Brian Behlendorf wrote:
> If a company isn't willing to put the code base out themselves under
> their own ownership, but would rather it be (C) ASF, that leads me to
> wonder about what liability the company is attempting to avoid by doing
> so. It may be paranoia, but seeing a company willing to put the code out
> under an open source license with a (C) to them does a lot to quell
> concerns about whether the codebase is IP-clean.
> To be clear, the ASF takes a legal risk with every line of code it
> publishes to the public.
> > An IP pre-review could cause a problem. IP made available for review
would
> > have to be free of encumbrances. We do not want a situation where
people
> > who have reviewed it become tainted. Certainly that can be the case if
the
> > license were a proprietary one, but it does not seem to matter if the
> > license is an OSI-approved one or not. Claims can be made based upon
(L)GPL
> > as easily as upon more classically recognized proprietary licenses. So,
no,
> > I do not agree that "any legal mechanism that provides for anyone in the
> > community to conveniently read the source should be acceptable, even if
the
> > license restricts distribution, for instance."
>
> Good point; that suggests the requirement be to be very clear that review
> of the code places no encumbrances.
Brian, the gist of your message appears to be a concern that the Foundation
could be exposed, at least unintentionally and possibly intentionally, by a
contribution, and therefore you want to vet the code first. I respect your
intention to protect the Foundation. Neither of us, last time I checked, is
an IP attorney. If the Board wishes to put this issue to our lawyer, that'd
be great. However, my understanding is this:
- As has been said before, when we receive a Software Grant
and/or CLA, the presumption is that the contributor has
the right to provide it.
- We do not have an indemnification clause in the Software
Grant, but that is not necessary if there is fraudulent
conduct. Nor would it be realistic or even appropriate
to have one.
- We neither can, nor want to, claim that we have reviewed
the code to ascertain that it does not infringe on IP
owned by someone else. Instead, we required that to be
stated by the Contributor in the Software Grant for the
initial donation, along with CLAs for continuing work.
- When we review code, we look to make sure that we have
a Software Grant, correct licenses and copyright. As
people work on the code, if someone notices something,
such as someone's name or other thing that flags a
question in their mind, they should point it out and ask.
- If there are specific allegations made, we respond to them
with alacrity and honesty. But it is simply not possible
to claim that no line of code, contributed at any time, does
not infringe some third party's rights without an exhaustive
analysis to make sure it wasn't lifted from another source
and doesn't infringe on some patent.
- Our potential liability is very limited. Roy has spoken about
this on multiple occassions.
- A corporation that has closed source under their own copyright
putting it out under their copyright on its way to us does not
appear to provide any protection once it is distributed under
our copyright and via our infrastructure. And I don't believe
that it is reasonable to put a corporation's through multiple
relicensing phases, nor their developers for that matter. Why
should we impose these expenses if there is no real benefit?
Craig McClanahan wrote:
> would we reject an entry into incubation if there *was* code,
> but we couldn't look at it unless the incubation was accepted?
> Whether or not we'd be willing to do such a code review privately
> (under some form of NDA) is a separate question.
If there is any encumbrance, then I don't believe that we should look at the
code. Which means we wait for the Software Grant.
Again, none of us are IP attorneys. If the concern is limiting the
Foundation's liability, let's push this to the Board to put to our counsel.
Unless our legal counsel says differently, I don't see any reason to impose
this as a mandate for reasons that I laid out earlier today.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
