On Fri, Jul 24, 2009 at 10:55 AM, Bryant H Lee<[email protected]> wrote: > > I'm currently working with my development team in consuming X11 for our > development and use with Mozilla Firefox and before including into my > product I needed to verify a couple items: > > 1. Is there a policy / procedure in place on how code is maintained? > Mainly need some assurances that code that we're using doesn't contain any > contaminated code or code that wasn't originally written by the developer. > > 2. Is there some verification (i.e. code scans) done to ensure that there > isn't any violation of your policies (assuming the answer to #1 is yes). > Hopefully someone from the board can give the "official" position.
But I think the answer to both questions is mostly no. X.org is a 20 year old code base with contributions from all over, under various licenses and from companies that no longer exist or have been consumed by larger entities. Currently we only accept code under the MIT license and we take developers word that they aren't putting anything contaminated into the codebase. Q2. seems to be a bit pointless, how can we scan for something if we don't know what it is. Its not like they'll put the word CONTAMINATED in it the comments. Dave. _______________________________________________ xorg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xorg
