Half of GitHub Code Unsafe To Use

WebMink writes "GitHub is a great open source hosting site, right? Wrong. There's no requirement that projects on GitHub provide any copyright license, let alone an open source one, so roughly half the projects on GitHub are "all rights reserved" — meaning you could well be violating copyright if you make any use of the code in them. And GitHub management seem just fine with this state of affairs, saying picking a license is too hard for ordinary developers. But if you're not going to give anyone permission to use your code, why post it on GitHub in the first place?"

Because

[OverlordQ]

Because it's a free place to store a git repo as a backup.

Re:Because

[Bieeanda]

And it's probably one of the first places that comes to mind, shows up on a cursory search, or is suggested by someone in passing. Given that the site maintainers are fine with the state of things, the issue would seem to lie with the assumption that all code there is OSS licensed, rather than its use as a catch-all repository.

Re:Because

this. i've only used github for my personal projects. not everyone cares about contributing to open source projects, or making their code available to others. and there's nothing wrong with that. not everyone should be expected to share their work.

shocking and unbelievable, i know, but it's true.

Re:Because

[0100010001010011]

One semester I used it for my homework. Lots of .tex and .m files. I could do a problem, commit. Push go to a completely separate computer, pull and continue working.

Re:Because

[rbprbp]

This has been my approach to homework (which is mostly .tex and .py). For all I care, I don't mind if someone forks my homework or does anything with it. Though I wouldn't mind them merging their changes back :)

Re:Because

[Endophage]

Bitbucket does the same thing but gives you unlimited private repos. Why not use that if you don't want your code shared. That's what I do...

Re:Because

[mwvdlee]

not everyone should be expected to share their work.

Nor should Github be expected to host such repositories for free.

Re:Because

[Mike_EE_U_of_I]

not everyone should be expected to share their work.

Nor should Github be expected to host such repositories for free.

That's true. However, if Github can afford to provide the service for free and chooses to do so, I see no harm in it.

Re:Because

[AvitarX]

Honestly, if they are making it available, I think they should put a warning up for people, that by downloading and compiling the code you could be in violation of the law, or require everything free for non commercial use.

It's not an unreasonable assumption that something available for download is less than fully encumbered.

Re:Because

[Short+Circuit]

If I understand what you're saying, you're expressing the same ignorance about downloadable material that people downloading warez and mp3s in the 90s had. "It's free, so it's probably legal, right?"

Re:Because

um, yeah, no shit. who said they should? the fact is that they DO.

Re:Because

[Short+Circuit]

In other markets (including software), activities like that were called "anticompetitive."

Not that I really see a problem with it. Just making an observation that amuses me.

Re:Because

[cheesybagel]

I only use GitHub for code I have written under non-commercial licenses. Mostly Linux ports of former commercial games. SourceForge won't host them. Icculus is a bit of a pain to convince to host your code. GitHub is one of the few choices available gratis.

Re:Because

[Runaway1956]

"It's free so it SHOULD BE legal."

If it's not free for use for non-commercial use, then it shouldn't have been put up there without at least password protection, preferably encrypted as well. Basically, it's "in the cloud", so it's mine to use. Before anyone attempts to use code on github for derivative works or anything, then they really need to check the licensing. But for personal use? Phhhttt - screw the "rights holders"!!!

Re:Because

[Local+ID10T]

not everyone should be expected to share their work.

Nor should Github be expected to host such repositories for free.

And? There is no requirement that GitHub do so, but the maintainers of GitHub have chosen to do it.

What-the-fuck business is it of yours what they choose to do?

Re:Because

[Short+Circuit]

And now we're back to a familiar analogy: "The door was open, so anything inside should have been mine to take!"

Re:Because

[AvitarX]

If it was officially posted It's hardly warez (and I assume It's the content owners choosing to post publicly to github)

Re:Because

[AvitarX]

More like a basket of money in a public space that says take money here. Except copyright makes it so that after the taking there can be extra restrictions (in the case of some github projects restrictions like copying to a separate drive you own is an offense).

Re:Because

Stop likening a web site to an unlocked house. That meme is tired and inappropriate.
HTTP is a request response protocol. The server has every opportunity to deny a request.

Re:Because

what in the fucking world are you talking about? github isn't doing anything remotely anticompetitive. they're a service that manages repositories for people. you're free to not use them if you want. git works just fine without hooking it up to github.

Re:Because

[HairyNevus]

That's a false comparison; those mp3s weren't uploaded by the artist themselves. If a musician uploads a track today with a free download, and provides the link without any password protection or encryption so anyone can link to and download it willy nilly, then yes, it's free and you can run it on your computer and listen to it.

I think they should put a warning up for people, that by downloading and compiling the code you could be in violation of the law,

By analogy, this would be like the artist putting up a track for download and saying it's illegal to listen to.

Re:Because

[Kergan]

A developer who downloads code for use in his project, without checking the licence first, shouldn't be coding in the first place. Seriously...

Re:Because

[amorsen]

In sensible jurisdictions, the act of running a program is not a copyright event, since it does not involve distribution. When you download, compile, and execute something from Github, the only copyright event is Github distributing the source file. The rest is not of concern to copyright law.

Alas, when copyright was conceived, copying and distribution were practically one and the same, so "right to distribute" was unfortunately misnamed "copyright". Many jurisdictions later looked at computers and misunderstood any bit duplication to be a copyright event. Denmark is one of the most extreme cases, where every (ISP or otherwise) router is subject to copyright law whenever it moves copyrighted bits around. That level of absurdity is fortunately fairly rare.

Re:Because

[forkazoo]

It's not an unreasonable assumption that something available for download is less than fully encumbered.

It's incredibly unreasonable. If I put a TV in my shop window, you may be able to watch it, but that doesn't mean you have permission to change the channel, or take it home with you. Likewise, if somebody puts code on the Internet, then you can read it. The way the law works in the majority of the world, if you don't have an explicit grant of permission to copy something, or a specific reason to think it has been released from copyright, then it would be illegal do copy it. It doesn't matter if it is code, and it doesn't matter if it is on github. It's not that complicated.

Re:Because

[Darinbob]

Github is only a problem in the original article if you subscribe to a certain political viewpoint.

Re:Because

Yes they should. Otherwise we would have no coders..

I started coding at age seven and had no idea what licensing or copyright was at the time. It's just that line of text you put in a comment at the top of your code, right? Right? Used code from wherever I could to build my awesome apps. Then one day (age 8 I think) I got an angry email from a guy somewhere telling me I was infringing on his copyright. I had stolen most of his code, improved it and then mailed it back to him, super proud of what I had done. Didn't even share it with anyone else, but he still seemed quite angry. That was a horrifying experience and since then I've been extremely wary of what the licenses have to say, and what you can and cannot do.

I bet that no one that starts coding have very much insight into licenses and what purpose they have. Most of those people have probably copied some code that they shouldn't have, and that's OK! Because one day it will come back and bite them in the ass and they will suddenly be very aware of what licenses are all about. And by that time they will probably be pretty good coders with a great interest in continuing to learn all about that stuff.

Would you tell everyone interested in programming that they had to read up on all the different licenses and what they are all about before they were allowed to actually start coding?

Failing is the best way to learn, and that includes licensing.

Re:Because

I do not authorize you to read this statement, You are breaking the law by reading it, Please turn yourself in to the local RIAA Authorities for processing

Re:Because

[torsmo]

Also, doesn't Github allow you to fork other people's projects?

Re:Because

[steviesteveo12]

Failing is the best way to learn, and that includes licensing.

That said, this is not to say that failing at something can never have consequences. Sure, you're just messing about with things you don't (initially, anyway) understand and you're learning new things but that doesn't make it all OK if you do something wrong.

Perhaps this is an issue with the way people learn to code. The coder who doesn't understand what a license is a kid with the internet -- there's no senior programmer watching over them providing supervision and pointing out mistakes.

Re:Because

[josath]

It could very well be illegal to download from the artist. Often artists don't own the rights to their work, having signed them away in contracts in exchange for money.

Re:Because

[VortexCortex]

I think they should put a warning up for people, that by downloading and compiling the code you could be in violation of the law,

By analogy, this would be like the artist putting up a track for download and saying it's illegal to listen to.

That's a bad analogy. A better one: The musician puts up a track for download and the opening lyrics are: "Copy Right To Thou Sand Twelve, Buy Thee Music Making Elve." -- Or better yet, have RMS crank out a new GPL-ish license for Music (in the same vein as GNU Free Document License), and the artist sings that at the beginning of the song.

Oh -- oh! No, no... Just have them break into the Free Software Song for one of the Choruses, OR make heavy use of the BSD style "decrescendo" license.

(The analogy here is embedding a copyright notice in the music)

P.S. No, wait! I got it! If you play the song backward at half speed, the Father of Copyright Law speaks the license!

Re:Because

[tlhIngan]

Honestly, if they are making it available, I think they should put a warning up for people, that by downloading and compiling the code you could be in violation of the law, or require everything free for non commercial use.

It's not an unreasonable assumption that something available for download is less than fully encumbered.

Well, assuming the developer who wrote the code is the one making it available, downloading it would be fine. Running it is a bit trickier, though - would the act of turning it into an executable be considered a derivative work? If not, feel free to compile it, and run it (not a copyright event). You just can't distribute, sell, or otherwise use the code for anything else.

However, as "all rights reserved", it would be like it was CC NC (because you can't sell the compiled work or the source code), as well as CC ND, because you can't use that code for anything else. (It's one of the arguments for getting rid of ND/NC in CC licensed stuff because it's for the most part the same as "all rights reserved").

Github's merely redistributing it according to the policy and that the author holds copyright but is otherwise allowing free download rights (you're allowed to "give away" copyrighted "all rights reserved" content that you own - many authors do this with e-books).

Re:Because

[shipofgold]

It is more complicated than that. This is all about what today's society expects and how people conform to those expectations.

I believe a better analogy would be "I draw a picture, make a large number of copies, and leave them in a public building. Do I expect that people walking by won't pick one up?".

The answer depends on how hard it is to make the copy, where in the public building the copies were left, what notices were posted at the door of the public building, what the passer-by intends to do with the copy, and whether the original producer is deprived of anything.

If each copy was an oil painting on canvas I suppose you might reasonably expect a passer-by to leave them lie. Especially if that passer-by intends to pick up the entire stack and sell them on a street corner. After all each copy cost the original artist something in materials and time, and I would be depriving the original artist of those costs.

If each copy was a photocopy, I can't see anyone assuming that they can't pick up a copy. Material/time costs to the original artist are minimal, so as a passer-by I won't feel that I have deprived anybody of anything by picking up a copy to take home and hang on my wall. In today's society a stack of photocopies in a public place implies they are to be taken.

Of course, if I take that photocopy and publish it in my newspaper in order to sell more newspapers, The original artist might have cause to object, as that act isn't generally supported in today's society.

In GitHub, if I put some sourcecode there, and make no attempt to protect it with password or license, I don't feel today's society would not allow me to object to people downloading it for personal use. But if I include it in a project for sale, I should take care to read the licenses and get the necessary permissions.

Re:Because

If I forget my wallet in a public place, does it mean that it is up for grabs?

Re:Because

[otterpop81]

One semester I used it for my homework. Lots of .tex and .m files. I could do a problem, commit. Push go to a completely separate computer, pull and continue working.

A public account? What happens when someone from your class steals it and turns it in? I know where I went to school if two people turned in the same work, they both got an F.

The professors said they had tools for determining if code had been copied (supposedly which could see through easy stuff like variable name and comment changes). Who knows though. It never concerned me because I wrote my own code and didn't distribute it to others in my class.

Re:Because

[surd1618]

this reminds me of Stranger In a Strange Land

Re:Because

If you forget the remains of a chocolate bar, does it mean that it is not up for grabs?

Re:Because

[godefroi]

Indeed, but with fewer Martians.

Not my favorite Heinlein. The Moon is a Harsh Mistress is so much better.

Re:Because

[Lord+Byron+II]

But that analogy doesn't hold because you're comparing information to tangible, physical items.

A better analogy would be: "He left his manuscript visible on a table in public space (like a coffee shop), so I read what was visible."

Re:Because

[xouumalperxe]

No, it's more like saying "the author put it up in a site designed first and foremost to share stuff, so it must've been his intention to actually share it".

Re:Because

[TheCarp]

I fully agree with your statement, in the abstract, but, in the specific case, I don't see how it holds.

Github is not your personal, private git repo. Github specifically exists for the purpose of sharing code. In fact, if you wanted to use them as a personal and private git repo, they offer that service, for a fee.

If you are using the free service, then, you ARE sharing your work. You are going out, and posting it in public for everyone to see, thats what you do whenever you push to github. It is a little like taking all of your personal notes, calendars, etc, and deciding the best place to store them is tacked to the side wall of the building by the sidewalk.

You may not have inteded to share with the world, but, your actions sure don't send that message.

Personally, I think cases like this should grant automatic license. You uploaded code that you wrote and you control to a site which, A) explicitly ONLY serves public files (unless you pay them) and B) allows anyone to fork a copy and use.

I would say, uploading to a site which is designed from the ground up for the purpose of sharing code between individuals projects and resdistributing it.... it seems reasonable to assume that this is exactly what you intend people to do with it, and so implicit license should be granted.

Its not anybody elses fault that you are abusing the service and expecting everyone else to treat your publicly posted code as sacrosanct and private just because you didn't want to pony up for a private account.

That

[M0j0_j0j0]

Is only a problem in places where computer algorithms can be patented. and beside, anyone just grabbing code and pasting direct onto a product without audit or modification is asking for a nice backdoor.

Re:That

[dshk]

In the EU computer algorithms cannot be patented (or at least such patents cannot be enforced), but copyright law applies, and I guess copyright law exists in almost all countries of the word.

Re:That

I'm tempted to start coding a generalized login framework on github, one which silently reports home and has a nice sweet backdoor, just to see how well it would be received.

Re:That

Too late. Microsoft already did it way back in Windows XP. Still, enjoy it for the coding exercise at the least.

Re:That

Nope. Germany has "Urheberrecht", which is vastly different from copyright. (Which many people even here seem to be ignorant about.) And many countries copied German law. Which is waaaayy more sane than "copyright'.

For one, it's an author's right. Not a publisher's right. The fundamental difference in philosophy that that entails, should be obvious.
And you can never ever sell your rights away. Ever. You can act as if, but you can always go "Fuck you, cooww and shee-keeenn! Now you can't use it anymore!" if they are stupid enough to fall for it.
And so you do not need to write *anything* below your works. No "Copyright 2012 Anonymous Coward" needed. In fact, would I be posting with my name, then this very post here would be protected, without me having to mention that in any way. It is assumed on everything except completely trivial drivel.
That's just the most important points.

Of course the organized crime tries to adapt it more and more to "copyright" often acting as if it already were like that, and brainwashing people to fall for it. But they aren't yet there, and they only will over my cold dead body. (I'm with the Pirate Party Germany.)

Re:That

[Desler]

Patents have jack and shit to do with copyrights which is the issue.

Re:That

In the EU computer algorithms cannot be patented (or at least such patents cannot be enforced)

That is good for universities and every other theoretically inclinded. Sad fact is that german ( and other eu) curts have ruled that any combination of software and hardware can be patented and have enforced these patents. Companies just use hardware limitations like finite memory (not low or restricted, just finite like 50 petabyte finite) to get a valid hardware/software patent, something like "this algorithm is designed to run on a machine with limited resources and is therefore part of a patented machine". Some years ago there was a lawsuit between camera manufacturers and microsoft over the patented FAT filesystem, gues who won. Hint: the patent contains a section on dealing with long directory names in limited memory.

As a german I want to point out that european juges are just as crazy as everywhere else. Whe had people send to prison for crimes that did not happen and a whole system refusing to entertain the notion that it could be wrong (families send to prison for murder with no evidence, even after the "victim" was found drowned with his car, a man stuck in the psychatry for paranoia even after it became public that his accusations where actually true, etc.). There are only juges and lawyers in this system, you can be happy if you find even a shred of justice anywhere close to the former two.

Re:That

[Kergan]

Actually, "Urheberrecht" is due to an EU directive, which mandated the whole thing throughout the EU a bit over a decade ago. It applies to the whole EU today.

Also, if memory serves, it was pushed forward by the -- at the time French -- EC commissioner in charge of property rights (though I'd need to double check that, so take the latter point with a grain of salt), on grounds that (this much I'm sure of) a workers' writing/coding/music/movie shouldn't ever belong to his editor or publisher, but to the author himself. The best authors can do since is to grant an exclusive license -- even as an employee to code consulting firms, which incidentally caused issues in legal departments back then to weed things out the proper way. (And it was a huge mess in some firms, since they assumed US laws were the norm.)

Re:That

Actually no, since Urheberrecht predates the existence of the EU by some decades.

Re:That

[GumphMaster]

In the case of software patents I see the open publication of the "patentable" software on GitHub as a monumental pile of prior art/patent invalidations just waiting to be mined. While publishing your code does not relieve you of your rights under copyright law, it should relieve you and anyone else of the ability to patent any embodied "invention" if it is published for long enough (1 year before the patent application in the US). I doubt you will find any patent-hugging companies deliberately using GitHub for precisely this reason.

Re:That

Without a patent your code is copyrighted. Patents let people sue for copying an idea, even if you implent it differently. Copyright covers your code as it is, so a license is still needed to use it.

Not a new problem

[MightyYar]

This certainly isn't a new problem. If you work for a corporation, you aren't going to use code without a clear license. At least, I hope you aren't. If you need clarification about a license, you can often just contact the author. Just because the website is called "Github" doesn't mean you should treat the code any differently than code you find laying around anywhere else.

Re:Not a new problem

Developers in corporations download random code from the web and incorporate it into their projects all the time.

Re:Not a new problem

[pspahn]

Does that make it the fault of the developers, though?

If you are pressed by management to find a solution before you leave for the day, you'll probably spend some time looking at the problem yourself to discover what you need to Google to find an answer.

Don't blame developers when they are so constrained.

Re:Not a new problem

[Local+ID10T]

Developers in corporations download random code from the web and incorporate it into their projects all the time.

Yes, but we call it "research"

Re:Not a new problem

[MightyYar]

Exactly - this is nothing new. You could be cutting and pasting from anywhere on the web and the exact same hazard exists. You should not be cutting and pasting without knowing the license, from Github or anywhere else.

Re:Not a new problem

than code you find laying around anywhere else.

Lying around. Please start treating people with the same respect you'd show a compiler: feed them the correct words.

Re:Not a new problem

[MightyYar]

You are indeed alot like conversing with a compiler. Thank's for the constructive discussion. But hay, you're English is real good.

Unsafe?

Code having a license term, you use it under that license. Whats the problem. So you can't cut an paste it. Good. But as a example of an implementation its still very useful/educational.

The license chosen isup to the author, get over it. This militant 'I want it all for free and without me having to do anything' is your problem, not the authors.

Re:Unsafe?

[SwashbucklingCowboy]

"But as a example of an implementation its still very useful/educational."

And opens you up to the possibility of being accused of creating a derivative work, which violates "All Rights Reserved".

Re:Unsafe?

Depends on how "derivative" the work you're talking about is.

If it's got more than about 10% of the original, it's NOT deemed "fair use". Not to mention that fair use is a defense in middle of defending a case...not as a defense against litigation.

(It amazes me to no end how many people claim/think to know this stuff and have it DEAD WRONG .)

Re:Unsafe?

[steviesteveo12]

Absolutely. When you're sued you can go to court and try to prove it was fair use. All of the costs, none of the certainty.

Conflating copyright and patent again...

You're as bad as the MAFIAA conflating piracy and theft.

Re:Conflating copyright and patent again...

[smittyoneeach]

conflating piracy and theft

Who does that? Piracy requires an ocean, ships, and lots of brutal, hand-to-hand combat effort.
Modern theft has been reduced to legislation.

Bitbucket

[akeeneye]

As is Bitbucket (bitbucket.org), with the added bonus that the private repos that you create there are free too.

Re:Bitbucket

[smittyoneeach]

The $7/month I pay to GitHub to keep a few private repositories doesn't seem a massive gouge at all.
GitHub is a great site. Gotta hit their tip jar.

Re:Bitbucket

For github, I'm pretty sure, people don't exactly understand how those licenses work, so they pick one they see others use.

With bitbucket, I have a few projects that are private, and occasionally invite others to see something in particular, removing privileges later on, nothing more; other things though, are free for all, the right kind of free.

Re:Bitbucket

[jez9999]

And you can attach files to your issues in the issue tracker (amazingly you can't on Github).

Re:Bitbucket

[obarel]

You could pay $6 a month at http://repositoryhosting.com/.

Re:Bitbucket

[debrain]

If the rumours are true, BitBucket was a blatant screen-for-screen imitation of GitHub's design:

I understand that imitation is flattering to some point and copying one or two things is cool, but BitBucket copied our website screen for screen in nearly every major aspect without asking for permission or acknowledging the theft.

If the owners of Bitbucket have no qualms about stealing GitHub's creation ... should you really trust them with yours?

I thought it was worth $7 per month to go with GitHub for this reason.

YMMV.

Re:Bitbucket

[akeeneye]

You're giving credence to a rant from 2008 by someone who doesn't even know how to turn off Apache directory indexing on his own user directory? FWIW, Bitbucket did a complete redesign of their site and released it on October: http://blog.bitbucket.org/2012/10/09/introducing-the-redesigned-bitbucket/ .

Re:Bitbucket

[debrain]

If memory serves, the original post I linked was written by Scott Chacon, and was served on GitHub proper/blog for some time. The link I gave appears to be the last remaining mirror that Google finds.

Re:Bitbucket

I read that rant a few days ago, while trying to work out which of the code hosting solutions sucked least (it was a tie).
While he may (have had) a point, a lot of what he complains about being "copied" are common website design patterns: tab bars, column layouts, apache-style directory listings, etc.

It's just a shame that the Bitbucket redesign got rid of a fair amount of useful stuff (like an actually helpful list of forks), which erstwhile were points in its favour over GitHub.

Re:Bitbucket

Most people need more than the $7 a month plan. I'm moving over to bitbucket, because I'm tired of paying them over $20 a month for all of my personal stuff. I'll keep my public stuff there, because they have a better community.

Re:Bitbucket

[luder]

That's more than I pay for shared web hosting with "unlimited" everything, including shell access and the ability to set up my own private Git / Hg / Svn repositories.

Re:Bitbucket

[thetoadwarrior]

$7 a month is pretty expensive for a repo hosting site that only has one option (git).

I'll take bitbucket which gives the choice of mercurial or git and private repos for free and a better pricing model.

Re:Bitbucket

[thetoadwarrior]

That rant is full of retard and funnily he tries to rig his google serach results to make it appear github is on the top. Sourceforge (which I don't use btw) blows github out of the water in terms of size and options.

In fact github probably has the least options out of any code hosting service and the expectation that I'm going to pay for private repos isn't going to happen. Certainly not when said site has had its share of security flaws because it's a ruby site written by ruby tards who no doubt prefer to brogram while downing red bull.

"All rights reserved" doesn't mean what you think

"All rights reserved" doesn't mean that you aren't going to give permission to use your code. It just means that you haven't done so yet, or you haven't made up your mind.

It is silly to use such code, even if accompanied by a license, because the right to use it can be revoked if it is reserved.

I've found modules I wanted to use on github and gone through the exercise of tracking down the authors and talking them into putting their code under some sort of license (hopefully one that's compatible with what I need, but of course it's up to them). It's surprising how many people don't understand of copyright law and licensing.

wtf

Apparently checking the license on code before you copy and paste it into your own project is also too difficult.

Re:wtf

[jedidiah]

...especially when there is nothing in the code to indicate what the license is.

It's like a hotel mini-bar but with no indication or understanding that you actually have to pay for the overpriced booze and peanuts. This hotel is in a hippie commune where the usual rules don't apply. So it's not obvious that crass rules apply.

So you don't make the usual default assumption that everything has dire restrictions by default, that everything has a price, and that they will try to charge you for those booze and peanuts later.

Re:wtf

WTF? If there's no explicit license then it defaults to the basic copyright rules. You can't use it in your own works. All the license does is grant you extra rights. Seriously, this isn't hard to understand. It's nothing like your example.

So what ?

[vikingpower]

To "old" hands like me, GitHub is one of the last places reminiscent of the great liberties we had up to the end of the '90s. So what do we care ? Take code from GitHub, copy/paste, re-implement ideas you find there, possibly implemented badly.... C'mon, who gives a damn about copyright on GitHub ????

Re:So what ?

[preaction]

Lawyers. The EFF. The FSF. Anyone who makes a living on copyright.

Re:So what ?

[westlake]

Take code from GitHub, copy/paste, re-implement ideas you find there, possibly implemented badly.... C'mon, who gives a damn about copyright on GitHub ????

The owners. The courts. Your employers. Your clients, among others.

Re:So what ?

Parasites.

Why?

[gcnaddict]

But if you're not going to give anyone permission to use your code, why post it on GitHub in the first place?"

Lets say I stumble across a fantastic utility, and the source is open for me to view. I'll dive through the code and make sure I'm comfortable with its functionality (i.e. it's not doing anything I don't want it to do) before grabbing the tool.

I'm not using the code for my own projects. I'm just vetting the code. Plenty of developers throw code for small utilities up for exactly this reason, and the vast majority of the world is totally cool with it.

Re:Why?

[Ksevio]

So basically it's for the original coders to show off their awesome coding skills

Re:Why?

[gcnaddict]

...no, it's for the original coder(s) to build trust among the people using the programs.

Re:Why?

As wonderful as this sounds, you cannot expect to vet any code base without an investment of time on the order of that which was required to write the code. (The old adage is appropriate here "Debugging is twice as hard as writing the code in the first place." Vetting code is probably harder than debugging; see the IOCC). When code is open source, a community will grow surrounding it. Many eyes read the code with the intention of building, improving, and actually debugging it. This has the side-effect of also vetting the code; it's not wasted effort if the program is free (as in freedom). The community can be trusted (to an extent) to validate the code (granted, this is a bit idealistic). With non-free code, you cannot expect this top happen on its own, and it is not cost-effective to do this vetting yourself. It's kind of pointless.

Re:Why?

[steviesteveo12]

The community will also only validate code that is frequently looked at. The vast majority of Github will never be accessed once it's been committed, never mind carefully analysed by experienced third parties for security issues.

Why post it on GitHub?

[Opportunist]

C'mon, it ain't that hard.

1. Post it on Github
2. Make everyone think it's free to use.
3. Sue everyone you can get your hands on who do.
4. Profit

Re:Why post it on GitHub?

GitHub, the new invasive malware.

Re:Why post it on GitHub?

[Vasheron]

C'mon, it ain't that hard.

1. Post it on Github
2. Make everyone think it's free to use.
3. Sue everyone you can get your hands on who do.
4. Profit

You forgot the ???

Re:Why post it on GitHub?

[Neil_Brown]

2. Make everyone think it's free to use.

3. Sue everyone you can get your hands on who do.

4. Get annoyed that a court finds the existence of an implied licence, or, in some nuanced cases, that the action is prevented under the principle of non-derogation from grant. Assuming the defendant can afford to argue.

Re:Why post it on GitHub?

[Frosty+Piss]

4. Get annoyed that a court finds the existence of an implied licence, or, in some nuanced cases, that the action is prevented under the principle of non-derogation from grant. Assuming the defendant can afford to argue

Please. Come back to reality.

When in the recent past have you seen a court rule on copyright with common sense?

Seriously, put down the bong.

Re:Why post it on GitHub?

[Neil_Brown]

When in the recent past have you seen a court rule on copyright with common sense?

I'm not sure that Usedsoft applied common sense, but rather some convoluted reasoning, but the outcome seems sensible enough. Picking on rulings relevant here, I think the US court's decision in Wallace v. IBM was common sense, as was the finding of the German court in Welte v. Skype.

Perhaps look also at Griggs v. Evans — a pragmatic decision on the facts, to my mind.

Sure, there are some odd judgments, but there are some sensible, practical judges out there too.

Re:Why post it on GitHub?

[Frosty+Piss]

Interesting links. Thanks... F.P.

Re:Why post it on GitHub?

[Neil_Brown]

Interesting links. Thanks.

My pleasure. If you do read the Usedsoft decision, there's a good chance you'll find it pretty impenetrable, unless you are familiar with the computer programs directive — I prepared some slides for a friend's talk on Usedsoft a couple of weeks back, which you might find helpful alongside the decision. (Listed as (c) to me (ironic, given the thread here) but, as far as I'm concerned, treat as CC0.)

Re:Why post it on GitHub?

... and snort some cocaine... the drug of choice of the Content Mafia.

Re:Why post it on GitHub?

Agreed. The question marks are the most critical part of the business plan.

Re:Why post it on GitHub?

You forgot the ???

No, he did not.

Re:Why post it on GitHub?

[Kergan]

I wish I had mod points. +1 funny/insightful. :-)

Doesn't The User Bare Resposibility?

Doesn't the user(consuming developer) of the code bare responsibility for proper use and honoring of the license? I know it's mildly inconvenient to you, but researching ownership and licensing is one of the costs of using "free" code. If that cost is too high for you, don't use that code.

I really fail to see how this is a problem of any kind with GitHub. It's not even a problem for the poster of the code. It is up to the user of the code to verify license compliance.

Daily reminder

Daily reminder that "open source" doesn't necessarily automatically equal "free" (beer or freedom).

I'm OK with this.

Re:Daily reminder

[icebraining]

That depends on the definition of "open source" you use. If it's the one by the Open Source Initiative, it certainly does mean you can use and distribute the code.

Re:Daily reminder

[mwvdlee]

Not unconditionally true.
Open source licenses exists to prevent certain types of distribution (otherwise, just use public domain).
For instance, some licenses will not allow you to change code and distribute it under the original name.
Most open source licenses prevent you from removing the copyright notice from code you distribute.
Many prevent you from removing author attribution from code distributions.

Reading code can be useful on its own

[Hentes]

The author seems to confuse open source with copyleft. Open source is not a legal thing. And a ban on redistribution of derivative works doesn't mean that it's useless. Knowing the source code of a piece of software is important if you want to use it for any security-sensitive work or if you want to implement some modifications of your own (which you don't intend to distribute). It's not unheard of even that a developer company only gives the source code to their paying costumers.

Re:Reading code can be useful on its own

[icebraining]

Open Source, as defined by the Open Source Initiative, is most definitively a legal thing.

a ban on redistribution of derivative works doesn't mean that it's useless. Knowing the source code of a piece of software is important if you want to use it for any security-sensitive work or if you want to implement some modifications of your own (which you don't intend to distribute). It's not unheard of even that a developer company only gives the source code to their paying costumers.

This is why the author says it's dangerous.

Unlicensed code ("All rights reserved") is not a ban on redistribution. It's a ban on any copying, including forking the code to your machine. You most definitively can't modify the code, even if you don't intend to distribute it.

Re:Reading code can be useful on its own

[micheas]

... or if you want to implement some modifications of your own (which you don't intend to distribute)

IANAL, but I have been led to believe that code that is all rights reserved cannot be modified without consent of the author, unless it falls under the fair use exemption of copyright.

The fact that your modifications could reduce the profitability of the copyright owners derivative works lead me to suspect that the courts would generally find that your changes are a copyright violation, even if they are not distributed.

Copyright law is all about money and lost sales.

My advice, get permission from the copyright holder, it is much cheaper and less confusing than attorneys.

Re:Reading code can be useful on its own

This is why the author says it's dangerous.

Unlicensed code ("All rights reserved") is not a ban on redistribution. It's a ban on any copying, including forking the code to your machine. You most definitively can't modify the code, even if you don't intend to distribute it.

Does copyright really work like this nowadays? If so, that's pretty scary. Copyright used to be a restriction on distribution, not on what you can do with the code privately. I hope you're wrong about this.

Re:Reading code can be useful on its own

Actually, grabbing it for personal use like that is technically fair use. It's when you start using it for more than your own personal use that you get into deep doo-doo over the code that's got no licensing whatsoever....

Re:Reading code can be useful on its own

[icebraining]

Copyright is a right to copy. To use the code privately, you need to copy it to your machine. That's forbidden.

(Yes, I know that to read the files on Github you technically need to download them. Guess what, courts aren't idiots, and they're perfectly capable of understanding the distinction).

Re:Reading code can be useful on its own

[icebraining]

Actually, grabbing it for personal use like that is technically fair use.

Citation needed. I've read Section 107 more than once and 'personal use' ain't in it.

Sensationalist article stating the obvious

[caseih]

Whether you are working on proprietary code or open source code, you can't just paste code from the net into your project without a license, regardless of whether it's GPL, BSD, or some royalty-free use grant. Unless the code has an explicit license, or states explicitly that it is in the public domain, you simply cannot use it without express permission from the copyright holder, because no law grants you that right. Plain and simple. So if code in a git repo is "all rights reserved," the you can look, and even download it, but you cannot put it into your own code. So I don't see what the problem is here. License always matters, whether you're a FLOSS person or developing commercial software.

So of course half of all git repos are unsafe to use. Why does this warrant some big sensationalist article? Kind of along the lines of articles claiming the GPL is a threat to proprietary software companies because it will "infect" them somehow magically. Folks, a little bit of understanding of copyright law will go a long ways I think. Open source, even copyleft, depends on copyright to keep it as such. We should all have a basic understanding of it.

Re:Sensationalist article stating the obvious

[marcansoft]

You can take any code which you find and put it into your project, or even combine bits of code with incompatible licenses. What you can't do is distribute the result. Distribution is where copyright law kicks in.

Re:Sensationalist article stating the obvious

[gajop]

Mod this up
Whenever I work on a personal project I leave the licence for the last part, when I actually plan to release it to the wild.
In fact 2/7~ of my github repos lack a licence and may never get it.

I would be surprised if I was the only one that works like this.

Re:Sensationalist article stating the obvious

[phantomfive]

The repos on github aren't all-rights-reserved. By hosting your code on github, you agree to allow people to fork your code.

Re:Sensationalist article stating the obvious

[Neil_Brown]

You can take any code which you find and put it into your project, or even combine bits of code with incompatible licenses.

Distribution might be where GNU GPL 2.0 kicks in, but copyright certainly kicks in to prevent you from just taking code and putting it into your own project, at least in Europe — the restriction on "copying," for example. (You might have a defence of fair use in the US, but that's an affirmative defense, not an absence of copyright.)

Whether anyone would find out, or consider it worth suing for, is perhaps another matter, but copyright is not just limited to distribution.

Re:Sensationalist article stating the obvious

Yes you can. Who exactly is gonna stop you? Will you go and put TCPA chips in everyone's systems and heads? Good luck with that.

Stop spreading the lie of imaginary property. And stop confusing plagiarism with it! You are just as bad (and mentally deluded) as the ACTA monsters.

Plagiarism makes you an ass, and will quickly lose you all respect, but it's not a crime. Not even remotely.

Deliberately creating an artificial scarcity on the other hand, IS a crime. ("Copyright" doubly so, because it's designed for the distributor to profit from artificial scarcity, while the original author gets the middle finger.)

Re:Sensationalist article stating the obvious

[marcansoft]

It is true that the law grants the copyright owner the right to restrict the creation of copies, but It can be reasonably argued that by posting the code on GitHub you've implicitly given consent to the mere creation of a copy (as would automatically happen if you view the code or download it). For most practical purposes, the limitation on distribution is what matters.

Re:Sensationalist article stating the obvious

[micheas]

Distribution is where copyright law kicks in.

Like when you distribute the program from your drive to your RAM?

Now if the program is all rights reserved, and your modified version that you distribute mocks the original author, you could claim the parody exception for copyright. (Would you be successful? I don't know about that question, ask an attorney.)

Re:Sensationalist article stating the obvious

By hosting your code on github, you agree to allow people to fork your code.

No, you allow people to view and fork your repository.

However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.

There is a difference between the two. Also putting something on Github does not disallow an "all-rights-reserved"-style licensing or any proprietary license you want since they even admit:

We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours.

So basically, you are wrong on all counts.

Re:Sensationalist article stating the obvious

[mysidia]

because no law grants you that right.

No no no... You have that right by default, unless the law denies it. You can repeat some code, natural right to free speech protected by the constitution.

However, some restrictions may apply. One of those restrictions is, if someone else wrote the code, their work may be protected by copyright.

If they register their copyright with the US copyright office, within a certain time period after having created the work, they could sue you for infringement.

In case they haven't registered the copyright, as may be the case with someone's personal project, they may not be eligible in fact to sue you. They have to register it first, and there is a time limit for registering a copyright after having created the work.

So if they chose not to register it, the time limit passed, and they weren't granted any exception, then they will have no means to prove ownership of a copyright on the OSS code in order to sue.

Re:Sensationalist article stating the obvious

Whether you are working on proprietary code or open source code, you can't just paste code from the net into your project without a license

How can a piece of code have no license and at the same time be "open source"? Hint: it cannot.

The problem with obvious things is they're not obvious to all. Nicely emphasized by your logic failure above...

Re:Sensationalist article stating the obvious

[caseih]

Umm, yeah. I think you have a reading comprehension failure.

There is no logical fallacy in what I wrote. Unless you have a license to do so, you may not include code for which you do not own the copyright into your own code. Hope that is more clear for you. But the original sentence is both correct, and logical. And in fact supports your statement that a piece of code that has no license is not open source. That is the whole point. Sorry you missed it the first time.

Re:Sensationalist article stating the obvious

[caseih]

Sorry, but copyright law (not talking about the DMCA nonsense here) is required to keep FLOSS FLOSS. It's our weapon to keep our software that we write and use free. At least until everyone advances to the point of being able to function in an anarchist, libertarian paradise.

Re:Sensationalist article stating the obvious

[imp]

Well, if it truly is without a license, you cannot even download it to look at it. Copyright law is quite clear: if you have no license, you cannot copy it. Full Stop.

Re:Sensationalist article stating the obvious

I believe there are exemptions in many jurisdictions to copyright rules for these cases (of copying the program to RAM) where you have the right to use the program.

Gitorious

Gitorious is both free software (AGPL) and a hosted git service. Creating a project, you get to pick between 22 licences, proprietary or none. I haven't checked their stats to see what percentage of projects it hosts are open source or not.

Re:Gitorious

After scanning a few gitorious projects, here are some licensing stats:

          11 License: Public Domain
          13 License: Other Open Source Initiative Approved License
          17 License: Other/Multiple
          20 License: Academic Free License v3.0
          25 License: GNU Affero General Public License (AGPLv3)
          25 License: Other/Proprietary License
          29 License: GNU Lesser General Public License (LGPL)
          34 License: BSD License
          71 License: None
          93 License: GNU General Public License version 2(GPLv2)
        145 License: GNU General Public License version 3 (GPLv3)
        247 License: MIT License

Re:Gitorious

After scanning about 10% of gitorious projects, here are its licensing stats:

    1 Microsoft Permissive License (Ms-PL)
    2 zlib/libpng License
    3 Apache Software License
    4 ISC License
    5 Boost Software License
    5 Mozilla Public License 1.1 (MPL 1.1)
    6 Python License
    6 Ruby License
  11 Qt Public License (QPL)
  13 Perl Artistic License
  39 Other Open Source Initiative Approved License
  40 Apache License
  53 Public Domain
  83 GNU Affero General Public License (AGPLv3)
  90 Academic Free License v3.0
102 Other/Multiple
127 GNU Lesser General Public License (LGPL)
132 Other/Proprietary License
161 BSD License
282 None
358 GNU General Public License version 2(GPLv2)
625 GNU General Public License version 3 (GPLv3)
855 MIT License

The Bigger Pisser...

Is finding your stuff on github when you didn't put it there yourself.

Missing the problem here

[dugjohnson]

Github is a great place to store your repository. It is ALSO a great place to share code with people you want to work with who may or may not be really conversant with git.
Github doesn't claim to provide a repository for open source software...just a place to store repositories which you (as an author) may or may not choose to attach a license to. But that doesn't remove the responsibility of the copier to determine what the license on that software may be. If I copy anything, I need to know if I have the right (copy right) to do that. The onus is and always has been on the copier. That said, the copyright owner is the one who will follow up with violations.
Just because I choose to use github to store my repositories (and, in my case, I use and pay for private repositories for those things that I don't want to share) does not mean that I want everyone in the world to download and use my stuff. I'm an idiot if I am surprised when people DO use my stuff that I make publicly available, but without an explicit license allowing use of my code, it is protected in the US by copyright laws as soon as I write it...and IANAL.
Github is just a great service for those of us who don't want to set up our own repository. They are not a guarantor of free software, nor a nanny to protect me.

Re:Missing the problem here

[Neil_Brown]

Github doesn't claim to provide a repository for open source software

Agreed, although it does claim to be a platform for "social coding," and that it is "the best place to share code with friends, co-workers, classmates, and complete strangers," having been founded "to simplify sharing code."

I am not reading the article as anything more than "if GitHub wants to promote sharing of code, make it easier for a developer to specify licensing terms" — and that seems imminently sensible to me.

Re:Missing the problem here

[phantomfive]

Just because I choose to use github to store my repositories (and, in my case, I use and pay for private repositories for those things that I don't want to share) does not mean that I want everyone in the world to download and use my stuff.

Just so you know, in the terms-and-services you clicked on when you signed up for github, you actually gave permission to everyone in the world to download, view, and fork your stuff. So if that's not what you want, you might reconsider your use of github (Note: this only applies to the free public repositories).

Re:Missing the problem here

[dugjohnson]

Agreed and I understood that (which is why I have some private repositories). It's the fork part that is "interesting" from a copyright standpoint. What does that really mean, legally (I know what it means technically)? I guess that's why the lawyers continue to do what they do.

Re:Missing the problem here

[phantomfive]

What does that really mean, legally (I know what it means technically)?

From a legal standpoint, of course it's a horribly unclear terms-of-service, so you are right when you say, "I guess that's why the lawyers continue to do what they do." However, I think the implicit meaning could be reasonably interpreted to mean, "if you put things here, you intend to share them."

In general it's easier to pursue a copyright claim if you've made an active attempt to assert it, for example, submitting your work to the Library of Congress. So if you haven't specified a license, or made any other attempt to keep people from using your stuff, and actively indicated that you'd like to share it, it's unlikely courts will have much sympathy for your claim.

Note: I am not a lawyer, but feel free to pay me like one.

Re:Missing the problem here

The BIGGEST problem lies in that if you're not sharing the code in Open/Libre licensed manner, you probably ought not to be serving it out of GitHub like that. It's not like you can't set up your own sever cluster LIKE GitHub with passwords, etc. for even read-access. Intent will determine if someone actually willfully infringed- in fact, you can lose your IP rights if you make it public like this for an extended period (If you intended something other than making it publicly available like that, you shouldn't have PUBLISHED it that way...).

It's just a bad situation. No, GitHub shouldn't "police" the thing, per se, but they should make it clear that if you do this BS without a proper license, you might be impairing your rights otherwise- and make it clear that people need to validate that they've got to ensure they know what licensing the code's under before forking it or otherwise using it as if it were FOSS code.

Re:Missing the problem here

[dugjohnson]

I wonder if GitHub couldn't clear this up by picking a fairly restrictive license (maybe good for personal use, but not for commercial) and make that the default (as opposed to no license, or a very vague one as we see now).
Then if I wanted things looser, I could pick from other licenses, if I wanted things tighter, I could pay the money for the private repositories (again, this is what I do). The problem is that to make things private costs money...not a LOT of money, but some. But it occurs to me that the intent of making you allow people to download and fork would be to make your code available, not necessarily to enrich the downloaders, but in the spirit of knowledge sharing.
So a default "personal use" license, but no commercial use required on the free GitHub seems like a reasonable compromise...and more explicit than the current situation.
I doubt they'll be calling to ask my opinion, but there it is.

Simon says "GitHub, reminded developers to specify

[Neil_Brown]

your chosen licence"

He's not saying that the lack of licence information is GitHub's problem, nor that it's unique to GitHub. Rather, he's saying that there is a problem — code without clearly attributed licence information — and, whilst each would-be user could contact each developer and find out the licensing conditions, GitHub could make a simple tweak to their platform to encourage developers to select a licence.

I would not favour pre-selecting a default licence, but rather having a developer presented with a set out option, perhaps with a tool to help aid selection based on requirements. No requirement, no default licence, but just a helpful reminder — if someone wants their code to be reused, but didn't know to think through the legal aspects, this would help them out, without harm to anyone who would rather not specify a licence for whatever reason.

Sounds sensible to me.

You seem to be forgetting one simple thing..

[squirrelthetire]

Github is the photobucket of source code. Licensing code would be another step that people generally don't want to bother with. If someone cares enough about licensing for some particular code, they can contact the author(s) easily enough. Frankly, worrying about licensing every piece of code you write is just a time-suck. It's necessary in some situations, but not

roughly half the projects on GitHub

Re:You seem to be forgetting one simple thing..

[serviscope_minor]

Frankly, worrying about licensing every piece of code you write is just a time-suck.

Not really, because there are a few ready-made pre packaged licenses to suit your taste.

Personally I like the GPL, so random small things I've released (quite a few) just had a stock LICENSE which is just a copy of the GPL. Took a good 10 seconds. I guess you could count that as a time suck, but I probably spent more time worrying about what to call the program.

Re:You seem to be forgetting one simple thing..

[squirrelthetire]

True, but I'm thinking more on the lines of a repo for your dotfiles, etc. I totally agree that you should put a GPL or something onto whatever project you make, but then you end up putting a nice header at the top of every file, a COPYING file, etc. It's almost no work, but the fact that it is means that people will generally not bother with it. Like I said, github is the photobucket of source code.

Re:You seem to be forgetting one simple thing..

Except that GPL also needs to be in the top of each file, see http://www.gnu.org/licenses/gpl-howto.html

And that IS a lot of work

Re:You seem to be forgetting one simple thing..

[serviscope_minor]

True, but I'm thinking more on the lines of a repo for your dotfiles,

fair point.

I don't see the story.

[metrometro]

GitHub allows creators to determine what license to publish under. The license is disclosed to downloaders. Some of it is under an open license. Some of it isn't.

"Is this code using a license compatible to my project?" is a pretty normal thing to ask before dropping something into your work.

Personally, I like having access to look at source on closed projects - projects I wouldn't otherwise have access to. You can learn stuff even if you don't copy/paste working code.

Re:I don't see the story.

[Volastic]

An article looking to be one, with little chance.

Next on slashdot...

[metrometro]

Half of Coffee Shop Unsafe to Drink (If You Want Decaf)

What a bunch of wannabes

Open "SORES" people are since they're obviously reaming the code of others. That's not programming. It's the province of noobs, nothing more. Makes sense since most of what I've encountered here has been young wannabes calling themselves programmers here but in reality are nothing more than cut and paste users of the code others wrote, and what I call "web-wallys" (HTML work is text formatting plus placing pictures - not coding. Javascript, Python, CSS, and the like? Wuss tools that do hand-holding for the noobs that use them, and especially when the code it stolen from others!).

Terms of github

[phantomfive]

From the terms of service from github:

We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.

If you use source code found on github, it's going to be hard for the author to win a copyright lawsuit. This is a non-issue. They've basically allowed you to fork the code (with the implication that you're going to modify it). I don't see them in any way being able to recover punitive or even statutory damages.

The real danger with github, as with all open source, is ensuring that the project's owner hasn't stolen proprietary code from somewhere else. Imagine if Linus had grabbed some files from Unix, then IBM would have been in a lot more difficulty during the SCO case. Fortunately the only things Linus copied were semicolons and braces.

But if you use someone's code through an open source project, you can be liable, even if you got the code under the GPL or BSD license, because the project's owner didn't have the right to give you that code.

Re:Terms of github

[PPH]

Yep. Good points.

It sounds like the original poster comes from that school of thought that expects every hosting service or ISP to defend property rights on behalf of the owners. That's not GitHub or Megaupload's job. The world would be different if the RIAA had sued Postel and Reynolds for writing RFC 959 (FTP) for not incorporating DRM.

Re:Terms of github

[Kjella]

If you use source code found on github, it's going to be hard for the author to win a copyright lawsuit. This is a non-issue. They've basically allowed you to fork the code (with the implication that you're going to modify it). I don't see them in any way being able to recover punitive or even statutory damages.

So under what license do you have the code, if it doesn't have one? Are you're going to claim that this CYA sentence in the terms of service that GitHub have put there to avoid being sued for handing out "unlicensed" copies to people is the same as the author putting the code in the public domain? I think you'd get laughed out of court with that defense. For sure it protects GitHub distributing the code, it probably protects you cloning the repository but you for sure hasn't been granted any "exclusive rights" like modification, distribution or even compiling it - since the binary is clearly a derived work of the source code. To use a car analogy, it's like you let a stranger use your parking space. It's now on your property, but it's still their car and without any further permission you can do roughly nothing with it.

Re:Terms of github

[phantomfive]

You've got it backwards. If you sue me for copyright infringement, you need to prove that I infringed, I don't need to prove that I didn't. So good luck proving that by forking and redistributing the code that you put on github, I've made unjust profits or caused you losses.

Re:Terms of github

You've got it backwards. If you sue me for copyright infringement, you need to prove that I infringed, I don't need to prove that I didn't. So good luck proving that by forking and redistributing the code that you put on github, I've made unjust profits or caused you losses.

Presumably there won't be any dispute about the fact that you made a copy of the code. In the absence of legal permission to do so this is automatically infringement. A judge might well conclude that by putting it in public on Github that the original author implicitly permitted the public to copy it.

However judges (at least in England) are very wary about writing missing contractual (or license) terms that the parties involved 'probably' would have wanted to write, particularly when it is clear the parties involved never even considered the matter. It would be very risky to assume that just because you probably have implicit permission to view (and perhaps make your own copy of) the code, that you also have permission to create and redistribute derived works.

Re:Terms of github

[nadaou]

Just because you publish and given away a copy of a work does not mean you have released any claim to copyright on it. This is not trademark law where protect it or lose it applies.

Try reading some of the many fine primers available at the SFLC. http://www.softwarefreedom.org/

Re:Terms of github

Your reading comprehension is weak. "...agree to allow others to view and fork your repositories" does not transfer redistribution, copyright, or patent rights in any way.

Re:Terms of github

Well, it does allow redistribution, as long as the redistribution occurs by forking git repositories.

People misunderstanding the point of Github?

[flimflammer]

I think so!

The public repository option for uploading makes no mention that you need to supply the code with a copyleft/copyright free license, just that the code is publicly listed and browsable. Why are people assuming that everyone is supposed to?

Are people confusing open source (publicly browsable source) from Open Source (the movement)?

Re:People misunderstanding the point of Github?

Well, I guess a lot of people would assume that when there is a public git repository you'd be allowed to do such basic stuff like compiling the code and fixing bugs.
A responsible hoster should display a big fat warning to the users when looking at it really is the only thing they are allowed to do.

Not only a problem with Github

[SwashbucklingCowboy]

Lots of so called open source projects either don't provide a license or provide conflicting license information. For example, we recently looked at a project where the web site says it's MIT, but the code says it's public domain.

Re:Not only a problem with Github

[dbc]

And some that you would expect to be clueful are surprisingly not, or are at least very sloppy. I recently was studying an example in the Pyside code base. Pyside, a major project, from Qt, owned by Digia, formerly owned by Nokia. People you would expect to be clueful. I looked quite diligently for license information. I found in a directory some levels up from the code I was studying a one sentence "licensed under GPLv2". Okaaaaaay....., how about since each example is a stand-alone program in a stand-alone build directory, let's say we put a license in each one? How about putting a bleeding copyright notice on each source file?????

Really, people, this isn't that hard. Stand-alone code with no notice of even copyright much less a license is not acceptable.

In a past life I managed a software product validation group for a rather biggish company. This kind of stuff was on the first page of the source release check list. This kind of stuff was a stop-ship bug, as in, your code is kicked off the RC master until you can demonstrate a linear arrangement of water fowl.

StackOverflow is even worse!

[zidium]

Every question, answer, and comment on the StackExchange websites (StackOverflow, ServerFault, et. al.) is automatically licensed on something very akin to the GPL (the Creative Commons Share Alike License); if you use code from those sites, your entire application's source will legally have to be released.

Just because no one is talking about that doesn't mean it isn't legit. Check it out: http://meta.stackoverflow.com/questions/25956/what-is-up-with-the-source-code-license-on-stack-overflow

Re:StackOverflow is even worse!

[Endophage]

I would suggest that most of the code on stackoverflow, while answering a question to which the answer probably wasn't easy to find, is often so trivial as to make any license terms realistically unenforceable. Not that it doesn't have that license, but good luck trying to enforce it.

Case in point, anything in this search: http://stackoverflow.com/questions/tagged/css

Re:StackOverflow is even worse!

[rasmusbr]

In order to have copyright you must first create a work. Most of the code examples that people post on those sites are so short and trivial that I doubt that very many of them (as published in isolation) would qualify as works in most jurisdictions. Even if you have a code example that is complex enough to qualify as a work you could still probably copy-paste a few lines from that work without breaching the copyright, especially if those lines are trivial or obvious or constitute best practice in the language.

Forking doesn't remove copyright

[perpenso]

We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.

If you use source code found on github, it's going to be hard for the author to win a copyright lawsuit. This is a non-issue. They've basically allowed you to fork the code (with the implication that you're going to modify it). I don't see them in any way being able to recover punitive or even statutory damages.

Forking doesn't remove copyright. All that seems to have been accomplished by forking is adding someone else's possibly copyrighted work to the original author's copyrighted work.

I Have A Number of GitHub Projects...

[ios+and+web+coder]

...and they are all GLP2. Thieves are gonna steal, no matter what, so my code out there is free for the taking. I use GPL, only because a couple of other FOSS repositories require it. I'd much rather use the "Take Me, You Gypsy Stallion" license, in which the code is 100% open and free for all. I don't like GPL, because it's a coercive license; every bit as shackled and enslaved as the code the FOSS folks like to dis. However, it doesn't hurt to use it, in my context.

If I don't want people to have my code, then I have a Perforce server that I run in my local network. I have a lot of stuff there, as well.

Re:I Have A Number of GitHub Projects...

[dbc]

I think you are looking for the BSD or MIT license.

Re:I Have A Number of GitHub Projects...

[ios+and+web+coder]

Yes, they are better licenses. However, in order to get my code onto some repos (like the Joomla site), it needs to be GPL.

Re:I Have A Number of GitHub Projects...

[dbc]

Then the Joomla folks need educating. Anyone can take any code with an MIT or modern BSD license and slap a GPL onto it any time they want. Adding MIT code to a GPL project is never a problem. AFATG, since you own the copyright, you could push to github with MIT (which accomplishes your "fire and forget" objective), and push to Joomla with GPL to keep them happy (assuming I understand you correctly that the Joomla gate-keepers require GPL.) You can put your code out under as many licenses as you want, since you hold the copyright.

Re:I Have A Number of GitHub Projects...

[ios+and+web+coder]

Yeah, but I'm too lazy to thread multiple licenses throughout my code. I use a "lego block" coding pattern, with lots of reused code. Just making it all GPL makes for a lot less agita.

If anyone wanted to use the code commercially, they could always contact me (there's lots of info in the project repos), and I could change the license for their copy.

Re:I Have A Number of GitHub Projects...

[dbc]

True enough. A lot of people overlook that option.

So if you have a lawyer

[kawabago]

You won't be able to use this competitive advantage if your company has lawyers on staff. A small startup will use the advantage because they don't have a lawyer who can forget to explain estoppel to them.

Re:So if you have a lawyer

It's a known fact that companies do misappropriate GPLed software. But I've talked with several companies who are moving or have already moved their repositories to Github and because private repositories aren't free, they're open-sourcing whatever code they can safely share. One of them was very succesful with the move and is seeing active adoption, much to the excitement of their shareholders as it gives them the impression of unpaid developers.

GitHub FUD ©

[dgharmon]

"promiscuous sharing w/out a license leads to software transmitted diseases".

Well, before you use the software, checkout the license ...

Original author loses nothing by forking ?

[perpenso]

Just so you know, in the terms-and-services you clicked on when you signed up for github, you actually gave permission to everyone in the world to download, view, and fork your stuff.

True. However the original copyright remains intact. Maybe you could add your copyright to code that you add. The original author doesn't seem to lose anything by forking. Well other than individuals may download and privately use, but not redistribute, the forked version rather than the original version.

Re:Original author loses nothing by forking ?

[phantomfive]

Well other than individuals may download and privately use, but not redistribute, the forked version rather than the original version.

It is unlikely that any court will interpret the terms of service to mean that you can fork it, but not allow others to fork a forked version. It's unlikely that any court would stop redistribution.

You can try filing a lawsuit, and good luck to you. I'd like to see that one play out in court.

Re:Original author loses nothing by forking ?

[perpenso]

Well other than individuals may download and privately use, but not redistribute, the forked version rather than the original version.

It is unlikely that any court will interpret the terms of service to mean that you can fork it, but not allow others to fork a forked version. It's unlikely that any court would stop redistribution.

Who said anything about not allowing the fork to be forked? By redistribution I mean something *other* than the source being available on github as part of the original author's hierarchy. Such *other* methods of distribution remain subject to the authors' wishes.

Re:Original author loses nothing by forking ?

[phantomfive]

Yes, but if you don't specify that your wishes are contrary, you will have trouble winning a court case based on non-specified wishes.

Re:Original author loses nothing by forking ?

[perpenso]

Yes, but if you don't specify that your wishes are contrary, you will have trouble winning a court case based on non-specified wishes.

I'm sorry but I'm not following. Your wishes being contrary do not change the original author's wishes. The original author's wishes move to the fork with his code. There could only be contrary wishes in the code that you contribute. People would be free to re-use source from you contributions if your allow but the original code remains off limits wrt re-use.

Re:Original author loses nothing by forking ?

[phantomfive]

The author's wishes don't matter. All that matters is what can be enforced in court (remember copyright is an artificial construct, the only way it matters is when the government enforces is through the courts).

The goal for the author should be to make his wishes known in a way that the courts will be willing to enforce the copyright. There are ways to do this, for example, you can submit your work to the library of congress.

Now, if you don't even include a license in your repository, and just throw it up there and allow it to be forked by anyone, under what law are you going to sue? You can maybe file a DMCA takedown notice, you can sue to stop future re-distribution, but it's unlikely the courts are going to give you damages for any distribution already done.

Personal use allowed ? Can share via github ref ?

[perpenso]

Since the original author is essentially publishing the code it would seem that an individual downloader would have the right to use the code on a personal basis. This individual would merely not be allowed to redistribute or otherwise share the code.

Of course if the individual wants to share the work with someone else they merely have to refer that person to the original author's github repository.

So if someone creates a useful a utility program, decides to license it in a non-FOSS manner, the author can still share it with any interested parties. If so that seems a pretty legit role for github.

Urheberrecht

[tepples]

For one, [the German counterpart to copyright is] an author's right. Not a publisher's right. The fundamental difference in philosophy that that entails, should be obvious.

The U.S. Constitution in theory espouses the same philosophy, as exclusive rights are secured "to authors and inventors".

And you can never ever sell your rights away. Ever.

How does Germany handle works made in the scope of employment?

You can act as if, but you can always go "Fuck you, cooww and shee-keeenn! Now you can't use it anymore!" if they are stupid enough to fall for it.

If an author signs a contract with another party granting an exclusive license to publish a given work, is that unenforceable?

And so you do not need to write *anything* below your works.

The U.S. hasn't required a notice since 1989 when the U.S implemented the Berne Convention, but it provides evidence that strengthens a copyright owner's case in court.

Re:Urheberrecht

If you do something on your employers time, you're doing it in his name. Same story.

Re:Urheberrecht

[kill-1]

You can act as if, but you can always go "Fuck you, cooww and shee-keeenn! Now you can't use it anymore!" if they are stupid enough to fall for it.

If an author signs a contract with another party granting an exclusive license to publish a given work, is that unenforceable?

Of course it's enforceable. The OP doesn't have a clue.

Re:Urheberrecht

[amorsen]

For a somewhat more accurate view, look at e.g. Intellectual property protection in Germany and the EU.

The GP must have looked at the origins of Germanic copyright legislation and decided that it both sounds sane and could be a good idea overall (except for the duration perhaps). Alas, like "Intellectual Property" in every other place, the scope gets larger and the results more similar to the rest of the world.

The original US copyright law also sounds like a sane and workable system, even though it was different from the origins of the Germanic copyright legislation. Yet today those completely different systems are almost indistinguishable in practice, at least when it comes to software -- except for the wording you use in contracts involving copyright.

Email the developer

[yesterdaystomorrow]

A lot of stuff on github is experimental, "quick and dirty" code. The amount of effort to, say, put GPL boilerplate in every file isn't large, but it isn't zero, either. So, *ask*. You send mail to me, volunteer to do this small job, I'll probably give you commit access to the repo.

Not that I care anymore

Honestly Copyright is so broken it's disgusting, so screw everyone, I'm using it all and passing it off as my own. Good luck decompiling my stuff and finding your code in there.

Copyright when it comes to code is complete BS. I dont recognize any of it, but I give credit when you offer it up for free, I'll violently steal it when you act like a jerk and say "all rights reserved"

Sensationalist Article

Lets take a look at some projects I'd actually use:

https://github.com/visionmedia/express [MIT]
https://github.com/jashkenas/coffee-script/blob/master/LICENSE [MIT]
https://github.com/LearnBoost/mongoose [MIT]
https://github.com/bnoguchi/mongoose-auth [MIT]

I didn't cherry pick these. I just went through every project that came to mind.

Think github code is safe to use? Yes. If it's a module and it's authors have bothered to package it for gem, npm, pip, whatever they've probably chosen a liberal license (MIT, LGPL, BSD) license because the god damn point is to share the code and include it in projects.

Three quarters of the code on github are probably random local repositories for code that was never meant to be shared. Just folks that needed a remote hosting solution. Confounding that class of code with the plugins, modules, frameworks that people actually use and by their very nature, demand liberal licensing - most developers are familiar with the licensing issue and won't use your module otherwise - is downright naive and/or misleading.

Re:Why post it on GitHub? Prior art!

You cannot patent an invention if someone else published it first

Half is a bad estimate

[bigstumpy]

I have a bunch of projects on github and I'm too lazy to license many of them. If anyone ever emailed me wanting to use them I'd throw up a BSD3 license. I bet a lot of projects on github are lazy or simply don't know how to license a project, but would be happy to give permission to use the code.

Ignorance is no excuse

[hydrofix]

No, using GitHub is not dangerous. But reusing code from the Internet without investigating its licensing status is. Then again, the same goes for anything that you find online, and they teach kids at school these days what you can and can't re-use. Your ignorance will not protect you.

AC

Let's see... I've got bitbucket and github accounts. They're a bit intentionally split depending on who I work for, and the bulk with the current job is on github, without license. Given at the current one there is boss who does not understand copyright at all -- and hopefully some day she's going to get annihilated for it, having issued instructions to violate it over email on more than one occassion. Not explicitly of course -- just issuing her opinion that copyright doesn't apply to this task. Or to use continue using GPL for new commercial purposes because purchasing libraries is not in the budget. Sucks to be me. Will suck to be her even more some day. Thank you emails exported on a thumb drive and taken home immediately.

In the meantime, she thinks that anything I publish at the site she knows about is all stuff she's signed on and no work happens by contract for anyone else. Anything published on that site is definitely signed on. And is definitely not listed with a license. And is definitely linked against or using GPL libraries so there's a nice very public record.

Clearly she owns me on all related works and projects, including personal work I've been courteous enough to import into their system under my BSD clause.

Oh wait... their entire source tree is contaminated and has been for the past four years. Well, I had my advice -- and I still need to get paid.

On these sites I have....

* "All rights reserved" -- explicitly.
* 3 clause BSD -- most of my "own"
* GPL -- some web modules done while paid by others.
* Unlicensed whatsoever (All right reserved implicitly) -- presentations written for others, delivered as part of a job. Which basically was may way of making sure if someone wanted to use it, they had to contact me -- so I'd know who they were, that it was credible, and find other people doing similar things.

There's also SVN repositories at two other places, one of which probably should be migrated to git for convenience.

lawyers

lets sue those people!

GitHub Terms of Service

"We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories."

Re:GitHub Terms of Service

[kthreadd]

I guess that means that anyone can create a fork, but isn't necessarily allowed to modify and redistribute that fork.

Re:GitHub Terms of Service

[dbc]

Ohhh NooooEeeesses!! This is exactly like getting a tar.gz of the source!!!!! $DEITY save us all!!!

It is the best of the available options...

Looked at sourceforge, freshmeat/freecode and github...

and github was the easiest for hosting my LPC http://lpc.opengameart.org/ entry.

Know of a better one that will also allow you to host your HTML5/javascript webpage for free?

 

Why not?

[Arancaytar]

A private repo costs money. Hosting elsewhere costs more.

Maybe saving on hosting outweighs the downside of their code being public.

Re:"All rights reserved" doesn't mean what you thi

EPIC. FAIL.

If you don't know how it works you REALLY should refrain from commenting. Seriously. (But then, you're what I've actually, sadly, come to expect from /.)

All Rights Reserved means you claim ALL of the Copyright Rights on a given work. This means publication, derivative works, etc.

The only way to use that code is to use it by License. And...you clearly don't grok contracts, etc.- a license CAN'T be revoked just by what you claim. "All Rights Reserved" is staking a claim on the Copyright on a protected work. A License, depending on it's verbiage can be revokable or not depending on numerous differing things.

For example:

If you don't give the source code out to recipients of a derivative work from a GPL-ed protected work, your'e in violation of the License and are guilty of an act of Infringement. Nothing in any of the aforementioned statement or the license changes whatsoever on seeing "All Rights Reserved" in the codebase. NOTHING. Comply with the terms of the license and you are licensed in perpetuity- and it's still appropriate to say "All Rights Reserved" because it shows up in GPL-ed, BSD-ed, etc. stuff.

picking a license is too hard?

[kiddygrinder]

so just make it default copyrighted or default bsd and have done with it.

JavaScript is even worse

[yuhong]

I'm pretty sure the majority of JavaScript are posted without a license.

Just ask!

[netvaibhav]

If a project on Github doesn't mention its license, and you'd want to use that code, just ask the developer!

"All Rights Reserved." Is a meaningless phrase

[imp]

The phrase "All Rights Reserved" is a totally meaningless phrase. It used to be required to retain certain rights in central american countries. It was created by the Buenos Ares convention, and once everybody in central and south america adopted the Berne convention, the phrase no longer had any recognized legal meaning.

It has falsely been asserted that the phrase "All Rights Reserved" makes the Berkeley Copyright statement non-free. This is false because the copyright notices from the Berkeley Unix code base date to a time when the phrase had meaning.

It's only use today is due to inertia.

In short, this article is quite sensational in its ignorance.

Citation: common fucking sense

Consider a cookbook. You do not own the copyright to that chocolate chip cookie recipe on page 42. Nor do you have a license to publish your own cookbook that includes the recipe, modified or not.

You are however allowed to bake the recipe. You're also allowed to modify the recipe for your own use. The cookbook author does not need to grant you a special license for this; it's implied.

Baking cookies or compiling programs, the same principle applies.

Re:Citation: common fucking sense

[icebraining]

Sigh. I'm not talking about it being illegal to compile the program. I'm talking about it being illegal to download it. And it's kinda hard to compile sources without first copying them to your machine.

To use your analogy, I'm not saying that baking cookies is illegal; I'm saying that if the cookbook is on this library called "Github", it's illegal for you to photocopy it in order to bake cookies in your home.

Re:Citation: common fucking sense

It's funny you should say that. As far as I'm aware, you cannot have copyright on a recipe in my country (Netherlands), because it is not creative enough. However, a particular compilation of recipes and the pictures accompanying the recipe can be copyrighted.

Re:Citation: common fucking sense

Nope, you're still wrong. From GitHub's TOS:

by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.

Last I checked, forking involves copying files.

Re:Citation: common fucking sense

[icebraining]

Maybe; it's not clear whether you agree to allow forks to other machines or just "Github forks". I wouldn't depend on that ToS as a license.

Re:Citation: common fucking sense

Oh, please. Whenever you browse a GitHub repo, not one but three URIs are prominently displayed in the center of your screen. Those URIs are intended for copy/pasting into a git client for local cloning. They are completely unnecessary for making a "GitHub fork". See also GitHub's documentation on forking a repo.

And right next to these URIs on every repo, what's this? Why, it's a button to download the source as an archive! It's almost like the entire concept of GitHub involved explicitly allowing anyone to download/compile/play with source code published to public repos!

TL;DR: The license to fork a repo, by any reasonable interpretation, does not place a limit on which machine the fork resides.

You're sounding much less like someone who's actually worked with open source software and much more like someone who will fight to the pedantic bitter end to deny the facts that have been spelled out for them.

Makes sense

[Pf0tzenpfritz]

Makes sense, supposed your coding style is rather... /** BUY CHEAP PENIS REPLICA */ ...marketing-oriented.

People need to check the license anyway

I don't see the problem, unless github has made some pledge to only host code that conforms to certain license principles.

Even if there was a requirement that all code must be OSS, there is the possibility that a potential non-personal user cannot use the code. For example, it could be that he wants to link together pieces of software with conflicting licenses, or perhaps more probable that the license require more than what he can put up with. For example, not everyone was always comfortable with GPLv3. Not everyone is comfortable with GPL due to the copyleft requirements.

To take code into your project without even checking the license would be extremely ignorant. Regarding personal use, if somebody put their own code on github, they are hardly in a very good position to sue people for personal use. Also, I don't think it's very likely scenario; I doubt that you will ever see Microsoft post the Windows 8 source code on github and then start suing people for piracy.

Kind of agree with the people just posting

[fa2k]

If you're going to use a BSD-like licence, it isn't a long step to go public domain instead. Many people (including me in the past) probably don't want to deal with the legal stuff at all, and just want to share the code. It's more difficult for the users of the code, but that's not my problem. Amateurs can use the code privately (there's an implied licence, not in the law but by convention, that when you click some link you have the right to view it).

Music Analogy is a Good One

[neoshroom]

"But if you're not going to give anyone permission to use your code, why post it on GitHub in the first place?"

You can use someone else's code in two perfectly legal ways in this scenario. First, you could copy it and alter it to the point it no longer bears enough resemblance to the original to cause any trouble, even though it still works great. Second, you could simply study it and learn how it works and then start from scratch yourself.

By analogy, this would be like like Green Day copying Chicago copying Led Zeppelin.

Pure hype

From TFA:

"A casual survey of the projects on GitHub by a specialized analyst revealed that as many as half include no easily identifiable copyright licensing information."

Non-scientific survey by an anonymous person (are you serious?) says "as many as half" of all GitHub projects lacking "easily identifiable copyright licensing information", which, according to some anonymous legal opinion (WTF?), means "half of projects" are "all rights reserved", which is then turned into the headline of this piece, "Half og GitHub code unsafe to use" (because half of projects equals half of code, right?).