Insuring Contributed Code is Legal?

← Back to Stories (view on slashdot.org)

Insuring Contributed Code is Legal?

Posted by Cliff on Friday December 1, 2006 @08:27PM from the not-swallowing-the-poisoned-pill dept.

WanderingGhost asks: "Suppose you start a free software project and have people from all over the world wanting to contribute (hey, that's good eh?) How can you tell if they actually have the right to contribute at all? Contributors may live in different countries and work for different companies, and that means different laws and different contractual agreements. Aside from asking the person (I've found that this doesn't always work), what else would you do? Is there some place where you can find all information about IP laws of different countries (for example Japan, India, China, Russia) just so you can tell what would be the 'default holder of copyright' if a work contract says nothing about IP rights?"

71 comments

Min score:

Reason:

Sort:

Not quite... by asklepius · 2006-12-01 20:30 · Score: 5, Informative

I think you mean ENsuring.

This grammatic lesson brought to you by the letter, "e".
1. Re:Not quite... by Trentus · 2006-12-01 21:00 · Score: 1
  
  Maybe a grammar checker should be added to the next firefox update...
2. Re:Not quite... by Anonymous Coward · 2006-12-01 21:01 · Score: 0
  
  Do Slashdot "editors" get paid at all?
3. Re:Not quite... by Anonymous Coward · 2006-12-01 21:09 · Score: 0, Insightful
  
  http://m-w.com/dictionary/ensure
  
  If the subtle differences in these almost interchangeable words are correctly explained at Merriam Webster online, then the title is correct.
4. Re:Not quite... by EnglishTim · 2006-12-01 22:46 · Score: 1
  
  Well done, 'editors'...
5. Re:Not quite... by Anonymous Coward · 2006-12-02 00:11 · Score: 0
  
  No, as stated in the reference you cited, "ensure" is for making things certain, the other two are not.
6. Re:Not quite... by maxume · 2006-12-02 01:16 · Score: 1
  
  Perhaps ensure is better style, but insure is fine grammatically.
  
  See:
  
  http://www.answers.com/topic/insure
  http://www.answers.com/topic/ensure
  http://www.answers.com/topic/assure
  
  --
  Nerd rage is the funniest rage.
7. Re:Not quite... by thc69 · 2006-12-02 02:05 · Score: 1, Offtopic
  
  In actual usage, they are quite different. "insure" means that somebody will pay money if something goes wrong. "ensure" means checking to make sure it's correct in the first place. The headline reads very differently, and I was confused as to why you would want to buy an insurance policy for contributed code, and why it would not be legal to do so if you really wanted to.
  
  Here's what happens when you insure stuff:
  
  Well I'm a sucker for fine Cuban cigars
  The problem is I can't afford 'em
  But last year I went and got myself a whole box
  And just to be safe I insured 'em
  
  I took out a policy against fire and theft
  And then I hurried home
  With a thirty-cent lighter I sat on my back steps
  And I smoked 'em one by one
  
  Two weeks later I went to see that insurance man
  And I handed in my claim
  With a straight face I told him that through a series of small fires
  They'd all gone up in flames
  
  They reviewed my case and they had no choice
  But to pay me for what I'd done
  And I took that check and bought a whole new box
  And I smoked 'em one by one
  
  Two weeks later this detective shows up
  Tells me that company's pressin' charges
  One speedy trial later they locked me up
  On twenty-four separate counts of arson
  
  And now I sit and I stare at a blank brick wall
  Lookin' back on what I've done
  To pass the time I've got some ten-cent cigars
  And I smoke 'em one by one
  Yeah, I smoke 'em one by one
  
  (Brad Paisley, "The Cigar Song")
  
  Now, if he had ensured that they wouldn't burn, rather than insuring that they wouldn't burn, he wouldn't be in jail. See? Big difference!
  
  --
  Procrastination -- because good things come to those who wait.
8. Re:Not quite... by Anonymous Coward · 2006-12-02 03:15 · Score: 0
  
  Dictionaries present their words based on popular usage. Because insure is popularly used in place of ensure, it has come to have a similar meaning. Although the original meanings may have varied as stated by other /.ers, I'm fairly certain they are nearly interchangeable at this point. If you take a look at the links provided to Merriam-Webster, Answers.com, or even have a look at dictionary.reference.com, you'll see that they all provide definitions for "insure" that are equal to "ensure".
  
  It was stated best by the /.er who said:
  "Perhaps ensure is better style, but insure is fine grammatically."
9. Re:Not quite... by cbiltcliffe · 2006-12-02 03:16 · Score: 1
  
  "You are a stupid fuck," is fine grammatically, too, but it doesn't mean the same as "What a nice young slashdotter that maxume is."
  
  I'm sure if I used these interchangeably, you'd be understandably upset.
  
  While answers.com says they supposedly mean the same thing, I don't know anyone (besides the submitter and /. editors, of course) who actually uses "insure" in this way.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
10. Re:Not quite... by maxume · 2006-12-02 03:23 · Score: 2, Insightful
  
  If nit picking is going to be done, there is something to be said for worrying about correctness while doing it...I completely agree that ensure is a much better fit, but the error was anything but grammatical.
  
  --
  Nerd rage is the funniest rage.
11. Re:Not quite... by DoktorSeven · 2006-12-02 03:54 · Score: 2, Insightful
  
  Wrong. The two mean completely different things:
  
  "Insuring Contributed Code Is Legal?" -- Asks the question "What is the legality of purchasing insurance on contributed code?"
  "Ensuring Contributed Code Is Legal?" -- Asks how to make sure code that is contributed is legal.
  
  Given the context of the article, only #2 is correct.
  
  I've seen a lot of "common usage" and "evolution of the language" bullcrap about errors like this, and they don't make sense. If the use of a word is stupid and doesn't make sense, then maybe it should be changed, but we have a clear distinction between the two words "insure" and "ensure". Sure, they sound similar, but so do a lot of other words. That doesn't give you an excuse to declare that they are the same in meaning. Any dictionary that tells you differently is wrong.
  
  And yeah, you might find an error or two in anything I say. Sorry. The error in the headline didn't bother me so much because I know someone made a mistake. Mistakes happen, we're all human. It's the fact that someone is actually *DEFENDING* the mistake that bugs the hell out of me.
  
  --
  This is a sig. Deal with it.
12. Re:Not quite... by cbiltcliffe · 2006-12-02 04:10 · Score: 1
  
  Well, fair enough, but I'd say from my extensive experience with the English language, that about.com's definition is incorrect.
  Although Webster online agrees with about.com, there is an extra statement in the definition of "ensure" that ensures that your sentence means what you think it means (see what I did there?...)
  
  "but ENSURE may imply a virtual guarantee <the government has ensured the safety of the refugees>,"
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
13. Re:Not quite... by Fastolfe · 2006-12-02 04:13 · Score: 1
  
  Only a few dictionaries have started suggesting that "insure" could have the same meaning as "ensure". While I agree with their motives, tracking popular usage, you still will not see any reputable publisher using "insure" to mean "ensure". Maybe you will in another generation, I don't know. Yes, it's becoming popular usage, but it's becoming popular usage because people are using it incorrectly, which, IMO, is a good reason to resist. If this were simply a new word, or an existing word used to describe a brand new thing (for which another word does not exist), that's usually an acceptable evolution of the language. But when it's "popular usage" only because people don't know how to spell, I'd rather point it out as an error, even though a minority of dictionaries have picked up on it.
  
  Companies write dictionaries, and companies are in business to make money. Dictionary companies are in business to give you books that let you determine the meaning for words. Dictionaries are not necessarily intended to show you what is correct and what is not, though many attempt that. If a word is becoming popular, it is in the best interests of some dictionaries ($$$) to point out its meaning. This should not imply that it's acceptable English in educated circles.
14. Re:Not quite... by WuphonsReach · 2006-12-02 05:00 · Score: 1
  
  This grammatic lesson brought to you by the letter, "e".
  
  Also brought to us by the outstanding editors of Slashdot.
  
  --
  Wolde you bothe eate your cake, and have your cake?
15. Re:Not quite... by alibo · 2006-12-02 05:30 · Score: 2, Informative
  The narrow definition of insure as 'protect by insurance' seems fairly recent. OED2 has citations from 1724, 1825 and 1864 of insure as 'To make safe, to secure, to guarantee (against, from): = ASSURE v. 1c, ENSURE v. 6', see insure v. 6. Merriam-Webster's dictionary of English Usage (1994) has several citations of insure as ensure, from 1969, 1982, and 1986:
  
  '... would insure against any akward second marriage' -- Mollie Hardwick, Emma, Lady Hamilton, 1969
  
  '... his sudden fame probably insured a backlash' -- Calvin Tomkins, New Yorker, 6 Dec. 1982
  
  '... held that school officials had the right to insure that a high-school assembly proceed in an orderly manner' -- William Safire, N.Y. Times, 24 Aug. 1986
  
  The Columbia Guide to Standard American English, Merriam-Webster's Unabridged (3rd ed.), the American Heritage Book of English Usage, the American Heritage Dictionary (4th ed.), Random House Unabridged Dictionary (2nd. ed.), the Oxford American Dictionary of Current English, the Oxford Dictionary of English (2nd. ed), and the Century Dictionary (1889) all have the definition of insure as ensure.
  
  Garner's The Oxford Dictionary of American Usage and Style and Pocket Fowler's Modern English Usage (by Burchfield/Allen) both restrict insure to the financial sense. Insure as ensure is not accepted by everyone, but insure as ensure is certainly no recent development or attempt to generate more sales by adding fake 'new words'.
  
  You may not want to use insure this way (like Garner and Allen), but that doesn't make anyone who disagrees with you wrong or uneducated.
16. Re:Not quite... by Fastolfe · 2006-12-02 05:51 · Score: 1
  
  Indeed. Thanks for the citations. Looks like I made some bad assumptions.
17. Re:Not quite... by honkycat · 2006-12-02 06:40 · Score: 1
  
  Actually, the "ensure"-like meaning of "insure" is not a modern common usage thing. According to the Oxford English Dictionary, it was in use in the 1600s. In fact, the OED also notes that this use is obsolete. It's more complicated than just letting new "incorrect" meanings into new dictionaries...
18. Re:Not quite... by maxume · 2006-12-02 06:59 · Score: 1
  
  We just need to go to a better authority:
  
  http://en.wiktionary.org/wiki/ensure
  
  (which strikes me as actually being wrong...)
  
  I hadn't ever really looked at wiktionary before, but the synonym as definition of synonym stuff is a poor idea.
  
  --
  Nerd rage is the funniest rage.
19. Re:Not quite... by cbiltcliffe · 2006-12-02 08:30 · Score: 1
  
  Actually, I know what the problem is, now.....
  
  2. (US) to insure.
  
  "Ensure" is only synonymous with "insure" in the US. I'm not in the US, so this seems to me to be the same as Americans not being able to spell "humour" and "colour".
  Although, having said that....have you ever heard a Canadian say "Detroit"? That's the worst mangling of phonetic pronunciation I've ever heard......
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
20. Re:Not quite... by maxume · 2006-12-02 09:23 · Score: 1
  
  We do other strange things too, like avoiding organ meat and blood pudding, and going to the dentist. Zing!
  
  Being from Michigan(you should hear the fun people have trying to make up a word for that; Michiganian, Michigander, Yooper, Go back to Ohio/Indiana/Illinois), I have certainly heard Detroit said in many ways. I think they are probably using a French 'i', which makes a bit of sense if you look at the history and so forth.
  
  --
  Nerd rage is the funniest rage.
21. Re:Not quite... by arose · 2006-12-02 10:40 · Score: 2, Funny
  
  Don't you mean iditors?
  
  --
  Analogies don't equal equalities, they are merely somewhat analogous.
22. Re:Not quite... by Jerry+Coffin · 2006-12-03 05:20 · Score: 1
  
  Dictionaries present their words based on popular usage. Because insure is popularly used in place of ensure, it has come to have a similar meaning. Although the original meanings may have varied as stated by other /.ers, I'm fairly certain they are nearly interchangeable at this point.
  
  Probably this thread is mostly forgotten by now, but just in case anybody's still paying attention, here's what the Oxford English Dictionary has to say about the situation:
  The form INSURE is properly a mere variant of ensure, and still occasionally appears in all the surviving senses. In general usage, however, it is now limited to the financial sense (with reference to 'insurance' of life or property), in which the form ensure is wholly obsolete.
  So, at one time, the two were entirely synonymous, and now they're noticeably different. Nonetheless, although it's no longer in general usage, substituting "insure" for "ensure" doesn't necessarily change the meaning.
  
  --
  The universe is a figment of its own imagination.
23. Re:Not quite... by Monkelectric · 2006-12-03 19:12 · Score: 1
  
  That has to the the furthest Ive ever seen anyone go to quote a song.
  You're right about the use of the word thou.
  
  --
  Religion is a gateway psychosis. -- Dave Foley
24. Re:Not quite... by thc69 · 2006-12-04 07:39 · Score: 2, Insightful
  
  I didn't think the word "thou" was involved.
  
  --
  Procrastination -- because good things come to those who wait.
25. Re:Not quite... by thc69 · 2006-12-04 07:44 · Score: 1
  
  Stupid HTML...I had put a "<G>" in there. I guess I should have used a ";)" instead.
  
  --
  Procrastination -- because good things come to those who wait.
26. Re:Not quite... by Intron · 2006-12-06 08:34 · Score: 1
  
  Feel free to use "insure" in a contract with someone. When it doesn't happen, you will find out if you are financially liable. That should give you the answer better than a random page on the internet.
  
  --
  Intron: the portion of DNA which expresses nothing useful.
27. Re:Not quite... by maxume · 2006-12-06 08:57 · Score: 1
  
  Which would be a legal thing, not a grammatical thing, which is the nit I was picking with the initial nit picker. There is no doubt in my mind that ensure should have been used, but the error wasn't 'grammatical'.
  
  --
  Nerd rage is the funniest rage.
But how do I Ensure that my Insured Code is Legal? by NeMon'ess · 2006-12-01 20:30 · Score: 3, Funny

Anyone?
I assume it's legal... by Anonymous Coward · 2006-12-01 20:45 · Score: 1, Funny

I mean, you can get insurance for just about anything. I assume that goes for contributed code...
1. Re:I assume it's legal... by thegrassyknowl · 2006-12-01 23:39 · Score: 1
  
  Insurance is really just a form of gambling. If you've seen Rat Race you'd know that people will gamble on anything. ;)
  
  --
  I drink to make other people interesting!
Signed affidavits are the answer! by GrizlyAdams · 2006-12-01 20:46 · Score: 2, Insightful

Before allowing commit access to your repository, or accepting patches from someone, have them submit a signed affidavit specifically stating that they will not contribute any code they do not have the rights to. This is likely to result in less developers offering to contribute though as many folks can't be bothered to go through the hassle. Solves both your problems the way I see it (too many developers and legal liabilities.)

IANAL, but I did sleep in my own bed last night. (Tis a joke and a serious statement in one.)
1. Re:Signed affidavits are the answer! by WanderingGhost · 2006-12-01 22:24 · Score: 1
  
  I suppose you mean I should get him to GPG-sign a letter?
  That seems interesting.
  
  Something like: the contributor signs a statement *and* the key he'll use
  to commit to the repository (because my CVS doesn't use GPG keys). If anything
  goes wrong, then I have his letter stating that everything is legal, and if he
  didn't have the right to do that, he's in trouble and I'm not.
  
  But does that always work? regardless of what he claims, if the code is not his,
  it may belong to someone. And I may need to revert the commit. And if his
  contribution was part of a restructuring that went on two years ago, it means
  the project needs to start from scratch...
  
  Or am I wrong?
  (Yeah, I'm paranoid.)
2. Re:Signed affidavits are the answer! by WanderingGhost · 2006-12-01 22:34 · Score: 1
  
  "because my CVS doesn't use GPG keys"
  
  I meant, "my VCS, Monotone, uses a key that is not compatible with GPG"
3. Re:Signed affidavits are the answer! by julesh · 2006-12-02 00:45 · Score: 4, Interesting
  
  I think the idea is to get contributors to send you something, signed, on a piece of paper. This is what the FSF does, and a few other large projects have followed their lead. In FSF's case, the piece of paper is also a copyright assignment, which you probably don't want as it puts a lot of potential contributors off. What you want to do is check out something like the following with a lawyer:
  
  I hereby certify that the work I have submitted to is my own work, which I am entitled to licence under the provisions of , and that I am not aware of any patents or other legal issues that may prevent its use in . I hereby grant a licence to distribute the work under the terms of (attached).
  
  You possibly also want to include a similarly phrased paragraph to cover future submissions by the same contributor, if you expect any.
  
  What this does is (again, IANAL, so this isn't legal advice, check it with a professional, actual facts may vary from jurisdiction to jurisdiction):
  
  1. Means you've performed "due diligence" before accepting the work. You've got a signed statement from somebody stating that there wouldn't be any issues. If you do have legal expenses insurance (and I'd recommend it; at least where I live it isn't expensive) your insurers will almost certainly want to see something like this before they'll agree to defend you in a court case. In a court case, I think it would be enough to show that you hadn't knowingly infringed any copyrights, which may be enough to prevent any damages being awarded against you. You'd have to cease distribution, of course, but in the end it would probably not actually cost you anything. It's probably not as good in the case of a patent infringement, where I believe strict liability rules apply, but that's substantially less likely to affect you, fortunately.
  
  2. Means you've got a clear, easy to prove licence to distribute, so your contributor can't turn around and sue you. Yes, this is unlikely, but it's great to cover all angles.
  
  A GPG-signed e-mail may be adequate, but check with a lawyer. In my jurisdiction, I believe it would be iff I could prove the key belonged to the person I believe it to, which can be a quite tricky proposition. In yours, it might not be acceptable at all. Check everything. A signed fax may be better than an e-mail. This is the kind of knowledge you pay a lawyer for.
4. Re:Signed affidavits are the answer! by julesh · 2006-12-02 00:47 · Score: 1
  
  I hereby certify that the work I have submitted to is my own work, which I am entitled to licence under the provisions of , and that I am not aware of any patents or other legal issues that may prevent its use in . I hereby grant a licence to distribute the work under the terms of (attached).
  
  Ahem.
  
  I hereby certify that the work I have submitted to [project] is my own work, which I am entitled to licence under the provisions of [licence], and that I am not aware of any patents or other legal issues that may prevent its use in [project]. I hereby grant a licence to distribute the work under the terms of [licence] (attached).
5. Re:Signed affidavits are the answer! by svunt · 2006-12-02 03:16 · Score: 1
  
  my CVS doesn't use GPG keys
  That looks like the result of a virulent strain of dyslexia. CVS, VCS? PGP, GPG? God damn, we're running out of acronyms that don't make my brain hurt.
6. Re:Signed affidavits are the answer! by Fastolfe · 2006-12-02 04:03 · Score: 1
  
  Unfortunately this isn't as tidy a solution as you probably would like, but it's the best one can do, IMO. If it's found that infringing code is in your project, you're still technically infringing their copyrights. Even though you can point to someone else and say, "It's their fault!", you're still on the hook if they don't get what they want out of the other guy. (Of course, you'd have a really good case against the other guy if you end up losing, but if he has no money, you still might be SOL.)
  
  It's all about balancing costs and risk. What is the likelihood that this will happen? How much would it cost if it did? What are the costs to mitigate it? Getting something in writing from contributors, and ensuring you have good contact information, are great first steps.
7. Re:Signed affidavits are the answer! by Raenex · 2006-12-03 03:57 · Score: 1
  
  A signed fax may be better than an e-mail. This is the kind of knowledge you pay a lawyer for.
  
  It's really insane for people to have to seek out a lawyer and pay for legal advice for common issues such as this. This is where the internet and sharing information should help. I'd say asking on Slashdot is a good start. I'm sure if he keeps poking around he'll find some good advice by others who were faced with the same problem.
  Besides the money, the other problem with hiring a lawyer is that you may end up getting bad advice. It would be better to get a view from many people, hopefully some of whom have already talked to lawyers.
8. Re:Signed affidavits are the answer! by julesh · 2006-12-04 01:31 · Score: 1
  
  The problem with asking something like this on a site like slashdot is twofold:
  
  1. Armchair lawyers. Sure, I'm one of 'em. I like to think I'm better than most, but it's very hard to tell who's reliable and who isn't.
  2. This kind of thing varies from place to place. You need somebody local.
9. Re:Signed affidavits are the answer! by daybot · 2006-12-04 12:42 · Score: 1
  
  > Before allowing commit access to your repository, or accepting patches from someone, have them submit a signed affidavit specifically stating that they will not contribute any code they do not have the rights to Best ensure they're insured, too...
Well, by Anonymous Coward · 2006-12-01 20:52 · Score: 0

Is it really your legal responsibility to vet all your contributors?
1. Re:Well, by thegrassyknowl · 2006-12-01 23:19 · Score: 1
  
  I guess it is kind of the project admin's responsibility to ensure that all the contributed code is legal. It's not easy to do though - how do you check it even if someone says that it is?
  
  You just have to trust that if some corporation (they almost always are) takes exception that you can demonstrate identify who contributed what so you can pass the blame rather than taking the rap yourself.
  
  --
  I drink to make other people interesting!
2. Re:Well, by mysticgoat · 2006-12-02 05:56 · Score: 1
  You just have to trust that if some corporation (they almost always are) takes exception that you can demonstrate identify who contributed what so you can pass the blame rather than taking the rap yourself.
  The concern here is probably not so much who takes the blame than for keeping the project alive. A finding that the contributor screwed it up doesn't protect the project from the loss of his code. If the project is going to survive, it should probably be the one to defend its code.
  If you've got documentation that clearly asserts that the contributor had the right to make the contribution, any legal action is going to be preceded by an exchange of mails over several months:
  
  Ink Inc: the use of Purple Prose in the commentary of crucialBigPatch violates our copyright and we demand that you either pay us ONE MILLION DOLLARS or remove the code immediately. Oooh, I mean ONE BILLION DOLLARS.
  
  Project: we have a legitimate license to use the code in crucialBigPatch given to us by Ima Scammer and here is a copy of that. So we are not infringing on your copyright and will neither pay you nor remove the code.
  
  Ink Inc: Ima Scammer did not have the right to give that to you because of blahblah. Please respect our copyright because we do not want to have to take you to court. We will accept your payment of ONE BILLION DOLLARS PLUS ACCRUED INTEREST FROM THE DATE OF FIRST NOTIFICATION.
  
  Project: We have given your last letter our full attention and we find that blahblah does not apply because of yaddayadda. Please don't bother us any more. You are irritating.
  
  Ink Inc: You are wrong in thinking that yaddayaddda can in any way cancel blahblah in this case. Unless you comply and pay our licensing fee plus accrued interest, we will take you to court.
  
  Project: Know you this: we will have crucialBigPatch2 that uses our new Euphuistic Expression commentary in production long before the court date. That means there will be no infringement and your case will be thrown out immediately. Rather than receiving the cash you had hoped to extort from us, you will be paying attorney fees and filing costs for nothing. We fart nasty smellies in your general direction. Now go away; you are bothersome.
  
  So that is one of the practical reasons for having project contributors sign that they own the code and are willingly contributing it to the project. It can keep the project out of court long enough so that a workaround for any code that might become a problem can be put in place.
  If from the beginning the project is managed with contingency planning for this kind of modular replacement, then the whole incident can be a low stress exercise in troll - countertroll relations. You just have to accept that Ink Inc and their ilk might pull you into a mud puddle from time to time, and recognize that since they've already dirtied up your project, you might as well enjoy the opportunity to play the kid and do some splashing back at them. You can wash up after it is all done.
The only thing you know for sure... by RAMMS+EIN · 2006-12-01 21:09 · Score: 0, Offtopic

The only thing you know for sure is that you never know anything for sure.

--
Please correct me if I got my facts wrong.
Re:But how do I Ensure that my Insured Code is Leg by A+beautiful+mind · 2006-12-01 21:12 · Score: 2

You don't.

That's why you insure, to rest assured that if sued good legal defense is ensured.

Now, can anyone come up with a good haiku for this?

--
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Universal Problem by Anonymous Coward · 2006-12-01 21:13 · Score: 3, Informative

Scroll to A Brief History of Windows NT/2000/XP by Andrew Tanenbaum. This is a problem regardless of software license. The unique problem that open source faces is that people do it as well as working at the same time.

If it's a small project I wouldn't worry too much in any case. Otherwise, make the programmers agree to some statement before you'll accept their work (it could be an "informal" email). And always remember that estoppel is your best friend.

IANAL, but my key fear with using any copyrighted material is authors being able to revoke a license. Copyright and licensing laws are quite strong after all.
1. Re:Universal Problem by WanderingGhost · 2006-12-01 23:03 · Score: 3, Interesting
  
  Scroll to A Brief History of Windows NT/2000/XP by Andrew Tanenbaum. This is a problem regardless of software license. The unique problem that open source faces is that people do it as well as working at the same time.
  
  I see your point...
  
  If it's a small project I wouldn't worry too much in any case. Otherwise, make the programmers agree to some statement before you'll accept their work (it could be an "informal" email). And always remember that estoppel is your best friend.
  
  The problem is that the contributor himself may not fully understand what he can and what he cannot do. And then after something comes up, I'd have a big company telling me to shut down my project (because it may not be possible to revert a big, findamental patch, for example).
  
  IANAL, but my key fear with using any copyrighted material is authors being able to revoke a license. Copyright and licensing laws are quite strong after all.
  
  Not in the case of the GNU GPL, as far as I understand. I have asked a lawyer about this once (last year I guess).
2. Re:Universal Problem by Kjella · 2006-12-02 01:36 · Score: 1
  
  IANAL, but my key fear with using any copyrighted material is authors being able to revoke a license. Copyright and licensing laws are quite strong after all.
  
  Authors can't revoke licenses unless they put it in the license agreement, period. What could be reason for concern is that contributor never had the right to license it in the first place, like for example an employee doing a work for hire, in which case the copyright defaults to the company. They could come after your project and demand that you remove their code and if they're nasty make you pay damages too. Yes, even if the infringement is accidental and in good faith there's some strict liability but hopefully they're busy going after however made the illegal license grant instead.
  
  There's really not much more you can do about it other than to make sure the files at least appear to have a legal license. Of course if you're getting very large contributions that seem unreasonable for an unpaid contributor maybe you should ask how and why, but otherwise I would not worry. Note that this is completely independent of license, because it's a matter of law. If the original license is void, then so is every other copy and derivate.
  
  --
  Live today, because you never know what tomorrow brings
3. Re:Universal Problem by julesh · 2006-12-02 01:37 · Score: 2, Interesting
  
  And then after something comes up, I'd have a big company telling me to shut down my project (because it may not be possible to revert a big, findamental patch, for example).
  
  I don't think this is avoidable, unfortunately. If you have to remove a fundamental piece of code due to copyright considerations, that's going to effectively mean reverting your codebase to the point it was added and starting again from there. Code added after it was may be a derivitive under copyright law, so you probably can't use a lot of that, either.
  
  Not in the case of the GNU GPL, as far as I understand. I have asked a lawyer about this once (last year I guess).
  
  Copyright laws vary from place to place; most lawyers only consider local issues. You may find that some regions have local laws that allow revocation of a licence even when that licence describes itself as irrevocable (as the GPL does). If you're worried, make sure the lawyer you consult is well versed in international copyright issues. Try to find a copyright specialist who deals worldwide, if you can afford one.
4. Re:Universal Problem by darkonc · 2006-12-02 08:44 · Score: 1
  
  It's just as much a problem with Proprietary projects 'accidently' including GPL code as it is GPL code accidently including proprietary code. The unique advantage that GPL code has (and also it's achiles heel) is that there's no hope of keeping the illicit code secret. This means that people are less likely to try to sneak something in.
  This also provides a probable protection against a wilfull violation accusation. If the donor honestly believed that (s)he had the right to donate and the recipient project accepted that belief (and corrected the error as quickly as feasible once made aware), this would probably be a much different case than what we've seen of people sneaking other people's (GPL) code into their proprietary project and then trying to obfuscate it after being confronted.
  
  --
  Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Ask a lawyer, maybe? by wikinerd · 2006-12-01 21:16 · Score: 0, Redundant

Go ask a solicitor. If you can't pay for one, then put a disclaimer "I assume all your contributed code is legal blah-blah".
misspelling may provide the answer! by plasmacutter · 2006-12-01 21:21 · Score: 5, Funny

insuring your project against copyright lawsuit might "ensure" you get to keep contributed code..

well.. it was just a thought..

--
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Re:But how do I Ensure that my Insured Code is Leg by WoLpH · 2006-12-01 22:14 · Score: 2

Personally, I don't really check. If the contributor says they've written it themselves then I believe it. If you can't trust the people you work with your project is doomed anyway.

Also, if you don't write code to something controversial (think encryption and similar technologies) then you won't get into problems so fast. And if some of the code would be copyrighted, then all they have to do is prove it and I'll remove it :)
Re:But how do I Ensure that my Insured Code is Leg by nacturation · 2006-12-01 22:24 · Score: 4, Funny

Insure legal code
Lawyers battle like thunder
Assured rest ensured

--
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Copyright assignment by martinde · 2006-12-02 00:32 · Score: 2, Interesting

Isn't this one of the reasons why the FSF requires all contributors to assign their copyrights to the FSF explicitly? I believe this puts the responsibility onto the authors, and not the FSF, to make sure they have the right to contribute.

More info here.
1. Re:Copyright assignment by sumdumass · 2006-12-02 09:55 · Score: 1
  
  Requires isa misnomer. They prefere you to give them the copyright but it isn't neccesary.
  
  If you do give it to FSF, then they pretty much decide which version of the GPL it is distributed on wereas if you keep the copytight you make that decision. It would come in handy if your one of those that don't think the GPLv3 is in the same spirit as the GPLv2. It won't be long and the GPL comunity will be fractured, confused, and most likley dead (like BSD) so I guess it is just a minor point anyways.
Using the Linux kernel model by Anonymous Coward · 2006-12-02 01:46 · Score: 1, Interesting

Isn't 100% foolproof. Go slpunk about in the 2.0.36 kernel and you 'll see where one submission took FreeBSD, removed the FreeBSD copyright notice and bragged about it.
RedHat 6 used the BSD lp code and didn't fufill the 'advertising clause' (same with Microsoft and NT)
And somewhere on slashdot you can find out all about the ATA code issue.

You are just going to have to keep detailed records of who submitted what, and have 'em agree to a contract to sign over the code AND agree that it wasn't code taken from somewhere else.
1. Re:Using the Linux kernel model by RAMMS+EIN · 2006-12-02 03:54 · Score: 2, Informative
  
  ``RedHat 6 used the BSD lp code and didn't fufill the 'advertising clause' (same with Microsoft and NT)''
  
  Assuming that BSD lp is copyright the University of California, that shouldn't be a problem, because they scrapped the advertising clause (I think even if the license still includes the clause, it isn't valid anymore).
  
  --
  Please correct me if I got my facts wrong.
2. Re:Using the Linux kernel model by Anonymous Coward · 2006-12-02 04:36 · Score: 1, Informative
  
  Assuming that BSD lp is copyright the University of California, that shouldn't be a problem, because they scrapped the advertising clause
  
  Kinda slow on the uptake. Back when they didn't include the statement 'portions copywrite University of California' is WAS still part of the licence.
  
  Not shocking you were upmodded - pro-linux stuff always gets upmodded.
3. Re:Using the Linux kernel model by cswiger2005 · 2006-12-04 13:24 · Score: 1
  
  Agreed, if they used UCal/Berkeley sources, the advertising clause was deleted by the Regents of California/Berkeley some years ago, and all software owned by them was relicensed under the terms of the "new BSD" license. This isn't true of all of the BSD code used in Microsoft Windows; if you check here:
  Microsoft license
  ...you'll find that Microsoft lists a number of BSD licenses and authors, such as Luigi Rizzo, who wrote the IPFW firewall now used as part of Windows (as well as in MacOS X, FreeBSD, NetBSD and elsewhere). However, if the GP's claim was right-- that someone removed the copyright statement entirely from FreeBSD code, that would be a crime per 17 US 506(d):
  US copyright law
  ...nothing gives one the right to alter or remove an existing copyright statement, unless of course you are the author or have the right to do so.
  
  --
  "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
You can't by Programmer_Errant · 2006-12-02 02:21 · Score: 1

There are companies that offer a service to scan code for known open source code so that propietary code doesn't get caught by GPL and other license issues. But you can't scan the other way around since propietary code is not always published.
The only thing you can do is verify the real identity of the contributers so they can be prosecuted if they do something bad and hope that serves as a deterrent.
This problem isn't exactly original with software. Plagiarism has affected publishing almost from the beginning. Stealing credit for other people's ideas is nothing new. The proto geek who invented fire probably had credit for it stolen from him by some hairy neanderthal type.
This suggests a way by Anonymous Coward · 2006-12-02 02:34 · Score: 0

For a large global company to shutdown OSS projects they don't like.

1. Find a contributor list for the project.

2. Match the contributor list against company employee list

???

3. Profit

[Even if they signed no IP agreement. Claim conceptual similarly b/w their contribution and the work they did for hire.]
Don't worry about it. by lagerbottom · 2006-12-02 04:30 · Score: 2, Insightful

No one will help anyways unless it's a huge successful project, at which time you can have the foundation explore all that.

--
"He was a wise man who invented beer." - Plato
Slashdot . . . by Dausha · 2006-12-02 04:45 · Score: 3, Informative

"Is there some place where you can find all information about IP laws of different countries (for example Japan, India, China, Russia) just so you can tell what would be the 'default holder of copyright' if a work contract says nothing about IP rights?"

You go to /., of course.

I'm in my last few days of law school, but IANAL, so this is not legal advice. However, I wrote a paper last year on what happens when the contract regarding an IP project is silent regarding the final holder of the IP (US specific). If you are an employee of the recipient of the IP, then you are not the IP holder, your employer is. When you're the independent contractor, then things get tricky. Depending on the amount of control the contractee has over your work (e.g. it tells you what to do more like an employer than a client who approves the final product), then at best you have the copyright, but the contractee has a non-exclusive license to do what it likes with the product. In 77 suits on the subject, an independent contractor tried to protect its IP rights and lost in all but a handful of cases owing to the non-exclusive license (which is governed by state contract law not IP law as Congress has excluded non-exclusive licenses by negative inference). The only trend I saw was that the larger the market capitalization of the infringing defendant, the greater likelihood that the court would find for the defendant.

The worst case was an architectural firm who drew up plans for a shopping mall development with intent to be the sole-source provider of architectural services. The plans were never on file with the city, but the plans were approved and the developer sold the project to another company. The other company hired its own architectural firm to redo the plans. The other firm erased all references to the original firm, made a few changes, and then submitted the plans as its own. Naturally, the first company sued, and the 9th Circuit said "you lose." The copyright was non-exclusively licensed to the original company through complete silence of the original contract, and so that license was transferred to the other company and finally to the other firm. The implication was that the architectural firm "intended" the other, competing firm to profit from its work---which is nonsense as no firm would want a competitor to turn its product into its own and profit without any compensation or acknowledgment.

Always, always, always get it in writing. Silence can be deadly.

--
What those who want activist courts fear is rule by the people.
Use GCC by TheUnknown · 2006-12-02 05:52 · Score: 0, Troll

If it compiles, it's legal.
You cannot avoid by Netino · 2006-12-02 07:31 · Score: 1

You cannot avoid, nor if the project is proprietary. I think you can only sue them, by means of a contract or some type of disclaiming.
What the f. by ozone_sniffer · 2006-12-02 15:16 · Score: 1

Were this post a piece of code, it should be in the daily wtf for so many reasons. Seriously, do you even *care* about how patents/IP/contracts affect OSS? Why, because OSS is not affected by such in any significant way. Proven offending code was added to an OSS project, it would be straight out removed. It can range from an annoyance to a broken project in the short term, because of the loss of functionality, but in the mid term that resumes to nothing, as the blank left by the offending code is filled in by new code. And that's it. Nothing to see here, move along and just don't worry about it unless you have to.
I love you Stephen Colbert! by Vellmont · 2006-12-04 10:25 · Score: 1

I've seen a lot of "common usage" and "evolution of the language" bullcrap about errors like this, and they don't make sense. If the use of a word is stupid and doesn't make sense, then maybe it should be changed, but we have a clear distinction between the two words "insure" and "ensure".

I'm sure glad we've got people like you around to tell us what's-what. Guys like you don't need books to tell you what's correct. Guy's like you just go by what their gut tells them.

That doesn't give you an excuse to declare that they are the same in meaning. Any dictionary that tells you differently is wrong.

Exactly. The problem is these people looked it up in a book. Did you know there's more nerve endings in your gut than there are in your head? Yah, people have told me they looked it up and found out it's not true. That's because they looked it up in a book. Next time look it up in your gut.

--
AccountKiller
ipx by lexmachina · 2006-12-05 07:26 · Score: 0, Offtopic

Stanford Intellectual Property Exchange (IPX) A team of leading intellectual property lawyers and computer scientists seek to create and deploy an online intellectual property exchange (IPX), with robust commercial and non-commercial functionalities, which is equally accessible to individual content creators, large media companies, consumers, and others. The system will massively reduce legal transaction costs for intellectual property exchanges. It will obviate, or eliminate the need for live legal consultation for platform-based transactions. IPX is a literal "marketplace of ideas," and their myriad instantiations...............@ CodeX: Stanford Center for Computers and Law: http://www.law.stanford.edu/program/centers/codex/ #projects .................We need hackers...............
If you really want to INSURE the code... by jhantin · 2006-12-05 12:59 · Score: 1

It kinda blew my mind but this firm sells insurance policies to cover the cost of both offensive and defensive IP litigation.

--
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k