I remember we had such discussions before , a most 'secure' way was to have 2 roles - one is implementor, another is overseer. An overseer looks at problematic method and describing what method should do to 'implementor'. Then implementor makes own implementation without looking at current implementation at all. Despite how good it sounds, IMO, it is not really works in practice. First, since given method already exists in image and its source available for reading at any time, how any implementor can prove that he never saw original implementation and claim that new implementation is based on his own mental effort? Second, describing a method could also be seen as an illegal act, because your description is based on knowledge of the method sources. And knowledge is intellectual property :)
Let us not make unnecessary fuss and just carefully see if there is such problematic methods for Squeak 4.0.
FWIW, we have not found such methods (that are not removeable or revertable or just with small fixes) for Etoys 4.0.
And this is from Matthew's another email but:
I've done the first step and done a full audit, using Yoshiki's tools [1], of all the code in Squeak 3.10.2, with the exception of four packages:
- Monticello
- SUnit, TestRunner, and SUnitImproved
- Universes
- Traits
BTW, as for SUnit, the (real) original SUnit is flagged as "Public Domain" and the Squeak version was one time under SqL. But Sames and JPerline sent us the signature so we can consider it clean. And I didn't think there was anybody for Monticello and Universes and Traits that matters (I could be wrong). Even if there are a few, I'd imagine that getting signature from them is much easier to get ones from much earlier contributors.
-- Yoshiki