Protecting Your Code While Allowing Source Access?

foo_48120 asks: "My small development shop, myself and four employees, is taking on a fairly large job that will run a substantial part of the clients business. To protect themselves they want the source code to the project. Frankly I don't blame them. We bid aggressively to get them to underwrite our own efforts to build this code, which we plan to resell again and again. That is the basis for our company. I have no problem with them holding the source but need to make it clear that we own the code and that they have a license to use it in their business. They may at their discretion hire others to modify the code, but would still be required to pay their maintenance contract and be prohibited from reselling it or using it to run an additional business. How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"

Of course third party developers may break things and we would not be responsible for that or for fixing it without further renumeration.

Ideally, if we make them happy then we will do all future upgrades and add on modules as well. I am not worried about that. I do want to know if anyone has experience in the writing of such a licensing agreement? Perhaps they could provide me with a sample copy of their text?

Let's leave aside for now the issue of totally open source vs. closed source. There are times when you want the product to be proprietary as we do, however I want them to feel comfortable using our code so that if a proverbial plane were to fly into our building and wipe us all out then they don't go down the tubes with us."

Talk to a lawyer

[realmolo]

Seriously, why are you even bothering to "Ask Slashdot?".

This is a legal issue, you'll need legal contracts and agreements, all of that.

Talk to a fucking lawyer.

Re:Talk to a lawyer

[lpret]

Ok, I singled your comment among the many "Go talk to a lawyer" comments because you asked seriously. And I will answer seriously.

Many of us at Slashdot have been in similar situations. As such, we know there are certain details to keep in mind regardless if the use of a lawyer or some other type of consultant is necessary. For example:
I play rugby and in a recent match I landed on my foot wrong and parts of my foot went numb. Now, I asked some friends of mine and what do you think they said? "Go talk to a fucking doctor?" No, because they have had past experience with similar situations. They gave me anecdotes about past injuries they had, how they felt, etc. some of which helped, some did not.
Now this is the same here, all of the info given here may not be helpful, but the few comments that are made could tremendously help the person asking the question. So please, if you have something to say about the situation, say it, if you don't, try to help in whatever way you can -- remember, we're a community here.

Re:Talk to a lawyer

And you don't know the difference between professional legal advice and mindless techie ramblings.

Re:Talk to a lawyer

[donutello]

You clearly don't know the difference between what you talking to a lawyer costs, and what talking to the slashdot-crowd costs :)


You clearly don't know the difference in the quality of advice that a lawyer will give and what talking to the slashdot-crowd will give ;-)

In this case you get what you pay for. Seriously, when my brother-in-law who's a realtor has a problem getting his wireless networking problems debugged, do you think he should send out an email to his real-estate buddies? What kind of advice do you think he'll get? They all usually have very strong opinions from what "they knew worked" in the past. It's also usually dead wrong. It's the same here.

Re:Talk to a lawyer

If he asks Slashdot, perhaps someone might think of a question that he could ask a lawyer that he might not have thought of himself. If he saves an hour by asking the right questions, then he's done himself a favour.

You can basically license the code however you want, provided it doesn't go against other licenses or previous legal agreements.

Re:Talk to a lawyer

[LostCluster]

Lawyers are better at telling you if what you're trying to do is going to work than telling you what to do. That's where we come in...

Asking Slashdot will likely generate a lot of dumb ideas that won't fly legally, but it also at times generates the occasional 5-Insightful that contains the idea that neither you nor your lawyer would have thought of. Get the idea from Slashdot, run it past the lawyer, and you might just get an idea that would not have been used otherwise.

Re:Talk to a lawyer

[rob_from_ca]

The problem is, there is no information that the Slashdot community can give you about legal situations that could be useful. Lawyers aren't allowed to answer (essentially) at all unless they are retained as council. The asker is certainly going to need to speak with a lawyer; period. Why not skip the uninformed legal advice and skip straight to the people who can help navigate the situation. Now, "Does anyone know a good lawyer for handling cases such as blah blah blah" would be a great slashdot question. If it's just for fun and to share anecdotes, that's fine too, but I'd probably stick that into the question somewhere just to avoid the "talk to a lawyer" contingent.

Well, theoretically of course; they will still be there, since tons of people wouldn't actually read the question. I'd suggest putting "I ALREADY HAVE A LAWYER AND AM JUST POSTING THIS FOR INTERESTING AND FUN ANECDOTES" in bold at the top. Although I'm not sure about the wisdom of discussing potentially private legal strategies in public...:-)

Re:Talk to a lawyer

[Frobnicator]

Talk to a fucking lawyer.

The question doesn't say that he DIDN'T talk to a lawyer.

First we're talking about IP, copyright, and trademark. You don't talk to 'a lawyer' becuase most lawyers pass the regular Legal Bar and not those for IP, which are much more difficult.

Second, this kind of issue is best discussed with slashdot AND a lawyer, AND newsgroups, AND maybe a second lawyer.

Third, (I agree) -- talk to a lawyer . :) I have worked with IP lawyers who do non-profit work for free, and personal work for very low cost ($10/hr, more or less). This sounds like you are getting professional work done, but IP lawyers aren't that expensive.

Most of us think of 'Hiring a Lawyer' as an unattainable task, or costing thousands of dollars for extensive work, like is done in court cases. Finding an IP lawyer is easy. Look in the phone book, call the people who don't have full-page ads, and find one that charges between 25-50 per hour and specializes in IP. Find a small business with several lawyers and a single receptionist that has a low, reasonable hourly rate for small projects like that.

In this case where there was extensive bidding going on for the project, the small cost of $200-300 for a day with a competent lawyer should have been included as part of the bid. They probably should have spent $50-100 for a morning with the lawyer while working on the bid, just in case.

Re:Talk to a lawyer

[plover]

The difference is that when you're talking contract law, the devil is most certainly in the details.

Your foot will probably heal by itself. It might heal faster given certain generic treatments (ice, stretching or immobilization or whatever.) And if it doesn't get better in a couple of weeks, you go see a doctor anyway, who goes "tsk, tsk, you should have seen me last week" but fixes you up all the same.

But the contract that he writes and signs will effectively "own" his business and the payrolls of four other people for the next year. If he forgets to dot a legal 'i' or cross some legal 't', a troubled client might take serious advantage of him. Hiring a lawyer to draft the contract will help cover those clauses that might otherwise expose him to some unforseen liabilities.

I'm not saying that his client is shady, or that he isn't honest. I'm saying keep in mind that three years ago every dot-com had a million dollars of venture capital to fund these projects. These days, money is not so free and customers may have their financial situations change. If his client starts feeling the money belt tighten, this guy had better have an airtight contract to make sure that 1) he gets paid for work he does; or at least 2) he can stop working if he doesn't get paid.

The Slashdot crowd will no doubt have some ideas regarding coverage of intellectual property, and I'm sure that's what this guy wants to read. But he needs to spend a few dollars on a decent contract lawyer to ensure that his company's future isn't thrown away by a PREVENTABLE turn of the die. Isn't protecting a million dollar investment worth $5000?

a lawyer

[mosch]

you protect your code with a lawyer, who writes up a contract that says that they're only allowed to use it in the agreed upon ways, and that's that. They'll probably obey it, and if they don't and you catch them, you can sue them and collect your due royalties, plus punitive damages of course.

When it comes to selling source code, that's the only method that works.

First, grab a dictionary.

[Xerithane]

... How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"

First off, find out that what you are talking about is not open source. If it was open source, or a compatible license, than your client company would be free to redistribute.

Second, it's called a contract. And lawyers. Slashdot is neither. Just (have a lawyer) draft a contract specifying exactly what can be done and saying anything not listed is expressly forbidden unless written permission is granted.

Give it to them for Free

[Noose+For+A+Neck]

You would be much better off making your project Free software. Why?

Well, for one thing, the model of selling a product doesn't work in the software development industry. Programmers are morally obligated to give the code to their users and allow their users to freely modify and redistribute the code.

The real money in software is in the services industry. If your company writes the software, it doesn't necessarily have to document it. And, if you write the software, who else knows it as well as you do? You could make a fortune on writing extensions and ironing out bugs that existed in the original project. Just look at Redhat: they are actually making a profit through selling improvements to something that is buggy and hard to use otherwise.

Believe me, businesses pay big bucks for someone else to deal with their problems. Just look at how much your average consultant makes.

Re:Give it to them for Free

[Waab]

Programmers are morally obligated to give the code to their users and allow their users to freely modify and redistribute the code.

When did this happen?

Is [insert popular novelist here] morally obligated to give away his/her novels, allowing the readers to freely modify and redistribute the text?

I respect the open source movement and I think free (as in speech and beer) software is a Good Thing(tm), but I think saying coders are morally obligated to give away their source code is a step too far.

Re:Give it to them for Free

[glenstar]

...for one thing, the model of selling a product doesn't work in the software development industry.

What? You had better share that insight with all of the commercial software vendors out there quickly before they go out of business! Make sure to include Microsoft, Oracle, IBM, etc...!

Programmers are morally obligated to give the code to their users and allow their users to freely modify and redistribute the code. Again... WHAT? I am not aware of any code of morals saying that developers have an obligation to give away their code. Can you explain to me, all GNU and FSF rhetoric aside, why my company should spend countless resources to create a product that we give the code away for and let people do as they wish with it? I personally don't get that logic.

Slightly offtopic (but not by much): I think that the ideal license is one that says something like: "By purchasing this software you get rights to the source code, to do with as you like *within* your organization. If you plan on offering your changed product outside of your organization, you must sign an approved Royalty agreement with the Publisher..."

Don't bite the hand that feeds and don't assume that you can make money by putting a product out as OSS and that someone will pay you to extend or support it.

Re:Give it to them for Free

[ShwAsasin]

"Programmers are morally obligated to give the code to their users"

WRONG! It is at programmers discretion. A progammer wrote the program to fulfill the users requirements for software. It can be interpretted both ways, unless the user specifically wants the source-code, the programmer has no obligation to give it to them.

Generally in contracts I've seen the user retains the rights to that specific binary, but not the source-code. Meaning that the programmer/company can make dirivitives of it, but not hand out the exact same program.

Rather then say open-source every second, in the vastly competitive software development world it is not feasible to say open source all the time. I like open source as much as the next guy, but if they open sourced their program their software technologies could be stolen, and honestly who would know? If they gave the source-code away, even under the GPL, you could modify it and no-one would be the wiser. Yes some people could complain about infringing on the GPL, but if the progammers are good enough at changing things, nobody would know and now your out a good technology.

In a last thought, why is closed-source so bad? If your company spent 5 years and millions on researching an algorithm for X, I personally see no reason why can't make a bit of profit off it and keep it closed source as long as they don't play the patent/copyright/trademark game and take away everyone elses rights to anything similar.

It's a shame that some companies would sink to these levels, but we live in mainly unethical world where business rules everything (or atleast in North America).

Re:Give it to them for Free

[Otter]

Just look at Redhat: they are actually making a profit through selling improvements to something that is buggy and hard to use otherwise.

I think your advocacy might go better if you didn't sound so astonished that your preferred scheme actually worked for someone. (Albeit someone in a business niche that has next to nothing to do with what this guy does.)

And isn't someone going to flame him for claiming that Lunix is buggy and hard to use unless you buy it with Red Hat support?

Re:Give it to them for Free

the model of selling a product doesn't work in the software development industry.

Your statement is too general and doesn't (necessarily) apply here. The business model of selling a software application only fails in the face of large market demand and low barriers to entry. Why? Because if the barriers to entry are low enough (i.e. not too much specialized, high-level technical knowledge is required and the implementation can conceivably be done by some small team of programmers) then some competent geeks will come along and write an application that is nearly as good as a commercial implementation and open-source it for everyone's use.

But in a small niche application (which this sounds like to me; it's not like the guy is offering his client the source to yet another web browser) then there simply isn't enough economic incentive for a small team of programmers to ever provide an open-source solution. For example, no one is ever going to write a comprehensive real estate property management and accounting system and then GPL it (an issue near and dear to my heart, since I'm evaluating a bunch of commercial packages right now).

Programmers are morally obligated to give the code to their users

Um, no. Are you trying to tell me there's something morally wrong with me writing a contract for my clients that says they purchase my work in the compiled, binary representation? Suppose they don't want to pay me the extra salary for designing clean, abstract data structures and making the code readable and well-documented?

I wrote a simple application for a one-shot data migration task recently, and the only concern was that it JUST WORK, once, and then it was thrown away. Why should I have to clean up that design and make it reusable? Why should my client have to pay me to do this?

Re:Give it to them for Free

[Bouncings]

I respect the open source movement and I think free (as in speech and beer) software is a Good Thing(tm), but I think saying coders are morally obligated to give away their source code is a step too far.

Some middle ground here. Obviously the free software vs proprietary software debate isn't going to solve anything in this context. The consultants are clearly developing proprietary software.

Having said that, it is pretty low down dirty and slimy to have a company PAY YOU to write a program, PAY YOU to maintain a program, PAY YOU to give them a copy of the program, then you turn around and claim that they are bound by a license. If they commissioned the work to be done, you shouldn't be trying to shove a license up their butts.

It's just my opinion, but I've had to deal with these kind of consulting companies. If the customer is reading this story, some advice: Hire yourself a different consultant.

And if the consultant is reading this post: You are over stepping your ethical rights. They paid for it, they should control it.

This seems bad...

[sterno]

They may at their discretion hire others to modify the code, but would still be required to pay their maintenance contract and be prohibited from reselling it or using it to run an additional business

So, you've got the possibility that you'll be responsible for supporting the product even though other people are modifying it? How are your people going to have expertise in the work being done by these others?

Why ask on Slashdot?

[Valdrax]

A) This is not open source you're talking about at all. You don't understand the term, obviously, or are abusing it to somehow seem relevant to Slashdot.

B) This is purely a legal question. Ask a lawyer. It's all a matter of the contracts. The first company I worked for did exactly the same thing for one of their product lines, a COBOL-based transaction processing system. You got the code, but if you wanted support, you had to pay us. You couldn't resell the code without getting your ass sued off. It's just that simple. There is no technical solution to it. You just make it very clear that you can take them for all they're worth if they resell your code.

Get a lawyer. Leave the work to them.

Re:Escrow

[p3d0]

That's not a very good answer to the "How do you provide open source without escrow" question, now is it?

Sometimes I fail to understand people

[Tim_F]

They are paying you to code something for them. You are a contract firm. What you code for them is their property. Would you get to keep your code if you worked for a company? No, the code would belong to them. This company is paying you for the code, and so, when you are done, then the code belongs to them. They lose their monetary investment if you get to keep the code and resell it to their competitors.

Re:Sometimes I fail to understand people

[Phillip+Birmingham]

This company is paying you for the code, and so, when you are done, then the code belongs to them.

Wrong. The company is paying you for whatever the contract says they are paying you for. No more, no less.

Re:Leave out the Comments

[Courageous]

While I'm sure you intended to be funny, showing a customer bad code is a bad idea. It risks making them wonder how reliable and safe your code is, for one thing. This will make them consider someone else.

C//

Copyright Law...

[loucura!]

Assuming you are in the United States, your work is still covered under US Copyright law. Just because you are giving them access to the source code, does not give them redistribution rights, or the right to make a derivative without expressed permission.

So, all you should need is an (C) Your Co.
All Rights Reserved.

If that doesn't work, a handy lawsuit works wonders.

Shared Source

Go read the license agreement for Microsoft's Shared Source. I'm guessing they've got the legalities of something like this worked out fairly well. :)

Re:I would make two version of the tree

[viking099]

That would totally negate them having the code to begin with.
It sounds like they want the code so that they can make changes to their business software when and how they want it.
If you intentionally make it difficult or impossible to do what they're entitled to do (it sounds like they're wanting to basically buy a copy of the code, like a book or something), then you're in violation of the spirit, if not the terms, of the contract.
Plus, if you're not nice to the people who are paying you lots of money, you're less likely to get repeat business from them.

For what purpose?

[perrin5]

Here's a question for you:
You said "for their protection". Protection from what, precisely?
If they are concerned that you, as a company will cease to exist, and they will no longer be able to modify their code, then the previously mentioned escrow service should be perfectly fine with both of you. If this is another issue, the question of relevance comes to mind. If they want it to be sure that the software is "secure" from buffer overflows, etc, then you will need to hire a lawyer and write some sort of ironclad document to make sure they can't steal it, sell it, or claim any royalty fees on it. If they want it for any other purpose, I don't see them having a ligitimate claim to the software. I mean, sure, they're your employers, but unless there was something funny in the bid documents, they probably don't have any "right" to see the code.

Ask them to pay you want you want?

[gsfprez]

I don't mean to sound flippant.. but i'm in a line of work where, when i work during the day, i assume that that work is done, and that tomorrow, i'm going to get paid for working tomorrow.. and not to keep getting paid and repaid for the work i did last week.

Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"

Why do you not just simply charge them for getting a job accomplished, and then, if they want you to come back, tell them it will cost them more money?

If you think that there is something to your work, and if the source code get distributed, then you may see that others will want to pay to have you come and work for them to help them integrate whatever it is that is so wonderful that you wrote up.

What you sound like you want is "pay us now, but we want to hold our code hostage so that any time someone uses it, you want to get paid."

If you were to ask 3 times as much for your work, and they got an unlimited use of your code, would that be sufficient?

IANACIAAA (I am not a coder, i am an analyst), so please, this is not a "you suck" post.. this is an honest question.... where does my idea fall flat, if it does, please tell me, i want to be educated.

So that you can get a sense of where i'm coming from.... what i do every day is i sell out my brain power (and those of my partners here) by the hour.

I get paid to give someone a analysis of this, or an analysis of that... and i tell them "that will take 6 months and cost you $100,000". My reputation is good, so i get more people to come back to me and keep hiring me to do more work for them.

I do not hold my output hostage.. .i give it freely to the companies, and their use of it is what they will of it, except that they must reference the writer - me - when they use the data. They are not allowed to say "this analysis was done by us" I only ask that they say "this analysis was done by gsfprez".

What else they do with the data, i don't care, and its not my business....I have gotten plenty of work simply from others seeing my output, and they were impressed.

My customers always have new problems, and i'm here to help them when those problems come up. They also have partners, and so, they come to us for help because they saw what were were able to accomplish.

When they do, they ask me how much it will cost.... they pay us then....

rinse, lather, repeat.

Re:Ask them to pay you want you want?

[JordoCrouse]

Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"

Why do you not just simply charge them for getting a job accomplished, and then, if they want you to come back, tell them it will cost them more money?

In a business situation, its never about just paying for software, and you are done. Nobody wants to pay $100,000 dollars for a chunk of software, have a CD arrive in the mail, and have that be it. They want the peace of mind of knowing that bugs will be fixed, support will be offered, and most importantly, that the expertise of the developers will be available to them if they choose.

No offense, but this isn't just a report or some finite amount of data that you provided. This sort of thing always goes way beyond just delivering a binary.

Re:Ask them to pay you want you want?

[The+Panther!]

There's a huge difference between a programmer and an analyst, as you describe it. Programmers create an eternal product, that is source code that solves a particular problem. Often, problems are recurrent and the same solution will work in an infinite number of cases. If you have access to the source code, it can be adapted to meet the changes in problem parameters. Some programmers can make it their life's work to maintain a single solution-giving set of source code, and get paid well to do so.

Analysis of a problem doesn't solve anything directly, so you work in a service-oriented field. It's information to be used or not used, but at the end of the day, you haven't solved the problem being analyzed. They might hire 20 analysts (wastefully) to provide insight or estimates, and they might all disagree, and they won't have solved the problem. However, after a programming team does their work, the problem is solved now and forever. Programmers are content/solution producers. Analysts are not.

I'm not judging either field. I'm simply stating that your analogy and your plea for "A Day's Pay For A Day's Work" is meaningful ONLY in a service oriented profession. Otherwise, you'd have musicians that could never get paid more than once for making a recording, and authors that would always get paid one time for a book, or programmers that could never sell the same software several times. Do you see the difference?

Re:Ask them to pay you want you want?

[rabidcow]

Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"

It's not that, it's distributed payment for work. It's "I want to be paid in full, but they don't want to pay that much so we'll compromize."

Let's say a coder produces a program at $100/hr and it takes 4,000 hours. This will cost $400,000. No one wants to pay $400,000 for that software. This company in question specifically does not want to pay $400,000.

So what do you do? You sell it to them cheaper and say "but you can't sell this to anyone else, because you haven't fully paid me for it."

It's like a rental, except it's not time based because no one ever has to return it. Instead, it's instance based. You rent x copies of the code, forever. To be fair, they should be able to sell their copies so long as they stop using them (and don't sell more than they've bought).

Now eventually the coder may have made the full cost of the software, been fully compensated. They could release it for free after this, but software isn't a sure bet. You can have one product make a substancial profit and have another be a total loss. If the potentially profitting projects were cut off when they had been fully paid, all software companies would lose money.

Comanies that do this.

[Flamesplash]

First off there are other companies that "license" their source code, like ICS. You could always find one of these companies and ask them how they do it.

Second, this does simply sound like a licensing issue. You trust your customers not to hack the license keys for the binary form of your product, or to redistribute it. So perhaps it's all about trust....

You could try...

Keeping it in some sort of off-site (for both) lockbox (a bank?). Something that allows you to both get to it, but at the same time, logs any access to it so you can make sure people don't just go get it.

This is assuming that they want the code in case of a disaster where the code is otherwise lost. If they just want it so they don't have to pay you for upgrades (and have their in-house people do half-assed upgrades to it) they will not want this option, so you'll know right off the bat that they are trying to purchase a one-time license to use the code any time they want.

Add a few zero's to the price tag if they want a one time purchase of a license to the code because you might as well get paid up front since you'll never, otherwise, see any money from updates / tech. support.

Well, who pays for that?

[955301]

You just need to write an obfuscator then, something that takes the inhouse code and changes variable names and adds bogus modules and subroutines.

And I suppose you bill the client for the time it takes to obfuscate and confuse the code? Or you eat the cost?

Trusted relationships are enforced by contracts all of the time. Comfort yourself with some analogies from other industries, then define the terms of the contract and call your lawyer.

That reduces your problem to catching them if they break ranks with the agreement. Rich comments and the occasional random readme in the source tree (e.g., Java package.html files, copyright headers/footers) help give your code a signature.

Something else just came to mind here. What about splitting the code into libraries versus their proprietary code (unique to their project) and only give the source to the latter? It doesn't sound applicable for your current project, but you may find yourself with an opportunity to reduce your risk later by doing this.

This issue is hardly as black and white as that...

[JLavezzo]

If I'm an architect and design a house for you, you get to live in the house. But if an architecture magazine publishes an article on it, I get the royalties, not you. And it's my reputation as an architect that is improved.

The actual issue here is, "How much is the client paying for?" Are they buying use of the end product? of course. Are they buying all rights to and use of the design or source? Probably not all rights and use. So, therefore, the challenge is to work out an equitable and profitable distribution of rights and use between the original client and the artist/programmer.

This post is asking, "What are the methods that are established for describing who gets which uses and rights on a piece of software that was part of a custom contract?"

That's not open source

[nsayer]

Open source implies that they have all the rights you specifically say that they will not be granted. Your scheme is closer to Microsoft's Shared Source scheme, or what we often refer to as "source under glass" - Look, but don't touch. Source, yes; open, no.

I'm sure there will be those here who will take an activistic viewpoint and urge you to do something different. I will not. You have every right to release code under any terms and conditions you may legally obtain, and more power to you. But my opinion is that you ought not use the phrase "open source" unless it meets the OSI mark requirements (which your plan most certainly would not).

Mod Parent up, +5 Funny...

[siskbc]

Oh...wait...you mean that wasn't sarcasm? You actually wrote that with a straight face? Now *that* is funny.

Let's see how your opinion of free software changes after Mommy and Daddy stop paying for school and you have to get a job. Your tune will change when you realize that people who give away software won't be hiring you, because....they have no money to pay salaries! Hell, where does Linus get his paychecks? Not from a company releasing its intellectual property for free. As for consulting...you want to add up all the dollars spent on software (binaries) compared to consulting services? It isn't remotely close. Nice try.

This whole "all source code should be free" crap is only popular among people who don't work for a living (and, somehow, Stallman). When you own your code, and make a living off of it, it's amazing how your views tend to change. It's kind of like how the hippies of the 60's became the 80's Me-generation - money and power (and closed source code!) is only bad when someone ELSE is controlling it.

But thanks for the troll, that was a good one!

Because some of us work in software companies..

[Inoshiro]

And their company isn't the first to happen upon this situation.

You always ask your friends about similar situations they may have encountered before you go into some situation. Fools would go ahead and get a lawyer without first discussing it with people who might have had experience with the situation.

No punitive damages

They'll probably obey it, and if they don't and you catch them, you can sue them and collect your due royalties, plus punitive damages of course.

You cannot collect punitive damages for breach of contract.

Finally, a real answer.

[charon_on_acheron]

This is the only post so far to actually answer the original Ask Slashdot question. Instead of the fifty redundant posts saying "Get a lawyer", and the other ten saying "That's not open source", RudeDude actually gave a relevant response. Good grief, what was he thinking? That's not the way to karma whore.

Re:Easy

[LostCluster]

No, but /. is the place for him to get ideas as to what to tell the lawyer to put into the license.

A lawyer is like a complier. You write code in English, he compilies it into airtight Legalese. However, if you give him a bug in the unput, his contract can still crash.

Re:Sure

[xsadar]

You mean when you only want to eat a piece of the cake and not the whole thing? He just wants to give his customers a few extra rights without giving up ALL of his. It's just like all of those documents you see that say you can distribute them but not modify them. Except in his case it's the other way around.

Re:Spaghetti code?

[WasterDave]

+1 Funny.

-1 Unemployable.

Dave

Re:Sure

We're not talking about The Open Source Definition (OSD) here, we're talking about giving a client access to the source code, and stopping them from distributing. Technical measures will fail (you could make it more difficult, but without legal backing you're screwed anyway), so you need legal. I'd remove the Open Source terminology from it entirely and get a lawyer to draft up a contract. Put in something that says they have to follow certain procedures when using the source code to lower the risk of it getting out, and that they have to pay damages if the source code is leaked.

Personal experience

[RobinH]

This is a very common issue at the company I work for. Any company that does custom engineering work (we do computer hardware, electrical design, installation, and of course software) for more than a single customer MUST retain ownership of their code simply because you can't afford to rewrite all of your software every time you get a contract with a different company.

When we quote a project, we do it based on the amount of work it will take to accomplish it, but we don't sell them hours of engineering work. We sell them a working system. If we budget 500 hours and it takes 1000 hours to write some custom piece of software, the customer doesn't have to pay us twice as much for the project. We sell them a system, with the license to use the software, and we give them a copy of the code as a deliverable for them to modify and use for the specific system we sold them.

Most people think companies like ours try to retain ownership so that the customer has to pay us royalties, but the fact is, we rarely, if ever, charge for maintenance. We sell a warranty with the system, so we fix any bugs that arise. If we do a good job, they hire us back to make changes to the system, which we do get to charge for. However, our customer can just as easily go to a different company and hire them to make the change, because our software license permits that.

The real reason we have to retain ownership is so that we can freely copy portions of code from previous projects to use in future projects. Say, for instance, we wrote a code module that abstracts a certain piece of hardware. If we used that same piece of hardware on another project, we would want to use the same code module to make our life easier. Unfortunately, if our previous customer owned the software, we would have to pay THEM royalties to use that software!!! The fact is, retaining ownership of that code gives us a competitive advantage in future projects, because some of our development is already done, so we can try to under-bid our competition (who are doing the same thing we are, by the way).

In fact, writing software today is rarely a case of writing code from the ground up, and selling it to someone. Now our job is to take existing pieces and put them together to form a system. That's why companies in our industry are called "Systems Integrators".

Re:And make them get a bond to back up their word

[drudd]

Guess what... you just talked yourself out of the contract. No company is going to put up any of its own assets to put your mind at ease. They'll just go with the next highest bidder who doesn't want them to jump through so many hoops.

Doug