Ask Slashdot: What To Do With Shelved OSS Project Fixes?

New submitter superwiz writes: A company for which I worked for recently had a project which required debugging a few abandoned OSS projects. 2 of the projects ended up not being used in the company products even though bugs were found and resolved in them. This puts me in a legal limbo. Since the company paid for my time to work out those bugs, they own the copyright. I can't release them. But since they shelved the projects in which the OSS code was to be used, they don't have to release the code to the public. It would be pretty simple to identify me as the person who made the changes even if I were to release the code anonymously because these changes were committed to my former employer's private repository. Should I just forget it? I don't like the idea of information loss, especially given how much benefit that company already derives from other OSS projects. But I also don't want to release the code which I don't own. Has anyone been in this situation before? How did you handle it (other than just 'forget about it')?

Easiest answer

[Mhrmnhrm]

Just ask your company. Even though they've decided not to continue using and improving that particular project, they gain nothing by withholding the fixes, but could gain developer goodwill (useful in future endeavors) and positive PR (always nice to have) by allowing the patches to at least be submitted upstream, even if they're not ultimately merged.

Re:Easiest answer

[Meadlin]

Agreed. Most of the time companies will allow the release of OSS changes as long as not core intellectual property is released. As long as you don't post the fix without consent (GET IT IN WRITING!!) you're fine. If they don't allow the release, well, you have to remember, you were paid for the work, so it's their choice..

Re:Easiest answer

[aardvarkjoe]

Well, so you're not willing to go the legal route for getting the code released. You said you don't want to release the code that you don't own, so that cuts off the illegal route. And you also don't want to forget about it. So I guess you took the only thing you have left: post on Slashdot, but don't do anything about it.

Re:Easiest answer

[ShanghaiBill]

It's a former employer (I think I mentioned that in the question).

That doesn't matter. An email is good enough. If it goes through a "standard" email provider (Gmail, Yahoo, Hotmail, whatever) then it is a lot harder to forge and back-date an email than a formal written letter, and it will thus carry greater weight in court.

You: Can I release blah blah?
Them: Sure, go ahead.
That is ALL you need.

could you..

Could you re-write the fixes?

Say you get together a list of the bugs and re-code the solution on your own time, releasing that? Otherwise you would need to convince your employer to release them on their own. Maybe as a good will sort of thing to improve a future endeavor..

Releasing the fixes won't make it less abandoned

I'm assuming the project hasn't been updated for several years for it to be in "abandoned" status.

Honestly, why do you think your fixes would ever go anywhere and be incorporated into the project? Projects look like code, but in reality consist of people. Without the people, why does it even matter?

If there's a community of people who still use the code, describe your bug fixes to those people and they can fix them independently of you. If there isn't even this, then who exactly is going to benefit from your fixes?

Re: Have you tried asking them?

[BarbaraHudson]

The summary says they haven't done any distribution, so they have no requirement to release the source.

since they shelved the projects in which the OSS code was to be used, they don't have to release the code to the public.

Also, it's impossible to "abuse" BSD-licensed code. The license literally says do whatever you want with it, including selling it, with no need to release source ever. Microsoft has just followed the license.