Bugs in the BSD sources ??

Keith Bostic bostic at ucbvax.BERKELEY.EDU
Mon Oct 2 05:09:04 AEST 1989 

There have been a number of recent postings about the relationship between
the source code on uunet.uu.net and various BSD releases and bugs found in
the code.

> Are the BSD sources, archived @uunet, among other places,
> the sources to actual, working, tested programs?

Pretty much.  The BSD programs on uunet come from three possible sources.
The first is the 4.3BSD-tahoe release, which was an interim release last
year.  The second is the BSD networking release of this spring.  The third
is piecemeal from Berkeley.

Unfortunately, none of these methods involved real release engineering of
the kind that 4.3BSD was subject to.  Release engineering is hard to do well,
takes a lot of time, and isn't all that much fun.  (As an example, when
4.3BSD was being prepared for release, members of CSRG checked *every* entry
in the SCCS logs to make sure it was both reasonable and, if necessary,
documented.  For more details read Kirk McKusick's paper "The Release
Engineering of 4.3BSD" from the April USENIX Software Management Workshop
Proceedings.)

Anyhow, we generally put release engineering off until we're ready for a
"final" version of the software, in this case, 4.4BSD.  Vendors and other
organizations don't want to wait for the final release, so Berkeley has
historically done intermediate releases to make the software available to
other development groups.  These releases aren't snapshots, i.e. they've
run for extended periods of time on a few machines, but they haven't gone
through extensive beta cycles either.

The large majority of the code on uunet comes from the 4.3BSD-tahoe release,
is fairly well tested and has been run in the configuration in which it is
presented.  Code from the networking release is well tested, but has
never been run in the configuration in which it is presented.  This is
because networking is a current research area at Berkeley and getting a
coherent snapshot of our networking sources is somewhere between difficult
and impossible.  This is the reason that the code as distributed didn't
compile -- we were trying to merge a number of versions of the software and
it didn't quite work.  (We apologize for that, by the way, and the next
version will, at least, compile!)

The final category is usually due to a significant security problem or simply
because enough people have asked us for copies of the code that I've asked
Rick Adams to add it to his sources so that we can direct people to uunet
rather than email'ing out the source tree each week.  Ftp and dbx are good
examples of this.  In general, this code is the least well tested, although
you can be sure that it compiles and has been run -- for at *least* twenty
minutes.  These versions are usually copies of what we are currently running
on our development machines, which causes problems in and of itself.  For
example, our method of doing Makefiles has recently been reworked and include
files often change over time.

> Sometimes it *is* identical to the unpublished proprietary source.
> For instance, the freely redistributable version (5.3 (Berkeley) 6/29/88)
> of mkstr.c from the 4.3BSD-Tahoe release of Berkeley UNIX (which is what
> UUNET post in their archives) is exactly the same as the proprietary version
> (5.1 (Berkeley) 5/31/85) of mkstr.c, with the exception of the SCCS info and
> redistribution rights.  Just an observation...

As part of the process of identifying non-AT&T portions of our distribution,
we occasionally simply change the copyright notice.  Copyrights from Berkeley
fall into three categories.

Code from 32V which has not been modified: this code has whatever copyright
notice that AT&T had on it when we got it, usually none.

Code from 32V which has been modified at Berkeley:

/*
 * Copyright (c) 1988 Regents of the University of California.
 * All rights reserved.  The Berkeley software License Agreement
 * specifies the terms and conditions for redistribution.
 */

Code which has been written at Berkeley and is not proprietary to any
vendor:

/*
 * Copyright (c) 1989 The Regents of the University of California.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the University of California, Berkeley.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

Until about a year or so ago we did not distinguish between the second
and third cases, they both got the "see the Berkeley License for details"
version of the copyright.  That is why you can find source code where
that copyright notice has simply been replaced with the "freely
redistributable" version without software modification.

--keith

More information about the Comp.unix.wizards mailing list