Linux DCO: Friend or Foe?

The new rule requiring a Developer's Certificate of Origin for Linux Kernel contributions is taking heat. But is it justified?

June 7, 2004

1 Min Read
Network Computing logo

Although the requirement of "signing" Linux kernel contributions may seem to add to the red tape surrounding code development, it's little different from the process most enterprises go through to ensure their own code does not infringe on an existing patent or copyright. It's an attempt to address industry concerns over code origination within the Linux kernel, which have become public since SCO filed court documents alleging that Linux infringes on its intellectual property rights.

The DCO is a CYA measure for Linux, and it may have a feel-good benefit for organizations that are deploying or planning Linux in their IT infrastructures. But it won't preclude suits like SCO's, because it's still unclear whether intellectual property protection extends to the software design or to the actual lines of code. However, DCO limits the liability of Linux distributors and places it squarely on the shoulders of individual developers.

If you've put your Linux deployment on hold pending the results of current litigation, the DCO is unlikely to change your position--it applies only to future development and doesn't resolve allegations of past infringement. Looking forward, however, the DCO offers accountability, which is a must for any software vendor that deals with enterprises. It should provide a level of comfort for organizations that want to deploy Linux but need reassurance about the legality of its source.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights