[HN Gopher] Missing open-source contributor presents a dilemma w...
___________________________________________________________________
Missing open-source contributor presents a dilemma when accepting
their PR
Author : FrankRay78
Score : 37 points
Date : 2024-11-03 16:58 UTC (6 hours ago)
(HTM) web link (bettersoftware.uk)
(TXT) w3m dump (bettersoftware.uk)
| bhouston wrote:
| Write your own if it is very simple. If he is gone it is just to
| just write your own version. The contributor agreement that
| requires signature is there for a reason.
| stavros wrote:
| Write your own what? Code? If so, it could be argued in court
| that you're still violating copyright, because you looked at
| the code beforehand. At least, that's what happens with anti-
| reverse-engineering clauses.
| ranger_danger wrote:
| I think it depends on how different it is, as to whether it
| will be a violation. And just how different is going to be a
| subjective decision made by a judge on a case by case
| basis... if anyone ever bothered to take the issue that far
| to begin with.
|
| If it's found reasonable to assume that a certain 'copy' of
| the code could be indistinguishable of that made by another
| person who _didn 't_ look at the original code... then it's
| probably not similar enough to be infringing.
|
| I would even go so far as to say that I think if such a case
| _was_ ever brought, that unless someone paid enough money to
| hire subject matter experts to testify, the case may likely
| be thrown out because the judge is not able to make an
| informed decision with such lack of evidence.
| unsnap_biceps wrote:
| I tried finding the pr they referenced, but wasn't able to in
| a minute of looking, but I did find
| https://github.com/spectreconsole/spectre.console/pull/1403
| which is a null fix.
|
| Presuming the PR in question is similar, one would likely be
| able to successfully argue that the code in the PR is trivial
| enough to not be covered by copyright.
|
| https://en.wikipedia.org/wiki/Copyright_law_of_the_United_St.
| ..
|
| I think it's an entirely valid argument given the variables
| names are defined by the original code and the style is
| defined by a style guide, the only addition here is a
| intrinsic utilitarian function without any artistic
| expression.
|
| That said, I am not a lawyer, so who knows how it would
| actually play out in court if it went that far.
| stavros wrote:
| You're right, for something that small it probably wouldn't
| be an issue, but something larger or non-obvious would be
| risky. I'm cautioning people against thinking "if I rewrite
| it, it's fine".
| hinkley wrote:
| You're allowed to describe how it works to someone else and
| have them write it.
|
| If you can write a full specification of the code without any
| code snippets, or write a full TDD test set, and hand it off
| to someone who can swear they've never looked at the source
| material, you can still pull off a clean-room copy.
|
| I had to do that for a small lib due to European copyright
| laws. They don't like Public Domain. There's some precedent
| where the author can change their mind and sue because you
| can't actually consent to not consenting to people using your
| stuff. MIT is great, PD is the Bog of Stench.
| stavros wrote:
| Yep, this is correct, you probably should document the
| process of description and implementation.
| skissane wrote:
| > You're allowed to describe how it works to someone else
| and have them write it.
|
| Couldn't you get an LLM to do that? "Here's the code for
| this function, add conditionals to fix any null pointer
| bugs"
|
| Or: "Here's a function and a unit test that exposes a bug
| in it, modify the function so the unit test passes". With
| that approach, the LLM could even (autonomously) try
| multiple times until the test passed.
|
| > I had to do that for a small lib due to European
| copyright laws. They don't like Public Domain.
|
| This shouldn't be an issue for public domain dedications
| which contain a fallback copyright license such as CC0. [0]
| People say the Unlicense also falls in that category, but
| (unfortunately) its wording is less than completely clear,
| so it is debatable. Another option is "PD-equivalent
| licenses" such as 0BSD or MIT-0, which are technically
| copyright licenses but designed to give you the same rights
| as PD (e.g. reuse without requiring attribution). Now, what
| some random German judge is going to make of them, who
| knows.
|
| [0] Although some people, e.g. Fedora, don't like its
| clauses around patents
| hinkley wrote:
| When people pay $100 million for your product they expect
| to be fully indemnified. It was a pain in my ass but I
| can't really blame them.
| EDEdDNEdDYFaN wrote:
| thought this would be a mystery about a coder who disappeared
| that surfaced via pull request
| bigiain wrote:
| Anyone seen Jia Tan around lately?
| tonygiorgio wrote:
| I was looking forward to the story actually
| ranger_danger wrote:
| Nice article, written by someone who IMO clearly has some first-
| hand experience in law, carefully considering multiple angles of
| what might be considered "reasonable" actions to make and their
| possible consequences.
| sowbug wrote:
| It's interesting that the workflow would allow submitting a PR
| without consenting to terms. Nearly every website or app today
| makes you agree to terms right at the start.
| paulgb wrote:
| Technically, to get that far you have to accept GitHub's ToS,
| which does have terms (linked elsewhere here) that
| contributions are assumed to have the license of the repo
| unless otherwise noted.
| ndiddy wrote:
| The author didn't link to the actual PR so I can't see the full
| context, but I don't see the point in setting up a bot to make
| contributors agree to copyright terms if the maintainers just
| ignore it when someone does a PR and then doesn't engage with the
| bot. It seems like a waste of time for all parties.
| politelemon wrote:
| I think it might be this one:
| https://github.com/spectreconsole/spectre.console/pull/991
|
| though, it's dealing with a zero input rather than null
| deadbunny wrote:
| I don't like them and won't contribute to projects with them but
| isn't this the exact point of a CLA[1]? A textfile in the repo
| seems a lot easier to track and audit than PR comments and a bot
| to chase people.
|
| 1.
| https://en.m.wikipedia.org/wiki/Contributor_License_Agreemen...
| thayne wrote:
| No. The purpose of a CLA is so that the owner of the project
| can use the code in a commercial product that might not comply
| with the OSS license (particularly if that license is a
| copyleft licence such as GPL, AGPL, or MPL) and/or they can
| change the license more easily.
| NegativeK wrote:
| Python has a CLA that allows the PSF board to relicense the
| code to "any other open source license approved by unanimous
| vote".
| sgentle wrote:
| "Whenever you add Content to a repository containing notice of a
| license, you license that Content under the same terms, and you
| agree that you have the right to license that Content under those
| terms. If you have a separate agreement to license that Content
| under different terms, such as a contributor license agreement,
| that agreement will supersede."
|
| https://docs.github.com/en/site-policy/github-terms/github-t...
| geenat wrote:
| Really good to see Github being pro-active to the benefit of
| the open source community.
| thayne wrote:
| From a logical standpoint, if someone makes a pull request to an
| open source project, it should be safe to assume they are ok with
| it being distributed under the current license of the project
| they are contributing to.
|
| But copyright law isn't always logical.
| 3np wrote:
| To add on to the advice in TFA: Perhaps that bot is exactly the
| reason the contributor didn't want to bother anymore. It's just
| unnecessary. Why not remove it? Terms and licenses can be put in
| the PR template or something.
| nialv7 wrote:
| > ... asks for confirmation the code change is copyright-free
|
| Don't you mean patent-free? Or maybe you are asking for copyright
| assignment?
|
| Not sure what "copyright-free" means... Like do you only accept
| public domain code?
| ClassyJacket wrote:
| Yeah. In most countries copyright is automatic as soon as you
| create the work. Surely they mean they want confirmation they
| have a licence to use the copyrighted work?
| DannyBee wrote:
| " and I find it hard to see how damages could be levied in this
| situation."
|
| Unfortunately, this would be intentional copyright infringement
| (assuming the code is copyrightable, blah blah blah), since you
| are doing it on purpose with knowledge that it is copyrighted.
|
| In a number of countries, copyright infringement is also strict
| liability - it doesn't matter if you had any intent to commit it,
| but if you did, the damages often start much much higher. So the
| former case you'd probably have some nominal statutory damages,
| assuming you can't prove any actual loss. But in the later case,
| those damages get quite high.
|
| In the US, for example, statutory damages for intentional
| copyright infringement (IE you don't have to prove any actual
| damage) are 150k per infringement.
|
| I make no claims any of this makes sense, or someone will
| actually sue you, or that you should do anything different than
| "nothing".
|
| My only claim is that "and I find it hard to see how damages
| could be levied in this situation." is totally the wrong view in
| a lot of countries - you should expect, if it did get to that
| point, you would have plenty of damages levied against you.
|
| The author appears to be in the UK, where statutory damages for
| infringement were historically not available. but post-brexit,
| they were actually doing consultation/blah blah blah on making
| them available. I have no idea what happened.
|
| But even if they have no statutory damages, it won't prevent you
| from being sued wherever the contributor is, and having that law
| apply rather than your home law :)
|
| It just makes it harder to collect.
| rty32 wrote:
| > The contribution bot asks for confirmation the code change is
| copyright-free
|
| A confirmation is simply unnecessary. Can't it work like, writing
| this somewhere that says, by creating a pull request, you agree
| all your code and the discussions around the pull request is now
| copyright free? Saves everybody time and avoid hassles like this.
|
| The other side of this is I get very annoyed by CLAs -- there
| have been a number of times I want to contribute to Google and
| Microsoft's open source projects, but they all require CLAs which
| require me to get explicit permissions from my employer to
| contribute to those projects. It is possible, but is a slow and
| complicated process that nobody wants to go through at my
| company. So instead of creating a pull request to address the
| problem, I open an issue and mention how it can be addressed.
| Which may or may not be picked up by someone else who wants to
| work on this. This is just frustrating.
___________________________________________________________________
(page generated 2024-11-03 23:00 UTC)