A Measured Response to the "SCO Problem"

Blacklisting employees is not only childish, it is quite unethical. You have no idea why an employee would stay with SCO and you cannot infer lack of ethics if an employee does stay.

People encounter situations above and beyond their control on a daily basis. Any adult knows this and to imply that all 'ethical' SCO employees would have left before September is just plain stupid. This is not the attitude that the OS community should exude.

Honestly, if you cannot think of any situation that would make an employee HAVE to stay with SCO even if they find their actions reprehensible, you are either 12 or a bigotted idiot. I am obviously not mincing words because this kind of behavior cannot be tolerated if the OS community is to be viewed as mature and ready for the real world.

So, please grow up.

That is all.

" A perusal of The SCO Group's market filings also shows us that the company has no real market for its current products. I mean, does anyone really think that if in some fantasy world where SCO had the ability to levy a $699/CPU fee we wouldn't switch en masse to FreeBSD or simply not pay?"

I think that it would have been obvious by now that SCO never actually intended to make any money with the per cpu fees (for ex look how ill equiped their sales dept was to even collect the fees when give the opportunity).

At the direction of their Master, SCO's top exec's have been sacrificing their company in a bid to stop or slow down the rate at which Linux has been gaining corporate/desktop market share.

I think it's quite possible that a generous benefactor has set up very nice retirement accounts in offshore banks for Mcbride and the rest ....

A great idea, but I think that there are a couple of improvements that could make it even better:

1. We should definitely give SCO employees a fair notice so that they can find alternative employment before they are subject to such sanctions. How about making the deadline Jan 1, 2004, this gives the employees plenty of time to find alternative employment.

2. We should also include any business that has helped SCO to carry out their extortion. For example: The law firm of Hatch, James & Dodge has been retained by SCO (This is significant because the Hatch family is very powerful in Utah). I think that the clients of all businesses that use Boies, Schiller & Flexner, or Hatch, James & Dodge or of Schwartz Communications (http://www.schwartz-pr.com/) should be contacted to let them know that the company that they are working with is involved in the SCO extortion

An item that I think can be used in going after Boies law firm is that the Equal Employment Opportunity Commission recently found that Boies, Schiller & Flexner law firm discriminated against women in wages and working conditions. This combined with its involvement in the SCO extortion case should be plenty of ammo to dissuade its clients from continuing to utilize them.

Boies, Schiller & Flexner clients are:

Adelphia
CBS
Credit Suisse First Boston
Columbia University
DuPont
EchoStar
Ernst and Young
Florida Power and Light
The French Government
Georgia Pacific
Miller Brewing
Napster
Northwest Airlines
Phillip Morris
Qwest Communications
SBC Communications
Siemens
Westinghouse
Tyco International
Unisys Zurich Capital Markets Inc.
New York Yankees

There is an extensive list of Schwartz Communications clients, along with links to their web sites at: http://www.schwartz-pr.com/company/clients.htm

One thing that we need to do as a community is to make it perfectly clear to SCO *and* their potential customers that SCO CANNOT sublicense GPLed code on any other terms, and that any attempt to do so will terminate their license to use the program at all.

I think there is a real risk that some of the more foolish CIOs out there will think that they are minimizing risk for their company by paying SCO their "protection money". We need to make it absolutely clear to these potential SCO customers/victims that giving SCO money will NOT reduce business risk, but will in fact increase it. This is TRUE, and it will help to ensure that SCO is denied unlawful revenue. The GPL is NOT public domain. End-user licensees need to be reminded of their obligations under the GPL when using our code. If CIOs realize that they are faced with a choice between *conflicting* legal demands (ours and SCO's), then they will choose the prudent course of waiting for the RedHat and IBM lawsuits to be resolved before paying SCO any money. That is surely one of the things we want!

Doing this is simple, and does not require free software developers to initiate any lawsuits. Any members of the community who have GPL licensed software that is being shipped by SCO (such as members of the kernel team, Samba, etc.) can take this action:

1) Write a PUBLIC letter to SCO demanding that they confirm their acceptance of the terms of the GPL for your software. Reiterate that the GPL and ONLY the GPL allows them to distribute your software to their customers. Point out that the GPL prohibits sublicensing on any other terms, and any attempt to do so will terminate the license.

2) Make clear in the letter that you understand that licensees are not normally requested to confirm acceptance of the license, but recent public statements by SCO executive and attorneys (provide references) cast doubt on their acceptance of the GPL. Therefore, if they are distributing your code, it is a reasonable request.

3) SCO will probably ignore the letter. Therefore, in the letter, give them a fixed period of time to provide written confirmation of acceptance (30 days) of the validity of the GPL as it applies to your software. Inform them that if they fail to accept that the license, that their rights to distribute your software is terminated.

4) Also state in your public letter that anyone who purchases a binary-only license from SCO to YOUR code will terminate their license under the terms of the GPL. Make sure this message is clear to any potential licensees!

5) If SCO fails to confirm acceptance of your license within the time period stipulated, send them another PUBLIC letter, notifying them that as they are in breach of the GPL, their license to distribute your code is terminated, and they must therefore cease & desist from further distribution of your software (a lawyer should probably write this letter -- if it is made public, everyone can use it as a template). In the letter, warn SCO that any further distribution of unlicensed software is a criminal copyright violation.

6) If SCO fails to terminate distribution, write a letter to law enforcement authorities, reporting criminal copyright violation & demand enforcement of the copyright act against SCO. You might want to register your copyright with the US government before taking this step, however.

7) In the unlikely chance that SCO writes you a letter indicating acceptance of the terms of the licence, be sure to provide a copy to RedHat and IBM for use in their lawsuits, since the validity of the license is one of the things they've publically disputed. Make the letter public, as well.

8) If you *work* for any company that uses GPLed software, or know of any that may be contemplating buying a SCO binary-only license, be sure to send them emails pointing to these public letters to ensure that they understand that they will be terminating their rights under the GPL and committing copyright infringement if they agree to SCO's demands (at least, according to the software authors).

Always keep in mind that it is NOT essential in all this that we have a legally airtight rationale for terminating SCO's and other's rights under the GPL if they sign these binary-only license agreements. All that is necessary is that we have a *reasonable argument* based on the terms of the GPL that this is the case (and we do, depending on how the GPL's prohibition on "sublicensing" is interpreted by a court). Now is NOT the time to be cautious in asserting our rights to control the use of our code! What CIOs need is to be aware that there IS a legal conflict between SCO's binary-only license and the GPL, and that the SCO binary-only license on the kernel is unacceptable to the kernel developers. They will then wait, rather than pay for a SCO license.

Perhaps the FSF and/or other lawyers on Groklaw and elsewhere could assist in reviewing this plan and drafting template correspondence that could be used for this.

The important thing is to ensure that this correspondence is PUBLIC, and we issue press releases, if necessary to ensure that businesses are aware of our concerns.

Simple: don't buy Sun, be it hardware, Solaris, or Java. If you maintain a package, remove Solaris support. Go one better, and put a nice obnoxious statement into the configure script explaining why Solaris is unsupported.

Very noble of you to take this stance, it of course requires no sacrafice on your part. I noticed that no mentioned was made to hold responsible the facilitators of SCO's bad behavior, Sun and Microsoft. Could it be that any "shunning" of Sun or Microsoft may cause an inconveince to you or your business? When you are really ready to make a stand, let me and I'll be with you. At this point in time it appears you are just puffing out your chest and beating your fist.

I agree that this is the best course, or maybe the only course of action. Interestingly.. you didnt mention the companies that fall under the Canopy Group. There are quite a few of them out there. If it were me, i would be sure that my purchases were never mad from a company that falls under the canopy groups umbrella.

I like the idea of boycotting vendors who carry SCO products. I will start vetting those vendors out now.
As far as not hiring SCO employees, I disagree. Up until recently I was out of work for two years. I was looking - hard. Jobs are diffucult to come by and to hit the little guys at SCO isn't right. A better idea is for IT personnel to not apply for jobs at SCO and to advertise that your company will actively hire current SCO employees. Where can a company go without any employees???

Blacklisting ex-SCO employees is divisive and could discourage would-be whistleblowers and leakers. If you want to hit SCO's backers in the wallet, follow the money trail and consider a boycott companies primarily owned by Canopy Group and its principals.

I don't mean companies in which Canopy owns a token investment stake (e.g. Troll Tech). I mean companies like Altiris (ATRS) and MTI Technologies (MTIC).

--AllanKim

The SCO Group letter demanding payment really is the same as any criminal group demanding a business pay "insurance" to be protected from damage. This is called a protection racket, and is against the law in the U.S.A. So the quicker method than waiting for all the suits to come to trial or settlement is for one of the recipients of the SCO letter to file a complaint of attempted extortion with the authorities.

Hit them through their resellers. Most vendors depend on their reseller channel to make sales. Most of those resellers sell more than one vendors product. Inform the people that you normally do business with on hardware and software purchases that if they carry SCO products, you'll go looking for your computer needs elsewhere. If SCO's reseller channel dries up, the only way they'll have to make any money is off their lawsuits and licenses. They won't even have a pretense of having a "viable product" to be damaged.