Computer Associates: On the Road to Damascus? Or to the Bank? Both?

Monday, May 24 2004 @ 11:09 AM EDT

Contributed by: PJ

This is one headline I wasn't expecting. Computer Associates has seen the Linux light and released K-Gem under the GPL:

"Computer Associates has contributed a significant piece of widgetry it calls K-Gem to the Linux kernel that should put Linux in the running for B1 security clearance by 'hardening' it.

"K-Gem, short for Kernel General Event Module, will also simplify the lives of other ISVs by curing the 'hooking nightmare' that has haunted Linux, according CA Linux chief Sam Greenblatt.

"Linux developers will no longer have to intrude on the kernel and modify it to accomplish something as seemingly basic as event notification.

"K-Gem will standardize the event notification process, tell the kernel that, say, someone wants to open a file and in turn pass that 'event' to a security module such as CA's own eTrust Access Control for access authorization. . . .

"The development puts Linux on a footing with, say, Sun's Solaris, which has had built-in event notification for a dog's age."

The article says the code has already been turned over to Andrew Morton and once the code is cleared, they say it will become part of the kernel by August. That's a bit of an assumption.

CA says they will "shortly be announcing" that they've joined the Eclipse Foundation:

"Indeed, Greenblatt said at CAWorld, CA will make several major announcements about working with the Linux community and fostering community support in general."

Peter Galli puts it this way:

"Linux is getting driven deeper into the core products of Computer Associates International.

"At its CAWorld conference in Las Vegas this week, CA will make several announcements regarding extended support for Linux and open-source software.

"Central to the effort, according to Computer Associates International Inc. officials in Islandia, N.Y., is the formation of a new open-source foundation that will house and support open-source code, which will be made available under open-source licenses, officials said."

Uh oh. I hope somebody told them that just because you donate code, it doesn't mean it will necessarily be accepted. And that the GPL is irrevocable. Do we actually need a new corporate-run foundation to support open source code? Whose code? And in what way do they intend to "support" it? I think I'd like to look at the fine print before I sign on that dotted line.

IBM and HP are, according to Greenblatt, in favor of this development:

"'We are pretty excited about this,' he said. 'It is the first major step to creating a kernel that will be independent for ISVs. We're also excited about it because we have gotten endorsement from our friends at IBM and [Hewlett-Packard Co.] over it.'"

Excuse me, but with all due respect, IBM and HP are not in charge of the open source and free software community. They don't decide what goes into the kernel. We are happy to have them, but they don't run things. As nice as it might seem to some to have Linux with increased security capabilities and in a new space, one that governments care about, this is a good time to really think about the overview. What should Linux be? What should it do? What is the role of corporate "benefactors"? If corporations remake Linux in their own image, the rest of us are out-a-here. I know I am. I chose GNU/Linux software precisely because I trusted the authors of the code, and I appreciated the freedom to copy, modify and distribute the code. I trust that the authors haven't slipped in some code that spies on me or takes note of my taste in music or whatever. The values of the community, freedom, ethics, and sharing, matter to me more than how well the code works even. I am not interested in Brand X Linux.

We have already seen what corporate involvement can mean. Lawsuits, cutthroat competition, and attempts to kill the GPL. Thanks, but I believe I've had enough of that for one lifetime. OSDL exists already. FSF exists already. So does OSI. Why not fund free and open source groups that already exist, that actually spring from the community, instead of setting up their own corporate version? What need are they filling? This is nothing against CA, and it's very nice they want to join in and I hope they make buckets of money from Linux, if they are sincere and not just out to make a buck at the expense of everything we care about. But there is a little water under this bridge. And it really is time to think about who gets to do what and on what terms.