Analyst and consulting firm Gartner responded to the recent move by Linux creator Linus Torvalds and the Open Source Development Lab to formalize a process for tracking the source of Linux source code contributions.
In a bulletin to its clients, Gartner said that the move will help bring some order and present more of a formal process to open source development, but added that enterprises still face risks when bringing open source software onto their production networks.
Last week, Linux Torvalds and the OSDL announced a plan where contributors to the Linux source code tree would have to register to have their code reviewed and included in the kernel.
Gartner says any process put in place won't be an automatic protection against future claims by organizations or individuals saying that Linux infringed upon their intellectual property. Part of the problem could come from the fact that contributions by developers who are recognized by the OSDL and part of the formal development process may still contain patent-infringing code from other sources that are bundled into the larger contribution.
Another issue, according to Gartner, is that the OSDL's development process would not cover older versions of the Linux kernel. Also, enterprises interested in open source should realize that the OSDL's process for code verification only applies to Linux - other open source packages are not yet covered.
Gartner says the best bet for enterprises worried about patent infringements around open source is to work with suppliers and vendors that offer indemnification to customers to protect against any future claims of patent or copyright infringement in Linux by other companies or individuals.
