Enterprise Unix Roundup — Linux's Hot IP Summer

By Michael Hall (Send Email)
Posted Aug 12, 2004


Main     In Other News     Security Roundup     Tips of the Trade
How much sleep should you be losing over Linux IP issues? We go beyond SCO to examine the world of IP. For admins who prefer a one-stop shop, we recommend Courier MTA, an excellent Unix mail server offering.

Last week we did our best to wrap up a Linux World Expo (LWE) overflowing with news. One thread we decided to pass on until we could circle back was that of Linux's relationship with intellectual property (IP) issues. Several announcements from the past few weeks follow that thread:

  • IBM said it would avoid using its patent portfolio against Linux.
  • Microsoft's contribution to the widely anticipated SPF anti-spam specification raised concerns from the IETF because the license under which Microsoft's contribution is presented is considered hostile to the terms under which most Free or open source software is distributed.
  • Red Hat announced a partnership with Black Duck Software, which produces tools for identifying potential copyright infringement issues in open source software.
  • The city of Munich momentarily delayed a widely publicized Linux deployment because of software patent concerns.
  • Open Source Risk Management (OSRM), a firm founded in the past year to offer insurance for Linux users, found no less than 283 software patents that could be used in IP litigation against Linux distributions.

An unfortunate side effect of the public relations shootout between SCO and the Linux community has been the muddling of just how much concern Linux users at large should have about IP issues, be they violations of software patents, dangerous licensing entanglements, or unauthorized use of copyrighted source code. SCO, of course, has made much absurd hay about open source software representing a threat to the Constitution. But the response has been inchoate: Every player in the Linux space — from the corporations distributing or bundling it to outfits like OSRM to end users — has a different stake in the issue, ranging from obvious matters of self protection to more obvious profit motives.

The Problem With Patents

Well before SCO walked into court with IBM, though, Linux and open source developers had been grappling with the matter of how the software they produce meshes with a business milieu in which IP is becoming more and more of a profit driver than the simple act of making software and selling it in a box.

The tensions between Microsoft and the IETF over the SPF specification, for example, echo a long-standing sore spot between standards bodies and the companies that interact with them: In 2001, the World Wide Web Consortium (W3C) had to mediate between open source developers alarmed at the possible introduction of RAND (reasonable and non-discriminatory) licensing to accepted Web standards. One set of objections centered around the possibility that an open source project would be faced with scraping up licensing fees to pay off the companies holding the patented tech behind an official Web standard; another set of objections came from developers concerned that restrictive licensing would keep them from releasing software under a Free Software license, such as the GNU Public License (GPL), effectively preventing Free Software from competing with proprietary programs.

Microsoft and the IETF are currently coming to terms over SPF (members of the IETF working group for SPF report progress). The W3C eventually, after a lengthy deliberation, rejected RAND licensing.

The issue, however, promises to resurface from time to time: Proprietary software companies looking for ways to compete will certainly continue to consider their IP portfolios as a way to fend off their open source rivals.

Seeking Assurance

The other side of the software patent issue comes in with OSRM's recent Linux audit, in which it claimed to have found 283 potential patent infringements in Linux. Reports vary on whether those infringements are in the kernel alone or in other software commonly found in the typical Linux distribution. OSRM is being deliberately quiet about what it found.

OSRM is in the business of selling insurance to enterprise Linux users concerned about legal liabilities. That's an obvious concern in the face of SCO's attempts to force corporate Linux users to purchase expensive licenses for software they've probably already purchased once from Red Hat, SUSE, or a reseller.

Obvious or not, OSRM's raising of those concerns has stirred up its own trouble among Linux users and observers. A recent editorial at LinuxToday reflected much unease over OSRM's report, and showed the Linux community not of one mind on the matter.

Despite OSRM's impressive employee roster, including noted open source advocate Bruce Perens, the senior counsel to the Free Software Foundation, and Groklaw editor Pamela Jones, there's disquiet about the firm's decision to keep mum about just what potential patent violations it found — even with the reasonable explanation that relating those violations would increase the damage a litigious patent holder could seek under U.S. patent law.

Red Hat has come to grips with the issue of IP infringement in a slightly different manner, in part by partnering with Black Duck Software. The company's "open source assurance program" promises to replace any infringing software a customer might be running with a functional replacement should IP issues arise. Black Duck's contribution to that program is software that monitors development projects and looks out for conflicts between licenses and registering code in a central repository. It also provides a paper trail in the event of a license audit.

OSRM and Red Hat are, of course, just two examples in the wider landscape of how Linux users and vendors are coming to grips with IP issues. We've previously covered the Open Source Development Lab's Developer's Certificate of Origin and a handful of defense funds and indemnification plans.

The long and short of the matter is that IP issues in their many forms have achieved a sort of prominence that continues to grow with a corporate Linux uptake, and they've introduced complications: Users have to consider a growing array of indemnification plans, insurance offerings, and associated programs and initiatives. Regardless of the outcome of SCO vs. IBM, and long after the judge's gavel comes down on that case, those considerations will still be with us.

>> To Other News
>> To Security Roundup
>> To Tips of the Trade

Page 1 of 2


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.