ORLANDO, Fla. -– As the SCO campaign rages on, CIOs contemplate the potential risks of going with Linux. Gartner...
analyst George Weiss' advice to them? Get your lawyers involved and proceed carefully. And whatever you do, don't pay SCO's license fees. In this portion of our interview with Weiss, he offers advice to the CIO on the fence.
You've suggested that the Linux community should put in place a process for verifying that contributions are not the property of others. But, in order for such an effort to be meaningful now, wouldn't they also have to go back and scrutinize contributions that were made in the past? What are the real risks here?
George Weiss: You'd have to try to wipe the slate clean from a certain point and then protect on all succeeding contributions in some way, but there's a lot of push-back to that as being a very labor-intensive process. I understand the difficulty or complexity of that.
On the other hand, many users also understand that they do get, or derive indemnification from their proprietary software vendors. So it does raise the question: Does the open source methodology introduce vulnerabilities, legal vulnerabilities to the user, or will there be a mechanism to ensure protection on behalf of the users?
They would have been better able to deal with it if SCO had been forthcoming and making it clear what lines they're talking about in the code. They talk about quite a few lines, yet what they've revealed so far has been only, like, a snippet. And Bruce Perens and others are suggesting that's all SCO has, and that what they have is, in itself, just about invalid. Silicon Graphics, they removed some so-called offensive code that was minor in nature, didn't have any real impact on the operating system, and to their knowledge, that's all [there is]. They [remedied] it, with their own people. That would indicate to me that, well, maybe there really isn't that much here that SCO has.
And maybe IBM has done this and maybe HP has done this, but why hasn't there been more details revealed about that? And why can't that be used to alleviate some of the concerns that users have? So there's still some missing pieces here.
Of course, SCO will show code in question to people willing to sign a nondisclosure agreement. You chose not to sign the agreement. Why not?
Weiss: I don't agree to the method of asking for nondisclosures. I know why they need it, or felt they needed to do it. But I really feel that if there are certain violations that, if they were unintentional, or not really deliberately malicious, or whatever it might be, there should be ways to remedy the situation if the infringer is willing to oblige.
But to call them into court and say, 'We're going to sue you for multiple billions of dollars, and we're not going to tell you what it's all about,' is already a hostile act.
The case could have been settled, probably, if it had not been conducted in that way, but SCO would have probably gotten a lot less money, so that's why it's going to be dragged out. They want more money. They absolutely want the biggest bucks. They went after IBM, with the deepest pockets, not Red Hat. They're playing for the big payoff, which is why they're getting venture capital money.
You've mentioned that the user community would benefit from sort of indemnification. Yet one criticism that's been made of the Hewlett-Packard indemnification model is that the protection may go away if the user alters the code. Doesn't that run counter to the open source philosophy?
Weiss: I understand what HP's motivation is, because if anything comes into that code from the outside that HP has no control over, then they're indemnifying, potentially, other parties. So they had to tighten the terms and conditions, which to some users will be inflexible.
On the other hand, if you're a user and it's all you can get, and you can work with that, then fine. It will address a certain number [of users]. What it does do is, it suggests that there are ways of compromising and helping users at the same time. It may even lead, perhaps, if HP generates a lot of revenues based on that, to pressures on the other vendors to do something.
And you see this is as a helpful thing for the CIO trying to make a decision about Linux?
Weiss: Oh, the last one I talked to here said, 'We're going HP. No question about it. I'm not messing around.'
You either pay the license fees to SCO, which I wouldn't recommend –- no, I wouldn't recommend paying license fees to SCO, not before this case is settled. I would recommend, obviously, to get your legal counsel involved and understand what the ingredients of the case are. But there's a wrench there, too, because SCO only does it on nondisclosure with these firms.
What I told the CIO was, if you want try to deal with SCO, I wouldn't deal with them directly. Your legal counsel should deal with them and it shouldn't be on a nondisclosure, so if it really came to some kind of a legal action, you knew where they stood. If they can't [provide data], then as far as I'm concerned, they've served you a complaint that you're violating intellectual property, they haven't been able to provide you with any knowledge of how you're violating it, so I think that there's a very contentious issue there.
It's very complicated in terms of how the users should deal with this. They love to have black and white, spoon-fed answers. But it's really not. There's lots of shades of gray. As I said when we were talking about indemnification, that's one outlet. The perfect thing, according to this CIO, would have been to have all the major vendors provide indemnifications, maybe Oracle, Dell, IBM, definitely.
FOR MORE INFORMATION:
FEEDBACK: Has your CIO halted or delayed a Linux or open source project because of the SCO Group's legal threats?
Send your feedback to the SearchEnterpriseLinux.com news team.