In an open letter posted late Tuesday on Raymond's Web site, the author and developer reacted pointedly to recent claims by SCO CEO Darl McBride, particularly allegations that Raymond concealed the identity of hackers responsible for recent denial-of-service (DoS) attacks against SCO.
Raymond, president of the Open Source Initiative advocacy group, said he has never known the identity of those responsible for the DoS attacks and had to issue a public appeal for them to stop.
"Your implication that the attacks are a continuing threat and that the president of the Open Source Initiative is continuing to shield their perpetrator is...both false and slanderous," the letter said. "In fact, leaders of the open-source community have acted responsibly and swiftly to end the DDoS attacks--just as we continue to act swiftly to address IP-contamination issues when they are aired in a clear and responsible manner."
SCO rattled the technology world early this year by filing a US$3 billion lawsuit against IBM, claiming that the computing giant illegally incorporated into its Linux software source code from the Unix operating system that SCO controls. SCO further riled the Linux community by sending letters to 1,500 information technology managers, warning them that any use of Linux could expose them to intellectual property suits. SCO tried to capitalise on its claims when it unveiled a licensing plan for businesses that wish to continue using Linux with SCO's blessing.
Open-source software supporters have fired back with strident critiques of SCO's claims and a few nonverbal attacks, such as the DoS hits on SCO.
McBride discussed the attacks in an open letter to the open-source community posted earlier this week on SCO's Web site. He also used the letter to make wide-ranging critiques of the open-source development process, particularly the process for scrutinising code accepted into the Linux kernel to ensure it is free of intellectual property violations.
Raymond and Perens, director of Software in the Public Interest, an open-source development organisation, scoffed at those arguments.
"We in the open-source community are accountable," according to their letter. "Our source code is public, exposed to scrutiny by anyone who wishes to contest its ownership. Can SCO or any other closed-source vendor say the same?"
Raymond and Perens demanded that SCO either reveal all allegedly infringing code or cease its public attacks on Linux.
"If you wish to make a respectable case for contamination, show us the code," according to the letter. "Disclose the overlaps. Specify file by file and line by line which code you believe to be infringing and on what grounds. We will swiftly meet our responsibilities under law, either removing the allegedly infringing code or establishing that it entered Linux by routes which foreclose proprietary claims."
Full text of response to SCO
Mr. McBride, in your "Open Letter to the Open Source Community" your offer to negotiate with us comes at the end of a farrago of falsehoods, half-truths, evasions, slanders, and misrepresentations. You must do better than this. We will not attempt to erect a compromise with you on a foundation of dishonesty.
Your statement that Eric Raymond was "contacted by the perpetrator" of the DDoS attack on SCO begins the falsehoods. Mr. Raymond made very clear when volunteering his information and calling for the attack to
cease that he was contacted by a third-party associate of the perpetrator and does not have the perpetrator's identity to reveal. The DDoS attack ceased, and has not resumed. Mr. Raymond subsequently received emailed thanks for his action from Blake Stowell of SCO.
Your implication that the attacks are a continuing threat, and that the President of the Open Source Initiative is continuing to shield their perpetrator, is therefore not merely both false and slanderous, but contradictory with SCO's own previous behavior. In all three respects it is what we in the open-source community have come to
expect from SCO. If you are serious about negotiating with anyone, rather than simply posturing for the media, such behavior must cease.
In fact, leaders of the open-source community have acted responsibly and swiftly to end the DDoS attacks — just as we continue to act
swiftly to address IP-contamination issues when they are aired in a clear and responsible manner. This history is open to public inspection in the linux-kernel archives and elsewhere, with numerous
instances on record of Linus Torvalds and others refusing code in circumstances where there is reason to believe it might be compromised by third-party IP claims.
As software developers, intellectual property is our stock in trade.
Whether we elect to trade our effort for money or rewards of a subtler and more enduring nature, we are instinctively respectful of concerns about IP, credit, and provenance. Our licenses (the GPL and others) work with copyright law, not against it. We reject your attempt to portray our community as a howling wilderness of IP
thieves as a baseless and destructive smear.
We in the open-source community are accountable. Our source code is public, exposed to scrutiny by anyone who wishes to contest its ownership. Can SCO or any other closed-source vendor say the same?
Who knows what IP violations, what stripped copyrights, what stolen techniques lurk in the depths of closed-source code? Indeed, not only SCO's past representations that it was merging GPLed Linux technology into SCO Unix but Judge Debevoise's rulings in the last big lawsuit on Unix IP rights suggest strongly that SCO should clean up its own act
before daring to accuse others of theft.
SCO taxes IBM and others with failing to provide warranties or indemnify users against third-party IP claims, conveniently neglecting to mention that the warranties and indemnities offered by SCO and others such as Microsoft are carefully worded so that the vendor's liability is limited to the software purchase price, They thus offer no actual shield against liability claims or damages.
They are, in a word, shams designed to lull users into a false sense of security -- a
form of sham which we believe you press on us solely as posturing, rather than out of any genuine concern for users. We in the
open-source community, and our corporate allies, refuse to play that dishonest game.
You invite us to negotiate, but you have persistently refused to state a negotiable claim. You have made allegations of a million lines of copied code which are mathematically impossible given the known,
publicly accessible history of Linux development. You have uttered vast conspiracy theories which fail to be vague only where they are slanderous and insulting.
You have already been compelled to abandon
major claims
* such as the