Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat's Open Source Assurance Program

Posted by michael on from the safety-blanket dept.

scubacuda writes "ZDnet and others report that Red Hat now offers the 'Open Source Assurance Program' as protection for customers if they get hit with a copyright infringement case from the SCO Group. From their website: 'A key feature of the Open Source Assurance Program is an Intellectual Property Warranty. The warranty ensures, that in the event that an infringement issue is identified in Red Hat Enterprise Linux software code, Red Hat will replace the infringing code. Red Hat's warranty assures customers that they can use Red Hat Enterprise Linux and related solutions without interruption. The warranty is available for all customers having a valid registered subscription to Red Hat Enterprise Linux or related solutions.'" Following close behind Novell and Hewlett-Packard, but it looks like Red Hat is not actually indemnifying their customers like Novell and HP, but rather is simply promising to fix any real copyright problems moving forward, which is something I think we would assume they would do in any case.

40 of 142 comments (clear)

  1. Can't indemnify by airrage · · Score: 4, Interesting

    Throughly useless I think. You can replace the code, but you can't indemnify 3rd parties. So, because anybody can sue anyone for anything, you'll still end up in court if your pockets are deep enough.

    Like trying to swat elephants with fly-swatters.

    --
    "This isn't a study in computer science, its a study in human behavior"
    1. Re:Can't indemnify by trix_e · · Score: 4, Insightful

      huh?

      if you can't indemnify 3rd parties, who the heck can you indemnify? That's the very definition of the word, to protect another party against damage or loss...

      --
      No man is an island, but Gary is a city in Indiana.
    2. Re:Can't indemnify by Anonymous Coward · · Score: 2, Funny

      if you can't indemnify 3rd parties, who the heck can you indemnify?

      2nd parties, 1st parties, and 4th - nth parties. But not 3rd parties. Jeez, where'd you go to law school?

    3. Re:Can't indemnify by Trepalium · · Score: 2, Insightful

      Don't be silly. Within a few hours SCO will release a press release saying that Red Hat's actions prove that there are flaws in the Linux development process, and that Red Hat is putting themselves at risk. You gotta remember SCO logic. IBM doesn't indemnify -- IBM knows there's problems with Linux. HP does indemnify -- HP knows there's problems with Linux. You simply cannot win against this kind of logic.

      --
      I used up all my sick days, so I'm calling in dead.
  2. "if we're caught, we won't do it again" by Rhubarb+Crumble · · Score: 5, Funny
    but rather is simply promising to fix any real copyright problems moving forward, which is something I think we would assume they would do in any case.

    So, they are promising, in case they are slapped with a cease-and-desist order, to cease and desist. Whatever next?

    1. Re:"if we're caught, we won't do it again" by molnarcs · · Score: 4, Interesting

      This is actually one of the best ideas I ever heard. Of course stating that we will replace the code is stating the obvious (that's what linux hackers been saying all along) but what matters is the 'smell' of this statement: it smells professional and businesslike. And most importantly: it is a proactive document.

      Also, it might provide some legal protection against alleged 'willful' infringment. If they can point their fingers to their Open Source Assurance Plan whenever they are brought to courts by a party claiming infringment, they have the acting in 'good faith' argument on their side, unless they won't live up to their promises (which is _very_ unlikely).

      You might say this Plan is just words, but still, it has an important side-effect. Those who don't read groklaw daily, but know about SCO's fiasco, can now call RedHat whenever they receive a threatening letter. Of course, they could have called them anytime, but this document is like a message: call us if someone contacts you claiming infringment. This puts customers in touch with RedHat first, and RH can tell directly to their clients (who, as I said, don't necessarily read groklaw) what this case is about, and SCO failed to pinpoint any infringing code.

  3. The Ultimate Game of Poker by Newspimp · · Score: 3, Insightful

    Seeing as SCO can prove just about diddly, I don't think the RedHat Legal Code Change team will have much to do. The cards are being called SCO. Bluff time is over.

  4. indemnity? by trix_e · · Score: 4, Insightful

    I'm not sure having Red Hat indemnify me or my company would give me the warm fuzzies anyway...

    for indemnification to be meaningful you have to assume that the pockets behind it are deep enough to be able to actually pay out and protect you when (god forbid) the time comes.

    Red Hat doesn't have enough of a track record for their promise to protect me to mean too much to me.

    Yeah, replacing the ostensibly offending code is nice, but it won't get me off the hook if I've already been using something that has been found to be infringing.

    With all that said you have to really believe that there is a reasonable shot of SCO succeeding for any of this to be terribly meaningful to you...

    --
    No man is an island, but Gary is a city in Indiana.
    1. Re:indemnity? by Rhubarb+Crumble · · Score: 3, Insightful
      Red Hat doesn't have enough of a track record for their promise to protect me to mean too much to me.

      Exactly, and this is why this may do as much harm as good. Think about it in the context of RH trying to show people that "yes, we're a serious software company, not a bunch of GNU/hippies".

      Obviously they have to offer something to counter the FUD, if they want people to buy their products. The only question is, will it backfire, as their "something" doesn't cut it? Will it cause potential clients to go "oh look, it's not even a real warranty - they're not a real company after all, let's buy from a real vendor"?

  5. SCO has same thing by swordboy · · Score: 4, Funny

    SCO has a plan to counter this. It is called the "Open Sores" program.

    --

    Life is the leading cause of death in America.
  6. Nice gesture by JRob007 · · Score: 3, Interesting

    Its nice to see that even though this is something that they would fix anyways, they are saying it publicly. To many times coporations words and actions imply that they will do something, only to not follow through. Its nice to see a company take a stand and say out loud, what they are going to do.

  7. How will this actually work? by Sean80 · · Score: 4, Interesting
    I'm not entirely clear how this would work out for customers, so a thought experiment. Say SCO successfully proves that the Linux thread scheduling code is a copyright violation. What does Red Hat do next? Sure, they could rewrite it, but would companies which are now running their flight booking apps, and (don't take me too literally here) their nuclear power station control programs on the Linux kernel be happy about this?

    It would appear to me that the strength of Linux is its history and stability. Take that way, and trouble's a comin'?

  8. Issues about exposure to code? by LinuxHam · · Score: 4, Interesting

    Warning: DNRA

    Seems like a strange thing to offer. Here at work, once you get exposed to open source code, you can never go back to dealing with internal code merely due to the risks that algorithms you develop internally may accidentally be recreated in open source work.

    How can RH say that they will replace your code with non-tainted code if the tainted code is the only way they've seen for approaching a problem. Seems like they need the equivalent of an optoisolator between their tainted developers and non-tainted developers. A white room approach with a description of the goal slid under the door.

    --
    Intelligent Life on Earth
    1. Re:Issues about exposure to code? by jhoger · · Score: 2, Interesting

      Wow your company is paranoid... and I'd say abnormally so.

      Usually it goes the other way... once you are exposed to Closed source code, you can never be employed writing the same Closed source code for another vendor. Example: BIOS clean room development.

      In the open source world, ideas are traded fairly freely. It's easy not to copy someone else's code. It really is. Open source guys really don't care if you copy their ideas. They won't sue you for that. Now your closed source could leak out one day. But that's easy to see since open source code is usually publicly available.

      Now if some loser adds some closed source code into an open source code base without permission, it should be treated as a bug and fixed. I think that Red Hat is absolutely doing the right thing here. There's only going to be bits and pieces here and there I would guess... they'll squash them like bugs if they show up.

      Now SCO thinks they can sue end users for infringement of their copyright for using Linux. From what I've read on Groklaw they aren't going to have much luck with those cases. Hence the fact that there aren't any such cases yet. Just the IBM suit which is about breach of contract, not copyright.

    2. Re:Issues about exposure to code? by bluGill · · Score: 2, Insightful

      Where do you get programers then? I assume that you wouldn't hire me because I've worked for a different company before, and I might recreate something that the previous company did. Seriously, this boggles my mind, I've had access to source code from 2 different companies, plus a bunch of code [mostly trivial but not all] in school. I could accidentally be coping some of that code into your products.

  9. The least they could do. by osewa77 · · Score: 4, Interesting

    Being that this is literally the least they could do, this situation is an example of what it means to maximize profits by minimizing costs :-)

  10. This is a better solution than the others by MajorDick · · Score: 5, Interesting

    IMHO, this is a MUCH better solution, while I dislike SCO and their tactics, there MAY be some validity to their point , afterall look at how many contributions have been made, its happened before in opensource where someone included copyrighted code (yes I know what they have thus far claimed cant be verified) BUT what happens if it does ?

    Remove the code ! I trust RedHat to replace the code quickly and effectivley, RH has made tons of contributions to linux. The others offer to absolve financial IF there is infringing code, RH says hey dont worry well replace the code so those infringments dont apply.

    I like this solution much better being a RedHat customer.

    1. Re:This is a better solution than the others by whittrash · · Score: 2, Interesting

      This move also has one SIGNIFICANT advantage. Anyone can still modify the code after it comes from Redhat and still be under warranty for the specific product supplied by Redhat (although I imagine the new code wouldn't be under warranty). They can be assured that the base they are working on is rock solid. To me that is more useful than having to check with your distributor every time you wanted to change something. It also doesn't lock a person in to an expensive service agreement. It is a more flexible solution than indemnification and preserves open source values better. In short, for people who just want to buy a reliable Linux distribution without being bothered by unnecessary services, this is an easy way to get a reliable product. This is a better solution than indemnification for most small/midsize users and an equivalent value for large businesses.

      This warranty also says something about the quality of RedHats work. They are willing to stand up for the code they put out. Indemnification only means they will have lawyers back you up and you won't pay any penalties in court, not necessarily that the code is free of IP defects which could be more damaging if chunks of code need to be re-written while you are trying to run a business. A warranty also puts some implied liability with RedHat, as they are to blame if any dirty code is distributed, thus indirectly shielding end users in a way that is similar to indemnification. This is a much more elegant solution than indemnification.

  11. All good and well, but... by Zigg · · Score: 3, Insightful

    It seems to me that SCO's pathetic case is shifting away from copyright and into ideas. If a ruling comes down saying that, for example, nobody but SCO can use the methods involved in a critical feature of RHE, what happens then?

  12. Management by the_mad_poster · · Score: 2, Insightful

    ...something I think we would assume they would do in any case.

    Managers and lawyers don't care about the facts unless those facts are in writing.

    Of course they'd fix it going forward, but it gives manadrones and legal eagles a warm, fuzzy feeling to see documents that actually say that.

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  13. Don't worry too much about how it will work by rm007 · · Score: 3, Insightful

    This is, after all, first and foremost a bit of marketing. Red Hat is trying to get the message out to customers and would-be customers that the whole SCO thing does not create uncertainty or risk over the purchase or use of their product.

    --


    I've finally got around to changing my sig
  14. A business manuever by JSkills · · Score: 3, Insightful
    Red Hat is addressing SCO's flailing attempts to scare people (and suck money) with about as much effort as is deserved for such an obviously groundless lawsuit - by providing some lip service agreement to their customers that they'll bear the brunt if the customer is ever sued.

    To echo some earlier posters, yes it is legally useless, but my guess is that they feel they can offer it since they'll know they'll never need to follow through. As in ... "Sure, if God ever showed up on earth to judge you, I'd take the blame for your sins.".

  15. is this possible? by mcmonkey · · Score: 4, Interesting
    The warranty ensures, that in the event that an infringement issue is identified in Red Hat Enterprise Linux software code, Red Hat will replace the infringing code. Red Hat's warranty assures customers that they can use Red Hat Enterprise Linux and related solutions without interruption.

    How can this be possible? If there is a case where Red Hat software contains infringing code, and Red Hat cannot come to an agreement with the code's owner on continuing use, Red Hat is prepared to replace the infringing code immediately? I presume use without interruption means support without interruption.

    If Red Hat has a complete code base in wings so that any arbitrary bits of code found to be infringing can be replaced, and Red Hat is more sure of its legal standing on the replacement code (since it is meant to be used in event an existing infringement is found), why not just release that code?

  16. Replace the code? by pe1chl · · Score: 2, Interesting

    The warranty ensures, that in the event that an infringement issue is identified in Red Hat Enterprise Linux software code, Red Hat will replace the infringing code.

    What use is that? When the SCO case really holds up, the issue is not to replace the code but to pay them their royalties. Those payments is what should be guaranteed, not the replacement of the code. Such a replacement will be just as free as the original code.

  17. Open Source Assurance Program by T3kno · · Score: 2, Funny

    Funny, I thought that was RedHat swearing that they only use and provide open source software. Oh wait, that's not true either.

    --
    (B) + (D) + (B) + (D) = (K) + (&)
  18. Red Hat Transmits the Community Offer ... by leoaugust · · Score: 4, Insightful

    The Linux Community has already offered to rip out the infringing code and replace it once it is identified. Red Hat has understood that the community is going to live to its word and has formalized this into an offer of "Intellectual Property Warrant." This formal offer on behalf of the community may be more acceptable to the business folks rather than the diffuse commitments of the Linux Community. I think that's all there is to it.

    --
    To see a world in a grain of sand, and then to step back and see the beach where the sand lies ...
  19. SCO's flawed strategy by Crayola · · Score: 4, Insightful
    This isn't just a matter of Red Hat "doing what they should" in case of copyright infringement -- they're offering to be the ones to fix copyright violations in Linux even if they were never the ones who copied the code. This clears up the whole "who'll fix it?" issue for corporate customers. (Of course, every Linux developer under the sun has offered to do the same, but this is a legal deal that CIOs can sink their teeth into).


    The problem SCO is facing is this: they want to sell Linux "licenses" because their intellectual property is supposedly in there. And let's be clear -- it's not patent, trade secret, or trademark IP but copyright IP. But as soon as they say "we own this", the code can get yanked within days or weeks and re-written. So the licenses are worthless, which is why they're being so coy about pointing to the code (aside from silly claims on the ABI headers)


    Of couse, they're suing IBM, alleging contract violations for letting their Super Special (and mysteriously Secret) stuff into Linux and claiming AIX, etc is a derivative of UNIX system V. And maybe there is a thin legal thread that might encumber AIX.


    But who signed that contract on behalf of Linux? No one. Linux might have a few lines of copied code, but with no contract with SCO, there's no legal reason SCO gets to "own" Linux by calling it a derivative -- you'd need a contract for that.


    So even if they're right, they're hosed. And I have my doubts about how right they are.

  20. Peace of mind for the customer by aquabat · · Score: 5, Insightful
    If we assume SCO somehow convinces a judge that they own something in Linux, then the most they can do to an end user is demand that the user either sign a contract that allows them to continue using that part of Linux, or stop using that part of Linux.

    RedHat is saying to its customers "You can keep using our product without worry: We'll be right over to replace any part of your RedHat Linux solution which SCO can convince a judge they own."

    RedHat has it right. They know SCO can't sue an end user for breach of contract if SCO doesn't have a contract with the end user.

    --
    A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
  21. Stock by savagedome · · Score: 4, Interesting

    Even though SCO's stock has had one hell of a run, and (overwhelming) majority of us believe that their campaign is a fluff, nasdaq's risk analysis tools rates it almost alongside Redhat's stock.

    SCOX grade is at 369 and RHAT is at 356.
    For reference, Nasdaq is 86 and S&P500 is 52
    Higher the number, greater the risk.

    SCOX Risk
    RHAT Risk
    So, either these analysts are smoking crack or maybe I am just a dumbass when it comes to stocks. The later is a likely possibility!

    --


    Free XBox, PS2
  22. Yes? by bstadil · · Score: 2, Interesting
    First if there is infringing code it is RH or rather first the person that submitted the code that bears the responsability.

    In the case you mention the court will normally allow a period to remove the infringing code, so as not to impose unneccerary hardship on innocent victims.

    In addition the Copyright owner has a duty to mitigate damages, in case they want to be awarded Damages by the court. The latter by the way the latter is why SCO will never get anything from the Linux community in case hell freezes over and some code beloning to them is in Linux.

    --
    Help fight continental drift.
  23. RH has always been careful about IP by ivanmarsh · · Score: 5, Insightful

    That's why they removed fortune cookie and mp3 support from their distro.

  24. Do you work at SCO by any chance? by MarkusQ · · Score: 2, Insightful

    Here at work, once you get exposed to open source code, you can never go back to dealing with internal code merely due to the risks that algorithms you develop internally may accidentally be recreated in open source work.

    Sorry, that just seems basakwards. There is no problem with "recreating algorithms" from open source software, since it is protected by copyrights, not by patents. Some licences (e.g. BSD) will even let you copy source code as long as you give credit where credit is due.

    I'd say you or your company have either fallen for FUD or are trying to spread some.

    -- MarkusQ

  25. Bad example by roystgnr · · Score: 2, Interesting

    The thread scheduling code has been rewritten, repeatedly IIRC. I suspect if there were any problems there, Red Hat would just revert to a previous scheduler, and take any performance hit in exchange for the security of using an already-tested chunk of code.

    If you look at the examples SCO has actually brought up as "copyright infringement", things get even better. Linux's SGI malloc had already been deleted for technical reasons by the time they pointed it out, Linux's BSD packet filter was an original reimplementation of code that wasn't SCO's to begin with, and Linux's ABI code, if it turns out to be copyrightable and copied (Linus says no) at all, could be mostly replaced by randomizing a list of numbers and recompiling everything.

    SCO's big claim is that IBM-written code is somehow a SCO trade secret because it was once linked to System V, but even if they were to win that it would just mean a fine for IBM, not any sort of problem for those users of the code who don't have any contracts with SCO.

  26. Re:RedHat QNX by Woody77 · · Score: 3, Informative

    Realtime doesn't mean fast. It means deterministic. It means that you can determine, that without a doubt, that A will happen within X amount of time after B.

    The (few) deterministic systems that I've seen have all been slower than their non-deterministic counterparts. Things have to managed very differently.

  27. Umm didn't they already give? by Performer+Guy · · Score: 2, Interesting

    Red Hat contributed to the OSDL defense fund, so that means they're already putting their money where their mouth is and better yet doing it with everyone else in a way which covers us all, not just licensees of RH Enterprise. Anyone know what the fund is up to now?

  28. Don't Understand Why Redhat Offers This by Goo.cc · · Score: 3, Interesting

    If Redhat sells me software that is found to infringe on SCO's copyrights, then that is a problem between Redhat and SCO. As the end user, I am not the infringer.

    You don't see Eolas suing Microsoft users over their patent lawsuit. You don't see CD buyers being sued for buying a rap CD that has been found to have used sampled music without permission.

    The "Open Source Assurance Program" is just PR.

  29. I just don't get it..... by Anonymous Coward · · Score: 3, Interesting

    I've been following this SCO trash since day 1.

    I seriously do not understand... How, exactly, is it that SCO can charge a licensing fee for IP they have not proven belongs to them?

    Is there NO protection for consumers?

    This isn't just a case of SCO commiting liable, fraud, stock fraud, etc.... but this is also SCO blatently stealing from consumers.

    This means, one day, someone like Microsoft could just barge in and say Linux code had stolen MS code in it - force companies to pay under the threat of a massive legal dispute - something 99% of the companies in this country would be defenseless against and would be forced to pay - much like what SCO is doing right now.

    Where is our "Big Brother," you know - the one who will stick you in jail for 20 years for simply posessing the knowledge and the means to decrypt a satellite signal. (Ohh, how we love the DMCA.)

    At what point are we going to have another postal situation, where some geek is going to go insane from being such a minority that said geek(s) will simply wreck havoc on government systems and end up a martyr.

    God knows, I'm just about to the point where if an SCO rep knocks on my door - you can gurantee Mr. Smith and Mr. Wesson will give them .357 reasons to GTFO and STFU real quick.

    This is unreal. I'm half American Indian - but I've never really felt like a minority because I suppose I 'appear' white. Now I really think I'm beginning to understand what Black people complain of. Look at what is happening to the OS community, we're the minority. WE'RE the Black people of technology.

    Something needs to change. We need some political action, the average person needs to be aware of what is happening with technology. Linux is without question the only real potential OS to replace MS Windows. MS knows that, SCO [Obviously] knows that, but the average person just has no clue.

    Being that Linux is unquestionably on the brink of becoming the replacement desktop - you would think this should be newsworthy and of great public interest.....

    *sigh*

  30. would get damages from the offender,not end user by GodWasAnAlien · · Score: 3, Insightful

    The company or person who put the [currently vapor] code there may be held liable. But not the end user who has been assured that the code is open source.

    If someone contributed a short story to the NYT, and the NYT times printed it, a reader of the paper would certainly not owe royalties if the copyright turned out to be bogus.

  31. Red Hat quickly gaining ground with MS tactics. by Saeed+al-Sahaf · · Score: 2, Interesting
    I've often said that companies like Microsoft have no obligation to support obsolete software like Win95 and 98, both of which are quite old. But RedHat has done basically the same thing, with much more recent software (and about one tenth of the blathering out cry from folks around here). And so, this statement bothers me: The warranty ensures, that in the event that an infringement issue is identified in Red Hat Enterprise Linux software code, Red Hat will replace the infringing code.

    So, even though a year or so ago, I went to Office Depot and bought RH8 Pro in a box, after only a year since this professionally packaged OS graced the shelves of a major retailer, RH not only does not support it anymore (where are the cries from ./ers that gave Microsoft all the heat with the 95 / 98 support death?), but we are not included in this warranty either

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  32. It doesn't look limited to SCO by phr1 · · Score: 2, Insightful
    and therefore looks like it could be very difficult to honor. What happens if some major application turns out to infringe? E.g., suspend disbelief for a moment and imagine that GIMP's code turns out to be 97% ripped off from Photoshop. Red Hat is now going to rewrite it all?

    Also, what about patents? The "Assurance program" isn't limited to copyrights. If some program is found to infringe a patent, there may not be any way to reimplement the functionality without still infringing.