Clarification in the README re: Correlliium

[a-hurst]

Hi there!

Just stumbled on this project and wanted to try and shed some light on the Asahi - Corellium conflict, since it’s described a bit in the README.

Basically, from what I remember the public conflict only lasted a day or so (all the tweets were deleted within a few hours), but it boiled down to Corellium playing it a little fast-and-loose with code licensing for Hector Martin’s comfort (e.g. copying stuff from the XNU headers and adding an explicit GPL license at the top) in terms of both legal risk and upstreamability. That’s the reason he wanted to do a full clean-room approach and not base any of his code on theirs.

Regardless, that beef was squashed after a day or two and Corellium has been CC’d on all the Asahi Linux upstreaming submissions, but so far there’s been functionally zero participation from them in those efforts.

Anyway, hope that clears up the existence of the two separate projects a bit! If I hadn’t looked online in the exact time window I did I wouldn’t have seen or understood any of it either.

[pipcet]

Thank you very much!

If you have any suggestions for how the wording could be improved or made more accurate, I'd be grateful, but it would also be great if I could link to this by way of explanation. Would that be okay?

[a-hurst]

To try and avoid re-igniting an old conflict, I think the most diplomatic way of putting it would be something along the lines of “Two main teams, Corellium and Asahi Linux, have made efforts to port Linux to M1 Macs. However, Corellium has not yet attempted to upstream any of the code from their port (as of August 2021), and the Asahi Linux project has avoided using any Corellium code to do legal concerns regarding licensing.”

I don’t think there’s anything in there either group would take issue with. Hope that’s helpful!

[pipcet]

Thanks for the suggestion. I'll think about it, but the proposed wording sounds very biased, to me, to be honest (on the other hand, I am biased as well, I'll be the first to admit).

As for being diplomatic and not wanting either group to take issue with it, I'd rather they took issue with it and solved the conflict, rather than pretending there is none.

But, again, I'll have to think about it.

Thanks again!

[a-hurst]

No worries! You can read up a bit more on the conflict here if you'd like some more context. In a nutshell, I think it boils down to the two efforts having very different purposes: Corellium wanted to get a basic proof-of-concept port out the door quickly to show they could do it, and Asahi wants to go through the slow and painful process of upstreaming as much code as possible at the cost of rapid progress.

Obviously feel free to use different wording than what I have above. In the context of the README, my aim was trying to explain to newcomers a) why there are two separate efforts, and b) why their timelines and progress are so different, since I'd imagine that's what a lot of readers would be wondering. I think the key explaining factor for both is that the Linux kernel maintainers are super strict about the legality and copyright of any code they upstream, which explains why Corellium hasn't attempted to upstream any of their port, why Asahi has avoided the Corellium code, and why Asahi is only just now catching up to Corellium in terms of basic feature support. If you read any of the kernel mailing list discussion regarding the M1 bringup code you can see how strict the reviewers are!

[pipcet]

I'm at a loss as to what to do here, to be honest, since your explanation, for example, sounds good, but doesn't explain the viciousness that is displayed every time Corellium is mentioned by some Asahi contributors.

And that's an important part of the story, and it means that there has been a falling out, not just a reasonable disagreement, and that Corellium's decision to suspend public work on the project should be seen in that context, and not portrayed as something that they intended to do all along.

In particular, I'm not going to include any wording that suggests Corellium is somehow at fault for deciding to interrupt and suspend efforts, which is how I read your suggested wording. That's a perfectly legitimate thing for them to do, and seems like a good business decision to me when you have a loud public voice taunting your developers on Twitter for their alleged technical failures [https://twitter.com/marcan42/status/1423214292145299457], for example.

I have no intention to "be diplomatic" when it means pretending a conflict isn't there when it plainly is, and I don't think anyone should feel good about the current state of affairs.

(As for the "legality" of Corellium's code, I want to be very clear that I'm not making or agreeing with any insinuations that Corellium did anything illegal. I think it is fairly obvious a project is acting without the benefit of legal advice when contributors make statements such as "I have strong evidence that [Corellium's] drivers are developed by reverse engineering macOS drivers; that may or may not be legal".)

As I said above, I don't know what to do. I'm still open to any suggestions regarding the wording, and would like to link, with your permission, to this discussion as providing further background.

[a-hurst]

Sure, you can absolutely link to my explanation above! My main motivation in trying to word things more diplomatically was to avoid accidentally re-igniting any part of the public feud (or worse, igniting a new one between one of them and your efforts here), but if that's not a concern you I give you full permission to re-use or link what I originally wrote.

One final thing to mention regarding the rest of your post: I certainly don't mean to blame Corellium for not putting any more work into their port (as you said, it's not good business sense, especially when there's no monetary benefit for them), but I also don't think the Asahi feud did anything to change that. Corellium's Project Sandcastle efforts also haven't been updated in ages, presumably for the same reason: it's a cool project that can bring in a short burst of good PR, but afterwards the cost/benefit of maintaining that kind of project is much harder to justify.

I think the only reason Corellium ever claimed they were going to upstream their work was because it was in the middle of the Ashai feud and emotions were high, and that once things had calmed down the cold business logic took over again so efforts were quietly dropped. As a business with limited time/resources, I think that was definitely the right choice.