This week's SCO fun [LWN.net]

It may have seemed like a relatively quiet week on the SCO front - to the relief of many - but a number of things have been happening. It's time to get caught up in the latest developments in this case.

People have continued to look at the code samples presented by SCO in Las Vegas. Eric Raymond posted his own analysis which included a comparison of the Linux atealloc() code with the SYSV malloc() implementation - something that Eric evidently has sitting around somewhere. Eric's conclusion was that the Linux code derives from the ancient malloc() implementation found in 32V Unix. LWN, looking at Eric's diff, came to a different conclusion; the Linux code appears to have been taken from (proprietary) SYSV Unix. See this article for a full description of our reasoning. Since then, FreeBSD kernel hacker Greg Lehey has posted his analysis, which also points to a SYSV derivation.

The sad fact is that this particular piece of code is problematic no matter how you look at it. The alternatives are:

The code was lifted from SYSV Unix, which makes it a direct infringement of SCO's copyrights.
The code actually derives from the ancient 32V Unix release. SCO, back when it was called Caldera, released 32V under an older, four-term BSD license; this license is incompatible with the GPL, due to its advertising requirement. The code in Linux also lacked the requisite copyright headers. In this scenario, the inclusion of this code infringes SCO's copyrights (due to the missing copyright headers) and also those of the other Linux kernel contributors (due to the GPL incompatibility).
There are other opinions on how 32V is really licensed. SCO has started making noises to the effect that 32V was really only released for 16-bit, non-commercial use, though the license letter that went around (and, indeed, was sent to us anew by SCO PR person Blake Stowell) says otherwise. Any attempt by SCO to "call back" this release is likely to fail at this point.
Then, there is the assertion that 32V is actually public domain. This conclusion comes from the March 3, 1993 ruling in the USL case, which reads: "...I find that Plaintiff has failed to demonstrate a likelihood that it can successfully defend its copyright in 32V. Plaintiff's claims of copyright violations are not a basis for injunctive relief." But saying that USL lacks evidence strong enough to justify a preliminary injunction is different from a true finding that the 32V code has gone into the public domain. Given the rather friendly stance the courts have taken toward copyright holders in modern times, relying on this preliminary ruling to hold in a new court case seems risky at best.

It is thus hard to conclude that this code belongs in Linux. And, in fact, it has already been removed from the 2.4 and 2.6-test branches. In any case, it is a tiny piece of ancient code performing a trivial task; it is not the basis of a $3 billion lawsuit. If this is the best that SCO has, its case will not go that far.

SCO's other code sample, of course, was the Linux implementation of the Berkeley Packet Filter (BPF) library. There appears to be no way that SCO can claim ownership of this code; indeed, Greg Lehey's analysis suggests that, perhaps, SCO has stripped the copyright headers from its copy of that code, in violation of its (BSD) license. SCO would seem to have figured out that it is on especially thin ice here; a recent InfoWorld article quotes SCOSource VP Chris Sontag as follows:

But Sontag said the BPF routines were not intended to be an example of stolen code, but rather a demonstration of how SCO was able to detect 'obfuscated' code, or code that had been altered slightly to disguise its origins. The slide displaying the code should have been written differently to reflect that intention, he said.

Given that the slide in question reads "Obfuscated System V code has been copied into Linux kernel releases 2.4x and 2.5x," one might well agree that it should have been "written differently." One might well ask what other parts of the company's recent output should be written differently.

Meanwhile, SCO lawyer Mark Heise is still taking potshots at the GPL; his latest assertion (from this ZDNet interview) is that Section 301 of the U.S. Copyright Act preempts the GPL. Now, one of the advantages of having an Internet around is that one can go and check these things directly; the first part of Chapter 3 of the Copyright Act reads:

§ 301. Preemption with respect to other laws

(a) On and after January 1, 1978, all legal or equitable rights that are equivalent to any of the exclusive rights within the general scope of copyright as specified by section 106 in works of authorship that are fixed in a tangible medium of expression and come within the subject matter of copyright as specified by sections 102 and 103, whether created before or after that date and whether published or unpublished, are governed exclusively by this title. Thereafter, no person is entitled to any such right or equivalent right in any such work under the common law or statutes of any State.

Those of us who are unused to reading legalese will probably have to go over this paragraph two or three times, but, in the end, the title sums it up pretty well: this part of the copyright law states that it preempts other laws at the state level. Since very few states have enacted the GPL into law, the §301 preemption really is not relevant. The GPL is a license in which the copyright holder waives certain rights under certain conditions, as is allowed by the rest of the copyright law. If §301 preempts the GPL, it preempts every other software license as well. So Mr. Heise's reasoning remains unconvincing, to say the least. However, he appears to be in charge of this case at this point; David Boies would seem to have found more pressing engagements elsewhere.

Then, there is SCO CEO Darl McBride's amusing and paranoiac assertion (as reported in InfoWorld) that IBM is behind the attacks on his company. No further comment seems necessary there.

SCO's web site was evidently the target of a denial of service attack over the weekend of August 23. The Linux community should have nothing to do with such attacks. They do not help us in any way, and they go strongly against the principles of openness and freedom upon which the community is based. This sort of attack also gives SCO a great opportunity to portray the community as a bunch of criminals. Taking down SCO's site is wrong; it is a big mistake. Let us hope that it does not happen again.

Finally, Rob Landley and Eric Raymond have put together a response to SCO's amended complaint in the IBM case. Think of it as the "Mystery Science Theater 3000" version of the complaint; SCO's text is presented with Rob and Eric ruthlessly heckling each paragraph as it comes. It is a good resource for those wanting to put SCO's actual allegations in the IBM case into perspective.

(Log in to post comments)