| |||||||||||||
in defense of "contributor agreements" or whatever they are called nowadaysin defense of "contributor agreements" or whatever they are called nowadaysPosted Apr 12, 2011 7:55 UTC (Tue) by spaetz (subscriber, #32870)In reply to: in defense of "contributor agreements" or whatever they are called nowadays by zooko Parent article: Project Harmony decloaks
> I would politely ask them if the for-profit company that I then worked for (allmydata.com) could please have the rights to do whatever we wanted with the patches. With two exceptions they all said "sure".
Why don't you just license your project under an MIT license then? The issue that I see, is that of complexity. Licensing is already hard to understand. Even for lawyers, not to speak of code contributors. So when there are licenses out there that can solve the goals that you have in your project, why not simply use these?
By introducing *another* complex legal document that interacts with the first one, the legal subleties become so complex that they are very hard to grok.
Reading the harmony options is hard, then thinking about how those options interact and interfere with the rights and limitations set out for various licenses is HARD:
I know all these questions are probably answered somewhere, but they are questions that come on top of licensing issues, and that puts me off.
Using 2 complex legal agreements when most of the goals can be reached with a single one does not sound appealing to me, I mean there are plenty of people who haven't even fully gotten the GPL, and now you expect contributors to become lawyers just to submit a bugfix? :-)
(Log in to post comments)
in defense of "contributor agreements" or whatever they are called nowadays Posted Apr 12, 2011 13:52 UTC (Tue) by wahern (subscriber, #37304) [Link]
"If I contribute as part of my job, is it legal for me to sign away my copyright (ie in might be my employers copyright in the first place and they might have opinions about giving away their copyright)."
I scanned over the text of one of the documents and what struck me was that the contributor represents that he has authority to transfer the copyright. That means that if you're wrong, they're protecting their ability to sue you. Such things are boilerplate in rights transfers, but what, exactly, are you getting out of the exchange for potentially opening yourself up to more or easier liability?
With that clause in there, unless there's no doubt about your rights in the work (i.e. you're unemployed and a hermit), a prudent person should think twice about making such an open ended representation without any compensation.
in defense of "contributor agreements" or whatever they are called nowadays Posted Apr 12, 2011 21:22 UTC (Tue) by wahern (subscriber, #37304) [Link] Looks like the FSF assignment has similar representation language:I hereby represent and warrant that I am the sole copyright holder for the Work and that I have the right and power to enter into this contract. I hereby indemnify and hold harmless the Foundation, its officers, employees, and agents against any and all claims, actions or damages (including attorney's reasonable fees) asserted by or paid to any party on account of a breach or alleged breach of the foregoing warranty.(http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/assign.changes.manual) Fraud is illegal. Erroneously authorizing rights is also illegal, and has the same strict liability as use infringement. Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following.... 17 U.S.C. 106. It just seems a little gratuitous for individual contributors (as opposed to corporate contributors) to indemnify the FSF when the contributor already has every motivation to be honest. A lone programmer is not much of a target for litigation, but the FSF is a larger target, and by indemnifying the FSF a contributor has significantly increased their own exposure. But I guess if the chance of the FSF actually being sued is miniscule, it hardly matters. Interestingly, the Ubuntu agreement seems much more favorable to the contributor: 9. I have not created or assigned to Canonical the Assigned Contributions in breach of My employment or any other contract.(http://www.canonical.com/system/files/Canonical%20Contributor%20Agreement%2C%20ver%202.5.pdf) Two noteworthy differences here. There's no express indemnification. But also the catch-all clause 10 requires knowing breach or infringement, which is infinitely more fair to the contributor. So unless he gets wrong the work for hire status or other contractual interest in the contribution (strict representation in clause 9), his exposure is much less. Although, the applicable law is nominally English law according to clause 12. But unless English law implies those things just discussed then on first blush, kudos to Ubuntu.
in defense of "contributor agreements" or whatever they are called nowadays Posted Apr 14, 2011 2:26 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]
You're not reading the indemnification language correctly. The only thing you're indemnifying the FSF for is if it turns out that your claim that you are the sole copyright holder turns out to be incorrect (e.g. you passed off others' work as your own).
in defense of "contributor agreements" or whatever they are called nowadays Posted Apr 14, 2011 4:04 UTC (Thu) by wahern (subscriber, #37304) [Link]
Right. But that can happen accidentally. But per the terms it doesn't matter whether it was an accident or not.
By way of example, let's say that hypothetically some court says that interfaces are copyrightable, like Oracle claimed for Java. All of a sudden that contribution of code implementing the Java API is infringing. Or rather, it was always infringing, but only now do you know that.
Or you're an employee of a software company. The free software code you wrote happens to be so related to your company's business interests that it falls within the scope of your employment, so the code is theirs. The FSF probably tries to screen these people in their questionnaire, but they can't always be right about it.
There are tremendous grey areas in copyright law, and the FSF clause shifts most of the repercussions of this onto you. That's its very purpose. If they didn't want to do this, they would have qualified it with a variant of something like "known or should have known". The Ubuntu language, "to the best of my knowledge", is even more pro-contributor.
Also consider that you're indemnifying for any "alleged breach." So maybe you were in the right, but the FSF chose to settle out of prudence. You're still on the hook. But now let's say you can find a way around the language, or that my interpretation is totally bogus. My interpretation isn't so bogus that you won't be forced to spend thousands of dollars on an attorney to make your case.
But now let's say that we all agree none of the FSF officers would ever willing do any of this. (Which probably goes without saying.) I don't know much about non-profit governance, but if it were a for-profit corporation the benevolence of the officers doesn't matter much. If they don't sue they could possibly be on the hook for shirking their duty to protect the corporation.
None of this is worth discussing anymore, though. Frankly, I was just surprised that these organizations would use this language, and even more surprised that Ubuntu didn't. In reality we all take much greater legal risks every day.
in defense of "contributor agreements" or whatever they are called nowadays Posted Apr 14, 2011 9:53 UTC (Thu) by mjw (subscriber, #16740) [Link]
Not disputing that there are always legal risks in whatever activity you do, but I think at least some of your worries in this case are somewhat covered.
> it was always infringing, but only now do you know that.
In my contract with the FSF it explicitly says "(to the extent known to Developer)".
> The free software code you wrote happens to be so related to your company's business interests that it falls within the scope of your employment, so the code is theirs.
They also send you a separate company disclaimer of rights which you can then let your company sign. You can keep that on file (or also send to the FSF) to show they were aware and approved of your actions.
> Also consider that you're indemnifying for any "alleged breach."
In the FSF contract I got it says "Developer is not obliged to defend FSF against any spurious claim of adverse ownership, but will cooperate with FSF in defending against any such claim"
in defense of "contributor agreements" or whatever they are called nowadays Posted Apr 13, 2011 21:43 UTC (Wed) by zooko (subscriber, #2589) [Link]
> Why don't you just license your project under an MIT license then?
Because we didn't want (other) companies to be able to make proprietary derivatives and redistribute them. At least not without paying us.
|
|||||||||||||