Tracking Code to Its Origins?

openbear writes "While doing a code review for a closed source project at work I came across a few files that were stolen from an open source project. The individual that did this was dumb enough to leave the original license in one of the files, however he was smart enough to remove all trace of where the code came from. He since quit the organization, so we (the developers) can't get to him to find out where he got this code from. Now management wants us to ship the product as is (with the stolen code intact) because we can't point to the original source of his questionable code. A few of us scoured sourceforge and several apache projects but couldn't find anything matching. My question is: What is the best way to track down where this code originated from. Is there an organization that would help? A tool? A website?"

what about rewriting the code?

[krs-one]

Couldn't you just rewrite the stolen code? If your program has a main API and such, then couldn't you just rewrite the code to match your API or something like that. Unless the code is the majority of your project, I see no reason why it simply couldn't be rewritten.

-Vic

Re:Errr, you still need to try harder...

This isn't even a copyright law issue per se

You don't have to agree to the terms of the GPL (or many of the other opensource licenses). But if you don't agree, standard copyright applies, and so you are now violating copyright law by re-distributing the source code.

So his company can probably pick: license violation or copyright violation. Which is worst, I don't know, but copyright law isn't "viral".

Either way if word gets out which company this is, I hope people copy their programs to every corner of the web and send them into bankruptcy.

Management is just as guilty

Now management wants us to ship the product as is (with the stolen code intact) because we can't point to the original source of his questionable code

If your management beleives this, they are just as guilty as the original stealer. Call the police on the original coder and when the shit hits the fan he'll take the blame instead of your company. Either way, get that code out of your program ASAP!

Re:Errr, you still need to try harder...

[Jerf]

So his company can probably pick: license violation or copyright violation.

No, there's the two legal options, too: Find the author and obtain permission, possibly with the judicious use of cash, or dike the code out and replace it with something they wrote.

but copyright law isn't "viral".

I can derive no meaning from that phrase. My best-guess rebuttal is that yes, if the code was GPL'ed and they release it, then they are legally obligated to release the source to the whole program under the terms of the GPL. They may refuse; they may also go on a murderous rampage, slaughtering all in their path. But not legally.

(I admit it, I posted this reply just for the last mental image.)

A setup?

Are you even sure that the code is OpenSource in the first place? Did the moron who put it there to set the company up before he left? He could do so by 1) adding OpenSource code to your product knowing it's wrong, or 2) simply add the appropriate license to fsck with the company after he left.

How do you know it was stolen?

[cperciva]

This might be a dumb question, but how do you know the code was stolen? Maybe he just decided to stick a license at the top of some code he wrote in order to confuse people. Or maybe he wrote the code himself for a different project, and when asked to write the same thing just copied his work across intact.

There are any number of legal possibilities, and I can't see that they can be simply discarded based on the information provided.

Re:Errr, you still need to try harder...

I can derive no meaning from that phrase. My best-guess rebuttal is that yes, if the code was GPL'ed and they release it, then they are legally obligated to release the source to the whole program under the terms of the GPL.

If you steal source code from another proprietary project (say microsoft), once you get caught microsoft doesn't neccessarily own your project. You usually just pay fines and restitution, maybe get jail time, and of course be forced to remove the offending code. Its copyright violation. You don't need to "accept" any terms of any license to steal the code.

An example of pure copyright violation is the Cadence vs. Avanti settled last year. A few ex-cadence employees took cadence code with them when they left to create Avanti. They payed hundreds of millions in restitution, one guy (Yuh-Zen Liao) even got 1 year jail time. I submitted this story when it happened as it involved source code and would seem to be a good story for the slashdot crowd, but sadly it was rejected. A full recap here. May this story act as a deterrent to anyone thinking of stealing source code.

Grep for it!

[phr1]

Get a big compilation source code CD like the Yggdrasil Internet archives, or even a regular Red Hat source cd. Then run a script which unpacks the zip files as needed, and greps for some sample strings from the code.

Also, you might paste a few lines into a comment on this thread and see if anyone recognizes it.

Re:Do a different search?

[Mr+Guy]

No no no. YOU don't talk to him. YOUR LAWYER explains where providing illegal services is a breach of contract, and how you will be suing for damages, compounded by the damages to your customers.