Slashdot Mirror
Indemnity Protection for Linux?
spookymonster asks: "I'm a mainframe sysadmin for a Fortune 50 company. I'm also a Linux hobbyist. About 18 months ago, my request for a proof-of-concept z/Series testbed was granted, and the results have been encouraging. Despite this, senior management keeps saying that Linux isn't ready for prime time. Today, I was finally able to corner one of them and ask him what exactly his issue was with Linux. His answer: Indemnity. All our other software vendors provide protection against someone suing us for using their product. Who protects us if a third party sues us, claiming Linux infringes on their copyrights? Sadly, I was at a loss for words. I've done some digging on Google, but haven't really found anything on the subject. With the SCO/IBM lawsuit heavy in the headlines of late, I figured I'd turn to the Slashdot community for answers. How do I respond to questions about Linux and indemnification protection?"
Tell that to users of MS SQL Server users who are liable to pay royalties to a third party.
What's the practical difference buying from, say, Redhat over buying from MS or Oracle?
Of coursse, this is at the start of litigation, and no-one knows how it will turn out. But isn't this exactly what your executive is worrying about happening with Open Source software? And this is from the Godzilla of them all, Microsoft.
No-one can make you perfectly safe from such claims - valid or invalid. But with open source, it shoudl be a lot easier to establish the truth of such allegations, because the source is available, and trackable, a long way back. If closed-source supplier A alleges that closed source supplier B has pirated code, you are into heavy calibre lawyers before source gets disclosed under court order. With open source, you go to the CVS tree, check earliest versions, check dates.... False claims should be seen off pretty quicly. And someone filing proprietary code as OS would be pretty visible (and spurned) within the community.
And if it turns out that you have been using some stolen code, with OS you at least have the option of throwing out only the stolen bits and rewriting them, whereas with closed source you are dependant upon your supplier doing that for you - if the lawsuit hasn't destroyed them, which it would do for a small company (and then where is your indemnity? At then end of the trail of unsecured creditors, I should think).
To summarise: such situations are much less likely to occur with Open rather than Closed source. If they do occur, that indemnity has a good chance of being waste paper. Meanwhile, you have paid out *a lot* in licence fees for a very threadbare security blanket.
Consciousness is an illusion caused by an excess of self consciousness.
But i had to look up what Indemnity means. I myself am curious as to what companies will pay for damages for using their software. It would be nice to see Microsoft pay for the billions of dollars of damage there software causes on the internet due to worms and the sort.
"I believe in everything in moderation. Including moderation." -Dean DeLeo, Stone Temple Pilots
Not to trash the questioner, but if you work for a Fortune 50 company, surely your in-house legal department would have some idea, no? As another poster suggested, Red Hat or IBM will definitely provide this: I'm sure that RH's announcement yesterday of Advanced Server revisions is pertinent (though not directly to do with indemnity issues) to you on some level.
You're an admin guy, you know Unix. The legal people know the law. Ask them to look into it, and cc the manager you talked to so that both sides know you want this examined seriously.
========================================
Death will come, and will have your eyes
-- Pavese
All our other software vendors provide protection against someone suing us for using their product.
You mean someone can sue you because you are using a program that infringed a law, but you weren't aware of? Or would you be aware, ie: The software producer would inform you that his product infringes a law?
I didn't get. Is this possible? I am not from USA (if you are), so things might be different there.
But wouldn't this be like RIAA suing listeners of a radio that plays "pirated" music? Or BSA suing players of a LAN house over "pirated" Half-Life copies?
Just want some clarification of why, and how, this is possible...
Buy a Nintendo DS Lite
Sounds like he was just looking for a pretext.
All our other software vendors provide protection against someone suing us for using their product.
If anybody indemnifies anybody, it's usually the other way around. At least all the Microsoft EULAs I have seen say something like
(this one is taken from here).In general, I think anybody who offers a Fortune 50 company protection from lawsuits is a fool or speculating that they'd go bankrupt anyway if that should ever come to court (and you would still get sued).
I also doubt this kind of indemnity would be useful for Linux even if someone offered it. I mean, how often has this come up over the last decade? These kinds of lawsuits seem like such a rare occurrence when it comes to open source software that it just doesn't seem worth worrying about.
It might, however, be useful to know how much such a policy would cost per server, per company, and globally. If the numbers are low enough, there would be a business case for linux consultancies to provide it, or in the last case, for the community to pass the hat around.
Which is exactly what the questioner is worried about. His exec wants an indemnity. You don't get onw with Linux, because indemnities cost and Linux is, broadly speaking, free. As posted elsewhere, I don't actually think that indemnities are worth much. The gap between "the indemnity doesn't cover your case" and "we stole code - we're dead, and so is your indemnity" is so small that it is barely visible.
Invest the money you would have spent on an indemnity in your own GPL support/development team. If/when the issue comes up, get them to rewrite the infringing code. Meanwhile get/give other good code.
Consciousness is an illusion caused by an excess of self consciousness.
OK, your management isn't hot on linux because they can't sue anybody if it doesn't work. I'm not familiar with VM/ESA's licensing agreements, but I can't name a single vendor that produces a product that their licensing claims is useful for anything, or that will indemnify if the software is a complete piece of crap. Nothing else in the US can be sold with the same disclaimers against liability as software because of the Consumer Protection Act. You can sue the vendor if you buy a lamp that has a defect that causes your house to burn down. You can't sue your vendor if their software loses data, infringes on someone else's patents and you get pulled into a liability suit, or their OS can't stay up for more than a week without hard-crashing.
Now, I'm going to go out on a limb here and guess that you're in a shop that already has at least one z390 available, or that your company has a lot of cash to burn. The reason I am inclined to this opinion is that a nice, shiny new z390 costs about $50K USD. Having a partition added to an existing z390 costs more than my car and my wife's car put together. In either case, there is still a real cost per cycle of computing on that platform that even a PHB can see. Find out what IBM is providing license wise under VM/ESA that they don't provide under their licensing agreement with RedHat. Then study the costs of the migration to linux. since any mainframe OS has monthly licensing costs (last I checked, which I will concede was more than a couple of years ago), long-term migration to OSS on the OS side will eventually come out on top dollar for dollar. It also can't hurt to point out that IBM seems to have concluded that linux is the direction for all of their server-class and mainframe machines in the long term.
As an aside, for those of you reminding this guy about the MS SQL 7/2k licensing issues, this case has been in court for about 3 years, and everybody who is about to get hosed on patent licensing was told by MS's PR dept. that they didn't have a thing to worry about. Part of what the customers are getting nailed to the wall on is the > 2 1/2 years that patent licensing has been a known issue where they didn't talk to the patent owners and acquire the appropriate licensing for their copy of MSSQL. In any case, the indemnification argument could work incredibly well as an argument to move away from MS on the smaller servers, but you are going to have to do some homework to get anything done about the mainframes.
First off: I have three partitions on z/Series mainframes to run Linux systems on at the company I work for. (I am the Linux admin, not the mainframe admin.) We have a support contract with SuSE for the Linux part, and of course the usual IBM contracts. We had some MySQL troubles, so IBM tested our case in their labs and shipped in some guy from MySQL AB. My point is this: if you have money to burn on a mainframe from IBM with the appropirate support contracts, you're going to be pretty safe. If your company is truely that big, then they WILL manage to convince their vendors to play by their rules. Sure, it costs money, but that's how the world works.
I think your main issue is managers/superiors who're not fond of Linux for one reason or another. Which is a bit weird, considering IBM is pretty eager to get real-life "Linux-on-z/series-experience" under their belt. My experience with the whole mainframe/linux situation has been pretty good. There are kinks to be worked out, but nothing major that I can see.
Just don't roll your own linux system. Buy it from SuSE (SLES8+support contract) or from RedHat (I *think* they have a s390 version now). Check what support contracts are available from IBM. And do show your manager your results. Some real numbers. Something tangible. Preferably in the form of a colorful but short powerpoint presentation. And try to get IBM on board, chances are they'll help you out if your company is an interesting customer in any kind.