[OpenIndiana-discuss] Solaris 11 source code leaked?

Gregory Youngblood gregory at youngblood.me
Mon Dec 26 23:37:25 UTC 2011 

I seriously doubt this was a deliberate trojan horse release from Oracle. For one if that were ever proven it could be a game changer in court wrt trade secrets etc. 

More likely this was released by someone who did not have authority to release it.

That still doesn't eliminate the risk to oi/illumos if someone knowingly puts code from that solaris 11 code, even flagged as cddl, in to illumos. All it takes is for Oracle to start taking action against usage from that drop and by then the code tree and those working with it are tainted. Once tainted it is very hard to clean it up again.

Sent from my Verizon Wireless 4G LTE Smartphone

----- Reply message -----
From: "Robin Axelsson" <gu99roax at student.chalmers.se>
To: <openindiana-discuss at openindiana.org>
Subject: [OpenIndiana-discuss] Solaris 11 source code leaked?
Date: Mon, Dec 26, 2011 3:50 pm


I think fears that this might be a ruse on Oracle's side to put 
OI/Illumos in trouble are probably healthy to have. Probably the best 
course of action is to treat the source as a piece of biohazard while 
doing absolutely nothing until we see an official reaction from Oracle. 
All I was trying to say on this thread was at least pretend to give them 
the benefit of the doubt and put a cheesy smile on the face.

After all it is difficult for anyone who is framed as evil or a criminal 
to do good or redeem oneself. Maybe Oracle will decide to cooperate with 
the OI/Illumos folks some day in the future. So it would be a shame if 
too much of badmouthing, calumny and slander would put a slight pall on 
such a cooperation in the future.

On 2011-12-26 23:15, Gabriel de la Cruz wrote:
> Oracle has rights over their code and trademarks, but as well
> responsibilities.
>
> The code could only be distributed by someone who was granted clearance to
> the code (someone with a contractual relationship with Oracle).
>
> Oracle is allowing the continuation of the circumstances that are
> distributing the code across the Internet (Many people took contact with
> them, they know that the code is out, but they are not acting against it).
> If this would be the breach of a trade secret they would have the power and
> duty to prevent it from spreading in the net.
>
> Code marked with Oracle's trademarks went in the public domain with CDDL
> headers.  If the CDDL headers were misused, they should correct them, or
> remove the files from the public domain. No one but Oracle has the duty to
> protect the right use of the code released under their trademarks.
>
> In my modest opinion Oracle is liable itself for the distribution of the
> code under CDDL headers, no matter what is the protocol usually followed in
> official releases. The code is in the public domain, uses their trademarks,
> and contains legal guidelines how to use it. Oracle has responsabilities
> over the 3 facts.
>
> My personal guess would be to put in contrast (file by file) the former
> Opensolaris code with the data that was released. If the code is marked as
> CDDL in both, and the data has sufficient similarities, I would simply use
> it following the CDDL norms.
>
> Maybe it could be a good idea to ask Oracle to say if they have something
> against it. I would just formulate the question so they have to respond,
> and send it to sufficient addressees.
>
> I am not an OI developer, neither a layer, I am just dropping ideas as
> others do...
>
> Please correct me if I am wrong...
>
>
>
> On Mon, Dec 26, 2011 at 10:02 PM, Gregory Youngblood
> <gregory at youngblood.me>wrote:
>
>> Oracle owns copyright they don't have to follow cddl if they choose not to.
>>
>> Irrelevant if these files have cddl license stamped on them. Could have
>> been done by anyone. Until or if this is officially recognized by Oracle as
>> an official release it is poison fruit. Anything or one that looks at this
>> and incorporates it into any projects risks the destruction of that
>> project. Something I am sure Oracle wouldn't mind happening to illumos or
>> openindiana.
>>
>> This is no different than someone stealing Windows code, slapping gpl
>> licenses on the code and releasing it. They were not legally authorized to
>> put that license on that code and release it so it does not count and in
>> court it would not be recognized.  Same as a locksmith making an extra copy
>> of your housekey and giving it to someone saying tale anything you want.
>>
>> Best course of action is to ignore it, don't look at it, and especially
>> don't download it.
>>
>> Greg
>>
>> Sent from my Verizon Wireless 4G LTE Smartphone
>>
>> ----- Reply message -----
>> From: "Nikola M"<minikola at gmail.com>
>> To: "Discussion list for OpenIndiana"<openindiana-discuss at openindiana.org
>> Subject: [OpenIndiana-discuss] Solaris 11 source code leaked?
>> Date: Mon, Dec 26, 2011 12:28 pm
>>
>>
>> Ray Arachelian wrote:
>>> On 12/26/2011 07:31 AM, Nikola M wrote:
>>>> Maybe it is truly CDDL for the parts marked like that,
>>>> besides, why would Oracle keep CDDL headers if it is not CDDL anymore?
>>>>
>>> It's a trap that smells much worse than SCO's attempt to kill Linux via
>>> lawsuit.  Stay away from it.  You wouldn't want OpenIndiana or illumos
>>> to be tainted by it - if they are, they'll be sued into oblivion, and
>>> they will cease to exist.
>>>
>>> If Oracle releases the source to Solaris 11 through normal channels,
>>> then, by all means, have at it.  But this isn't it.
>> Well, surely Illumos will not use that code directly at first as you said.
>> Until there are concerns such as you said.
>>
>> But nature of CDDL is that it provides protection for lawsuits aether
>> for source that in under CDDL or for so called "patents" and it extends
>> to derived work. If someone want its patents or exclusive rights it
>> should not derive its OS (Solaris11) from code under Free software
>> license that provides "open forever" clause.
>>
>> Point is, (and someone also said it) that only way Oracle can stop
>> others for using CDDL-ed work and Oracle's derived work from Opensolaris
>> is not to release it for some time.
>> And that is exactly what Oracle did. It did not released updates on code
>> for some time and once code is out
>> it does not matter who made it available.
>> Maybe Oracle would have legal trouble from someone if code is NOT
>> published by any mean. In this way Oracle is protected.
>>
>> Code is available, it is there, it is under CDDL because it is
>> opensolaris derived work and one can use it as every derived code that
>> came out from any such free software / open source license that has
>> requirement of publishing source code for derived work.
>>
>> Thing is, if it is not good thing for Illumos to use it, someone else
>> might use it freely and make something out of it.
>> Others concerned and frightened (majority I suppose) might not touch it
>> as a precaution but to see is as a blueprint for constructing something
>> compatible maybe, if compatibility with Oracle Solaris is needed in the
>> future.
>>
>>
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
> .
>



_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list