Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What To Do With Shelved OSS Project Fixes?

Posted by timothy on from the why-not-ask-your-old-boss? dept.

New submitter superwiz writes: A company for which I worked for recently had a project which required debugging a few abandoned OSS projects. 2 of the projects ended up not being used in the company products even though bugs were found and resolved in them. This puts me in a legal limbo. Since the company paid for my time to work out those bugs, they own the copyright. I can't release them. But since they shelved the projects in which the OSS code was to be used, they don't have to release the code to the public. It would be pretty simple to identify me as the person who made the changes even if I were to release the code anonymously because these changes were committed to my former employer's private repository. Should I just forget it? I don't like the idea of information loss, especially given how much benefit that company already derives from other OSS projects. But I also don't want to release the code which I don't own. Has anyone been in this situation before? How did you handle it (other than just 'forget about it')?

27 of 122 comments (clear)

  1. Easiest answer by Mhrmnhrm · · Score: 5, Insightful

    Just ask your company. Even though they've decided not to continue using and improving that particular project, they gain nothing by withholding the fixes, but could gain developer goodwill (useful in future endeavors) and positive PR (always nice to have) by allowing the patches to at least be submitted upstream, even if they're not ultimately merged.

    --
    I suspect that one of these choices is incorrect. Correct.
    1. Re:Easiest answer by Meadlin · · Score: 5, Insightful

      Agreed. Most of the time companies will allow the release of OSS changes as long as not core intellectual property is released. As long as you don't post the fix without consent (GET IT IN WRITING!!) you're fine. If they don't allow the release, well, you have to remember, you were paid for the work, so it's their choice..

    2. Re:Easiest answer by rl117 · · Score: 4, Interesting

      This. I've worked at various businesses, from a small family run one, to a big megacorp. At both ends of the scale, the management have been totally OK with me submitting code to open source projects, despite it not being a core part of the business but using open source code for various parts of our work. They have often even allocated time to do the work, and when necessary signed off on copyright assignment when required. And in the case of abandoned projects where the company no longer sees any commercial value, it should be even easier, especially when the work was already done and is just sitting around. It sounds like they are familiar with open source stuff, given that you were working on it as part of the project, so it really can't hurt to ask if it's OK to contribute back those changes. Chances are they'll say yes, and if not at least you tried.

    3. Re:Easiest answer by AuMatar · · Score: 2

      No it wouldn't. It would mean an email that says go ahead. Saving that would be sufficient. If you're worried beyond that, why the fuck are you working for those people?

      --
      I still have more fans than freaks. WTF is wrong with you people?
    4. Re:Easiest answer by aardvarkjoe · · Score: 4, Insightful

      Well, so you're not willing to go the legal route for getting the code released. You said you don't want to release the code that you don't own, so that cuts off the illegal route. And you also don't want to forget about it. So I guess you took the only thing you have left: post on Slashdot, but don't do anything about it.

      --

      How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
    5. Re:Easiest answer by Anonymous Coward · · Score: 3, Interesting

      The code you wrote is their property, but the fact that there is a bug is not. Pseudocode outlining a fix would also constitute new work. IF they stonewall, you can report the bug(s) later, anonymously, with a solution approach. Better than nothing, and not illegal.

    6. Re:Easiest answer by ShanghaiBill · · Score: 4, Insightful

      It's a former employer (I think I mentioned that in the question).

      That doesn't matter. An email is good enough. If it goes through a "standard" email provider (Gmail, Yahoo, Hotmail, whatever) then it is a lot harder to forge and back-date an email than a formal written letter, and it will thus carry greater weight in court.

      You: Can I release blah blah?
      Them: Sure, go ahead.
      That is ALL you need.

    7. Re: Easiest answer by WarJolt · · Score: 5, Funny

      Just tell me the bug, so I can fix it and we can close this story. Someone else fixing a bug is considered original work. Plus I'm probably a better coder and my fix will be awesome.

  2. Request Permission by corychristison · · Score: 4, Interesting

    Have you simply talked to your employer about it?

    Not all businesses, or at least the management, are blood-sucking, money hungry, assholes.

    Perhaps work out a deal where you do some pro-bono on the next project in exchange for the right to release the code? I mean, if the benefits of releasing it is that beneficial to the community, surely you can suck up a some unpaid time in exchange for its release...

    1. Re:Request Permission by castionsosa · · Score: 2

      It might just be good PR for the company anyway, especially if the fixes are significant. What does the company gain by not releasing the fixes? If it isn't released, it might wind up a dead-end fork being worth zero value to the company, while merging all changes results in not just the fixes from the OP, but other people's contributions as well, making for a better product for all involved.

    2. Re:Request Permission by superwiz · · Score: 2

      I would characterize my former boss as mercurial rather than "an asshole". Without some legal framework which indemnifies me, I would not rely on him not changing his mind down the line. And I am not crazy about paying for lawyers just to submit patches to projects I already had to fix which were abandoned by their original authors.

      --
      Any guest worker system is indistinguishable from indentured servitude.
    3. Re:Request Permission by Harlequin80 · · Score: 2

      Just get him to email you the ok. Seriously things don't need to be triple signed and witnessed in blood.

  3. Ask your boss by lakeland · · Score: 2

    Depending on whether your company is more lead by legal or marketing they'll either decide to release the changes for good PR, or to shelve them in case the changes have some sort of issue. You should be able to get a pretty clear steer on which way your company operates from your immediate manager.

    It's worth knowing, because companies so scared of legal issues that they won't contribute to the commons are sad places to work.

  4. could you.. by Anonymous Coward · · Score: 3, Insightful

    Could you re-write the fixes?

    Say you get together a list of the bugs and re-code the solution on your own time, releasing that? Otherwise you would need to convince your employer to release them on their own. Maybe as a good will sort of thing to improve a future endeavor..

    1. Re:could you.. by Oligonicella · · Score: 2

      Then stop fretting, ask and be done with it one way or another. Get an email from their system or a letter on their letterhead saying you can and do it. If you're too paranoid for that, drop it - there's no golden bullet.

  5. Releasing the fixes won't make it less abandoned by Anonymous Coward · · Score: 5, Insightful

    I'm assuming the project hasn't been updated for several years for it to be in "abandoned" status.

    Honestly, why do you think your fixes would ever go anywhere and be incorporated into the project? Projects look like code, but in reality consist of people. Without the people, why does it even matter?

    If there's a community of people who still use the code, describe your bug fixes to those people and they can fix them independently of you. If there isn't even this, then who exactly is going to benefit from your fixes?

  6. Company owned OSS projects .. by tetraverse · · Score: 2

    "A company for which I worked for recently had a project which required debugging a few abandoned OSS projects .. Since the company paid for my time to work out those bugs, they own the copyright. I can't release them."

    Ask the company to release the source code under the GPL license.

  7. Go rogue by Doub · · Score: 2

    Publish the fixes. If they come after you, unleash the Streisand effect on them. Worst case you become an underground hacker/terrorist. Wouldn't that be exciting?

  8. Don't need to pay a lawyer: by dwheeler · · Score: 2

    There's no need for a formal legal letter developed by a lawyer. This is straightforward. Send an email to your boss and say, "May I please release these code improvements to this open source software under their respective licenses?" If he says yes, then keep the email - and perhaps better, post it publicly somewhere. Your boss can change his mind, but that doesn't change anything. If you buy a car, and a year later say "hey, I've changed my mind", you don't suddenly get your money back. As long as there's no initial deceptions, or something illegal about an agreement, then agreements stay that way. If he says no, well, that's that. Sometimes organizations to silly things, but it's their legal right to do silly things. Caveat: I'm not a lawyer. But I don't see why this needs to be complicated.

    --
    - David A. Wheeler (see my Secure Programming HOWTO)
  9. You should have sent the fixes when you made them by darthsilun · · Score: 2

    It's obviously too late now, but I'd have sent the fixes upstream when I first wrote them – before the product was cancelled. If everyone believed the product was going to go, they couldn't really have argued against doing that. After all, why sit on fixes? Bits on a hard drive don't get better with age. Send them upstream as soon as you've written them. So what if they're not beautiful. The worst thing that might have happened is you'd have gotten feedback with suggestions for making them even better.

    Other than that, if you're not willing to ask for permission now, or they say no, then I think now you have to do what others have suggested, i.e. black box it. Get a friend, tell him or her what needs fixed, have them submit their fix. Once their patches are submitted upstream I would think it'd even be okay to comment on their fix.

  10. Re: Have you tried asking them? by BarbaraHudson · · Score: 4, Insightful

    The summary says they haven't done any distribution, so they have no requirement to release the source.

    since they shelved the projects in which the OSS code was to be used, they don't have to release the code to the public.

    Also, it's impossible to "abuse" BSD-licensed code. The license literally says do whatever you want with it, including selling it, with no need to release source ever. Microsoft has just followed the license.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  11. Re:Releasing the fixes won't make it less abandone by superwiz · · Score: 2

    I'm assuming the project hasn't been updated for several years for it to be in "abandoned" status.

    I could fork them on github and the fork could be picked up by some distributions. On my last check, there were no public forks which would contain these fixes.

    describe your bug fixes to those people and they can fix them independently of you

    This seems like a solution which would work.

    --
    Any guest worker system is indistinguishable from indentured servitude.
  12. Re:A few options by Harlequin80 · · Score: 3, Informative

    Ok. I've read a couple of your posts now. I have no idea what you think copyright extends to, but talking to someone is not one of them. If you have a confidentiality agreement on your employment that is another thing entirely.

    Seriously I deal with significant money contracts every single day. An email acknowledgement is more than enough contract to go on. Get your ex-boss to ok the release. If he says no, then you drop it. If he says yes, then you are good. If he changes his mind you have the email trail.

  13. Easy by Tough+Love · · Score: 2

    Just prepare a detailed description of how to write the fix(es) and post it where some interested party can find it. See, the copyright applies to the code, and that's the easy part... the hard part is knowing what to do and why. That knowhow is yours, you own it, and you can do what you want with it, especially if you happen to live in California.

    --
    When all you have is a hammer, every problem starts to look like a thumb.
  14. Re:Three options by freeze128 · · Score: 2

    It's called "Clean-Room" to isolate the original developer from the team that re-writes the fixes.

    "Green-Room" is a waiting area backstage for entertainers just before they go on stage.

  15. Re:Reimplement the fixes by omnichad · · Score: 2

    root of the poisonous tree

    fruit of the poisonous tree? That applies to evidence gathering, not copyright. Re-implementing your own code might be argued to be a derivative work of your own original code (you can't be your own clean room), but given how small the bug is it's hard to prove.

    It would be awfully hard to argue that an edge case bug fix is going to dramatically improve sales. There's no such thing as fruit of the poisoned tree in copyright - but you said yourself that the code is probably viable without the bug fix.

    Either way, I'm not suggesting you should do it without permission.

  16. What license are those OSS projects under? by Ihlosi · · Score: 2

    You'll probably find the answer to your questions in the terms of the license.