LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

[Posted June 10, 2003 by corbet]

Here is Ed Felten's take on the whole SCO thing. "More likely, though, the fact that SCO's story involves their code ending up in an open-source IBM product, rather than a closed-source one, is just a red herring. IBM would have had just as large an incentive to copy code into a closed-source product, and doing so would have reduced the chance of getting caught. Nobody has offered a plausible reason why the open-source nature of the end product matters."
(Log in to post comments)

Plausible reason?

Posted Jun 10, 2003 13:57 UTC (Tue) by elanthis (guest, #6227) [Link]

Why does it being in an open source product matter? Because then _anyone_ can take the code/ideas. Instead of just some of IBM's products having this supposedly stolen code, anyone in the world could take and use the code in question. Open Source means the code is leaked to a greater audience.

Duh.

Copying Code vs. Taking Ideas

Posted Jun 10, 2003 17:43 UTC (Tue) by torsten (guest, #4137) [Link]

Because then _anyone_ can take the code/ideas.

Taking code, and taking ideas, are not the same thing.

Implementing an idea means someone besides the code author has read, understood, and learned something (from the code). Education is my primary intent behind using and developing open-source software.

Copying code does not imply anything has been learned.

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 14:34 UTC (Tue) by Paul_Murphy (guest, #11735) [Link]

Actually Mr. Felton, someone has. Yes, I'm blowing my own horn and sort of feel bad about that, but there is a reasonable explanation in my linuxworld.com article on the SCO lawsuit.

My idea, which we'll soon see tested in public, is that the contract breach, if it took place (and i think it did), took place with respect to work done by IBM staff working on Linux for the z, p, and i series Power architecture, and thus "escaped" into open source when SuSe and Red Hat put this stuff into their code trees.

If this proves correct it should also have the nice consequence of leaving Linux on Intel (and sparc and alpha etc) unaffected in any direct sense - although I'm concerned that the long term indirect effect will be to layer lawyers into the open source process.

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 16:05 UTC (Tue) by southey (subscriber, #9466) [Link]

I think that I agree with you that there is something there after reading between the lines of recent comments. Much relies on IBM's license since SCO has to prove that they actually own that code even if IBM actually wrote it. Going further it would imply they actually own AIX completely. If IBM actually wrote this code then they may be 'free' to dual license the code.

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 14:54 UTC (Tue) by dbhost (guest, #3461) [Link]

"If any pimply-faced teenager can contribute code to open-source projects, how can you be sure that that code isn’t copyrighted or patented by somebody?"

To this I respond.
If any Khaki clad thirty something can drop slipshod code and hide it behind trade secrets and closed code,, how can you be sure that the code isn't copyrighted or patented by somebody? The answer to the question on the open source and closed source sides is the same. Without an army of legal researchers that would make the third infantry division look like a scout troop, you simply cannot. And ulike the Open Source development model, there is not well established evidence of who, where, and exactly when certain chunks of code got into the codebase. By knowing who and when a piece of code got put into the codebase we can make assumptions about its origin. Say for example (I am pulling things out of thin air here so bear with me, the names and hunks of code are fictional) Coder Larry Joe Bob has submitted a piece of code, lets say a sound card driver for the EMU10K 5.1 chips. He posts it to the kernel mailing list on July 10th 2003. Two years later company B says, hey that is our code that we have had in our product since 2004! A simple Googling of the kernel mailing list and newsgroups would turn up that the code indeed originated from Larry Joe Bob back in '03. Since Larry Joe Bob has no contact with Company B, and has no access to impact the time / date stamp on the Google archives it is safe to assume that the evidence is coming from an unbiased third party, and is therefore untainted. In fact that would expose Company B to a violation of the GPL for stealing Larry Joe Bob's code...
In much the same way, during the discovery process, I feel that it would be far easier for the Linux community, and IBM, to produce untainted evidence of origin and ownership than it would for the SCO group. This is not a slam dunk brain dead case. There are plenty of brain dead juries that hate big business. And the Linux community is being painted as in bed with IBM to kill the little guy. I am concerned that IBM will get hit with some stupid penalty like that woman a few years back won for spilling hot coffee on herself. Stupid juries can, and often due pervet the rule of law and allow slick lawyers to circumvent the spirit of the law.

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 15:29 UTC (Tue) by JoeBuck (subscriber, #2330) [Link]

I've worked in proprietary software companies for a long time. In the past I have frequently seen programmers insert code into commercial products in a way that violated copyright: taking code from "Numerical Recipes in C", or using open source code in a way that violates the license. This was done by junior people who didn't know any better. When this has been found, the bad code was removed, and in at least one case a license was negotiated with the copyright owner. It happens a lot less these days, because awareness of the issues has increased, but ten years ago you'd be amazed at how many "professional" programmers there were who thought that any code they could find source for was fair game to use. Some of them would even chop off copyright notices and put in their own names, or even "Copyright MyCompany", but leave a note saying where they got the code from, because they had no clue that there was anything wrong with this.

Because of this, I've gone on a bit of a crusade to correct everyone who misuses the term "public domain".

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 12, 2003 18:28 UTC (Thu) by openhacker (subscriber, #1614) [Link]

I've seen cases where I've used proprietary
products with a source license where various software
from other people (I think it was BSD derived) had
the copyright stripped off and replaced with a new
company.

Most programmers I've seen don't understand copyright --
they put a template on their files.

I just worked with one embedded compiler (which isn't being manufactured
anymore)with a stub:

int open(const char *path, int mode)
{
return -1; /* not available */
}

with a 20 line boilerplate copyright on top saying its confidential
information and a trade secret...

(geez, am I allowed to reveal this? ;-))

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 15:41 UTC (Tue) by mem (subscriber, #517) [Link]

You made me wonder... does Linus keep a copy of the emails people have sent him over the years with patches and stuff? Many patches are sent to lkml, but many others are sent directly to Linus, or Alan, or Dave, or ... but they end up in Linus' mailbox before being applied to the kernel tree. If the cae gets to court, I wonder if one of the sides is going to ask the court to subpoena Linus and his mailbox records. I know I wouldn't like something like that ...

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 16:00 UTC (Tue) by flymolo (guest, #11739) [Link]

This sort of thing should be kept in the CVS now bitkeeper logs.
Patch: blah
applied: blah
submitted by: blah
Linus I think, from what I recall in the bitkeeper wars, has a script that will grab a patch email and add it to a branch of the tree.

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 19, 2003 14:24 UTC (Thu) by mem (subscriber, #517) [Link]

That's been the case only very recently. Remember that Linus doesn't like CVS so there's no reason to think he kept a CVS tree with the Linux code. BK usage came post 2.5.x (for x ~ 10-20, IIRC).

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 19:17 UTC (Tue) by josh_stern (guest, #4868) [Link]

One of the things I love about the open source community is that it is
dominated by engineers who are willing to speak precisely and without
b.s. on any topic, even if it is unpleasant. That said, I feel compelled
to point out the obvious (to me) pooka sitting in the middle of the
current discussion. While the legal theory is unclear to me (and
actually strikes me as somewhat dubious), it has been claimed by
SCO that end users of products that infringe on copyright could be
legally liable for damages to the copyright holder even if they were
unaware of the violation and the it was not directly caused by their
employees. In that context, Mr. Felten and others are being
somewhat disengenuous to point out that copyright infringement could
occur just as easily in commercial products. While that is true, it's
also true that business users care at least as much about the
possibility of getting sued than they do about the ethics of copyright
infringement or technical legality of the software on their systems.
Neither Mr. Felten or any of the commentators here has cared to
broach the obvious point that it is easier for the copyright holder to
discover violations in open source code, and hence easier for them to
sue. If the legal premise of end-user liability holds up in a substantial
way, then it will hurt open source in comparison to proprietary
products. Arguing that proprietary software is just as likely to infringe
may help with some dubious sort of "whose community is cleaner
argument" but doesn't establish any practical equivalence. For these
reasons, I believe that it is important for open source advocates to
fight for the premise that end-user liability can only start when the
end-user has some substantive reason to suspect copyright
infringement, with clear and reasonable legal standards for what
counts as substantive and what sort of practical due diligence is
required to insure its absence.

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 19:30 UTC (Tue) by busterb (subscriber, #560) [Link]

If an end-user is held liable for copyright violations in open-source code, then:

* Art lovers should be liable if a work is found to be a forgery.
* Book readers should be liable if a book contains a plagarized passage.
* Music listeners should be liable if a song contains an uncleared sample.

There are a lot of variations, with plenty of legal precedent. Why should software be so different?

- Brent

Lessons from the SCO/IBM Dispute (Freedom To Tinker)

Posted Jun 10, 2003 19:54 UTC (Tue) by josh_stern (guest, #4868) [Link]

Those are good questions that I would like answered as well. But to
further the analogy, if a CD release is found to contain plagarized
material in violation of copyright, can the copyright owner demand
either a recall of all copyright material or receipt of some large
licensing fee? Again, I don't know. But a scenario in which there
was no historical liability but the copyright holder could demand eithe
a) cease and desist or b) any price they name would also be
unattractive to business.

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds