

Writing Open Source Software? Make Sure You Know Your Copyright Rights - wagtail
http://blog.smartbear.com/software-quality/bid/275129/writing-open-source-software-make-sure-you-know-your-copyright-rights

======
ds9
Parts of the article are very misleading. There are ambiguous statements,
outright errors and general incoherence.

"...shun copyright licensing altogether. When they do that, they put all their
collaborators at risk and themselves face potential liability claims"

You're exposed to claims if you _use someone else's code_ without permission.
But if you simply fail to specify a licence for your own code you do not incur
any risk.

"Since that convention [Berne] was put into place, all software development
involve copying and derivatives, Phipps said; all programming without a
license potentially infringes on copyright"

Complete rubbish. Because there is a Berne Convention, you have to copy code
instead of writing something new??? Of course not.

Independent creation is a complete defense against any copyright claim (tho
not against patent claims). Again, copying others' work without permission may
infringe, but one's rights in one's own code do not depend on specifying any
particular licence (as long as you don't sign away rights to someone else).

"That's why [if you want to start a new project] you need to apply for an open
source license" (brackets in original, paraphrasing Phipps of OSI again)

More nonsense. As soon as you write some code, you own the copyright, and if
you don't specify otherwise you retain all rights provided by statute. If you
want it to be an open-source or "Free" (in the Stallman sense) project, you do
need to specify a licence that allows others to contribute without risk of you
suing them - but you don't have to "apply for" a licence. The latter phrase
implies asking someone to grant you something, there is no such requirement.
You're free to apply any licence of your choice to your own code, an existing
one or make up a new one.

The part on "work for hire" is not as bad but still ambiguous on some points.
Generally your employer can't claim rights in anything you do outside of your
day job unless it is using code or ideas from the day job, or unless you
signed away your rights in a contract. Using the employer's time or facilities
would put your rights at risk.

I haven't read the rest but it is poorly written. There are better sources of
info out there.

~~~
ethomson
Disclaimer: IANAL

> You're exposed to claims if you _use someone else's code_

The article doesn't say that the author of the software is at risk if he/she
shuns licensing. It say that _their collaborators_ are at risk. Which is true.
Because as you point out, "as soon as you write some code, you own the
copyright."

If you were to write some code and _not_ place it under a legitimate open
source license - "shun copyright licensing altogether" as the article states -
then you have placed collaborators at risk. If I were to modify that code,
redistribute it, etc, then I've taken on liability and you could sue me for
infringing your copyright.

------
niggler
Relevant: [http://www.codinghorror.com/blog/2007/04/pick-a-license-
any-...](http://www.codinghorror.com/blog/2007/04/pick-a-license-any-
license.html)

~~~
Nursie
Amusing but the description of the GPL is a bit off

"The archetypal bearded, sandal-clad free software license. Your code can
never be used in any proprietary program, ever! Take that, capitalism!"

GPL absolutely can be used in closed source, it just can't be distributed as
closed source (see the much rumoured, heavily customised Google-internal-linux
as an example). The AGPL is more like the statement above.

~~~
falcolas
Sadly, the definition of "distribution" is so vague that many lawyers won't
allow you to "distribute" your code to a box you don't own outright, in an
effort to reduce their liability.

I've been in a few companies where this was a problem, since we were working
in part for the government, which required us to run our code in nodes which
were owned by a separate contractor. The lawyers interpreted that as
distribution, and we had to replace the GPL'd portions of code we were using.

~~~
Nursie
That doesn't seem all that unreasonable to me, you have really distributed to
someone else at that point if they own the box, so at the least the GPL kicks
in for them.

------
udp
So if I accept pull requests without asking people to sign a CLA, what kind of
ramifications could this have for my project in the future?

Also, if the license says "Copyright <author> et al." (as many license headers
do), does the copyright actually belong to the contributors as well as the
author? How is this determined?

~~~
Nursie
(IANAL)

Git isn't my primary source control solution -- edit: corrected in view of
useful information below --

If you accept pull requests and pull data into your repo from other folks
without a asking them to assign copyright or sign a very open CLA then that
means the copyright is now joint.

The ramifications of this tend to be that you cannot re-license the code
without their permission, unless the original license says you can.

Example - your project is GPL, you accept submissions from a bunch of other
people. You decide you want to release a closed-source binary-only
commercially-supported extra-special version with plugins and hotsauce. You
can't unless you get permission from everyone that's contributed to the
project, because the rights you have to their submissions are governed by the
GPL. With copyright assignment, you as the now sole copyright holder could do
this.

Ramifications will vary by license and by what you want to do.

~~~
tholmes
You have the right idea about pull but you're mixing up pull and pull request.
Pull is a git verb that means to get code from another location. A pull
request is asking someone else to get my changes.

So for an example, if you found a bug in some open source software you used
you could make a change in the code that fixed it and then file a pull request
with the original author of the software. This asks them to incorporate your
changes.

~~~
Nursie
Thanks, wasn't sure on that point! I assumed a pull request was someone asking
you/your server if they could pull data from it, not requesting you/your
server pull data from elsewhere.

Now I know.

------
jeffdavis
Some projects are easier and safer to work with than others. The PostgreSQL
project doesn't require assignment, and the license is BSD (without
advertising clause, of course) so there isn't much to argue about.

But in any case, you do need to know whether you have copyright ownership of
the code or a suitable license before you use it in a contribution.

------
j_s
With an awareness of the ideology the source, this is helpful:
<http://www.gnu.org/licenses/license-recommendations.html>

