LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Brass tacks: SCO and your business (NewsForge)

[Posted June 4, 2003 by corbet]

NewsForge advises businesses on how to respond to the SCO suit. For the most part, that advice is "don't worry." One statement of interest, though, is: "Thus even if there has been direct copying, which remains without a shred of publicly available evidence, trying to prove that IBM put the 'illegal' code in is impossible. It's like trying to decide the fate of a single strawberry after dozens have been thrown into the blender and you've turned it on puree." Determining the source of any infringing code is an interesting subject requiring further thought.
(Log in to post comments)

Brass tacks: SCO and your business (NewsForge)

Posted Jun 4, 2003 15:36 UTC (Wed) by hamjudo (subscriber, #363) [Link]

trying to prove that IBM put the 'illegal' code in is impossible.

Possibly because IBM didn't put in any 'illegal' code.

It is possible to track any significant chunk of code back to when it was first inserted into the kernel. In most cases we should be able to track back to the email message where the code was submitted to the linux kernel mailing list or Linus or whatever the vector was into the 2.4 kernel.

Of course we need to know what the code is, in order to start tracing it back.

Brass tacks: SCO and your business (NewsForge)

Posted Jun 4, 2003 17:19 UTC (Wed) by otro_mas (guest, #6820) [Link]

That's something many people say, but it's not completely true.

In fact, it's just true from when Linus (and Marcelo) started using Bitkeeper (january 2002????).

Before that the only thing we have is (with luck) the patch were it appeared, and going to changelog maybe (and only maybe), the autor. But many of us still remember when the changelog from Linus used to be "short"

Brass tacks: SCO and your business (NewsForge)

Posted Jun 4, 2003 20:01 UTC (Wed) by simlo (subscriber, #10866) [Link]

You can at least find out which version it entered at kernelhq.org by using the diff mechanism. It takes a few clicks but it is certainly doable.
Then it should be a matter of searching the changelogs for that particular version and then try to go through the mail archives for that period of time.

Brass tacks: SCO and your business (NewsForge)

Posted Jun 4, 2003 16:00 UTC (Wed) by pjs (guest, #10927) [Link]

I'm no attorney, but I play one on NewsForge....

Brass tacks: SCO and your business (NewsForge)

Posted Jun 4, 2003 17:04 UTC (Wed) by clugstj (subscriber, #4020) [Link]

What's impossible is for SCO to prove the origin of THEIR code. Since it is not public, it would be trivial for them to dummy up any history for it that they want.

Proving the provenance of source code

Posted Jun 4, 2003 17:34 UTC (Wed) by hughett (guest, #10925) [Link]

There are ways in which SCO could prove where its code came from. The obvious one is for the programmer who originally wrote the code testify under oath that he wrote a certain piece of code on or about a certain date, using certain reference material, debugging and testing on certain dates, and committing the code to the central repository on a certain date. It's not impossible for a witness to lie, but I suspect few programmers will be willing to risk a conviction for perjury; in any case, few programmers seem to be very good at lying.

Conversely, Linux can prove the provenance of a piece of code by the same means, possibly supplemented by published versions of the kernel and mail logs of the kernel group. Being able to show intermediate, buggy versions of the code (e.g. growth of the code through several experimental releases) would go a long way to convincing me that that programmer actually wrote the code.

If one SCO programmer and one Linux programmer swear that they both wrote the same bit of code, then it becomes a matter for the jury to decide which one is lying, or if they managed to write the same code independently.

So. What about SCO v. Linux? I don't know how Linus and his lieutentants actually track contributions to the kernel, but I suspect they would have little trouble producing a paper trail and witnesses to support the origins of any bit of kernel code. Can SCO produce witnesses?

Proving the provenance of source code

Posted Jun 4, 2003 18:25 UTC (Wed) by utoddl (subscriber, #1232) [Link]

The obvious one is for the programmer who originally wrote the code testify under oath that he wrote a certain piece of code on or about a certain date, using certain reference material, debugging and testing on certain dates, and committing the code to the central repository on a certain date.

Sorry. I write anywhere from 0 to hundreds of lines of code per week, and I could no more tell you what I wrote six months ago than this mythical SCO programmer (who wasn't an SCO employee at the time) wrote God only knows how many years ago...

If there is any infringing code (which I doubt), it could easily have come from somewhere else. Who would know? Who could know?

Brass tacks: SCO and your business (NewsForge)

Posted Jun 4, 2003 23:21 UTC (Wed) by fergal (subscriber, #602) [Link]

If SCO can exhibit a binary which was distributed to customers and which contains a compiled version of the code in question then that would prove it quite well. It's very far from impossible to prove.

Brass tacks: SCO and your business (NewsForge)

Posted Jun 5, 2003 18:21 UTC (Thu) by chohman (guest, #5519) [Link]

Ummm. Do you realize that there is no such thing as a dis-compiler? The operation of converting source code to binary with a compiler (as opposed to an assembler) is a one-way function, at least in that the source code involved is not unique. I suspect that 2 people can write a code segment using different variable names (strong suspicion verging on certainty) and even different styles of expressing the same logic (weaker suspicion), and after an optimizing compiler is finished, the binaries could be identical. This hardly proves that the code was copied.
IANAL, but I don't think showing identical source snippets proves copying in any event. Proving copying may be far from impossible, but I doubt it's very close to trivial, either. Cheers.

Brass tacks: SCO and your business (NewsForge)

Posted Jun 5, 2003 12:31 UTC (Thu) by mgh (guest, #5696) [Link]

Surely with the amount of publicly available UNIX source around for many years isn't it likely that any duplicated code was copied from a 3rd source - for example under the BSD license which allows this? Given the result of the last Unix lawsuit and the actual outcome I'd say this one is likely to end up the same way.

The other thing I would suggest is that the Linux community will not be well served by IBM buying SCO and the lawsuit. Today IBM is not intending to control the Linux codebase, but neither did Caldera a few years ago.

Beware IBM (?)

Posted Jun 5, 2003 19:00 UTC (Thu) by rjamestaylor (guest, #339) [Link]

    The other thing I would suggest is that the Linux community will not be well served by IBM buying SCO and the lawsuit. Today IBM is not intending to control the Linux codebase, but neither did Caldera a few years ago.
Good point. Worst case scenario:

<alarmism>

    IBM allows SCO to win the case, establishing that it owns rights to UNIX IP and that Linux violates same; IBM buys SCO and takes the whole UNIX/Linux market to itself.
</alarmism>

Talk about convoluted conspiracies...


--
SCO delenda est!

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds