Indemnity Protection for Linux? 61
spookymonster asks: "I'm a mainframe sysadmin for a Fortune 50 company. I'm also a Linux hobbyist. About 18 months ago, my request for a proof-of-concept z/Series testbed was granted, and the results have been encouraging. Despite this, senior management keeps saying that Linux isn't ready for prime time. Today, I was finally able to corner one of them and ask him what exactly his issue was with Linux. His answer: Indemnity. All our other software vendors provide protection against someone suing us for using their product. Who protects us if a third party sues us, claiming Linux infringes on their copyrights? Sadly, I was at a loss for words. I've done some digging on Google, but haven't really found anything on the subject. With the SCO/IBM lawsuit heavy in the headlines of late, I figured I'd turn to the Slashdot community for answers. How do I respond to questions about Linux and indemnification protection?"
Good question, but I want to extend it (Score:3, Interesting)
for you, I'm sorry.
But I want to extend the question on BSD Unix, i.e.
OpenBSD, NetBSD and FreeBSD.
Also I want to remind you that
the world is more than USA. I'm, for example,
under European law.
Lloyd's of London (Score:4, Informative)
These aren't good answers, but maybe it start you thinking "outside of the box."
1) Will MSFT really provide this indemnity protection? Do they say they will? If so, has that provision ever been tested? If they don't, or won't, then of course it's not fair to compare apples to oranges.
2) OTOH, you might try 'speciality' insurance companies. I have no idea what the rates would be like, but you can certainly buy insurance to cover any eventuality you can imagine--another poster here once talked about purchasing insurance against the loss of moon rock that they were testing. Which is just to say--just because "Linux insurance" isn't on a regular schedule doesn't mean that some actuarian won't give you a price. If you need to make calls, I would start with "Lloyd's of London", known for providing insurance for unusual events.
Finally, I think your concern is a real one--what's to stop me from using code that I developed elsewhere and contribute it back into the Linux source?
Re:Lloyd's of London (Score:4, Informative)
Any software manufacturer that sells into large corporates will have indemnity insurance - they simply won't get any contracts otherwise.
To answer the original poster's question: if you buy a support contract from Red Hat / IBM / whoever, they will provide you with indemnity protection. Possibly for an extra fee, but they will provide it.
Re:Lloyd's of London (Score:1)
So sue me? (Score:2)
Microsoft may well argue that the problem is not with their software, it is with the third party's software. The PR to bury that would probably cost less than the legal fees (at least in the short term, and The Road Behind certainly demonstrates short-term thinking), and good luck to the suers chasing down and confronting a zillion individual MS SQL us
Re:So sue me? (Score:2, Funny)
Hard? All they'd have to do is attach an invoice to some Slammer code and voila!
Or... (Score:1, Offtopic)
[OT] whoohoo! I finally got a negative mod! (Score:2)
Re:Lloyd's of London (Score:1)
Since we're talking non-x86 platforms (z/Series, in particular), MSFT really doesn't enter into it. However, my management indicates that it is standard practice for us to require indemnification clauses on all software purchases. Even if MSFT didn't sign such an agreement with us, a majority of vendors apparently have. Management may argue that the monopolistic nature of MSFT required them to make an exception for Bill and the
Re:Lloyd's of London (Score:3, Insightful)
Commercial solutions provide indemnity? (Score:5, Insightful)
What's the practical difference buying from, say, Redhat over buying from MS or Oracle?
Re:Commercial solutions provide indemnity? (Score:4, Informative)
So, you buy a database to store data. The database does not work. You have no legal recourse.
I searched google but can't find a link. Is anyone familiar with this case?
Re:Commercial solutions provide indemnity? (Score:1)
I believe that in this sort of case you would be entitled to your money back, but it wouldn't make sense for Microsft (or anyone else) to have to reimburse more than they were payed for the product. If you want the added security of garunteeing against failure you have to pay extra for insurance.
The Wisdom of Hondo (Score:3, Funny)
Simple (Score:3, Interesting)
Perhaps none of them will offer the level of indemnity that you require, but if you ask enough of them, it may convince one of them that this might be a viable business model, and start offering it in the future. Essentially you'll be paying for insurance rather than software, so this would be an interesting new way for making money from open source.
Patent infringement and own use? (Score:1)
What if my company (or I) buy software that is covered by a patent but for wich no fee is paid (Linux). Am I allowed to use it internally?
Thanks in advance.
Re:Patent infringement and own use? (Score:1)
Practically speaking though, it's impossible to enforce.
MSFT doesn't provide it either... (Score:3, Interesting)
What indemnity? (Score:5, Insightful)
Of coursse, this is at the start of litigation, and no-one knows how it will turn out. But isn't this exactly what your executive is worrying about happening with Open Source software? And this is from the Godzilla of them all, Microsoft.
No-one can make you perfectly safe from such claims - valid or invalid. But with open source, it shoudl be a lot easier to establish the truth of such allegations, because the source is available, and trackable, a long way back. If closed-source supplier A alleges that closed source supplier B has pirated code, you are into heavy calibre lawyers before source gets disclosed under court order. With open source, you go to the CVS tree, check earliest versions, check dates.... False claims should be seen off pretty quicly. And someone filing proprietary code as OS would be pretty visible (and spurned) within the community.
And if it turns out that you have been using some stolen code, with OS you at least have the option of throwing out only the stolen bits and rewriting them, whereas with closed source you are dependant upon your supplier doing that for you - if the lawsuit hasn't destroyed them, which it would do for a small company (and then where is your indemnity? At then end of the trail of unsecured creditors, I should think).
To summarise: such situations are much less likely to occur with Open rather than Closed source. If they do occur, that indemnity has a good chance of being waste paper. Meanwhile, you have paid out *a lot* in licence fees for a very threadbare security blanket.
How Open Source Solves the Problem (Score:2, Funny)
Open Source Vender 2: No I'm not, but if you think I am bring your code, I'll bring mine and we'll discuss it at the pub
(Many hard drinks later)
Open Source Vender 1: Fusking M$ and closed source is killing the world man.
Open Source Vender 2: Fusking eh, down with M$...Now what the hell were we arguing about?
I don't konw about you... (Score:2, Insightful)
Re:I don't konw about you... (Score:1)
Perhaps Microsoft is due a bonus.
Re:I don't konw about you... (Score:1)
Surely your in-house counsel would have an idea? (Score:3, Insightful)
You're an admin guy, you know Unix. The legal people know the law. Ask them to look into it, and cc the manager you talked to so that both sides know you want this examined seriously.
Re:Surely your in-house counsel would have an idea (Score:5, Informative)
I didn't understand (Score:5, Insightful)
You mean someone can sue you because you are using a program that infringed a law, but you weren't aware of? Or would you be aware, ie: The software producer would inform you that his product infringes a law?
I didn't get. Is this possible? I am not from USA (if you are), so things might be different there.
But wouldn't this be like RIAA suing listeners of a radio that plays "pirated" music? Or BSA suing players of a LAN house over "pirated" Half-Life copies?
Just want some clarification of why, and how, this is possible...
Re:I didn't understand (Score:1)
For example, can the State sue a driver if a car break fails and it provokes an accident?
There are many possibilities. I think it's *very* strange that you get sued because of this...
Re:I didn't understand (Score:1)
It isn't the State doing the suing in either the question at hand or your hypothetical question.
In the question at hand the party doing the suing is an entity that feels that its intellectual property rights have been infringed upon.
In your hypothetical question, the driver with the failing brakes would be sued by whoever he hit (and his insurance company would be the one to fight it or pay).
And the driver could pr
Re:I didn't understand (Score:1)
Re:I didn't understand (Score:2, Informative)
So, if you listen to a radio station that plays pirated music and there is a law against listening to radio stations that play pirated music you could, theoretically be charged. However it is unlikely you would be because 1: how do you locate the people listening unless they are part of a members list and 2: there is the question of whether or not you ca
Re:I didn't understand (Score:2)
> court. You are expected to be aware of the rules
> and regulations surrounding the things you use
> and/or do.
You are confounding criminal and civil law.
> I think it's the reasonable expectation that
> surprises me the most about the Microsoft thing.
> Unless it's stated somewhere in the EULA how
> could the people using the software be
> reasonably expected to know that it was causing > a patent infringment?
If they can show that
Re:I didn't understand (Score:2)
But if your enterprise has written a 15 million dollar application that relies upon a codebase that is patented, so long as you continue to rely upon that codebase you are required to gain a license. Upon being informed of such a problem, you can either pay the hefty licensing fees or
I'm sorry. (Score:2)
Reading the other user comments posted, I come to the conclusion that if your software damages their hardware, then they can sue you? That... sortof makes sense. Maybe in some twisted abstract way, but how the hell would that have anything to do with the platform it was developed on? I mean, there's a HUGE difference between Unix and Windows development, etc etc, but what element between them could possibly be so damaging? Different end-of-line charac
I think he got it backwards (Score:4, Insightful)
Sounds like he was just looking for a pretext.
All our other software vendors provide protection against someone suing us for using their product.
If anybody indemnifies anybody, it's usually the other way around. At least all the Microsoft EULAs I have seen say something like
(this one is taken from here [microsoft.com]).In general, I think anybody who offers a Fortune 50 company protection from lawsuits is a fool or speculating that they'd go bankrupt anyway if that should ever come to court (and you would still get sued).
I also doubt this kind of indemnity would be useful for Linux even if someone offered it. I mean, how often has this come up over the last decade? These kinds of lawsuits seem like such a rare occurrence when it comes to open source software that it just doesn't seem worth worrying about.
Re:I think he got it backwards (Score:3, Interesting)
Sounds like he was just looking for a pretext.
Maybe. Or he might really have made a calculated business decision about it. (To check, ask him the terms and sizes of indemnity protection that they require. If he knows, then he might be serious.)
But to my mind, the most likely explanation is typical large-company cover-your-ass behavior. Large companies typically punish for failure more
Re:I think he got it backwards (Score:1)
Umm, well, most large companies reward success by issuing regular paychecks. That's a pretty substancial reward.
Re:I think he got it backwards (Score:2, Informative)
It's not legal (in the US) to sue an employee for screwing up except for cases of gross negligence.
Vendor liable (Score:1)
Re:Vendor liable (Score:2, Informative)
Check the license. (Score:3, Informative)
Section 7 (in part): If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License.
Section 11 (all): BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
Section 12 (all): IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
So the straight answer is that the word indemnification does not occur in the license. Whether the license has no, little, or good indemnification should be judged by a lawyer. It seems as though the GPL protects those who wrote, modified, and distributed the programs in question from those who use the program, but doesn't seem to extend any special protections to those who use the program from their customers or other third parties.
My limited understanding of indemnity is that it's usually in a contract between a software supplier and a client, and the supplier usually carries insurance to cover indemnity claims. Thus, for Linux to have indemnity you'd have to contract to, say redhat, for the software and set up a clause in the contract specifically covering this issue.
-Adam
"I'm not a lawyer, but I play one on slashdot..."
Re:Check the license. (Score:3, Insightful)
Invest the money you would have spent on an indemnity in your own GPL support/development team. If/when
This is a laugh (Score:3, Funny)
considerably less than your chances of getting hit
by a meteor while skydiving naked. (Which you are
also not insured for.)
Get back to us when you're back from the laughing
academy.
Re:This is a laugh (Score:1)
Don't go out there and try to do business with your pants down. It's bound to get you in trouble.
Get back to us when you've taken a short courss in management at the business academy.
probably the same that would happen... (Score:2)
odds are these are much bigger companies than yours, and none of them appeared to be concerned about lawsuits when they made public announcements about their use of linux-based servers.
http://news.com.com/2100-1001-275155.html
http://www.internetwk.com/lead/lead060100.htm
http://linux.bryanconsulting.com/stories/storyR
Re:probably the same that would happen... (Score:1)
No odds about it: [fortune.com]
Amazon - #492
Google - not listed
E*Trade - #686
And the fact that no one's filed suit on it yet doesn't mean it won't (or can't) happen. consider the SCO v. IBM case right now. If SCO were to (improbably) win the suit, how big a leap of logic would it be for them to turn around and demand licensing fees from Red Hat, Suse, Mandrake, etc, and/or their customers?
Indemnification (Score:4, Insightful)
OK, your management isn't hot on linux because they can't sue anybody if it doesn't work. I'm not familiar with VM/ESA's licensing agreements, but I can't name a single vendor that produces a product that their licensing claims is useful for anything, or that will indemnify if the software is a complete piece of crap. Nothing else in the US can be sold with the same disclaimers against liability as software because of the Consumer Protection Act. You can sue the vendor if you buy a lamp that has a defect that causes your house to burn down. You can't sue your vendor if their software loses data, infringes on someone else's patents and you get pulled into a liability suit, or their OS can't stay up for more than a week without hard-crashing.
Now, I'm going to go out on a limb here and guess that you're in a shop that already has at least one z390 available, or that your company has a lot of cash to burn. The reason I am inclined to this opinion is that a nice, shiny new z390 costs about $50K USD. Having a partition added to an existing z390 costs more than my car and my wife's car put together. In either case, there is still a real cost per cycle of computing on that platform that even a PHB can see. Find out what IBM is providing license wise under VM/ESA that they don't provide under their licensing agreement with RedHat. Then study the costs of the migration to linux. since any mainframe OS has monthly licensing costs (last I checked, which I will concede was more than a couple of years ago), long-term migration to OSS on the OS side will eventually come out on top dollar for dollar. It also can't hurt to point out that IBM seems to have concluded that linux is the direction for all of their server-class and mainframe machines in the long term.
As an aside, for those of you reminding this guy about the MS SQL 7/2k licensing issues, this case has been in court for about 3 years, and everybody who is about to get hosed on patent licensing was told by MS's PR dept. that they didn't have a thing to worry about. Part of what the customers are getting nailed to the wall on is the > 2 1/2 years that patent licensing has been a known issue where they didn't talk to the patent owners and acquire the appropriate licensing for their copy of MSSQL. In any case, the indemnification argument could work incredibly well as an argument to move away from MS on the smaller servers, but you are going to have to do some homework to get anything done about the mainframes.
Sounds like management-speak (Score:3, Interesting)
have your client sign a contract.. (Score:2)
We have clauses in our contracts that say that we are not responsible for clients data. If it get screwed up because of a batch job that is ours, they should taken a backup. While it may be our fault, it's software things like that happen.
My 6.3 cents (Score:1)
Thinking somewhat logically (i know logic doesn't always apply in law suits) it would be the coders/developers of the product (linux) that would (should) be the targets of any law suits of that nature.
However, most lawsuits seek to recover perceived monetary losses or to blatantly put a company out of business (not PC i know). Linux on the other hand
Typical management behavior (Score:2)
IANAL.
I would've thought the answer was simple in that the GPL states that you can't do this - there is, in short, no copyright issue under the GPL.
As far as trademarks is concerned, some of us may remember William Della Croce, a Boston attorney who attempted to enforce trademark on Linux in 1996. Last I recall, the TM was overturned. [linuxjournal.com]
Your management's decision on this is extremely confusing. If above and bey
Let me tell you about "idemnity" (Score:2, Interesting)
Our business was about to fold because HAL sold us wares that simply did not do what they promised us it would.
HAL's attitude was "oh well, sorry about that!"
So, the biggest weasel PHB in the company got an HAL big wheel on the phone, and after about a half an hour got said big wheel to ADMIT that HAL had knowingly sold us software that was broken and could not do what they said i
Re:Let me tell you about "idemnity" (Score:1)
BRILLIANT obfuscation there!!!!
Never mind the indemnity... (Score:2)
Let me guess... (Score:1)
Experiences with zseries (Score:1, Insightful)