New Intellectual Property Protections Improve LinuxNew Intellectual Property Protections Improve Linux
The new rule requiring a Developer's Certificate of Origin for Linux Kernel contributions is taking heat. But the DCO isn't just a CYA.
June 9, 2004
The new rule requiring a Developer's Certificate of Origin for contributions to the Linux kernel has been portrayed as both an obstacle to innovation and a threat to the open-source development process. But nothing could be further from the truth. In fact, the rule could be a boon for Linux users.
The DCO requires developers to certify that the code being submitted: Is original work; Is based on a previous work covered under an open-source license; or Was received from someone who certifies that it meets one of the above conditions. Although the requirement of "signing" Linux kernel contributions may seem to add to the red tape surrounding code development, it's little different from the process most enterprises go through to ensure their own code does not infringe on an existing patent or copyright. It's an attempt to address industry concerns over code origination within the Linux kernel, which have become public since SCO filed court documents alleging that Linux infringes on its intellectual property rights. The DCO is a CYA measure for Linux, and it may have a feel-good benefit for organizations that are deploying or planning Linux in their IT infrastructures. But it won't preclude suits like SCO's, because it's still unclear whether intellectual property protection extends to the software design or to the actual lines of code. However, DCO limits the liability of Linux distributors and places it squarely on the shoulders of individual developers. If you've put your Linux deployment on hold pending the results of current litigation, the DCO is unlikely to change your position--it applies only to future development and doesn't resolve allegations of past infringement. Looking forward, however, the DCO offers accountability, which is a must for any software vendor that deals with enterprises. It should provide a level of comfort for organizations that want to deploy Linux but need reassurance about the legality of its source.
About the Author(s)
You May Also Like
Q3 Threat Horizons Report
The Forrester Wave™: Vulnerability Risk Management, Q3 2023
Responsible data use: Navigating privacy in the information lifecycle
The Definitive Guide to Understanding IP Addresses, VPNs and their Implications for Businesses
Three Ways Fortinet Hybrid Mesh Firewalls Secure Edge Networks