

Google legal may force developers to take down the Keyczar crypto library - ayrx
https://groups.google.com/forum/#!topic/keyczar-discuss/WpUWGcDIEYI

======
JohnTHaller
If it was already released as Apache and everyone contributed under that
license, contributors outside of Google have no need to sign a Google CLA.
Everyone can continue using it outside of Google without issue.

~~~
robert_tweed
That depends on whether there's documentation that Google legal did indeed
approve the release of Google-owned code under the Apache licence as Steve
Weis claims.

If not, Google can't claim to own the whole project, but they can claim they
own bits of it and refuse to allow distribution of those bits, just as they
could if someone had release core parts of the Google search algorithms
without permission. In that case, the choices for the project are to either
create a clean fork without any of the Google contributions, or cease
distribution altogether. It also leaves downstream users in a somewhat awkward
legal position. I certainly wouldn't want to depend on the project for
something that directly competes with a Google service, for instance.

Still, more likely it's just a mistake by Google legal and furthermore, it's
highly unlikely they would go around suing people, especially when it's not
100% clear that the IP was released without permission. Still a bit of a messy
situation though.

~~~
jkot
Google is distributing this library under Apache license "as we speak". But I
would not use OS lib if it has such question mark.

~~~
dogma1138
Doesn't mean much, if you are a developer for company X and you have
restriction in your contract which are fairly standard these days that grant
full or partial ownership on any thing you do on or off the job while being
employed sticking an open source license for it won't save you.

I've seen quite a bit of "open source" projects being pull off when the
employer discovered them, and while it's true that you can't effectively pull
anything off the internet, it also means that no one with a shred of common
sense would ever touch them again with a 10 feet pole.

This is slightly more complicated since it's been released by the corporation
under an OSS license. It's also less about employees doing something on their
own, and more about the company fearing that some one external will lay claims
to parts of the cod from what i understand. But there can be still internal
legal complications that would result in this being pulled off completely or
dropped.

------
CptMauli
Thats why it is a good idea to have a CLA in the first place. I don't
understand why postgres for instance doesn't require one.

~~~
tomiko_nakamura
IANAL, of course, but ...

1\. There's no suitable legal entity that could receive the copyright/rights
on behalf of the PostgreSQL project. There are entities handling domains/...
but that's not really useful.

2\. The fact that developers keep all the rights (except for implicitly
allowing use by submitting the patches) makes the project immune to particular
changes. For example no one can suddenly change the license used by the
project - it's going to be MIT-like license forewer.

3\. I really wonder how this CLA works outside USA, in countries with
different copyright laws. Say, Europe, Japan, South America - where a lot of
PostgreSQL contributors live.

The fact that PostgreSQL has no CLA is one of the reasons why I work on this
project. I'm the one who keeps copyright, etc. I'm not saying establishing a
CLA would make me quit immediately.

Moreover, I don't see how a CLA could be established after 15+ years of a
project.

------
colinbartlett
Any way to see this without a Google account?

~~~
blfr
It loads fine without logging in.

~~~
icebraining
Google has a weird state between logged in and logged out. I believe it
happens when your session has expired, but the cookies are still being sent.
You're constantly asked to login again to access completely open pages.

