Slashdot Mirror
Protecting Your Code While Allowing Source Access?
foo_48120 asks: "My small development shop, myself and four employees, is taking on a fairly large job that will run a substantial part of the clients business. To protect themselves they want the source code to the project. Frankly I don't blame them. We bid aggressively to get them to underwrite our own efforts to build this code, which we plan to resell again and again. That is the basis for our company.
I have no problem with them holding the source but need to make it clear that we own the code and that they have a license to use it in their business. They may at their discretion hire others to modify the code, but would still be required to pay their maintenance contract and be prohibited from reselling it or using it to run an additional business. How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"
Of course third party developers may break things and we would not be responsible for that or for fixing it without further renumeration.
Ideally, if we make them happy then we will do all future upgrades and add on modules as well. I am not worried about that. I do want to know if anyone has experience in the writing of such a licensing agreement? Perhaps they could provide me with a sample copy of their text?
Let's leave aside for now the issue of totally open source vs. closed source. There are times when you want the product to be proprietary as we do, however I want them to feel comfortable using our code so that if a proverbial plane were to fly into our building and wipe us all out then they don't go down the tubes with us."
When it comes to selling source code, that's the only method that works.
... How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"
First off, find out that what you are talking about is not open source. If it was open source, or a compatible license, than your client company would be free to redistribute.
Second, it's called a contract. And lawyers. Slashdot is neither. Just (have a lawyer) draft a contract specifying exactly what can be done and saying anything not listed is expressly forbidden unless written permission is granted.
Dacels Jewelers can't be trusted.
That's not a very good answer to the "How do you provide open source without escrow" question, now is it?
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
They are paying you to code something for them. You are a contract firm. What you code for them is their property. Would you get to keep your code if you worked for a company? No, the code would belong to them. This company is paying you for the code, and so, when you are done, then the code belongs to them. They lose their monetary investment if you get to keep the code and resell it to their competitors.
Assuming you are in the United States, your work is still covered under US Copyright law. Just because you are giving them access to the source code, does not give them redistribution rights, or the right to make a derivative without expressed permission.
So, all you should need is an (C) Your Co.
All Rights Reserved.
If that doesn't work, a handy lawsuit works wonders.
Black and grey are both shades of white.
That would totally negate them having the code to begin with.
It sounds like they want the code so that they can make changes to their business software when and how they want it.
If you intentionally make it difficult or impossible to do what they're entitled to do (it sounds like they're wanting to basically buy a copy of the code, like a book or something), then you're in violation of the spirit, if not the terms, of the contract.
Plus, if you're not nice to the people who are paying you lots of money, you're less likely to get repeat business from them.
Many of us at Slashdot have been in similar situations. As such, we know there are certain details to keep in mind regardless if the use of a lawyer or some other type of consultant is necessary. For example:
I play rugby and in a recent match I landed on my foot wrong and parts of my foot went numb. Now, I asked some friends of mine and what do you think they said? "Go talk to a fucking doctor?" No, because they have had past experience with similar situations. They gave me anecdotes about past injuries they had, how they felt, etc. some of which helped, some did not.
Now this is the same here, all of the info given here may not be helpful, but the few comments that are made could tremendously help the person asking the question. So please, if you have something to say about the situation, say it, if you don't, try to help in whatever way you can -- remember, we're a community here.
This is my digital signature. 10011011001
Programmers are morally obligated to give the code to their users and allow their users to freely modify and redistribute the code.
When did this happen?
Is [insert popular novelist here] morally obligated to give away his/her novels, allowing the readers to freely modify and redistribute the text?
I respect the open source movement and I think free (as in speech and beer) software is a Good Thing(tm), but I think saying coders are morally obligated to give away their source code is a step too far.
What? You had better share that insight with all of the commercial software vendors out there quickly before they go out of business! Make sure to include Microsoft, Oracle, IBM, etc...!
Programmers are morally obligated to give the code to their users and allow their users to freely modify and redistribute the code. Again... WHAT? I am not aware of any code of morals saying that developers have an obligation to give away their code. Can you explain to me, all GNU and FSF rhetoric aside, why my company should spend countless resources to create a product that we give the code away for and let people do as they wish with it? I personally don't get that logic.
Slightly offtopic (but not by much): I think that the ideal license is one that says something like: "By purchasing this software you get rights to the source code, to do with as you like *within* your organization. If you plan on offering your changed product outside of your organization, you must sign an approved Royalty agreement with the Publisher..."
Don't bite the hand that feeds and don't assume that you can make money by putting a product out as OSS and that someone will pay you to extend or support it.
First off there are other companies that "license" their source code, like ICS. You could always find one of these companies and ask them how they do it.
Second, this does simply sound like a licensing issue. You trust your customers not to hack the license keys for the binary form of your product, or to redistribute it. So perhaps it's all about trust....
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
You just need to write an obfuscator then, something that takes the inhouse code and changes variable names and adds bogus modules and subroutines.
And I suppose you bill the client for the time it takes to obfuscate and confuse the code? Or you eat the cost?
Trusted relationships are enforced by contracts all of the time. Comfort yourself with some analogies from other industries, then define the terms of the contract and call your lawyer.
That reduces your problem to catching them if they break ranks with the agreement. Rich comments and the occasional random readme in the source tree (e.g., Java package.html files, copyright headers/footers) help give your code a signature.
Something else just came to mind here. What about splitting the code into libraries versus their proprietary code (unique to their project) and only give the source to the latter? It doesn't sound applicable for your current project, but you may find yourself with an opportunity to reduce your risk later by doing this.
You are checking your backups, aren't you?
If I'm an architect and design a house for you, you get to live in the house. But if an architecture magazine publishes an article on it, I get the royalties, not you. And it's my reputation as an architect that is improved.
The actual issue here is, "How much is the client paying for?" Are they buying use of the end product? of course. Are they buying all rights to and use of the design or source? Probably not all rights and use. So, therefore, the challenge is to work out an equitable and profitable distribution of rights and use between the original client and the artist/programmer.
This post is asking, "What are the methods that are established for describing who gets which uses and rights on a piece of software that was part of a custom contract?"
Open source implies that they have all the rights you specifically say that they will not be granted. Your scheme is closer to Microsoft's Shared Source scheme, or what we often refer to as "source under glass" - Look, but don't touch. Source, yes; open, no.
I'm sure there will be those here who will take an activistic viewpoint and urge you to do something different. I will not. You have every right to release code under any terms and conditions you may legally obtain, and more power to you. But my opinion is that you ought not use the phrase "open source" unless it meets the OSI mark requirements (which your plan most certainly would not).
Oh...wait...you mean that wasn't sarcasm? You actually wrote that with a straight face? Now *that* is funny.
Let's see how your opinion of free software changes after Mommy and Daddy stop paying for school and you have to get a job. Your tune will change when you realize that people who give away software won't be hiring you, because....they have no money to pay salaries! Hell, where does Linus get his paychecks? Not from a company releasing its intellectual property for free. As for consulting...you want to add up all the dollars spent on software (binaries) compared to consulting services? It isn't remotely close. Nice try.
This whole "all source code should be free" crap is only popular among people who don't work for a living (and, somehow, Stallman). When you own your code, and make a living off of it, it's amazing how your views tend to change. It's kind of like how the hippies of the 60's became the 80's Me-generation - money and power (and closed source code!) is only bad when someone ELSE is controlling it.
But thanks for the troll, that was a good one!
-Looking for a job as a materials chemist or multivariat
And their company isn't the first to happen upon this situation.
You always ask your friends about similar situations they may have encountered before you go into some situation. Fools would go ahead and get a lawyer without first discussing it with people who might have had experience with the situation.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
You clearly don't know the difference between what you talking to a lawyer costs, and what talking to the slashdot-crowd costs :)
;-)
You clearly don't know the difference in the quality of advice that a lawyer will give and what talking to the slashdot-crowd will give
In this case you get what you pay for. Seriously, when my brother-in-law who's a realtor has a problem getting his wireless networking problems debugged, do you think he should send out an email to his real-estate buddies? What kind of advice do you think he'll get? They all usually have very strong opinions from what "they knew worked" in the past. It's also usually dead wrong. It's the same here.
Mmmm.. Donuts
Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"
Why do you not just simply charge them for getting a job accomplished, and then, if they want you to come back, tell them it will cost them more money?
In a business situation, its never about just paying for software, and you are done. Nobody wants to pay $100,000 dollars for a chunk of software, have a CD arrive in the mail, and have that be it. They want the peace of mind of knowing that bugs will be fixed, support will be offered, and most importantly, that the expertise of the developers will be available to them if they choose.
No offense, but this isn't just a report or some finite amount of data that you provided. This sort of thing always goes way beyond just delivering a binary.
Do you have Linux and a DotPal? Click here now!
Lawyers are better at telling you if what you're trying to do is going to work than telling you what to do. That's where we come in...
Asking Slashdot will likely generate a lot of dumb ideas that won't fly legally, but it also at times generates the occasional 5-Insightful that contains the idea that neither you nor your lawyer would have thought of. Get the idea from Slashdot, run it past the lawyer, and you might just get an idea that would not have been used otherwise.
Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"
It's not that, it's distributed payment for work. It's "I want to be paid in full, but they don't want to pay that much so we'll compromize."
Let's say a coder produces a program at $100/hr and it takes 4,000 hours. This will cost $400,000. No one wants to pay $400,000 for that software. This company in question specifically does not want to pay $400,000.
So what do you do? You sell it to them cheaper and say "but you can't sell this to anyone else, because you haven't fully paid me for it."
It's like a rental, except it's not time based because no one ever has to return it. Instead, it's instance based. You rent x copies of the code, forever. To be fair, they should be able to sell their copies so long as they stop using them (and don't sell more than they've bought).
Now eventually the coder may have made the full cost of the software, been fully compensated. They could release it for free after this, but software isn't a sure bet. You can have one product make a substancial profit and have another be a total loss. If the potentially profitting projects were cut off when they had been fully paid, all software companies would lose money.
+1 Funny.
-1 Unemployable.
Dave
I write a blog now, you should be afraid.
Guess what... you just talked yourself out of the contract. No company is going to put up any of its own assets to put your mind at ease. They'll just go with the next highest bidder who doesn't want them to jump through so many hoops.
Doug
Venn ist das nurnstuck git und Slotermeyer? Ya! Beigerhund das oder die Flipperwaldt gersput!