It appears that this would apply to any free software, not just Linux. It would apply to at least all GPL'd software, including gcc, etc.

companies are required to "disclose ownership of intellectual property to their shareholders." How are these companies supposed to really list out all the IP owners if they were to install a full desktop or server environment - there could be literally thousands of parties listed!

There's a big difference between ownership and utilization. For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

You have to distribute Linux outside of your organization in violation of the terms of the GPLv2 in order to have any licensing problems with Linux.

Mere use of Linux by a company cannot ever be a violation of the GPLv2 that Linux is licensed under.

This is FUD issued by a company that wants you to buy their BSD based embedded OS product.

how exactly using linux in violation of the gpl is a violation of sarbanes oxley? the article does an awful lot of handwaving but doesn't actually explain any of the hows or whys.

i'll have to read again, but it looks like this is f/oss trying its hand at the fud game.

We're using Linux and treating it just like we do Solaris, HP-UX, and Windows, where we also can't identify everybody who wrote the OS.

The auditors don't seem to be having a problem with it. Wonder how much Microsoft paid IT Observer for that FUD?

From TnotFA:

"But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."

Well no poop? So they're saying that violating the GPL is like violating an EULA ... wow ... stop the presses!!! The GPL is eeeeeeeevil!!! Morons.

according to a research published by Wasabi Systems.

The same Wasabi Systems that sells products based on NetBSD?

Yeah, no bias there.

In the past, such violators were merely required to release their code to the public

The article is also wrong in that it spreads the "forced open source" myth. GPL violators aren't required to release their source code. They FSF generally asks them stop infringing on the copyright of the GPL software.

One way to do that is to comply with the GPL, another is to stop using GPL software. They don't have to release any code they don't want to.

I think a lot of folks here have missed the point. The article's author is making an intellectual exercise in asking out loud and in public if companies that violate the GPL in their software are not also violating Sarbanes-Oxley.

This is because they are required to list what intellectual property the company owns to shareholders and if it is later found out that the company doesn't really own it, because it is based on a GPL'd software, then is that a Sarbanes-Oxley violation.

I'd have to say, it looks like one, but I'm no MBA, nor a JD.

Have any of you looked at the list of licenses that are included in major packages? In any commercial OS? Pick your favorite app, click Help-About, and many times you'll get a nauseating list of patents, copyrights, and other licenses for technologies that make the app work. If disclosing IP in the apps in an office is required, using OSS isn't going to be any harder to document than trying to find the IP in some commercial product.

Basically, this is FUD from a BSD vendor who wants to hurt linux and promote BSD by Fudding the GPL.

Although started by some really bright netBSD folks, they've ejected all of their really bright founding engineers and are resorting to scare-tactics and other garbage like this to try to gain market share.

Stupid tricks like this hurt free software in general. I hope Wasabi garners enough ill-will from this stunt to hurt their business in a serious way.

This is only for violations of the GPL, not for just using the software.

But I don't know how "violation of the GPL" really connects with "ownership of IP."

From TFA:

"According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders. The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley."

Huh? Taking this statement at its face value: A company that receives software under the GPL does not "own" any "IP." They merely have a license to use the IP embedded in the software. Whether or not they violate that license has no bearing on "ownership" of IP... and if they don't "own" any IP in the GPLed software, then they haven't violated Sarbanes-Oxley by failing to "reporting" any kind of ownership.

"Linux is a powerful operating system," says Jay Michaelson, an author of the study and Wasabi Systems' General Counsel. "But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."

Huh? Last I checked, the GPL was a private license. If they violate a private license in any way, then they are liable for breach of contract, which is in no way "federal law." The only "federal laws" they are violating are federal IP laws - but again, those laws only create private causes of action by the IP owners. License violations do not create liability to the federal government (unless the federal government actually owns the IP.)

As best I can tell from TFA, this gentleman means that companies are modifying GPLed code and then reporting it to shareholders as their "owned" IP - but that this claim of IP "ownership" is incorrect and fraudulent, since their violation of the GPL precludes them from "owning" their modifications. But TFA is way too light on details to be confident of this interpretation... and I'm not completely sure that the GPL works that way, anyway.

- David Stein

I think a lot of people are missing the bigger picture by not asking the question:

"WHAT is the main reason and who are the authors behind the SOX wording" about this disclosure requirement.

It COULD be a specious attempt by lobbyists on the part of their supporters to FORCE the companies using GPL/FLOSS/Linux to disclose themselves so that ms and their henchmen can start targetting the companies that (public or private) are using Linux/free/free software. It has the 'beneficial' effect of causing their competitiveness or chance of success to be diminished or at least perceived as rogue, reckless, uninformed...

Moreover, it indirectly helps ms by causing the commercial (non- or anti-Linux/GPL/FLOSS) companies/developers to target and entice those companies 'back into' the fold if they have escaped or managed to get one foot out of the field.

This isn't to say that employees don't talk. Of course employees talk, whether complaining or bragging about their companies. BUT, by forcing companies to list that they are anti-ms or unwilling to be 100% in ms' farm, then the shareholders who WANT to be in ms' fold (for stock/portfolio reasons) just MIGHT call for the necks of the IT managers.

Just one jaded/cynical/scary thought...

Anyone else can add to or refine my ideas here...

> Modification can also trigger copyright protections.

That's a nonsensical statement. Copyright protection does not need any triggering.

> The FSF has said they don't care about modifications that you don't
> distribute, but legally the GPL does apply to you if you merely
> modify without distributing, since it is the only license that
> grants you rights that you would not normally have under copyright
> law.

A distinction without a difference. Modifying without distribution does not require anything of you.

The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley.

The article said that if you violate the GPL, you violate SOx. This would therefore be A Good Thing (TM) as it would give even more power to the FSF to clear up abuses.

Misinterpreting articles in this way sends the wrong message to managers, however, who might think they're better off with M$. And no, managers don't read the article.

IMHO, the same company would be violating SOx as much if they bundled any M$ or other proprietary DLL/EXE/bitmap image into their software without explicitly mentioning it.

The title of the post is pure FUD, "Some Linux Users Violate Sarbanes-Oxley!!! TFA is only slightly better...

Why stop at Linux, or free software in general? If a company makes an embedded device that uses a pirated copy of a proprietary RTOS, that would violate the Sarbanes-Oxley law too.

This seems to me a fundamentally good law (at least this provision): companies must not claim to have rights to use or distribute software, unless they actually do have those rights!

So why is anyone linking this provision to Linux?????? The only reason is because it's easy to get Linux for free, so incompetent people think they can do whatever they want with it. No one would make the same mistake with Microsoft software, simply because it's wrapped in a menacing 10 page EULA.

Copyright law says nothing about modification. It does not prevent it, and therefore the GPL does not, either. Go ahead and modify all you want.

The author, who has an obvious agenda, ignores the fact that violating *any* software license (including Wasabi's) can get you into trouble.

Although you would never know it from the title, the article refers exclusively to people who *violate* the GPL. It's like saying that people who drive cars may face jail terms for DUI.

Take a look at Wasabi Systems website: "Wasabi Certified BSD, a certified, tested, and optimized version of the BSD operating system, offers the rich functionality of BSD Unix without Linux's troublesome GPL License." In other words Wasabi is a direct competitor with GPL'd software. Right on the front page of Wasabi's web-site they are bashing the GPL. Nothing like an unbiased "study" I always say. I wonder who wrote the article, no mention of that. Hmmm.

"If companies are violating the GPL, they dont have the right to use that software."

Is that even acurate? My understand of the GPL is that it does not restrict, only distribution.