[linux-elitists] On the violation of BSD licensing

Karsten M. Self kmself@ix.netcom.com
Fri Aug 22 05:47:22 PDT 2003


on Wed, Aug 20, 2003 at 05:34:53PM -0600, Jonathan Corbet (corbet-elite@lwn.net) wrote:
> In the middle of all my SoBig "virus notifications" I stumbled across a
> rather strongly worded message from a certain, highly vocal lead BSD
> developer.  I've been taken seriously to task for not stating that SCO is
> right; the incorporation of BSD-licensed code into the kernel without
> retaining the copyright header is indeed a violation of the company's
> copyright.  He seems to think this justifies SCO's entire case.

Nope.  Not a whit.

The case (memory here) concerns trade secrets, competition, and other
harm, on the part of IBM.  I don't recall any copyright infringement.
Particularly as IBM had rights to the works at hand.  If the code's been
floating around with ideas in public domain (but not copyright), then
most of SCO's case simply falls away.


What's possibly vaguely supported is Caldera/SCO's PR rhetoric, which
has had little, if any, bearing on their actual filed court documents.

However, given that Caldera itself is distributing works for free,
they're going to have a hard time with remedies.  

An injunction (17 USC 502) is possible, but given that the code is
freely available, is not highly likely (or would likely be imposed by a
judge only if no good faith effort to remedy the tort is made).  

Damages and profits (§503) are nil for freely available works. 

Costs and attorney's fees -- I think I've seen a $500k figue for Boies
and Schesie (§505).  

Criminal offenses (§506) possibly but IMO unlikely (willful and
commercial advantage or private financial gain are components, further
mitigated by retail value of work).  Most of the fines here are piddling
-- on the order of a grand or three.  IBM won't sweat this, particularly
if it turns out that the deed was done by another party (say, SGI,
hypothetically).  Caldera/SCO would have to convincingly show how the
code entered GNU/Linux, and frankly, the trail is so scattered this
would be hard to show.

Limitations on action (§507) are interesting.  Criminal remedy must be
sought within five years of tort.  If IBM can't prove that it _did_
happen more than five years ago, I'm pretty sure they can prevent
Caldera/SCO from proving that it didn't, at least to the point of
exhaustion of Caldera/SCO.  Civil actions are restricted to three years.
Given that the Monterey project was ~1998-1999, Caldera/SCO may well
have lapsed statute of penalties here.  Time to dig through kernel
changelogs (Larry McVoy has 'em going back years, according to what he's
said at SVLUG) and see when this stuff was added.

Section §509, Seizure and forfeiture, pretty much covers worst case for
userland:  infringing copies of the kernel code would have to be
destroyed.  Scrubbed code could be distributed.

The remainder of Chapter 5 of the copyright act is likely inapplicable.

IANAL, TINLA, YADA.

Yeah, and Jon, rip as much frm this as you like.


> So far, I've not seen anything in any of SCO's communications that
> indicates that what the company has wanted all along is credit in the
> source for its Linux kernel contributions.  But I do think there may
> be a point here.  Perhaps, in spots, the developers of who knows how
> many GPL-licensed projects have been too cavalier with the
> incorporation of BSD-licensed code and not retained the copyright
> info?  It may seem like a relatively small point, but I think it's an
> important one.

It is.  Caldera/SCO have gone about this entirely the wrong way.  And
they're exceeding any possibly conceivable award with their legal
outlays to date.  I see a Pud article coming on.

> Hypothesizing for the moment that such a thing has occurred, I think
> we would all agree that it should be fixed.  How might a development
> project go about finding the BSD-licensed source in its code base, so
> that it can be properly labelled?  Is this something the kernel
> hackers should make a point of doing before, say, 2.6.0 comes out?

Shred'n'hash will make a quick comparison.  Then you still have to
figure out the chicken and egg problem:

    http://twiki.iwethey.org/Main/CodeSimilarityDetection

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    "Rob McKenna was a miserable bastard and he knew it"
    -- HHGTG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030822/e684181a/attachment.pgp 


More information about the linux-elitists mailing list