Leon Brooks leon at cyberknights.com.au
Thu Jul 15 09:01:01 UTC 2004

On Wed, 14 Jul 2004 13:00, David Ruwoldt wrote:
> Who indemnifies the customer running the illegal software?

The customer. Although I imagine some insurance companies would hedge 
you against this. This applies to *all* software - Open, closed, 
self-written or beamed in from Saggitarius.

> I know SCO was a case in point where this happened and they did not
> seem to have a good case, but what happens when some company does
> have a good case?

SCO's case is collapsing in part because the code they're complaining 
about is all open and public and yet they won't point to any part of it 
and say "the fault lies here".

*All* of the judges involved have asked questions along the lines of 
"Why not?" and "Well, why didn't you coimplain about this earlier?"

That latter is particularly important because the absence of a prompt 
complaint when all of the information needed to lay such a complaint 
has been to hand from Day One looks very much like a form of 

With closed-source software, these principles would not be useful in a 

> As open source companies such as RedHat and others try to sell
> support services will that inlcude indemnification against illegal IP
> in products?

Some distributors do offer that, but most have openly stated that 
they're doing this only because their customers are asking for it, not 
because they believe that there is a serious risk.

You could make a good case for the author(s) being responsible for the 
inclusion of entangled IP, a mediocre case for the distributors and 
practically no case for the end user. End users and to a large extent 
distributors have no way of knowing that code is polluted, and no 
reason to suspect that it is.

Every developer I've interacted with would terminate polluted code in 
their project with extreme prejudice and great haste as soon as they 
became aware of it.

> Who will be held responsible for such legal breaches:
> - The application developer in the backyard (No real money to go
> after), - The distro company (If selling services may have real money
> but are they responsible),
> - The end user who installed and uses the software (Could have
> considerable money to make a grab at)
> - All of the above ?

If anyone, the foremost is legally accountable. In real life, tossers 
like The SCO Group go for the people with the most money (and, some 
would say, who are the biggest threat to their New Be$t Friend in 
Redmond) and this is part of the reason why their case is failing.

Anyone looking to indulge in similar barratrous practices will have The 
SCO Group as an exemplar and warning - and legal precedent. AutoZone, 
for example, have had their frivolous lawsuit put to sleep until IBM 
pound TSG into the sand, and will then refer to the case. I imagine 
that the final hearing will go something like this:

    Counsel for the Defence: we refer you to the case of TSG vs IBM.

    Judge to Prosecution: have you anything to add?

    Judge to Court: case dismissed, with prejudice. Prosecution is
    ordered to pay Defendant's costs.

Adelaide Uni need only do the same if a problem arose. Which you can't 
say of a BSAA audit - which *WILL* find thigns, no matter how careful 
the Uni is, if they want to.

Cheers; Leon

http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Vice President, Perth Linux User Group
http://slpwa.asn.au/            Committee Member, Linux Professionals WA
http://linux.org.au/            Past Committee Member, Linux Australia
http://osia.net.au/             Member, Open Source Industry Australia

More information about the linux-aus mailing list