- If we are using the 2.4 kernel but it is found out that our product does not include (i.e. linked in) the offending code do we still have to pay SCO? In other words, our kernel is highly customized and only includes that which we need -- and probably does not include the code SCO is complaining about.
- If we are using RedHat or MontaVista are we less protected?
- Should we worry about putting a statement that we have Linux inside our products on our web site? Having embedded Linux in our products is a selling point, but if we say "based on Linux" or something like that on the site, won't that bring attention to ourselves from SCO?
Thank you for these intriguing questions. I'll take them in order:
- This question raises a lot of issues, as well as a number of questions, and might be better addressed offline. A couple of general observations: First, on its best day, SCO will be limited in its claims to those users that are using either proprietary code owned by SCO and applications derived from such proprietary code (whether or nor the actual code lies inside those applications) to the extent that the applications could not have been developed without unauthorized access to the proprietary code. If your use of the 2.4 kernel neither includes the code that SCO claims to own nor was impermissibly derived therefrom, you have little risk. Second, and following on the first point, although I am unclear precisely what you might be licensing from SCO, if your company is not otherwise on the radar screen, has yet to receive a notice from SCO and you are not using any of the so-called protected code, the information that you have provided thus far suggests that it is unlikely that SCO will pursue you for a licensing fee. Depending on the answers to other questions, or changes in your business plans, this response might change.
- To the contrary. If you are a Red Hat licensee, you have the protection of Red Hat's status as a distributor and intermediary provided that you obtain the appropriate protections from Red Hat. Those protections include appropriate indemnification provisions and limitations on liability. The one exception that comes to mind on the basis of the limited record is that, to the extent you are knowingly violating SCO's copyrights (as by using code you know to infringe on SCO's copyright), you may be the subject of a separate claim for which Red Hat may not indemnify you. However, given the content of Red Hat's lawsuit against SCO, there is "plausible deniability" in your position.
- There are almost always trade-offs in business. The question is whether it is worth the risk from a business perspective to publicize the connection to Linux. Since I am not sure of your business model, I cannot respond effectively. Generically, if you distribute products using Linux (and therefore profit from the use of what SCO claims is its proprietary code) you are more likely to be in the line of fire than if you simply use such products (unless your company is a Global 1500 enterprise, in which case you are already on the radar). One response to this dilemma is to obtain insurance that will cover this risk and avoid further worries. Again, the possible directions of this topic suggest the need for more detailed discussions offline.
This was first published in September 2003