Red Hat claims that Oracle's bid to clone Red Hat's market-leading version of the Linux operating system will result in broken software, nonworking hardware and security holes for corporations seduced by Oracle's offer of discount support.
Third-party experts tend to agree -- despite Oracle CEO Larry Ellison's vow to the contrary -- that the source code for Oracle's 'Unbreakable Linux' will likely fork significantly from Red Hat Enterprise Linux over time.
"Effectively, Oracle is creating a separate Linux distribution by assuming responsibility for Red Hat software after it has reached end of life," said Paul Henry, vice president of technology evangelism at Secure Computing, a vendor of security software.
And while some experts think Oracle would have done better by creating an entirely new version of Linux -- as was rumored -- most believe Red Hat's assessment of potential problems is exaggerated.
"I honestly don't see it creating a huge security problem," said Aaron Newman, chief technology officer at Application Security, a New York-based security consulting firm. "Oracle may have issues with their database patches. But I don't see a lot of serious security holes in Linux: It's open-source, so everyone sees the code."
"If Oracle decides to be a team player, I see nothing but good coming from this," said Phil Cox, a principal consultant at System Experts, a security consultancy. "But if they decide to port everything and keep patches to themselves, meaning the only way you could get them is through an Oracle support contract, it could cause a significant problem."
There are already several clones of Red Hat Enterprise Linux (RHEL), the most popular being CentOS . But all are small, open-source projects that lack the backing of a multibillion-dollar software company with a reputation of being aggressive.
In a Web rebuttal posted the day after Ellison announced Oracle's incursion into Red Hat's core support business last week, Red Hat was adamant that Oracle will deviate strongly from Red Hat and customers will suffer.
"Simply put, this derivative will not be Red Hat Enterprise Linux and customers will not have the assurance of compatibility with the Red Hat Enterprise Linux hardware and application ecosystem," the statement said. Hardware and software certified for RHEL will become "invalidated" with Oracle's flavor, according to Red Hat, and Oracle support customers will experience a delay in getting the latest updates from Red Hat, especially security patches, the company said.
"In the case where the update corrects critical security flaws, Oracle customers may be exposed to additional risk," Red Hat said.
Oracle officials did not return a request for comment.
Newman disagrees with Red Hat's argument. "If something gets fixed in Red Hat, it should get fixed in Oracle," he said. He reasoned that Oracle is likely to maintain Unbreakable Linux as close to RHEL as possible so Red Hat continues to do all of the research and development "heavy lifting," allowing Oracle to benefit "for free."