DF's comments on "indemnification" are essentially without merit as US copyright law (17 USC) and the Berne Convention do not provide for the liability to "fall through" to the end user if the end user is not the one to do or cause the actual infringement.

Additionally, most "indemnification" provided by any software provider covers at most what you paid for the product, and even then only under some sort of problem that the provider was unable to foresee and therefore exclude.

The only actual solid indemnification generally provided to software end users at this time appears to be that provided by several companies for Linux users.

To give an example of a "typical" proprietary vendor's "indemnification" coverage to an end user, let's look at the one directly from the SCOsource EULA (capitalization is theirs):

"LIMITATION OF LIABILITY

UNDER NO CIRCUMSTANCES WILL SCO OR ITS REPRESENTATIVES BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, PUNITIVE, OR INCIDENTAL DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE, BASED ON YOUR CLAIMS OR THOSE OF YOUR CUSTOMERS (INCLUDING BUT NOT LIMITED TO, CLAIMS FOR LOSS OF DATA, GOODWILL, PROFITS, USE OF MONEY OR USE OF THE SCO PRODUCTS, INTERRUPTION IN USE OR AVAILABILITY OF DATA, STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS), ARISING OUT OF BREACH OR FAILURE OF EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, MISREPRESENTATION, NEGLIGENCE, STRICT LIABILITY IN TORT OR OTHERWISE, EXCEPT ONLY IN THE CASE OF PERSONAL INJURY WHERE AND TO THE EXTENT THAT APPLICABLE LAW REQUIRES SUCH LIABILITY. IN NO EVENT WILL THE AGGREGATE LIABILITY WHICH SCO MAY INCUR IN ANY ACTION OR PROCEEDING EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY YOU TO SCO FOR THE LICENSE OF THE SCO PRODUCT THAT DIRECTLY CAUSED THE DAMAGE."

(See http://www.thescogroup.com/scosource/eula.html for complete EULA.)

Of course, there is extreme doubt that The SCO Group's claims will stand up in court, anyway, so the arguement is moot in any case.

Take care,
Tomas

damn good article i say too. what's the next move for all

So how does DF's comment square with the typical claims that indemnification is limited to the purchase price, which will be usually far less than the theoretical maximum penalties for copyright infringement? And of course many people have pointed out that the gatekeeper's job is equally hard in a 'veiled source' project, except that there's less chance of getting caught (but not zero, thanks to corporate goofs, disgruntled (perhaps former) employees, etc)

With regard to copyright lawsuits aimed at licencees of contested property... The reason that these cases are rarely seen is that most licenses include an indemnification clause. When you purchase a license for a particular product from it's developer, the developer is making a promise that what their selling you has been developed without infringement, and, if infringment has occured that the developer bears responsibility for damages.

Indemnification is not part of the typical licenses for open source projects, and this is the tack that SCO is attacking Linux on. Theoretically, under either open or closed development, there is an expectation that you have educated your developers in proper and improper development process and have exerted reasonable efforts to insure that copyrights have not been infringed. In practice, it's difficult to police under open source because there are few restrictions on contributions other than an ultimate gatekeeper. It's just as hard to police under closed source as well, but because there's little chance that the violated copyright holder would ever see the source code, it's harder to detect.

The gatekeeper's job is a very hard one. For the product to be completely clean of infringment, it's important that the gatekeeper has not had exposure to proprietary information. But if one of the developers has illicitly copied code from a copyrighted source, it's hard for the gatekeeper to know that.

I have never heard of a copyright lawsuit being aimed at the buyers of the infringed property. Surely customers can't be held accountable if they unknowingly purchase plagiarized material. For SCO to confront customers before it has even proved it has the rights to the linux code must be touching on harassment. I'm surprised that the companies they are mailing these harassing and intentionally intimidating notices haven't counter-sued. I think it would help SCO to reach a legal conclusion concerning IBM first, then notify linux customers about their obligations. If SCO loses the lawsuit with IBM, they will be left with mucho egg on their faces.

Very well done. It's always a pleasure to read Ms. O'Gara's work -- a refreshing change from the rest of the press, which seems to be little more than a bunch of PR Newswire echos.

Thanks,
Craig

Well presented article. Just the facts, no arm waving.

It is refreshing how calm and collected the 'Linux side' of this issue is compared to the Caldera/SCOG side. In same ways I think that will weigh heavily on not only eventual public perceptions, but on the actual legal decisions.

Thanks!
Tom