Forgot your password?
typodupeerror
United States Software Linux

Some Linux Users Violate Sarbanes-Oxley 233

Posted by CmdrTaco
from the you-gotta-be-kidding-me dept.
Goyuix writes "According to the IT Observer, publicly owned companies who are using Linux, could be violating the federal securities laws as part of Sarbanes-Oxley. The article goes on to say that companies are required to "disclose ownership of intellectual property to their shareholders." How are these companies supposed to really list out all the IP owners if they were to install a full desktop or server environment - there could be literally thousands of parties listed! What are the current Fortune 500 companies doing, as many of those use Linux in one form or another?" update several people have pointed out that this is about companies who are violating the GPL, not everyone.
This discussion has been archived. No new comments can be posted.

Some Linux Users Violate Sarbanes-Oxley

Comments Filter:
  • Not just Linux (Score:5, Insightful)

    by balster neb (645686) on Thursday January 19, 2006 @03:20PM (#14511957)
    It appears that this would apply to any free software, not just Linux. It would apply to at least all GPL'd software, including gcc, etc.
    • Any OS? (Score:2, Insightful)

      by mattro (464351)
      Have any of you looked at the list of licenses that are included in major packages? In any commercial OS? Pick your favorite app, click Help-About, and many times you'll get a nauseating list of patents, copyrights, and other licenses for technologies that make the app work. If disclosing IP in the apps in an office is required, using OSS isn't going to be any harder to document than trying to find the IP in some commercial product.
    • Indeed - why does linux have a monopoly on IP?

      How are these companies supposed to really list out all the IP owners...

      Well, start with 192.168.0.1 and work your way up I suppose.
    • Re:Not just Linux (Score:3, Interesting)

      by tobiathan (946741)
      As one who has had the sad misfortune of suffering through a few SOX audits, it is more about how the auditors choose to interpret and apply the regulations, and less about the regulations themselves.

      There is also the argument about what constitutes a "material" defect or weakness. Unless someone is running the backbone of their financial system on Linux or other sw covered under GPL, this is probably not relevant as it would not be considered material to the integrity of their financial data.
    • by MoxFulder (159829) on Thursday January 19, 2006 @04:30PM (#14512724) Homepage
      The title of the post is pure FUD, "Some Linux Users Violate Sarbanes-Oxley!!! TFA is only slightly better...

      Why stop at Linux, or free software in general? If a company makes an embedded device that uses a pirated copy of a proprietary RTOS, that would violate the Sarbanes-Oxley law too.

      This seems to me a fundamentally good law (at least this provision): companies must not claim to have rights to use or distribute software, unless they actually do have those rights!

      So why is anyone linking this provision to Linux?????? The only reason is because it's easy to get Linux for free, so incompetent people think they can do whatever they want with it. No one would make the same mistake with Microsoft software, simply because it's wrapped in a menacing 10 page EULA.
    • by Hal_Porter (817932) on Thursday January 19, 2006 @04:42PM (#14512839)
      As a certified Internet Lawyer I can advise you that it doesn't apply to FreeBSD. That's right, use Linux and go a federal pound me in the ass [lug-marl.de] prison, or use FreeBSD and stay, well Free.

      Hence the name.

      Here's an Operating System fud^H^H^Hfact sheet

      1) Windows. Expensive. Not FreeBSD. You may BURN in HELL forever if you use it.
      2) Linux. Free Unix type OS, unquantifiable risk of prison rape. No strlcat [redhat.com].
      3) NetBSD. Let's face it do you really need all those platforms? Why not concentrate on optimising for today's mainstream hardware. My friend Bob installed it on his new box, and it caught fire and burned down his house.
      4) OpenBSD. Kick ass security. Theo seems a bit odd. Lags a bit feature and driver wise. There are reports that OpenBSD users may die of untreatable brain cancer.
      5) MacOs. Slick. Good for clients. Expensive. You may have to grow a goatee, wear black polo necks [penny-arcade.com]. Mac OS users won't accept you as one of them, they will mock your dress sense behind your back.

      Face it, FreeBSD is the best choice for every person in the world. Fact.
      • Well, let's look at your objections to other OSes one by one:
        1. True, but if you use XP, you get something that looks like a Fisher-Price toy.
        2. I seem to recall that SCO mentioned something about suing the University of California over BSD, too, so the unquantifiable risk of forcable buggery isn't a net minus. Plus, strlcat() and strlcpy() are easy to implement yourself.
        3. You never know when you might need that Apple ][e for a mission-critical application. Also, NetBSD isn't responsible for your friend Bob
    • Re:Not just Linux (Score:5, Informative)

      by Marillion (33728) <ericbardes@gmai[ ]om ['l.c' in gap]> on Thursday January 19, 2006 @05:18PM (#14513149)
      The article is really focused on GPL violators.

      This really seems to apply to companies that incorporate Linux into a product. Well known examples include Tivo and the Linksys WRT54G (v4 and below). In such a case, Linux is an important part of those companies' product portfolio and thus and important factor in assessing the tangible and intangible worth of that company. For the companies that only use Linux in operational capacities, it wouldn't have any impact unless SCO wins. (yea, right)

      Put another way: ownership of a patent on a hammer is important for a tool maker, but not for the construction company that uses it.

    • If you don't install the latest Microsoft update when Redmond offers it to you (say, because it blows up your financial reporting system), then you are in violation of their EULA, and must clean all your hard disks of their OS. If, at this point, you don't warn your shareholders that your company is running on unlicensed copies of MS Windwos, then you are also in violation of SOx.

      What do you mean, you didn't read your EULA? --- ah, pathetic humans.

  • by SIGALRM (784769) on Thursday January 19, 2006 @03:21PM (#14511962) Journal
    companies are required to "disclose ownership of intellectual property to their shareholders." How are these companies supposed to really list out all the IP owners if they were to install a full desktop or server environment - there could be literally thousands of parties listed!
    There's a big difference between ownership and utilization. For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.
    • Yes, and the article itself says that the risk is if the company is VIOLATING the GPL. The submitter read only the IT Observer headline before submitting this, or didn't understand the article.
    • Agreed!

      This whole thing is a Red Herring, just another spin on the FUD wheel.

    • by bedroll (806612) on Thursday January 19, 2006 @03:27PM (#14512056) Journal
      There's a big difference between ownership and utilization. For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

      I completely agree. Just to expand on that, it should also be noted that the GPL does not transfer ownership of IP unto you, it merely gives you license to modify and reuse it. A company would then have to disclose their IP after they changed that code.

      Reading the article, it appears that the author is a little confused. The second sentence talks about violating the GPL. You don't violate the GPL by simply using Linux. So maybe the real issue is with companies that release GPLed software without proper attribution and GPL compliance, but that's not the way the article reads.

      • but that's not the way the article reads.

        Actually, the article does read that way. Oops.

      • Can't this just be as simple as "We use/have modified the xxx distribution of Linux. If you want to know everything and anything about it, here's Google/a link to a site that has every Linux contributer ever. And if you want to know how it works and exactly who wrote what line of code, here's the source code."

        In any case, do shareholders actually care? Maybe I'm not thinking about this hard enough, but I honestly doubt it. As long as the company they own a share of isn't doing anything distinctly ille

        • > Can't this just be as simple as "We use/have modified the xxx
          > distribution of Linux. If you want to know everything and anything
          > about it, here's Google/a link to a site that has every Linux
          > contributer ever.

          That is far in excess of what they would need to do. The don't need to say anything at all about mere use or unmodified distribution as the does not give them ownership of any "IP". If they make modifications a brief description of the program modifed and the modifications they made w
    • by Anonymous Coward
      For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

      Actually, they do own the physical media, and they own a copy of the software. The EULA restricts what McD can do with the software.

      However, McDonalds does not own the copyright on windows XP. If they did own the copyright, McD would have to disclose that they own the copyright, because the copyright to windows XP is worth quite a bit of money - it is a si
      • Actually, they do own the physical media, and they own a copy of the software.

        Read his post again. He never mentions anything of the media. He only mentions IP, which is the blanket term for copyrights and patents, and I think they bundle trademarks in there too.

  • by QuantumFTL (197300) * <justin,wick&gmail,com> on Thursday January 19, 2006 @03:21PM (#14511969)
    As long as something has been liscenced under GPL, the owner cannot assert additional restrictions, or revoke the liscense - therefore how is the owner relevant to the stockholders, if no such change can take place?
  • by Anonymous Coward
    You have to distribute Linux outside of your organization in violation of the terms of the GPLv2 in order to have any licensing problems with Linux.

    Mere use of Linux by a company cannot ever be a violation of the GPLv2 that Linux is licensed under.

    This is FUD issued by a company that wants you to buy their BSD based embedded OS product.
    • Mere use of Linux by a company cannot ever be a violation of the GPLv2 that Linux is licensed under.

      It can if you violated the GPL, and thus made your license void. That's what TFA is talking about.

      All the comments are wildly confusing, and go figure, the summary sucks, but TFA makes it clear that for a public company violation of the GPL invalidates their license, and makes the issue not just copyright infringement, but a securities violation.

      This wouldn't be any different than saying "by installing one c
      • Yes, if you violated the GPL, your license if void. That is your license to distribute copies! You can still use the GPL software yourself.

        Legally, violating copyright means you are liable for monetary damages, and you may be forced to cease and desist distribution of the violating item. However it says nothing about the original item. If you plaguarize the NY Times, they may sue you. However you are still allowed to read the NY Times.
        • Legally, violating copyright means you are liable for monetary damages, and you may be forced to cease and desist distribution of the violating item. However it says nothing about the original item. If you plaguarize the NY Times, they may sue you. However you are still allowed to read the NY Times.

          That's because you don't have a license to copy the NY Times, and you have an implicit permission to read the contents. The NT Times implicitly gives that right to read per edition to everyone who purchases a co
  • by blackcoot (124938) on Thursday January 19, 2006 @03:22PM (#14511984)
    how exactly using linux in violation of the gpl is a violation of sarbanes oxley? the article does an awful lot of handwaving but doesn't actually explain any of the hows or whys.

    i'll have to read again, but it looks like this is f/oss trying its hand at the fud game.
    • how exactly using linux in violation of the gpl is a violation of sarbanes oxley? the article does an awful lot of handwaving but doesn't actually explain any of the hows or whys. i'll have to read again, but it looks like this is f/oss trying its hand at the fud game.

      Possibly. People here rail when the DMCA or Patriot act gets applied to situations where the law wasn't intended to apply. Is this a stab at using SOX regulation as the stick to enforce unrelated laws? Violating the GPL is license infringe
    • Essentially, if the company claims to its shareholders that it can do something IP-related, and they are wrong, that's now securities fraud. Think of it this way: if a company doesn't have enough licenses for their commercial software, and the BSA knocks down their door and takes their money, their shareholders can claim that they were led by the company to believe that it wasn't going to get hit by this sort of thing, and so the SEC steps in and punishes the company for misleading the investors. Similarly,
  • by crumley (12964) * on Thursday January 19, 2006 @03:23PM (#14511994) Homepage Journal
    The synopsis above is misleading. Its is GPL violators, not simply GPL users who are at risk. From the article:
    "Linux is a powerful operating system," says Jay Michaelson, an author of the study and Wasabi Systems' General Counsel. "But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."
    • > The synopsis above is misleading. Its is GPL violators, not simply GPL users who are at risk. From the article:

      "Linux is a powerful operating system," says Jay Michaelson, an author of the study and Wasabi Systems' General Counsel. "But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim

    • If companies are violating the GPL, they don't have the right to use that software.

      Yes they do. The right they do not have is to redistribute the software. Accept the GPL, reject the GPL, wipe your arse with it while shouting hosannas to Bill Gates' name if you like, you can still use Linux and the like.

      The GPL is a licence setting out conditions under which you can redistribute software to others, and incorporate it into your own products - which would ordinarily be a copyright violation. As far as I c

      • > As far as I can tell, however, it says not one word about actually
        > using the software itself.

        It says this:

        Activities other than copying, distribution and modification are
        not covered by this License; they are outside its scope. The act
        of running the Program is not restricted, and the output from the
        Program is covered only if its contents constitute a work based
        on the Program

        Thus as long as
        • But use of the program "is not restricted" by the GPL. It may be restricted by copyright law in absence of a license to use it, so it is possible that violating the GPL and thus terminating your privileges under it would also revoke your right to use that particular piece of software since you would no longer have any license to it.
      • The main type violator of the GPL that is being discussed is emmbedded applications makers. The usual GPL violation in this case is that they don't make source available. So the "use" that they are not allowed to do is to distribute Linux (or other GPL software) in their embedded products.

        But yes, both I and the article were sloppy on this point.

        I don't want to waste much time defending the article, though, because it seems to me that Sarbanes-Oxley violation is at best a tangent to the issue of G

    • Ah, but this too falls down. The GPL does not govern use, it governs distribution. In fact is is titled,

      GNU GENERAL PUBLIC LICENSE
      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

      Note the lack of the word "use" in that title.

      You do not violate the GPL by modifying software covered by it. You do not violate the GPL by using that modified software (even if you fail to ship those changes to anyone who asks). You do not violate the GPL by doing a great many things, as long as you don't distribut

      • Ah, but this too falls down. The GPL does not govern use, it governs distribution.

        It's not directly covered, but it's indirectly covered to an almost complete extent.

        You're correct that the GPL disavows having any impact on whether or not a user is allowed to "run" the program:

        • "Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its
        • I have released a good amount of software under an open-source license, but not the GPL. I require that no one can make commercial use of my software.

          Then what you are doing is not open source, and should not be called such. Please read the actual Open Source Definition [opensource.org], specifically point 6, rather than just assuming, "Well, I'm not one of those godless commies or smelly hippies from GNU, so I must be Open Source instead of Free Software."

          Do what you want to do with your own IP; that's cool. It's y

          • Do what you want to do with your own IP; that's cool. It's your right. But you are misrepresenting yourself if you claim what you're distributing is open source. Can you identify the license you used on the list of Open Source licenses? No? Then why are you calling it Open Source?

            That's funny. Several licenses on the "list of Open Source licenses" limit the commercial use of the "open-source software," particularly as it pertains to the licensee's ability to charge fees. This prompted the following inter

        • 1. That's why the GPL is largely antithetical to commercial software: every customer can become a competing vendor of your software simply by acquiring one copy from you.

          2. I have released a good amount of software under an open-source license, but not the GPL.


          You seem to be contradicting yourself. You said that you can't be a commercial vendor of GPL software because anybody can take it and redistribute it. But if that is true, that "competitor" can't be a commercial vendor either! This is because whatever
          • You said that you can't be a commercial vendor of GPL software because anybody can take it and redistribute it. But if that is true, that "competitor" can't be a commercial vendor either!

            No - they're still "commercial" vendors, but they're just bound by the same anti-"commercial" obligations under the GPL. The "commercial" value of the software is inversely proportional to the number of people who have copies.

            This is because whatever reason you cannot be a commercial vendor also applies to them, they m

    • IANAL

      The GPL doesn't say 'any and all' GPL'd software use is revoked if you violate the license for a particular program, revocation or your rights to copy, modify and distribute just the software that is being violated is revoked. The license furthermore states that use of the program is not covered under the GPL. That makes a big difference - and is not nearly as big a problem for businesses as the original headline indicated - particularly where use is concerned.

      So, if I (as a business) screw up and mod
    • How about we form a GPL Software Alliance and carry on like the BSA does?
    • The synopsis above is misleading. Its is GPL violators, not simply GPL users who are at risk.

      And to clarify further: The issue is about basing a product on GPLed code without disclosing that you are doing so.

      If you do this, get it wrong, and get caught, you have a choice between stopping distribution of the product or releasing the source to its guts (or some fraction of it) to the public (including your competitors and potential customers) for free (as in speech AND beer) reuse.

      This may be perceived as a
  • by mattbelcher (519012) <{matt} {at} {mattbelcher.com}> on Thursday January 19, 2006 @03:23PM (#14511997) Homepage
    Did the OP even read the article he submitted? It says that if a company violates the GPL, that this might also be a violation of Sarbanes-Oxley if they claim that they still have a right to use Linux despite the GPL violation. There is nothing about listing the IP holders. On an aside, I didn't think there was any violation to the GPL that could stop you from being able to use Linux. A GPL violation would make you lose your right to distribute it, right?
    • by Hope Thelps (322083) on Thursday January 19, 2006 @03:31PM (#14512104)
      There is nothing about listing the IP holders.

      Yes there is. The article says:
      According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders.

      It does go on to say:
      The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley.

      But that doesn't negate the first statement and the article never explains the connection between the two statements.
    • On an aside, I didn't think there was any violation to the GPL that could stop you from being able to use Linux. A GPL violation would make you lose your right to distribute it, right?

      By violating the GPL, you invalidate your license. Considering that the code is only offered under the GPL, if you invalidate your license, then you have no permission to use it at all. Distribute, or use, because you just simply don't have a license anymore.
      • By violating the GPL, you invalidate your license. Considering that the code is only offered under the GPL, if you invalidate your license, then you have no permission to use it at all. Distribute, or use, because you just simply don't have a license anymore.

        This is incorrect. From the GPLv2:

        Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted

        The FSF's position is that running a pr

        • IANAL, but my reading is that a company who violates the GPL loses the right to copy, modify and distribute, but can still use the software.

          My reading of the clause says the same thing. Which is far better than anything else anyone else put forward against me.

          You are correct. Right to use of a GPL program is implicitly granted by the distribution mechanism itself.

          As to all the other people who are arguing that some OTHER license gives this right by analogy are wrong. MS Windows does not have implicity ri
      • The GPL is a license to violate the copyright on the code, if you follow certain rules. Using the code does not violate copyright, so the GPL cannot prevent it.

        If you plagarize the NY Times, you may get sued, you may not be able to sell your book. But you are still allowed to read the NY Times.
  • by Syberghost (10557) <.moc.tsohgrebys. .ta. .tsohgrebys.> on Thursday January 19, 2006 @03:23PM (#14511998) Homepage
    We're using Linux and treating it just like we do Solaris, HP-UX, and Windows, where we also can't identify everybody who wrote the OS.

    The auditors don't seem to be having a problem with it. Wonder how much Microsoft paid IT Observer for that FUD?
  • spend an hour rounding up names and posting some code on a webserver *OR* completly re-write all the OSS code.

    I have to wonder which companies will choose.

  • "The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley."

    This applies only to GPL VIOLATORS.

    Move along, move along.
  • I suppose if they "rolled their own" they might have to spell out where all the components came from, but going with Red Hat, Novell, Mandriva, etc. lets them point a finger over-there for both support and compliance issues.

  • Do companies know who all the IP owners for other operating systems are? And application software? And computer and communications hardware? All this stuff includes components licensed from third (or higher) parties.

  • From TnotFA:

    "But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."

    Well no poop? So they're saying that violating the GPL is like violating an EULA ... wow ... stop the presses!!! The GPL is eeeeeeeevil!!! Morons.
  • "According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders. The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley."

    If you are given something for free, then you own it - do you not? The solution is to have anyone using it say that they are the 'owners,' being respectful to th
  • by hattig (47930) on Thursday January 19, 2006 @03:26PM (#14512044) Journal
    Instead of "Might Linux Violate Sarbanes-Oxley?" which it doesn't, it should be "Non-compliance to terms of GPL might violate Sarbanes-Oxley".

    Which makes sense.

    I.e., if you claim to have the right to use Linux for your product, but you aren't complying with the license, you might be violating Sarbanes-Oxley.
  • Wasabi Systems? (Score:2, Insightful)

    by GigsVT (208848) *
    according to a research published by Wasabi Systems.

    The same Wasabi Systems that sells products based on NetBSD?

    Yeah, no bias there.

    In the past, such violators were merely required to release their code to the public

    The article is also wrong in that it spreads the "forced open source" myth. GPL violators aren't required to release their source code. They FSF generally asks them stop infringing on the copyright of the GPL software.

    One way to do that is to comply with the GPL, another is to stop using GPL
  • TFA was talking about Sarbanes-Oxley problems that could occur when a company distributes software in violation of the GPL. TFA wasn't talking about companies that use or distribute GPL'ed software in compliance with the license.
  • by panda (10044) on Thursday January 19, 2006 @03:28PM (#14512058) Homepage Journal
    I think a lot of folks here have missed the point. The article's author is making an intellectual exercise in asking out loud and in public if companies that violate the GPL in their software are not also violating Sarbanes-Oxley.

    This is because they are required to list what intellectual property the company owns to shareholders and if it is later found out that the company doesn't really own it, because it is based on a GPL'd software, then is that a Sarbanes-Oxley violation.

    I'd have to say, it looks like one, but I'm no MBA, nor a JD.
    • This is because they are required to list what intellectual property the company owns to shareholders and if it is later found out that the company doesn't really own it, because it is based on a GPL'd software, then is that a Sarbanes-Oxley violation.

      Wrong.

      A corporation is required to account for intangible assets that the company owns, and timely and accurately report the acquisition cost, book value, and sale value, if any, in aggregate as part of its normal financial reporting. Refer to SOx sec 3
  • by kalpol (714519) on Thursday January 19, 2006 @03:30PM (#14512084) Homepage
    Rather new at it, it's true, but so far if we find a company has a problem of this sort, it's generally not a very big deal especially if they rectify it before their fiscal year ends. This is just one little piece of the huge SOX pie and often there are other controls in place that mitigate the effect of a finding anyway. Now if the company practiced systemic licensing violations then that's a different matter.
    • I should say, 'systemic licensing violations that affect their financial reporting'. SOX is there just to make sure the financial reports are complete and accurate.
      • IANAL but I like to pretend I am one sometimes despite a lack of any formal education or training or experience in the field....

        Licensing violations are a potential liability that would need to be reported. You can be sued for licensing violations and if a corporation with 1 million computers didn't have any Windows licenses for example, that would be a huge liability that the shareholders should be aware of. Of course you'd be an idiot not to just fix the situation before that you would ever report it, and
  • Poor headline (Score:4, Informative)

    by shogarth (668598) on Thursday January 19, 2006 @03:32PM (#14512110)

    Come on people, let's pay attention to the article. Contrary to the poster's headline, nothing in it even hints that using Linux would violate Sarb-Ox. Sarb-Ox is supposed to make investing a bit safer by forcing companies to audit their practices and disclose potential problems.

    If someone is building products on GPL code (like, say broadband router/NAT boxes based on Linux) then they are supposed to disclose that tidbit to their investors. The important part is that they don't own all of the intellectual property for that product and investors should know since that could change the company's value. If they fail to disclose the data, then they have violated Sarb-Ox.

    • Re:Poor headline (Score:4, Informative)

      by georgewilliamherbert (211790) on Thursday January 19, 2006 @04:12PM (#14512512)
      Right. The source article at http://www.wasabisystems.com/gpl/ [wasabisystems.com] is not intended to discourage the use of GPL software; it's a not-so-subtle slam on some of Wasabi's competitors who are using Linux (with the GPL) in embedded systems and possibly not properly disclosing the IP issues to their investors. That might be a SOX violation, yes. But doesn't matter to Joe Linux User on the street. They aren't claiming there's anything wrong at the user end; just at the distributor end, if you improperly distribute modified Linux (or other GPL) products and don't release the source. In this, RMS and the Free Software Foundation agree. Wasabi is correct that their use of a Berkeley license makes their operations safer that way. But it also doesn't make a difference to a Linux-using vendor if the vendor obeys the GPL as the GPL requires...
  • Huh? (Score:3, Interesting)

    by booch (4157) <(moc.kehcubgiarc) (ta) (0102todhsals)> on Thursday January 19, 2006 @03:33PM (#14512120) Homepage
    Does he really think that Microsoft owns all the "intellectual property" in Windows? They sub-license a ton of stuff. For example, IE was based on licensed code from Spyglass. The "About" panel for IE also lists NCSA, UIUC, RSA, Independent JPEG Group, Intel, and Mainsoft. And that's just a single program within the OS. And what about all the submarine patents on the stuff in Windows? How about all the copyrighted stuff in all the malware that's probably running on some of their Windows systems? How about the BSD copyright on the TCP/IP code used by Windows? How are companies expected to find all that information?

    I think the problem may be that the author of TFA hasn't a clue what he's talking about. I suspect that the law says that companies have to disclose what "intellectual property" they own, not what they use. Or perhaps I'm mistaken, and it's Congress that hasn't a clue; that's a distinct possibility. But even then, I'm sure it would follow the spirit of the law to worry about what the company owns, instead of what they use.
    • I suspect that the law says that companies have to disclose what "intellectual property" they own, not what they use.

      Sarbanes-Oxley [findlaw.com] says a lot, but as far as I can see, the law itself doesn't directly talk about intellectual property at all (e.g. a search for "intellectual" turns up no hits at all).

      From reading through it, it looks to me like the basic requirements are 1) if the company in question is claiming part of the company's value is based on intellectual property, they need to report what it

      • by booch (4157)
        Thank you for an excellent analysis!

        I still don't think this is any different than commercial software though. If you claim that you own all the IP involved with a computer program, and it has portions licensed from someone else, you're in the same boat. The same with using someone else's code without following their license.

        The GPL really isn't very different than commercial licenses. In fact, in many ways it's actually simpler. Either you follow the terms and may copy/modify/distribute it, or you don't ag
  • by puppetluva (46903) on Thursday January 19, 2006 @03:39PM (#14512189)
    Basically, this is FUD from a BSD vendor who wants to hurt linux and promote BSD by Fudding the GPL.

    Although started by some really bright netBSD folks, they've ejected all of their really bright founding engineers and are resorting to scare-tactics and other garbage like this to try to gain market share.

    Stupid tricks like this hurt free software in general. I hope Wasabi garners enough ill-will from this stunt to hurt their business in a serious way.
  • If SOx says to name, then name'em: cat /usr/src/linux/CREDITS >>SOx_report.

    The same can be done for all the system components, although I'd just guess many will simply name RedHat.

  • It is a slanderous urban legend that the license terms for OSS are impossible to enumerate. They are hard to find sometimes, and if you really want to be thorough about it you need to just give up and buy a supported OS.

    But all the licenses you are likely to encounter are listed here:

    http://www.opensource.org/licenses/ [opensource.org]

    And once you have those the risks with "unlicensed" or "non-GPL" compliant software isn't any greater than any other OS.
  • Great news! (Score:3, Interesting)

    by drasfr (219085) <`revedemoi' `at' `gmail.com'> on Thursday January 19, 2006 @03:55PM (#14512327)
    That is a great news...

    Take the example of a random company, let's say... Linksys, a publicaly traded company, owned by Cisco.

    They release an appliance with Linux in it... They don't release the source code. It is GPL. They are in violation of Sarbannes Oxley. It's a big deal if this is discovered, could put them into trouble. It is probably the best way to force a company to comply with the GPL.

    Now it is too bad it only applies to publicaly traded companies...
  • Why don't the people who wrote the GPLed software sue the companies that are in violation if it for a lot of money? As it is right now, parties use GPL code as their own with about no repercussions, such as First4Internet did in its XCP rootkit. If OSS is even going to be taken as seriously by everybody, the OSS programmers need to sue infringement like Microsoft or SCO do.
  • This gives the FSF and other copyright holders who license their work under the GPL an easy way to make claims against offenders. Let the SEC bust a company under Sarbanes-Oxley, and then when they get a conviction or a settlement, swoop in and file a claim against the company citing the criminal case for most of your evidence.

  • by davidsyes (765062) on Thursday January 19, 2006 @04:14PM (#14512543) Homepage Journal
    I think a lot of people are missing the bigger picture by not asking the question:

    "WHAT is the main reason and who are the authors behind the SOX wording" about this disclosure requirement.

    It COULD be a specious attempt by lobbyists on the part of their supporters to FORCE the companies using GPL/FLOSS/Linux to disclose themselves so that ms and their henchmen can start targetting the companies that (public or private) are using Linux/free/free software. It has the 'beneficial' effect of causing their competitiveness or chance of success to be diminished or at least perceived as rogue, reckless, uninformed...

    Moreover, it indirectly helps ms by causing the commercial (non- or anti-Linux/GPL/FLOSS) companies/developers to target and entice those companies 'back into' the fold if they have escaped or managed to get one foot out of the field.

    This isn't to say that employees don't talk. Of course employees talk, whether complaining or bragging about their companies. BUT, by forcing companies to list that they are anti-ms or unwilling to be 100% in ms' farm, then the shareholders who WANT to be in ms' fold (for stock/portfolio reasons) just MIGHT call for the necks of the IT managers.

    Just one jaded/cynical/scary thought...

    Anyone else can add to or refine my ideas here...
    • ...so that ms and their henchmen can start targetting the companies...

      Am I the only one that thinks the idea of Microsoft and henchmen sound funny. Some army of nerds in glasses is going to beat on your door and carry you off into the night.
  • Not using, abusing (Score:3, Insightful)

    by xarak (458209) on Thursday January 19, 2006 @04:19PM (#14512602)
    The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley.

    The article said that if you violate the GPL, you violate SOx. This would therefore be A Good Thing (TM) as it would give even more power to the FSF to clear up abuses.

    Misinterpreting articles in this way sends the wrong message to managers, however, who might think they're better off with M$. And no, managers don't read the article.

    IMHO, the same company would be violating SOx as much if they bundled any M$ or other proprietary DLL/EXE/bitmap image into their software without explicitly mentioning it.

  • by Lost Penguin (636359) on Thursday January 19, 2006 @05:01PM (#14513014) Homepage
    By the same token;
    What IP is in Windows?
    We already know Microsoft has been caught stealing code many times, what is still lurking?
    Without a full source to any OS how can anyone know whose IP they are using?
    • We already know Microsoft has been caught stealing code many times, what is still lurking?

      Um, care to elaborate some on that? As far as I know Microsoft has never been "caugh stealing code". If you mean them using BSD code for the telnet and ftp programmes, well, that's perfectly fine and allowable under the BSD license. The copyright (Regents of the University of California, Berkeley) is still clearly visible if you run strings on the exe, and they probably have acknowledgement of the origin of those

  • I say just attribute it all to 'The Penguin' and be done with it. ^_^

    FBI, CIA, and SEC should have fun looking him up.

  • If they use linux as a desktop OS, then no i don't see any requirement for disclosure of this, as it's not "their IP" as such, it's a commodity OS.

    However, if they use Linux in an embedded device, etc then the IP owners are disclosed anyway, because their names will be listed in the credits/comments of the source, which being GPL has of course been released to the public for anyone to see.

    No issue.

    smash.

  • by walterbyrd (182728) on Thursday January 19, 2006 @09:42PM (#14515125)
    The author, who has an obvious agenda, ignores the fact that violating *any* software license (including Wasabi's) can get you into trouble.

    Although you would never know it from the title, the article refers exclusively to people who *violate* the GPL. It's like saying that people who drive cars may face jail terms for DUI.

    Take a look at Wasabi Systems website: "Wasabi Certified BSD, a certified, tested, and optimized version of the BSD operating system, offers the rich functionality of BSD Unix without Linux's troublesome GPL License." In other words Wasabi is a direct competitor with GPL'd software. Right on the front page of Wasabi's web-site they are bashing the GPL. Nothing like an unbiased "study" I always say. I wonder who wrote the article, no mention of that. Hmmm.

    "If companies are violating the GPL, they dont have the right to use that software."

    Is that even acurate? My understand of the GPL is that it does not restrict, only distribution.

The sooner you fall behind, the more time you have to catch up.

Working...