Open Source Licensing Debate Has Positive Effect On GitHub

New submitter Lemeowski writes "Critics have been pounding GitHub recently, claiming it is hosting tons of code with no explicit software license. The debate was thrust into the limelight last year when James Governor of RedMonk issued an acclaimed tweet about young developers being 'about POSS — post open source software,' meaning they disliked or avoided licensing and governance. Red Hat's IP attorney Richard Fontana explores the complaint saying there is a positive aspect of the POSS and GitHub phenomenon: Developers are, for the first time in the history of free software, helping inform each other about licensing and aiding in the selection process. The result is that it's becoming easier to suggest legal improvements to GitHub-hosted repositories."

It's a natural progression

[Marble68]

Coding is a communal and collaborative effort for the most part, as almost all people reach out for help and give it when asked.

That "legal licensing" would be treated any different than any other API by the tech community shouldn't be surprising, IMHO.

Public Domain should be the default

[mveloso]

This should be the default github license:

http://cr.yp.to/publicdomain.html

If you don't care enough to specify a license, you should abandon your copyrights to it.

Re:Public Domain should be the default

[Desler]

It can't be since "public domain" doesn't even exist in many countries.

Re:Public Domain should be the default

[WarJolt]

That takes effort. It's easier to slap bsd on it. Plus you'll get credit in the documentation if its used in proprietary apps..

Re:Public Domain should be the default

[Desler]

It's also a violation of the Bern Convention. Github cannot legally strip a work of its copyright status just because a license wasn't chosen by the developer. In the countries with public domain it has to be explicitly declared as such by the author.

Re:Public Domain should be the default

[rtfa-troll]

Git Hub is based in the USA where public domain dedications are well established (see the link in the post you are replying to) so it is very likely that source distributed by Git Hub can be in the public domian. If you are really paranoid you can use the CC0 to dedicate to the public domain or achieve as near as possible an effect.

Re:Public Domain should be the default

[Antique+Geekmeister]

GPLv3 has considerably better patent protections. The Apache 2.0 license eliminates all your copyright permissions to use Apache 2.0 licensed software if you file a patent lawsuit against anyone for any of your Apache 2.0 licensed software, even if the lawsuit of the target is not participating in or is in clear violation of the Apache 2.0 license. The GPL license, especially GPLv3, makes the patent protections much more clear. It allws lawsuits against parties who are in violation of the relevant GPL.

Re:Public Domain should be the default

[Desler]

A click through ToS would never be upheld. That's before you get to the fact that the person agreeing to the ToS might not even hold copyright to the code and would have no legal right to even make the agreement. There's no way it would hold up in court.

Can't avoid it

[Todd+Knarr]

The issue with licensing is that you can't avoid it when dealing with copyrighted works. If you don't deal with licensing explicitly, then there is no license and the code can't safely even be looked at. The rule when it comes to defending against a charge of copyright infringement is that if you've had access to it and similarity exists it's on you to prove you didn't copy it. That's why agents and publishers have their secretaries/assistants return unsolicited manuscripts unopened, so that if they publish something similar to that story later they can show that they didn't ever have access to it and couldn't've copied it. For a hobbyist it's not much of an issue but as a professional I need to be certain what the rules are for anything that could possibly make it's way into my work, so I can make sure that either I'm following the right rules or that it doesn't make it's way into my work. If you don't tell me what your rules are, I have to assume they're the ones laid down by copyright law (ie. no rights beyond fair use) which means I need to avoid it like the plague.

Re:Can't avoid it

[Xtifr]

Actually, my email was in the code.

One of the most common sources of the not-able-to-contact-the-author problem. I can't tell you how many times I've had emails to the address-of-record bounce, when trying to send in a patch to some little utility that I happen to like.

a lawyer called asking politely if they could use the code

Just as I expected. Some poor developer who wants to use your code is either A) going to have to get lawyers involved somehow, or B) take foolish risks. For many developers, option A is going to be seriously unappealing. Lawyers cost money. Even if your company has lawyers on retainer, getting them involved may affect your department budget. As for choice B, well, my choice of adjectives should make clear my opinion of that option. :)

Not making a big deal of things that are not a big deal is a good way to proceed.

I'm not quite sure how slapping a BSD/MIT or GPL statement on your code is a "big deal". Heck, I split up the licenses for a recent project, with an internal library using BSD, and the main app under the GPL, which was a lot more work than putting the whole thing under a single license. I may have spent a whole five minutes on it. Oh, what a big deal that was! :)

Maybe I just have a tidy mind*, but I prefer to simply license my crap** up front, rather than try to wait for the lawyers to contact me. I'm not generally fond of lawyers or dealing with the law, and taking the few seconds it normally requires to attach a license to my code helps me avoid that. But whatever floats your boat, I guess.

* Although some evidence would strongly suggest otherwise.
** The word crap may be a reasonable assessment of most of what I've actually released to the public, but that's another matter. :)

Re:Was just thinking about this

[amorsen]

2 clause BSD. If you don't care about licensing, that is the license you should use. It is proven in the field and most other open source/free software licenses are compatible with it. It is pretty much as close to public domain you can get while still keeping your name on the source code and avoiding problems with implied warranties.

First time?

[Bogtha]

Developers are, for the first time in the history of free software, helping inform each other about licensing and aiding in the selection process

Huh? In the 17-odd years I've been using Free Software, I've never known there not to be an ongoing public discussion amongst developers about licensing.

Re:First time?

[HeckRuler]

Yeah, I can't believe anyone even tangentially involved in software even thought of making that statement. That it's an IP lawyer... from REDHAT... that's just plain embarrassing.

POSS - Young, Hip and k3wl?

[sl4shd0rk]

Until someone pastes all of your Github into their complier, makes some edits and uploads to an app repo to make $10k/year on a .99 app you wrote. Yeah, that kind of sucks. Especially when your boss asks where you happened to store all of that code you've been writing for project XYZ the past year.

Don't get me wrong, Open Source is awesome (FOSS , POSS, et al) and there are far too many lawsuits about copyrights/patents these days but understand that without GPL or it's ilk, you basically have no recourse should someone use your code. Also, it's feasible that someone could take your code and claim *you* stole it from them.

Is tacking on the GPL(or equivalent) to your source code really that problematic?

Re:POSS - Young, Hip and k3wl?

[VortexCortex]

you basically have no recourse should someone use your code. Also, it's feasible that someone could take your code and claim *you* stole it from them.

If you want to share your code, what do you care what it's used for? And if you have it up on GIT, the proof is in the logs that you created it. They'll have a hard time proving otherwise. Either way, this is an issue no matter which license you use.

Indeed, even with proprietary code it's easy to swap a few resources and re-sign, re-upload the application or game. I was involved in a copyright dispute years ago where a tangential member of the dev group who wasn't contributing much of anything pitched the prototype to publishers without the group's knowledge. Eventually we were sued for using our own code because the jerk claimed we stole their ideas -- We did not, we explicitly removed every feature even suggested by the fool after they departed just in case... but it still didn't help. Not having the money to proceed in court we settled and had to agree to delete the work we had done and not "cause irreparable harm" by naming the publisher publicly. Basically a forced NDA forever. The game never even saw the light of day after that.

I nearly swore off programming, games, and collaboration altogether after that. Things have changed slightly, professional copyright infringement is still rampant; However, now publishers rarely accept projects with from-scratch engines -- they want you to license an existing one. On the development front we now go with AGPL explicitly, and for assets, CC-BY, but we don't publish publicly. This means no one can just take their ball and go home, if anyone leaves everyone can freely use the code and assets to continue the project. Publishers know not to tangle with GPL'd works, and AGPL is toxic to the proprietary vendors. The build script includes the AGPL compliance in the server code, clients can request the source data from within the application, indeed the scripting system operates this way by design for client-side prediction.

However, if we make it to completion then we have the option to dual license the code and assets for use by the business entity under BSD and CC-BY-NC, or purely proprietary licenses which allow closed source distribution. A proprietary version can exclude the sources and even send compiled bytecode instead of game scripts. At any time after release any member of the team can publish the code and assets as AGPL, so we don't have to worry about some entity purchasing the rights to the product and preventing its source from becoming open. Not that I don't trust my collaborators, I do. However, by using the Free and Open Source and Creative Commons licenses we don't have to live with the threat of destroying our project completely. Some would call it the "FLOSS poison pill" approach, or "proprietary scorched earth", but instead it's really "Mutually Assured Existence".

So, FLOSS licenses can even play well with proprietary projects if you know you want to publish source down the road at some point. I believe in opening the sources of all software, but the issue of cheating in online games is a deep one that sadly can be mitigated somewhat by closing the sources... If only one bad apple didn't spoil the bunch.

A license is what separates us from chimps !!!

[martiniturbide]

I think a license it is important. How are you going to contribute code without knowing the conditions. Maybe today the original author is a hipster that like to share, but maybe tomorrow he will change his mind. Is it going to close the source on the future?, is it going to take all other commits for his own personal gain? Is it going to sue you for changing his code?

A license in the source code reduce the risk of being trolled, sue or blackmailed in the future.

Even if it is public domain, the author need to specify it, otherwise it can back-slap you.

It really shouldn't be

[Artraze]

Your link indicates that (among other things):
1) Copyright abandonment is really only recognized in the Ninth Circuit, and remains unknown elsewhere
2) Releasing into the public domain provides no liability protection to the author
3) Copyright abandonment requires a formal, explicit statement

If you have to provide something that is nearly indistinguishable from a license, why not just provide a well established license that can not only remove all uncertainty and provide explicit terms disavowing all use of the software?

Something like the MIT License or Simplified BSD License is well established, takes only a minute to read, and achieves all the major goals of releasing into the public domain while avoiding many of the pitfalls. This whole POSS thing is ridiculous and seems to be driven by some combination of intellectual laziness, deliberate ignorance, and a desire to 'stick it to the man'. And as usual with rebellious ignorance, a whole lot of unnecessary crap occurs while 'the man' remains un-stuck-to and nothing changes.

Re:Was just thinking about this

[Immerman]

Be careful - IIRC the "BSD with attribution" is incompatible with the GPL, which still seems to be the most effective general purpose "getting stuff done" license (all due respect to the contributors of Apache products and the like). If that matters to you of course - no shame in demanding that your name stay attached to your creations.

Re:I thought POSS = Piece of **** Software

[Immerman]

Well yeah - you can't use legally use it for any purpose whatsoever. What would you call it?

Re:This is a legal mistake on GitHub's part

[pavon]

Code on GitHub is no different from comments on slashdot or images on Flicker any other website in that regard. All the posts are covered by copyright, which is held by the original poster. All the sites have TOS which state that the poster gives the site permission to reproduce the content. Furthermore, even if the user didn't read the TOS, they intentionally made the posts knowing full well it would be republished (that is the entire reason for posting on any of those sites), so they have already given implied consent.

Where the difference comes into play is making it clear what third parties can do with the content. Flicker gets this right by assuming all rights reserved unless otherwise specified, while up to now GitHub has been putting their heads in the sand. This is a disservice to all their users as it makes the site far less usefull, but it isn't really a legal liability for GitHub itself.