In-Depth

HP Indemnifies Customers Against Linux Liability

Hewlett-Packard indemnifies customers against possible SCO lawsuits

• By Stephen Swoyer
• 09/30/2003

“We have not found customers are worried about long-term viability of Linux and the lawsuit, but we developed this to mitigate the risk of choosing Linux,” acknowledged Martin Fink, who heads HP’s Linux practice, during a conference call last week.

Fink said his company has not notched a licensing agreement with SCO similar to deals struck by Microsoft Corp. and Sun Microsystems Inc. over the last several months: "HP hasn't signed any Linux agreement with SCO—this is about accountability and protecting the customer.”

HP’s offer contains a few caveats. The company said customers must agree not to make unauthorized changes to the Linux source code, and must sign extended support contracts. Fink says the offer is available to customers who purchase new HP equipment, as well as to existing customers who agree to sign a revised contract—and who haven’t tinkered with the source code of their Linux distribution, of course.

In the interests of full disclosure, HP might have insisted upon another caveat as well, says Gordon Haff, a senior analyst with consultancy Illuminata: SCO CEO Darl McBride has said that neither HP, nor Sun, is a likely target for litigation. Why, then, did HP make such a big deal out of it?

Haff answers his own question. “[SCO is] going after Linux customers, and while McBride has ruled out going directly after HP [SCO filed a $1 billion lawsuit against Big Blue last March], that doesn’t prevent them from targeting HP customers that run Linux,” he notes.

In this respect, Haff says, HP really is sticking its neck out. “It could be a great marketing coup for HP—assuming, of course, that bad things don’t happen financially because of it,” he observes. “If they don’t end up exposing themselves to significant liability and open-ended costs, it was a great move.”

In addition, he notes, HP’s announcement torques up the pressure on Big Blue, which has thus far declined to indemnify its users, many of whom could be targets of litigation from SCO. It also helps to bolster HP’s prestige as a Linux industry leader and advocate, he speculates. “HP has been a bit frustrated for a while by the perception of IBM as the leader of Linux among the system vendors. In fact, HP gets just short of apoplectic when IBM is presented to them as the clear leader in Linux,” he points out. “When this happened, I’m sure there were people inside IBM screaming at [Big Blue’s legal department] saying, ‘You wouldn’t let us do this and now we look really bad. We’re the Linux leader and you blankety-blank lawyers have let HP take some of that away from us.’”

Haff and other analysts say HP’s move makes it all the more difficult for IBM to remain tight-lipped on the subject of indemnification. “Certainly, a lot of people including ourselves certainly wondered why IBM didn’t do something around indemnification early on as a way to largely defuse much of SCO’s threat to its users,” he concludes.

Indeed, the SCO Group has repeatedly challenged IBM to indemnify its customers against potential litigation. IBM has thus far been mute on the subject, however. Ever the provocateur, SCO went on the attack again last week: “Now that HP has stepped up for its customers, SCO once again encourages Red Hat, IBM and other major Linux vendors to do the same. We think their customers will demand it,” the company said in a prepared statement.

Without a doubt, Big Blue is feeling heat from many of its users. One told us that he wouldn’t comment on indemnification or any of the other issues related to the case, saying “The SCO issue is just too hot.” Others refused to comment on any aspect of the imbroglio—even anonymously. Some of these users are Big Iron Linux programmers at small to mid-size companies or government municipalities, while others are programmers with large Fortune 500 companies that could be on the front-line of an attack from SCO. Behind the scenes, the latter group of users has almost certainly taken its concerns directly to IBM.

Nevertheless, there’s anecdotal evidence that some users of Big Blue’s hardware, software, and services aren’t sweating its noncommittal on the indemnification front. Most of the Big Iron Linux users with whom we spoke said that the burden of indemnification rests not with Big Blue but with Linux vendors. They’re proceeding apace with their Linux deployments.

“What specifically is IBM supposed to indemnify its customers against? If I am running AIX, certainly I'd like some backing from my software vendor. If I am running Red Hat Linux on my IBM mainframe hardware, I would want indemnification from Red Hat, who is my software vendor,” says James Melin, a systems programmer with a county government that uses Big Iron Linux. “Is AMD indemnifying its customers for running Linux on an AMD based chipset? Is Intel? No, and they wouldn't be expected to do so.”

Agrees a mainframe systems programmer with a major North American retail chain: “I don't think it's IBM's problem, at least not on the Linux side. If any company were to indemnify us, it would have to be SuSE, our Linux provider.”

Paradoxically, Haff notes, HP’s move may take some of the pressure off Linux vendors such as Red Hat and SuSE and shift it instead to hardware manufacturers such as IBM and Dell, among others. “A Red Hat customer who’s also an HP customer, yes, it takes some of the pressure off [Red Hat]. On the other hand, there’s the other aspect for the Red Hat customer who’s not an HP customer. It’s possible that now they could go to their systems vendor and demand ‘if HP can do it, why can’t you?’”