Many packages include code snippets from, or based on, Stack Overflow
answers [0].
Stack Overflow user-posted content is under CC-BY-SA (the version
depending on its age) [1], which is a libre license but usually not the
license these packages claim to be under. Also, attribution is usually
provided as a link only, not the longer form Stack Overflow say they
require [2] (though whether they legally can require that is disputed [3]).
Content is owned by the user posting it, not Stack Overflow. It is
unclear whether asking a user to dual-license content is considered
appropriate behaviour.
Small snippets may not be copyrightable, but it is unclear what counts
as "small" in this context; a 9 line function has been a subject of
litigation [4]. There have been multiple discussions of this on Stack
Overflow meta [5]. I am in England, which has been said to have an
unusually low threshold for copyrightability [6].
As a packager, how do I decide which ones are long enough to require
action, and of what kind?
- Remove them and write a replacement? Risks breaking things (e.g.
because I'm not sure exactly what the snippet is supposed to do) and/or
still being similar enough to be an illegal copy (because I had to look
closely at it to determine that).
- Mark the package "License: (upstream license) and maybe CC-BY-SA" (is
there a better syntax for that?) and report them upstream without a
patch? Also add the full [2]-form attribution (which might actually
take more time than rewriting)?
[0] codesearch says 10988 occurrences of "stackoverflow.com" in 3036
packages. Examples:
https://sources.debian.org/src/statsmodels/0.11.1-1/statsmodels/tools/sequences.py/#L71
https://sources.debian.org/src/snakemake/5.10.0-3/snakemake/io.py/#L1335
https://sources.debian.org/src/snakemake/5.10.0-3/snakemake/utils.py/?hl=480#L449
[1]
https://meta.stackexchange.com/questions/344491/an-update-on-creative-commons-licensing
[2] https://stackoverflow.blog/2009/06/25/attribution-required/
[3]
https://meta.stackexchange.com/questions/209250/stack-exchange-should-stop-using-the-creative-commons-logo
[4]
https://arstechnica.com/tech-policy/2012/05/oracle-to-pursue-longshot-claim-for-copyright-damages/
[5] e.g.
https://meta.stackexchange.com/questions/295599/short-code-snippets-licensing-on-stack-overflow
https://meta.stackexchange.com/questions/12527/do-i-have-to-worry-about-copyright-issues-for-code-posted-on-stack-overflow
https://meta.stackoverflow.com/questions/286582/can-we-get-some-explicit-clarification-on-the-intended-legal-usage-of-code-fro
[6]
https://commons.wikimedia.org/wiki/Commons:Copyright_rules_by_territory/United_Kingdom#Threshold_of_originality
