Linux Format - UK (2020-03)

(Antfer) #1
http://www.techradar.com/pro/linux March 2020 LXF260 49

Kate Stewart INTERVIEW


the server space, so we needed to get
reference Linux ports. Well first off we
decided to get the GCC toolchains working
and go from there. I started learning about
it as a manager rather than a developer.
My developer days were doing POWER
optimisations back at IBM, but by that
point, in the early 2000s, I was a manager.
It’s probably a slightly different path than
how most people get into open source.
Anyhow, we used Linux to bring these
systems up, and we’d gone through the
whole legal issues of getting copyright
assignments to the FSF so that we could
get our architecture contributed upstream.
I very much believed open source was one
of the saner ways of doing things and was
much more supportable long term. The
magic is that you do something, someone
else does a little bit more, and these
solutions keep getting contributed back.
So there’s no need to worry about things
going stale and patch porting.
From there I went to the embedded
space and then to Canonical. I was
Ubuntu’s release manager for two years
and I learned an awful lot about open
source there. When I was doing embedded
stuff at Motorola/Freescale there’d be
about 500 packages in a BSP. So moving
to Ubuntu, which has tens of thousands
of packages, and trying to get all of that
released on schedule was a challenge.
I learned a lot about community
there too, about what works and what

doesn’t work. Communities are a gift,
and it’s important not to take them for
granted. After that I was doing product
management at Linaro, and trying to figure
out where it made sense to collaborate
with new areas in that ecosystem.
Throughout all of that I’d actually had a
project at the Linux Foundation, SPDX,
which you may have heard of.

LXF: Yes! It’s all about keeping track of
open source licenses in projects. I went
to a talk about it a couple of years back.
KS: Right, so what we’re trying to do with
that is improve the software transparency
of the ecosystem, so people actually
understand what they’re shipping and
what they have installed on their system.

I ran into issues at Freescale because we
had no way of sharing license information.
We’re trying to make Zephyr a first-
class citizen in that respect. Each file is
licensed, so it’s very clear which license
you’re working under when you contribute
to that file. Zephyr is one of the few
projects, the Linux kernel is another,
that’s a Developer Certificate of Origin
(DCO) project. So when you contribute
to it you retain your copyright, and you’re
contributing under the license of the

file, you don’t have to sign a Contributor
License Agreement (CLA) or a copyright
assignment, so it’s fairer, I think, to
developers. That’s my personal opinion,
but I’m very much a fan of the DCO,
I think it makes a very good basis for
communities. That was definitely one of
the lessons we picked up from Linux.

LXF: I guess in Linux things can get really
muddy, because some of those files
have unclear provenance and find their
way into other projects that are working
under other licenses. I guess it’s nice
to be starting with everything explicitly
licensed in Zephyr.
KS: One of the things I’ve been working
on with Thomas Gleixner, Philippe

Ombredanne and your friend Greg K-H
is cleaning up the licensing in the kernel.
Right now 79% of all the kernel source files
have a license identifier at the top, then
there’s a variety of interesting cases we’re
going to be working on to finish it off.
The idea is you shouldn’t have to sit
there [trying to track down licenses]. I
was seeing people trying to use artificial
intelligence to figure this out. Uh uh, totally
attacking the problem from the wrong
side. Garbage in, garbage out. Again. So
fix it in the source, and let it come up
from there. That way if someone copies
your file, which happens all the time, that
license information is there.
With Zephyr we’ve been very careful
about our licensing. I do a couple of passes
every now and then to make sure we’re still
keeping that discipline.

LXF: Well I guess it’s nearly time to wrap
up, and I’m not sure we can get more
exciting than reindeer. But do you have
other interesting applications or animals
that Zephyr has been used with, or in?
KS: Actually the aspect of taking Zephyr
to places where it can be used within,
like inside your body, is why we’re really
starting to focus on safety. There’s other
use cases too, but being able to get Zephyr
to where you can have enough provenance
associated with it and then follow the best
practices in that sense, that’s a goal for us.
I’ve got a lot of friends who have
medical devices implanted in them, and
they want access to that source code. I
think everyone has that right, whether
the device is running Linux or Zephyr
or something else. I think if you’ve got
devices in your body you want to know
what’s running on them.

MAKING ZEPHYR TRANSPARENT


“We’re trying to make Zephyr a first-class


citizen in that respect. Each file is licensed,


so it’s very clear which license you’re


working under when you contribute.”


4446March 2 h6r0789h08 March 2020 LXF260 49


Kate Stewart INTERVIEW


the server space, so we needed to get
reference Linux ports. Well first off we
decided to get the GCC toolchains working
and go from there. I started learning about
it as a manager rather than a developer.
My developer days were doing POWER
optimisations back at IBM, but by that
point, in the early 2000s, I was a manager.
It’s probably a slightly different path than
how most people get into open source.
Anyhow, we used Linux to bring these
systems up, and we’d gone through the
whole legal issues of getting copyright
assignments to the FSF so that we could
get our architecture contributed upstream.
I very much believed open source was one
of the saner ways of doing things and was
much more supportable long term. The
magic is that you do something, someone
else does a little bit more, and these
solutions keep getting contributed back.
So there’s no need to worry about things
going stale and patch porting.
From there I went to the embedded
space and then to Canonical. I was
Ubuntu’s release manager for two years
and I learned an awful lot about open
source there. When I was doing embedded
stuff at Motorola/Freescale there’d be
about 500 packages in a BSP. So moving
to Ubuntu, which has tens of thousands
of packages, and trying to get all of that
released on schedule was a challenge.
I learned a lot about community
theretoo,aboutwhatworksandwhat


doesn’twork.Communitiesareagift,
and it’s important not to take them for
granted. After that I was doing product
management at Linaro, and trying to figure
out where it made sense to collaborate
with new areas in that ecosystem.
Throughout all of that I’d actually had a
project at the Linux Foundation, SPDX,
which you may have heard of.


LXF: Yes! It’s all about keeping track of
open source licenses in projects. I went
to a talk about it a couple of years back.
KS: Right, so what we’re trying to do with
that is improve the software transparency
of the ecosystem, so people actually
understand what they’re shipping and
what they have installed on their system.


I ran into issues at Freescale because we
had no way of sharing license information.
We’re trying to make Zephyr a first-
class citizen in that respect. Each file is
licensed, so it’s very clear which license
you’re working under when you contribute
to that file. Zephyr is one of the few
projects, the Linux kernel is another,
that’s a Developer Certificate of Origin
(DCO) project. So when you contribute
to it you retain your copyright, and you’re
contributingunderthelicenseofthe

file,youdon’thavetosignaContributor
License Agreement (CLA) or a copyright
assignment, so it’s fairer, I think, to
developers. That’s my personal opinion,
but I’m very much a fan of the DCO,
I think it makes a very good basis for
communities. That was definitely one of
the lessons we picked up from Linux.

LXF: I guess in Linux things can get really
muddy, because some of those files
have unclear provenance and find their
way into other projects that are working
under other licenses. I guess it’s nice
to be starting with everything explicitly
licensed in Zephyr.
KS: One of the things I’ve been working
on with Thomas Gleixner, Philippe

Ombredanne and your friend Greg K-H
is cleaning up the licensing in the kernel.
Right now 79% of all the kernel source files
have a license identifier at the top, then
there’s a variety of interesting cases we’re
going to be working on to finish it off.
The idea is you shouldn’t have to sit
there [trying to track down licenses]. I
was seeing people trying to use artificial
intelligence to figure this out. Uh uh, totally
attacking the problem from the wrong
side. Garbage in, garbage out. Again. So
fix it in the source, and let it come up
from there. That way if someone copies
your file, which happens all the time, that
license information is there.
With Zephyr we’ve been very careful
about our licensing. I do a couple of passes
every now and then to make sure we’re still
keeping that discipline.

LXF: Well I guess it’s nearly time to wrap
up, and I’m not sure we can get more
exciting than reindeer. But do you have
other interesting applications or animals
that Zephyr has been used with, or in?
KS: Actually the aspect of taking Zephyr
to places where it can be used within,
like inside your body, is why we’re really
starting to focus on safety. There’s other
use cases too, but being able to get Zephyr
to where you can have enough provenance
associated with it and then follow the best
practices in that sense, that’s a goal for us.
I’ve got a lot of friends who have
medical devices implanted in them, and
they want access to that source code. I
think everyone has that right, whether
the device is running Linux or Zephyr
or something else. I think if you’ve got
devices in your body you want to know
what’s running on them.

MAKING ZEPHYR TRANSPARENT


“We’re trying to make Zephyr a first-class


citizen in that respect. Each file is licensed,


so it’s very clear which license you’re


working under when you contribute.”

Free download pdf