How to make sure the code in question is SCO's? [LWN.net]

How to make sure the code in question is SCO's?

Posted Jun 6, 2003 18:28 UTC (Fri) by mmarkov (guest, #4978)
Parent article: Notes from the SCO conference call

So, there is certain code that is allegedly
copied. It is easy to verify, if necessary,
that indeed these lines are present in Linux x.y.z,
because it is open source. IOW, it is impossible
to deny their presence in the kernel.

Not so with SCO's UNIX code. As it is closed
source, how can one be sure that precisely
this code with precisely these comments were
in the source of UNIX version a.b.c? There
is no "central depository" for the sources of
private companies; I mean, a depository on a
national level, not controlled by companies.

Being not-a-lawyer, it seems to me that they
(SCO) have to show the whole source tree, the
compiler they used at that time, and that indeed
this source compiles to binaries that are
*bit for bit* identical to the binaries of the
UNIX release in question. Of course, this leaves
a question on the comments, since the compiler's
output does not depend on them at all.

(Log in to post comments)

How to make sure the code in question is SCO's?

Posted Jun 7, 2003 7:17 UTC (Sat) by mmarkov (guest, #4978) [Link]

The comparison I am talking about is between
SCO and SCO, not between SCO and Linux. My
point is that, AFAIK, there is no way to
verify that the code in question was in their
original source tree -- might have been added
recently.

Therefore, even if they show under an NDA their
source to someone, they can't prove that indeed
this is the original source code. If it were an
aircraft design, the drawings would be easily
verifiable by an expert-graphologist. Any
tinkering with them would be detected just by
examining them. With a symbolic sequence that
the source is, that's obviously not the case.

A way to show the integrity of their sources
would be to run them through a compiler and
see if the resulting binary matches bitwise
the binary that they were selling to their
customers. Of course, the comments' originality
and integrity cannot be verified like that,
because the compiler's output is regardless of
the comments.

How to make sure the code in question is SCO's?

Posted Jun 7, 2003 21:02 UTC (Sat) by jmccusker (guest, #11697) [Link]

That's not true at all. SCO should be able to compile the same section of code (or the module itself) using the original compiler and find the bytecodes in the code that are in question. C code compiles in a consistent manner and it's a fairly trivial process to show the binary code that's generated from the sections of code that are claimed to be in copyright infringement. This bytecode can be used as a 'fingerprint' which can be use to identify the use of this code in previous versions of UNIX.

SCO can further bulster their claim by compiling the same code using the GNU C compiler(s) that Linux used in order to generate similar fingerprints for Linux binary kernels.

I suspect it will be fairly easy for SCO to 'prove' that their code in question was incorporated into previous versions of UNIX. They can also use this same technique to guarantee that this code didn't arrive from older BSD kernels.