Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Tech lead copying code from open source GitHub repo
6 points by l33tc0de on April 8, 2022 | hide | past | favorite | 13 comments
Hi, I have been working at my tech company for last 3 years as Senior engineer (6 years experience in total). Four months back we hired a new tech lead for our team, who happens to be my manager as well. I didn't interviewed her.

At first things looked normal and she seemed to be a great person/engineer. However, last week I was doing a code review of a PR raised by her and noticed a code which looked very familiar, something I have seen in an open source project (that I closely follow). On a deeper look I found that multiple files have been copied from the open source project (with an MIT license) and have been added in our proprietary code.

I'm not sure how to handle this situation, it seems illegal (definitely not ethical).

Can someone please let me know what to do here?

Edit: The MIT license is not mentioned in our proprietary code



I'd just flag that you may want to confirm license requirements in the PR review. It doesn't seem like a rare oversight to make and code reuse is so common in general.

I remember reviewing someone's PR and realizing I recognized some of the code from a previous company (that was open source, but there was no attribution). I just pointed it out in my review and we decided to remove that code, no big deal.


I mentioned this in other thread, but one thing that concerns me is she has been saying its ‘her code’ and why she used specific object oriented patterns. I want her to save face and not be embarrassed, but at the same time its wrong to copy without giving appropriate credit


Ahh I see, that is unfortunate. Please don't take this as all around advice as I'm not sure what your relationship is like with this coworker, but here's what I can imagine doing in this situation:

I'd reach out in Slack DM (or whatever method of daily communication is commonly used) and ask: "Hey, was just reviewing on your PR (it's looking great) and noticed some familiar code from [name of source]. Do you know if we need to include attribution for these parts to be safe? [Link]"

It opens the conversation with a "casual" question - asking for advice, even - rather than a straight up accusation. The "it's looking great part" is likely unnecessary, I just have a habit of trying to throw in something good to start on a more positive note. It does ignore whatever claims have been made about writing the code that was taken, but perhaps it's not necessary to bring that up at all to start with, essentially giving this person an out to correct the mistake. With it now being clear that these things do get noticed, I'd think it's likely to not happen again.

But like I said, not sure if this is an appropriate approach for your specific situation.


Thanks. It's tricky she's my manager as well. But, i have been at the company longer than her, she joined 4 months back.


I'd still say just follow /u/drakonka's advice. Just do it in a non-confrontational matter. Simply say this file was included which is legally fine you just need to add documentation attributing the project. You don't even need to point out that she added it. If the files are lifted directly, then there isn't any argument that you're wrong. You can only speculate as to how she'll react. She may simply (honestly) say it was an oversight.

That said I wouldn't worry about the legal aspects. Even if it's unethical, you're company simply isn't going to get in trouble for it. It's not really your problem anyway (though I guess they could be angry with you if they knew that you knew and never said anything).


“the MIT License also permits reuse within proprietary software, provided that all copies of the software or its substantial portions include a copy of the terms of the MIT License and also a copyright notice” from Wiki - https://en.m.wikipedia.org/wiki/MIT_License

So maybe illegal if the license isn’t in the repo?


The license is not mentioned in our code


Dumb idea, but couldn't you just add the license in a comment or file?


So, first she's my manager as well apart from being a lead, secondly she has said things like 'my code' and 'design decisions I took' in a PR review call, so I bet she would be embarrassed once i ask her to add the license, but i know I'm not wrong.

on the other hand, i can just let this go and don't say anything to anyone, sucks to do this


It's legally and ethically fine as long as the copyright notice remains, right? I'd simply make a PR comment noting that the copyright notice should be included. They might not know it's needed, and either way lets them save their face. No need for drama unless they make it.


Thanks. I'm a bit concerned since she has been saying that its 'her code' and why she made certain decisions while writing that code.


Without knowing the full picture, it sounds sketchy to me. You might want to reach out to her manager, or someone else on that level, who you trust. But if you do, it can have consequences. So you need to decide if you are ready to face the consequences. E.g. it could lead to her losing her job. Or you might lose your job. If you’re not comfortable with that, then maybe just look the other way.


Probably fine - even if it was in breach of some os license - how would they (the original author of the code) know and lift a burden of proof in a civil court?

Besides that it is good practice if you copy something from somewhere to put that fact in a comment or commit message.

Makes it easier to maintain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: