The dust from CA World is settling down as end users, analysts and true believers try to come to terms with Computer Associates’ sudden interest in the open-source development model. The company has created its own CA Trusted Open Source License (CA-TOSL), not as a rival to the GPL but as a way to protect itself and its customers from SCO-IBM type lawsuits.
CA used its annual CA World to showcase its support for open source with several hard-hitting — and, in a few cases, very surprising — announcements.
The Ingres Enterprise Relational Database Management System (RDBMS) will be released under this license, while the code for the Kernel Generalized Event Management (K-Gem) software will be opened up to the GNU public license. K-Gem will be released to Linux.org, where it will be evaluated thoroughly before being worked into the kernel.
Making It to the Kernel
Ingres runs on several operating systems, including Linux, Unix, Windows and OpenVMS. To make its way into the kernel, the proposed K-Gem code has to be considered the best of what’s being offered at the time.
Andrew Morton and other members of Linux.org will consider all proposed modifications to the kernel as they come in.
“The best code will be adopted,” Dan Kusnetzky, program vice president for system software at IDC, told LinuxInsider. “It may be CA’s contribution. It may be contributions offered by others. In the end, it may be a blending of contributions coming from several sources.”
The Power of the Kernel
K-Gem was originally created to provide standardized support for management applications. Now, as open-source code for Linux, K-Gem will help standardize the event-notification process. Currently, the Linux kernel provides no standard way to tell it that events are going to happen; all event monitoring must be coded by independent software vendors. K-Gem will provide automatic event notification.
The power of K-Gem, CA said, is in keeping users out of the kernel. “For everybody to get their events, they have to modify their kernel,” said Sam Greenbelt, senior vice president of the Linux Technology Group. “K-Gem is a general intercept module that enables any listener to subscribe to getting events from the kernel. K-Gem stops the modification, [because] it’s external to the kernel.”
That is a better way to approach system security because adding security is not as effective as “baking it in,” said Kusnetzky. “Many times in the past, operating environment development was guided primarily by requirements for performance, ease-of-use, reliability, scalability and overall capability — not security,” he said.
Better Security
The past procedure for development has meant that the code, while performing required functions, also may have opened inadvertent vulnerabilities to outside or inside attack. For example, the code may not have been checked for buffer overruns, and it may not have included identity-management safeguards.
With this new initiative, CA said in a written statement, “CA will codevelop, promote and support” existing and new open-source projects. The company seems especially willing to throw its weight and voice alongside Linux, as the enterprise and retail markets are increasingly willing to adopt open-source strategies for their corporate networks and systems.
There are two types of parties to the CA Trusted Open Source License (CA-TOSL): “contributors” and “recipients.” Contributors include an initial contributor, who is the person or entity that creates the initial code distributed under the CA-TOSL, and subsequent contributors, who originate changes or additions to the code.
According to CA, any person or entity that redistributes the program is also a contributor. Recipients include anyone who receives the program under the CA-TOSL, including contributors.