Slashdot Mirror
Protecting Your Code While Allowing Source Access?
foo_48120 asks: "My small development shop, myself and four employees, is taking on a fairly large job that will run a substantial part of the clients business. To protect themselves they want the source code to the project. Frankly I don't blame them. We bid aggressively to get them to underwrite our own efforts to build this code, which we plan to resell again and again. That is the basis for our company.
I have no problem with them holding the source but need to make it clear that we own the code and that they have a license to use it in their business. They may at their discretion hire others to modify the code, but would still be required to pay their maintenance contract and be prohibited from reselling it or using it to run an additional business. How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"
Of course third party developers may break things and we would not be responsible for that or for fixing it without further renumeration.
Ideally, if we make them happy then we will do all future upgrades and add on modules as well. I am not worried about that. I do want to know if anyone has experience in the writing of such a licensing agreement? Perhaps they could provide me with a sample copy of their text?
Let's leave aside for now the issue of totally open source vs. closed source. There are times when you want the product to be proprietary as we do, however I want them to feel comfortable using our code so that if a proverbial plane were to fly into our building and wipe us all out then they don't go down the tubes with us."
When it comes to selling source code, that's the only method that works.
... How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"
First off, find out that what you are talking about is not open source. If it was open source, or a compatible license, than your client company would be free to redistribute.
Second, it's called a contract. And lawyers. Slashdot is neither. Just (have a lawyer) draft a contract specifying exactly what can be done and saying anything not listed is expressly forbidden unless written permission is granted.
Dacels Jewelers can't be trusted.
That's not a very good answer to the "How do you provide open source without escrow" question, now is it?
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
That would totally negate them having the code to begin with.
It sounds like they want the code so that they can make changes to their business software when and how they want it.
If you intentionally make it difficult or impossible to do what they're entitled to do (it sounds like they're wanting to basically buy a copy of the code, like a book or something), then you're in violation of the spirit, if not the terms, of the contract.
Plus, if you're not nice to the people who are paying you lots of money, you're less likely to get repeat business from them.
Many of us at Slashdot have been in similar situations. As such, we know there are certain details to keep in mind regardless if the use of a lawyer or some other type of consultant is necessary. For example:
I play rugby and in a recent match I landed on my foot wrong and parts of my foot went numb. Now, I asked some friends of mine and what do you think they said? "Go talk to a fucking doctor?" No, because they have had past experience with similar situations. They gave me anecdotes about past injuries they had, how they felt, etc. some of which helped, some did not.
Now this is the same here, all of the info given here may not be helpful, but the few comments that are made could tremendously help the person asking the question. So please, if you have something to say about the situation, say it, if you don't, try to help in whatever way you can -- remember, we're a community here.
This is my digital signature. 10011011001
Programmers are morally obligated to give the code to their users and allow their users to freely modify and redistribute the code.
When did this happen?
Is [insert popular novelist here] morally obligated to give away his/her novels, allowing the readers to freely modify and redistribute the text?
I respect the open source movement and I think free (as in speech and beer) software is a Good Thing(tm), but I think saying coders are morally obligated to give away their source code is a step too far.
What? You had better share that insight with all of the commercial software vendors out there quickly before they go out of business! Make sure to include Microsoft, Oracle, IBM, etc...!
Programmers are morally obligated to give the code to their users and allow their users to freely modify and redistribute the code. Again... WHAT? I am not aware of any code of morals saying that developers have an obligation to give away their code. Can you explain to me, all GNU and FSF rhetoric aside, why my company should spend countless resources to create a product that we give the code away for and let people do as they wish with it? I personally don't get that logic.
Slightly offtopic (but not by much): I think that the ideal license is one that says something like: "By purchasing this software you get rights to the source code, to do with as you like *within* your organization. If you plan on offering your changed product outside of your organization, you must sign an approved Royalty agreement with the Publisher..."
Don't bite the hand that feeds and don't assume that you can make money by putting a product out as OSS and that someone will pay you to extend or support it.
This company is paying you for the code, and so, when you are done, then the code belongs to them.
Wrong. The company is paying you for whatever the contract says they are paying you for. No more, no less.
Make me aerodynamic in the evening air
You just need to write an obfuscator then, something that takes the inhouse code and changes variable names and adds bogus modules and subroutines.
And I suppose you bill the client for the time it takes to obfuscate and confuse the code? Or you eat the cost?
Trusted relationships are enforced by contracts all of the time. Comfort yourself with some analogies from other industries, then define the terms of the contract and call your lawyer.
That reduces your problem to catching them if they break ranks with the agreement. Rich comments and the occasional random readme in the source tree (e.g., Java package.html files, copyright headers/footers) help give your code a signature.
Something else just came to mind here. What about splitting the code into libraries versus their proprietary code (unique to their project) and only give the source to the latter? It doesn't sound applicable for your current project, but you may find yourself with an opportunity to reduce your risk later by doing this.
You are checking your backups, aren't you?
If I'm an architect and design a house for you, you get to live in the house. But if an architecture magazine publishes an article on it, I get the royalties, not you. And it's my reputation as an architect that is improved.
The actual issue here is, "How much is the client paying for?" Are they buying use of the end product? of course. Are they buying all rights to and use of the design or source? Probably not all rights and use. So, therefore, the challenge is to work out an equitable and profitable distribution of rights and use between the original client and the artist/programmer.
This post is asking, "What are the methods that are established for describing who gets which uses and rights on a piece of software that was part of a custom contract?"
Open source implies that they have all the rights you specifically say that they will not be granted. Your scheme is closer to Microsoft's Shared Source scheme, or what we often refer to as "source under glass" - Look, but don't touch. Source, yes; open, no.
I'm sure there will be those here who will take an activistic viewpoint and urge you to do something different. I will not. You have every right to release code under any terms and conditions you may legally obtain, and more power to you. But my opinion is that you ought not use the phrase "open source" unless it meets the OSI mark requirements (which your plan most certainly would not).
And their company isn't the first to happen upon this situation.
You always ask your friends about similar situations they may have encountered before you go into some situation. Fools would go ahead and get a lawyer without first discussing it with people who might have had experience with the situation.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
You clearly don't know the difference between what you talking to a lawyer costs, and what talking to the slashdot-crowd costs :)
;-)
You clearly don't know the difference in the quality of advice that a lawyer will give and what talking to the slashdot-crowd will give
In this case you get what you pay for. Seriously, when my brother-in-law who's a realtor has a problem getting his wireless networking problems debugged, do you think he should send out an email to his real-estate buddies? What kind of advice do you think he'll get? They all usually have very strong opinions from what "they knew worked" in the past. It's also usually dead wrong. It's the same here.
Mmmm.. Donuts
Lawyers are better at telling you if what you're trying to do is going to work than telling you what to do. That's where we come in...
Asking Slashdot will likely generate a lot of dumb ideas that won't fly legally, but it also at times generates the occasional 5-Insightful that contains the idea that neither you nor your lawyer would have thought of. Get the idea from Slashdot, run it past the lawyer, and you might just get an idea that would not have been used otherwise.
+1 Funny.
-1 Unemployable.
Dave
I write a blog now, you should be afraid.