept tainted code in the first place?
Thread beginning with comment 447507
To read all comments associated with this story, please click here.
Hard to Track
by telns on Thu 28th Oct 2010 21:06 UTC
telns
Member since:
2009-06-18

While not commenting in anyway on the allegations, I will say that this is really hard to track in practice.

How would you know if it was a copy unless you saw the original?

I can say from experience working on these kind of projects, I often go out of my way never to see the original.

Perhaps automated mechanisms might be put in place if you were doing a really high-profile project like Harmony. Apache might have setup some diff against the JDK to double check that no one brought in suspicious code (not nearly as simple to do as it sounds...); but was it OSS when they started Harmony though? I don't think it was...

At the end of the day, it is just hard to know if the code you are getting has been taken from some other code, somewhere else you don't know about.

Short version is that it is hard enough to know all your own code; knowing all of everyone else's code is plain impossible.

Edited 2010-10-28 21:16 UTC

Reply Score: 4

RE: Hard to Track
by vivainio on Thu 28th Oct 2010 21:11 in reply to "Hard to Track"
vivainio Member since:
2008-12-26


Perhaps automated mechanisms might be put in place if you were doing a really high-profile project like Harmony. Apache might have setup some diff against the JDK to double check that no one brought in suspicious code; but was it OSS when they started Harmony though? I don't think it was...


You can easily do the diff after the code has been released.

Or use bytecode decompiler, as seems to be the case here. Actually, this might be bad publicity for Java, as releasing Java "binaries" is almost equivalent to releasing the source code (you often hear this used as argument in favor of Java against Python, js and others where source is often zipped).

Reply Parent Score: 3

RE: Hard to Track
by telns on Fri 29th Oct 2010 19:14 in reply to "Hard to Track"
telns Member since:
2009-06-18

I should add, in my view the difficulty involved doesn't get Apache off the hook.

Once made aware, if it is true, they should correct it. The point is that even in good faith such a thing could easily happen.

The only person to blame morally (again, if this is true) is the person that knowingly took someone else's code.

Reply Parent Score: 1