An open letter to SCO [LWN.net]

We recently sent the following letter to several contacts at SCO and its public relations agency:

The SCO Group has made repeated claims that Linux contains code taken from proprietary Unix. On the basis of these claims, a $1 billion lawsuit has been filed against IBM, and letters have been sent to many Linux users warning that they may face legal liability. You have publicly compared the Linux community to thieves and liars. What you have not done is to back up your claims in any way, with the result that you have now been hit with legal notices for unfair competitive practices in two countries.
The Linux and free software communities take great pride in their ability to develop code which is inferior to none. They have no interest in stealing code from anybody; Linux hackers are not so dishonest, and, frankly, most of them believe that they can do a better job themselves. Linux is an implementation of a number of well-published standards, but it is an original work.
That said, if it turns out that there is stolen code in the Linux kernel (or elsewhere) the community very much wants to know about it. We would like to remove that code and find out how it came to be included in the first place. Anybody who turns out to have contaminated Linux with proprietary code will, to say the least, not be welcome in our community in the future. If this has happened, we want to get to the bottom of it even more than you do. We do not want it to happen again.
You have made grave accusations against our community and caused a great deal of concern in that community and beyond. You now owe it to us to back up those accusations.
You need not - at this point - reveal any proprietary code of yours. But you owe it to us to point out which code in Linux is, by your claims, stolen from you. This code, by virtue of having been distributed by many (including you) in source form, can no longer be held to be confidential; SCO's claims to that regard are unconvincing. You will not violate any confidentiality by simply indicating which code you are taking exception to.
SCO claims that the Linux community would use any such disclosure to remove the evidence ("That's like saying, 'show us the fingerprints on the gun so you can rub them off.'" - Darl McBride in the Wall Street Journal). This claim, too, is unconvincing. The development history of Linux is public and cannot be erased; all the evidence you need can be found on SCO's own distribution disks. There is no way to "rub off" those fingerprints. Yes, the Linux community would quickly remove any code that was shown to be proprietary, but that would not change the evidence for your case and you know it.
Making a demonstration for a limited number of reporters under NDA is inadequate. Your NDA excludes the people who can best make judgements on the origins of code and prevents the development community from addressing any wrongs that may have occurred.
Instead, if you point out the code the Linux community will track down its origins far more quickly and effectively than your lawyers ever could. Your refusal to do so only suggests that you fear exactly that: a careful investigation could show that any common code comes from a freely available source. If your claims are honest and legitimate, you owe it to the community to back them up.
If SCO is serious about its claims, it is time to show some integrity and expose those claims to general scrutiny. Please, SCO, show us the code.

We did actually get a response back from them. Here's SCO's statement:

Thanks for giving us the opportunity to respond. Our offer to show individuals the source code under non-disclosure at our corporate offices still stands throughout the month of June. Several analysts and journalists have seen the source code. I hope that the Open Source community will understand that we have to show this UNIX source code under non-disclosure because of the confidentiality agreements that we have in place with more than 6,000 UNIX licensees. We can not violate these agreements.

An SCO representative has since stated that the offending code is in the Journaling Filesystem (JFS), NUMA, and SMP support. JFS is an obvious, large contribution from IBM, and, though it originally comes from OS/2, it could conceivably contain some of SCO's code. JFS is good stuff, but its loss would affect very few Linux users.

The initial NUMA support was contributed by Kanoj Sarcar, then at SGI. IBM has since improved that code, of course. It is well known that Linux SMP support was initially helped by the company then known as Caldera. It has since seen work by a great many people. It is conceivable, though improbable, that a significant amount of proprietary code could have been sneaked in somewhere.

But, without knowledge of the code that SCO objects to, it will be impossible to independently verify whether any of it has been copied or not. SCO continues to hide behind the "confidentiality" of code which has been publicly distributed, with the result that nobody can ascertain whether its claims have merit or not. Perhaps that is the point.

(Log in to post comments)

An open letter to SCO

Posted Jun 12, 2003 9:23 UTC (Thu) by james (subscriber, #1325) [Link]

Hope nobody's reading this looking for real insight.

I was -- and I got it!

This is the first time that SCO has publically stated which parts of the kernel contain infringing code. This is a major step forward: the kernel community can now start considering what they can do about it.

For example, the JFS code is fairly self-contained, it has several functional equivalents within the Linux kernel, and it isn't that popular a filesystem. It's also quite plausible that Unix UFS code did get into the AIX JFS implementation (it looks to AIX like a standard Unix filesystem, after all). This could have been taken into JFS for OS/2 and into the current Linux implementation, having been missed by IBM's code review and IP review teams.

It might now be considered justified to drop the JFS filesystem until such time as the status of the code becomes clearer. I shouldn't be surprised if Red Hat, at least, cleansed it out of their kernel branch...

Unfortunately, the SMP and NUMA stuff would be better described as "pervasive". But at least the community can start looking for candidates now: parts of the code that might have come from elsewhere.

James

An open letter to SCO

Posted Jun 12, 2003 12:47 UTC (Thu) by nosnilmot (subscriber, #746) [Link]

According to this JFS FAQ the JFS as we have it was a new implementation for OS/2, and the port for linux was made from a snapshot of the OS/2 implementation (From December 1999), and not from the version that made it into AIX 5L in May 2001.

It's not clear, however, whether the new implementation is completely new, or is derived from their original JFS1 that they had been included in AIX since 3.1. Either way, it's difficult to see how SCO can lay any claim to any of this - it all, apparently, being developed by IBM anyway.

An open letter to SCO

Posted Jun 12, 2003 9:43 UTC (Thu) by james (subscriber, #1325) [Link]

I really would like to see that part of the license that say that SCO can't do what they want with the code they own.

Not all of the System V revision 4 source is SCO or Novell copyright. Parts that came from Xenix, for example, are copyright Microsoft.

Besides, it's possible that some of the major vendors would have wanted assurances, before they paid millions of dollars for Unix rights, that the owners (whoever they were) wouldn't then give those rights away for next to nothing to the vendor's biggest competitor.

These licences aren't your standard Microsoft EULA: if a potential Microsoft end user objects to the terms, Microsoft doesn't have much financial interest in rewriting the terms. If a potential Unix licensee objects to terms in a multi-million-dollar licence agreement, AT&T / Novell / SCO / Caldera / SCO Too will look very closely at whether changing the agreement allows them to keep the deal and / or charge them more...

We've seen some of the language from Novell's and SCO's lawyers in the titbits of the ownership transfer agreements. Are you surprised that even the SCO lawyers aren't sure about what they can and can't publish?

James.

An open letter to SCO

Posted Jun 12, 2003 19:42 UTC (Thu) by brouhaha (subscriber, #1698) [Link]

I'm skeptical that Microsoft has any copyrights on SVR4 code. First, I've never before heard claims that any Xenix code was transferred into System V. Secondly, if there were any such copyrights, they probably were transferred when Microsoft sold their stake in the original SCO.

The situation where Novell initially sold SCO the Unix software *without* the copyrights was very unusual.

Caldera and SMP

Posted Jun 12, 2003 13:25 UTC (Thu) by corbet (editor, #1) [Link]

Really.

I can't dig up the definitive message now, but digging through Google turns up messages like this one. Also, pull out your 2.4.x kernel source and have a look at arch/i386/kernel/smpboot.c:

/*
 *	x86 SMP booting functions
 *
 *	(c) 1995 Alan Cox, Building #3 <alan@redhat.com>
 *	(c) 1998, 1999, 2000 Ingo Molnar <mingo@redhat.com>
 *
 *	Much of the core SMP work is based on previous work by Thomas Radke, to
 *	whom a great many thanks are extended.
 *
 *	Thanks to Intel for making available several different Pentium,
 *	Pentium Pro and Pentium-II/Xeon MP machines.
 *	Original development of Linux SMP code supported by Caldera.
 * [...]
 */

(The bold font is mine - it doesn't appear in the source :)

Caldera and SMP

Posted Jun 12, 2003 21:13 UTC (Thu) by StevenCole (guest, #3068) [Link]

This is probably referring to the ASUS P54PNIP4 motherboard with 32Mb of RAM which Caldera provided to Alan Cox. I got that link from ESR's excellent OSI Position Paper on the SCO-vs.-IBM Complaint.

Caldera and SMP

Posted Jun 13, 2003 14:05 UTC (Fri) by stock (guest, #5849) [Link]

> *
> * Thanks to Intel for making available several different Pentium,
> * Pentium Pro and Pentium-II/Xeon MP machines.
> * Original development of Linux SMP code supported by Caldera.
> * [...]
> */
>
>
>
> (The bold font is mine - it doesn't appear in the source :)

I just check here by downloading a fresh copy of linux-2.4.20.tar.bz2, and this
line :

* Original development of Linux SMP code supported by Caldera.

is definitely inside the ftp.kernel.org kernel tree. The file is called :

/usr/src/linux-2.4.20/arch/i386/kernel/smpboot.c

Robert

An open letter to SCO

Posted Jun 12, 2003 19:52 UTC (Thu) by brouhaha (subscriber, #1698) [Link]

What's really aggravating is the double standard they're trying to use.

If any proprietary SCO code has been included in the Linux kernel, it was obviously not done with the knowledge and consent of Linus, most of the kernel developers, and most of the Linux distributors. It is basically an unintentional mistake.

On the one hand, rather than just explaining the problem (in specifics) and allowing the kernel developers to remedy the mistake, they're suing for a billion dollars.

On the other hand, they shipped the code in their own Linux distribution, but claim it was a mistake and that they shouldn't have to honor the GPL terms.

Apparently they don't have to take responsibility for their own actions, and face the consequences thereof, but they expect everyone else to do so.

SCO doesn't want to rectify the mistake

Posted Jun 14, 2003 0:29 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

Sounds like you didn't read the comment to which you are replying. The point is that SCO doesn't care whether there was any evil intention in this copying, doesn't want to punish anyone, and definitely doesn't want the copying stopped. SCO wants its legal share of the value that companies are deriving from use of the code in question.

The IBM case in particular is about a contract infringement. In a contract infringement case, there is no question of wrong or right or intent. SCO is simply entitled to be reimbursed by IBM for whatever damage it may have suffered because IBM failed to live up to that contract.