Slashdot Mirror

← Back to Stories (view on slashdot.org)

Insuring Linux, Thanks to SCO

Posted by michael on from the security-through-lawsuits dept.

jtheory writes "There's an interesting article on Salon.com (free daypass available, ads, etc.) about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process. Includes some good detail on OSRM, a company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame, and is doing their own extremely thorough analysis of the code and any possibility of improperly included code. The founder of OSRM also wrote a story called Why the Linux Community Needs Open Source Insurance on LinuxWorld." We've mentioned risk insurance before.

5 of 228 comments (clear)

  1. Google cache by gspr · · Score: 4, Informative

    Thanks, Google!.

    1. Re:Google cache by B'Trey · · Score: 5, Informative

      Thanks, now I can RTFA. In doing so, it appears that the author did not do his homework particularly well, as both he and his sources seem to be thoroughtly confused on the issues.

      Quote: "They sued AutoZone and DaimlerChrysler even though those companies didn't do anything wrong and acted in good faith," says Daniel Egger, a partner at the venture capital firm Eno River Capital. AutoZone and DaimlerChrysler simply purchased open-source software; they didn't write the code. But "because of a quirk in our legal system," Egger says, "you can be sued for using software when you did nothing wrong, just because some third party claims that they own part of that software or that the software infringes on their rights."

      This is woefully uninformed. SCO sued neither Autozone nor DC for using Linux.

      SCO's claim against Autozone arises from the fact that Autozone was using applications on SCO Unix and switched those applications from SCO to Linux in a very short time. The only way to do that, SCO claims, is by integrating the libraries from SCO Unix into Linux, which is a violation of the licensing terms for SCO Unix. SCO has no evidence that this happened other than the fact that Autozone switched over very rapidly, so they MUST have used SCO's libraries. Autozone and the consultant who did the switch both claim this is not the case, and it should be straightforward to demonstrate this in court.

      The DC lawsuit arises because DC failed to return a certification of compliance. SCO sent out forms to everyone who has a license for SCO Unix and demanded that they certify that they were not using SCO code with Linux. Part of the license for SCO Unix says that they may demand such a certification of compliance.

      So neither Autozone nor DC are being sued for "purchasing open source software." Both are being sued for violating the terms under which they licensed SCO software. Despite their many threats, SCO is suing their own customers, not Linux users. The case against Autozone seems extremely weak. The case against DC rests on a legal technicality that I'm not qualified to judge. If they do succeed in that case, however, it will have nothing to do with Linux.

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

  2. Best thing to happen? by goatan · · Score: 3, Informative
    about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process.

    how is that actually good for Linux. Isn't take a bit like pointing out all the security holes in windows it doesn't improve the OS's reputation. and from most of what i remember about SCO's attacks on code contribution have been shown to be wide of the mark

    --
    Saying Apple is better than MS is like saying Botulism is better than rabies.

  3. Re:Why insure Linux? by dago · · Score: 5, Informative

    "no insurance company will stick by without going bankrupt."

    That's why you have reinsurance companies which insure the insurer. Such companies like MunichRe, SwissRe have even more assets than MS...

    --
    #include "coucou.h"
  4. Re:Why insure Linux? by Kjella · · Score: 3, Informative

    After all, if I plagarize John Grisholm in my new novel, he can certainly sue me but he can't sue the people who buy my novel, even though they now have a copy of his work without paying him for it.

    IANAL either, but the difference is obvious. If you gave everyone that bought your novel the right to reproduce it, that right is also revoked. He can't sue for mere possession, but he can sue for copyright infringement, since that right is now null and void.

    And since that code is spread around lots of OSS mirrors around the world, incorporated into different projects, it is likely to be copied from one file to another faster than the retractions can be sent out.

    Witness the recent WASTE and Via SecurePL event. That one is major enough you might actually point your finger at. What project FOO found a file in project BAR on sourceforge and integrated it into their own? Noone knows.

    If the OSS community get enough of this type of "infection", it could seriously damage its credibility. Even if they acted in good faith. The legal issues, I'll leave to a lawyer.

    Kjella

    --
    Live today, because you never know what tomorrow brings