Topic: Tainted kernel issues

[jr]

Hi all:

I don't expect any definitive statements from anyone at SME/e-smith on this issue, for obvious reasons of potential corporate liabilities, but I am interested in any unofficial responses.

I'm currently running 5.5 and not planning to upgrade. The original reason for this was the PPTP issue, which may now be resolved.

However, 5.6 and 6.0b both are using kernel 2.4.x

The SCO claims AFAIK only address alleged 'tainted' code in the 2.4.x kernels.

5.5 uses 2.2.x and is therefore free of any issues, AIUI. However I don't pretend to understand it very well

I don't want to get into the issue of whether or not the SCO claims have any substance - I don't know, and don't know anyone who does *know*. I am reasonably sure it's all an MS ploy (somewhere in the background) and hope it is shot down in flames, together with Darl Vader. Nor do I think, long-term, that Linux will be hurt by this (but I do note with interest that Linus Torvalds has suddenly been put back on full-time kernel sweeping activities, strange coincidence of timing here?).

However, in the meantime, I'm not going to risk the 2.4 kernel on any box I give to anyone else. Just In Case.

Interested in comments from all, the more authoritative the better

MeJ

[Dan Brown]

The biggest problem with this line of reasoning is that the SCO claims change from day to day.  Their most recent claims suggest that _all_ unix-like OSs that don't have licenses from them infringe their IP, and seem to suggest that all (yes, all) OSs are sufficiently unix-like to qualify, and threaten everybody from Microsoft to Linus.

IAAL, but without knowing C a lot better than I do, having access to the SCO source, and reviewing all the other relevant documents, I really can't say whether the case is valid.  However, I can say that SCO is behaving _very_ oddly if they do have the faintest shred of validity to their case.  Their claims grow exponentially more bizarre.

I wouldn't really think of this case as a reason not to upgrade (or to downgrade, if you'd already upgraded), but that may be just me.

[Michiel]

> The SCO claims AFAIK only address alleged 'tainted' code in
> the 2.4.x kernels.

Nope, apparently also older releases are 'tainted'.

> However, in the meantime, I'm not going to risk the 2.4
> kernel on any box I give to anyone else. Just In Case.

In that case you might just as well stop using Linux and migrate to Microsoft. Seriously, even if their claim would have any base, it would still take years before the case would be settled. If you're going to wait for that you'll be out of business even before SCO.

Michiel

[James Roberts]

Hmm, thanks for the extra info. I've been looking around and found some interesting bits. The principal claim does relate to kernel 2.4.x, even now.

I don't belive it will take years for the case to come up, but that's just an opinion: IANAL neither.


This is interesting:

http://www.theinquirer.net/?article=10061

I'll still be sticking with kernel 2.2.x for now...

MeJ

[steve]

you guys might want to read this link
http://www.forbes.com/2003/06/18/cz_dl_0618linux.html
looks like sco is full or professional litigators that don't do much more than sue other companys and win
dont get me wrong, i want sco to burn in hell, but who knows how this will turn out.

steve

[del]

These sites may interest you all.
http://www.techrepublic.com/article.jhtml?id=r00520030415lan01.htm&fromtm=e060
http://www.opensource.org/sco-vs-ibm.html
Regards,
del

[James Roberts]

Yep. A long history of sueing and winning.

My first reaction to the whole thing was, 'Nah'. Then I thought about it some more.

Linux follows an 'academic' model  - the main reward for many developers is kudos and peer respect. The main academic sin is falsification of data - at its worst, pretending someone else's work is your own, aka plagiarism. It's actually very common in academia. Ask anyone in a University.

Once I thought about this I could see that it was in fact *possible* that there is dodgy code in the kernel or elsewhere. And that's leaving out the IBM connection...

I just *knew* that letting IBM anywhere near Linux would be a Bad Idea. I was trained by one of the developers of system 360. IBM will never be fluffy and cute.

The SCO case may not turn out to be a joke, even if this analysis of mine is wrong. Explaining the subtleties of the history of *nix to the defence team could be an interesting challenge...

We are much too small to attract attention and didn't receive one of the SCO letters but I will stick to kernel 2.2.x... Moreover, I guess the developmental model *will* change as a result of all this, whatever the outcome. The decisions on code inclusion will need to be IP vetted as well as function vetted to avoid this happening again.

MeJ

[Dan Brown]

It is impossible to "vet" code submitted to an open-source project against closed-source software, for the simple reason that the maintainer of the project doesn't have access to the source code of closed-source software (that is, after all, what makes it closed source).  The only thing the maintainer can do is take the submitter's word for it that he hasn't improperly copied anybody else's code, or else work on the project by himself (which would kill Free Software).

As I mentioned earlier, SCO's claim of the day seems to be that they own the rights to all Unix-like OSs.  Here it is in McBride's own words, from http://www.business-standard.com/ice/story.asp?Menu=119&story=16742.

-----

Where people get a little confused is when they think of SCO Unix as just the Unix that runs the cash register at McDonalds. We think of this as a tree. We have the tree trunk, with Unix System 5 running right down the middle of the trunk. That is our core ownership position on Unix.

Off the tree trunk, you have a number of branches, and these are the various flavors of Unix. HP-UX, IBM's AIX, Sun Solaris, Fujitsu, NEC--there are a number of flavors out there. SCO has a couple of flavors, too, called OpenServer and UnixWare. But don't confuse the branches with the trunk. The System 5 source code, that is really the area that gives us incredible rights, because it includes the control rights on the derivative works that branch off from that trunk.

-----

If SCO wins on that theory, 2.2 isn't going to keep you safe, nor for that matter is switching to {Free|Net|Open}BSD.

[jr]

Well, if SCO wins on that basis we all get to be assimilated. I will cease to work in computing, if that happens, or go back to TOS or CP/M (still have working boxen).

I don't think this will work with the *BSD's due to the 1993 rulings.

But it is *of course* possible to vet code, not by line, but by submission. Look at thge OpenOffice.org model and contrib. guidelines and agreement...

In part: "...contributor owns, and has sufficient rights to contribute, all...material intended to be integrated...  Contributor is legally entitled to grant the above assignment and agrees not to provide any Contribution that violates any law or breaches any contract."

This does not prevent stolen contributions but clearly defines responsibilities and in conjunction with further framework issues could limit or cancel liability at the project level (IANAL but do a lot of contracts).

Moreover at the kernel level it *is* possible to vet code line by line with a clear demarcation: see for example the Inquirer link above.

In Europe of course much of this is moot: in various countries software patents are not legal, and in others the burden of proof SCO would have to provide is probably beyond them.

MeJ

[Michiel]

> In Europe of course much of this is moot: in various
> countries software patents are not legal, and in others the
> burden of proof SCO would have to provide is probably beyond
> them.

You better think again. The European Parliament is working on legislation that seems to come straight from Microsoft's legal department and that could be disastrous for the Open Software community (http://www.itworld.com/Man/2687/030507eupatents/).

Normally I'm a strong proponent of the European Union, but in this case I feel the EP is going way over board.

Michiel

[jr]

Sure. I'm a signatory (for my company, as CEO) to the petitions, and am in the process of making a submission to our MEP.

However, legislation does not in general work backwards, only forwards. It *can* bind newly-released works. It'll have a job doing much with *nix.

As I said, if SCO/MS win then I'm out of here.

My other hat is 'psychologist', and I'll be well-equipped to deal with the mental-health problems of the ex-open-source developers -- who'll need lots of support

MeJ

(for US readers: the last sentence is a JOKE .

[Dan Brown]

Vetting code in the openoffice.org model is relying on the submitter's word that he has the right to submit what he submitted.  I'm not a kernel developer, but I believe Linus requires something similar for submissions.

I've read the Inquirer link, and it sounds like an interesting idea, but it's still only possible if somebody has access to all the possible closed-source projects from which code might be lifted, and generates the md5sums.

Patents are a non-issue here, at least so far--SCO hasn't yet claimed patents as a ground for their suit, and they don't own any of the Unix patents anyway.

[Charlie Brady]

Michiel wrote:

> The European Parliament is working on
> legislation that seems to come straight from Microsoft's
> legal department and that could be disastrous for the Open
> Software community
> (http://www.itworld.com/Man/2687/030507eupatents/).

The really wierd thing is that the barrow is being pushed by a supposed socialist! Go figure.

Charlie

[Michiel]

> The really wierd thing is that the barrow is being pushed by
> a supposed socialist! Go figure.

Who needs conservatives with socialists like this...

[Jens Kruuse]

In my opinion, it would be doing your "clients/customers" a greater disfavor by letting the run the inferior 5.5 release. Just the switch to ext3 and journaling fs mandates an upgrade in my opinion. And there are other improvements which are almost equally important.

Meanwhile SCO can bluster for a couple of years before IBM burries them under an avalanche of patent suits. IBM is not known for losing trials and they have a patent portfolio second to none in the IT business. "Death by a thousand cuts" to SCO.

Just my 2 centimes (IANAL),
Jens