On Fri, Feb 13, 2004 at 12:34:32AM +0100, Spider wrote:Yep. They will stop at nothing. Well, physical assaults, maybe. :-(
other technologies that can be seen as "infringing" on some of MS
turf. Its an easy, blunt lega weapon to weild against whole projects,
stating that all progress past this point is only because you copied
MS sources, weilding a large batch of patents, tradesecrets and
copyright infringement claims and slamming large and wide.
What scares me, truly, is that it only takes one bonehead to do a copy and paste job from the MS code to a (previously) legitimate OSS application. And, as you say, that gives Microsoft, with their vast financial and legal resources, an opportunity to start doing a lot of damage to the OSS world.
I'm probably overly paranoid, but part of me is thinking about a
conspiracy. Even if it's not a conspiracy, you've got to admit that
Microsoft is pretty good at taking advantage of circumstances, and
working things to their favor. I'm sure someone there will figure out a
way to use this "opportunity" to kill Linux---as many have suggested,
Microsoft's (and SCO's) only way to beat OSS is through manipulation of
the legal system.
I hope this isn't the first step towards the criminalization of Linux.It's the second step after SCO. At least it seems SCO are going to lose their poker game.
I'm thinking of *at least* making it a legal requirement to acquire Stamper-like* certificatesI've often thought that the best way to get a lot of converts to Linux is for OSS to offer the next "killer app". My vision of the next killer app is highly integrated, "ubiquitous security"---systems that are by default completely secure, but the security implementation and infrastructure is transparent to the users; systems that are *by design* inherantly secure, so they can be open as well (kinda like "open DRM").
I think a component of such a system would be unmistakeable, impossible-to-forge digital audit trails and authentication systems.
for your source code if you want to enjoy copyright protection. Submitting hash codes would
be enough, no need to hand in any actual source to a government agency or other organization.
The beauty of the Stamper approach is, apart from its simplicity, also its inherent trustworthiness!
If enough people regularily download stamper logs (this can be automated with wget, e.g.),
there is no way for the key owner to produce backdated certificates without getting caught.
*) see http://www.itconsult.co.uk/stamper.htm
So then, if 2 people/projects claim the copyright to the same source code, the party that can
provide an older certificate of a source archive containing said code, wins. Unless the other
party has *very* convincing evidence to the contrary. Since it is *very* unlikely that a
"code thief" will manage to register the code before the lawful owner, this would be highly secure.
This would solve the company-puts-open-source-into-their-cvs-and-claims-its-theirs problem.
What exactly are you trying to get at? Is it a system that allows CSS authors to check whetherThis would serve a huge purpose for OSS: accountability, and and easy means to verify source code (who made it, where it came from, etc, etc). The intent is to help OSS "prove" that it is legitimate, to avoid SCO-like fiascos.
an OSS project incorporates their code? This would be IMO a good thing to have, especially
since it can likely be very well automated, and wouldn't force any company to hand out source
code of their own. Just some system would send new code snippets of all OSS projects that
want to benefit from this protection to CSS subscribers who can then run them for pattern
matching against their own archives. Hopefully this will not produce too many false alarms.
If this works, I would make it legally clear that any copyright claims against these OSS projects
must be made *immediately*, lets say in at most 4 weeks, or else it counts at least as a limited
license to continue using the source code until a replacement can be provided. This may seem
a bit harsh, but all it would take would be a 'that's our code' notification to the project
maintainers. A stamper certificate could be used to have a lay assessor confirm (or deny) the claims,
and the OSS project maintainers would then immediately be able to remove/replace the code.
Chances are that it will not be in great use yet until then, and if, that the snippets are so few that
they're easily replaced with legit code.
Let me just point one thing out: This is *not* about protecting code thieves from legal action,
both civil litigation and criminal prosecution. Instead, it is about protecting OSS project
maintainers and users who, in goodwill, trusted the offending contributor to put legally
waterproof code into their source repository when in effect he was not. These should not
have to face damages for years of unwitting use of illegal code.
Not only would it be time-consuming, but actually impossible to get waterproof unless youMuch of that infrastructure or capability probably already exists, but it's extra work, and not necessarily trivial to use. For an OSS project manager to keep explicit track of every code submission (who, when, where, etc) would (1) take a lot of fun out of the development process, and (2) slow down the development process.
would have access to every CSS project on Earth! The other way round makes a lot more sense
if it can be handled traffic-wise. And this problem could be solved with trustworthy proxies who
check source repositories, and it could be easily automated. The only problem is the question who
will pay for the (hopefully relatively small) costs. I don't see an obvious solution to this problem,
but it ought to be manageable.
I've never taken the people seriously who claim that OSS is full of stolen code, simply becauseBut if such a system were fully automated, easy to use---ubiquitous---it would be easy to add the kind of accountability OSS needs to combat the naysayers (and anti-OSS FUD).
a) Closed source is typically quite hard to get.
b) Source from other projects is often quite a hassle to integrate. "Just write it yourself" will not
only save you legal trouble, but also work.
c) It's damn silly to do this because chances are that you *will* get caught.
d) If there was such a lot of stolen code in OSS, well, CSS companies can verify this simply by
downloading the source and comparing it against their own repositories. We would see a lot
more SCO-like cases (and we would actually see SCO win their lawsuits ;-) ).
OTOH, I've seen rather lax handling of GPL'ed software in CSS projects myself. I suspect
stealing GPL'ed code for inclusion into proprietary software (that is actually distributed) is *very*
common, and counts as something of a peccadillo ("well, they're not getting money for it
anyway...").
Sorry, I'm starting to rant/ramble/daydream :)
Matt
-- [EMAIL PROTECTED] mailing list
