<del>I hate to say it, but the current system (i.e. all commits through jverkoey) has the major drawback of putting code accountability in nobody's hands but Joey's.</del>
It's nothing more than Jeff Verkoeyen being the gatekeeper for the project's repo, the same way a tightly controlled SVN repo might be. He's supposed to review every line of code that goes into it, and the commit it himself.
But everyone knows thats a daunting task, and theres no reason to review a simple thing like this to question where it originally came from. Right?
Git is awesome, because it helps prevent these situations, but it's only a tool. Different people will use it differently, and based on the comments of the blog post, once he found out that it was copyrighted code, he rectified the problem. http://github.com/facebook/three20/commit/204673eea141acf4ee...
I'm not trying to pass blame, but I do believe that jverkoey never had the intention of stealing this code. None the less, Facebook.app ended up on the sour end of a situation they could have solved months ago, but they had no idea there was a problem until now.
jverkoey looks to have implemented this himself.
Actually, looking back through the network graph (http://github.com/facebook/three20/network) and commit log (http://github.com/facebook/three20/commits/master) there really aren't ANY credits regarding merged-in patches or other contributions.