Michael Watterson wrote:

> I've looked at some OS projects and concluded easier to start from
> scratch than figure what they did.
>
> Any non-trivial FOSS project is close to dead if the active developers
> abandon it.
>
> In 20 years time if the project was abandoned how do you know there
> will be an online copy you can find?

WOW.  Hard to imagine anyone being that far off-base.

All of the popular FOSS projects are included in most, if not all, of the
major distros.  These distros maintain archives going back for as long as
they have existed.

FOSS licensing requires that the source be available under the same terms
as the executable, and the major distros jump through hoops to be sure
that is true.

I am a Fedora contributor, so I have some understanding of how Fedora
manages this.  I'm sure all the other major distros do something similar.

When a developer wants to add or update a package in Fedora, he must put
together something called a source RPM (SRPM).  This is an archive file
containing the sources, the building instructions, AND THE LIST OF
DEPENDENCIES.  The run time and build time dependencies are listed
separately.

The SRPM is then submitted to a system which builds an isolated
environment containing nothing but what is called the "Linux Standard
Base" (LSB) for the version the package is targeted at.  The LSB contains
only those packages that you can expect to find on any Linux system.  You
can think of it as out of the box Windows without things like Notepad.=20
While Fedora only supports two versions back, the capability to build for
some ancient version is maintained.  And the developer tools are provided
for the developer to maintain this capability locally (although without
the ability to sign the package as an official Fedora package).

The build system then looks at the build dependencies, installs them on
this instance, and builds the package.  I'm not sure, but I think the run
time dependencies are also tested.  If all goes well, the package is sent
to a test system where three other developers must test and approve it.=20
The package can then be signed and added to Fedora.

The Fedora repositories contain both the RPM which is used to install the
application on the target system, and the SRPM.  There are literally
hundreds of mirrors of the Fedora repositories.

I know Fedora, so I can say what they do.  I strongly suspect Ubuntu,
Debian, SuSE, and on and on all do essentially the same thing.

For a major package, there will be literally thousands of copies of the
source spread across all those distros, and each distro has at least a few
people who feel some responsibility for maintaining the package, in
addition to the "upstream" team who initially developed the package.

Sure, for some minor package with one or two developers that you can find
on only one distro there is a risk.  But for a package like git or SVN
that is widely used there is no chance that you can't find the source for
any version, along with the tools needed to build it.

--McD


--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.