EEVblog Electronics Community Forum
Products => Computers => Programming => Topic started by: HwAoRrDk on April 22, 2022, 01:45:43 pm
-
I recently came across a piece of software published on GitHub that could prove very useful to me. There are a number of bugs I have discovered, and there are a few improvements I want to make. However, the situation that has cropped up is:
- The author seems to be absent or incommunicado. I have filed a few bug reports, and even a pull request with some fixes. But it has been a few weeks since, and no response to anything at all.
- The software is not branded with any kind of licensing information. Not in readme, source code, etc. I assume it is meant to be open source, as otherwise the author would not have published it on GitHub, right? And I do believe the author intentionally did so - i.e. not some private thing made public inadvertently - because the readme file is very much written in a way that is providing documentation and explanation for other people.
So what do I do? I'm hesitant to fix any more bugs or make any significant changes or improvements without knowing how it's licensed, but nor am I able to find out due to lack of response from the author.
What would you do?
-
Isn't there any mention of a copyright of some kind in the source files? Is there even the author's name?
-
For commercial use, definitely avoid.
-
Isn't there any mention of a copyright of some kind in the source files? Is there even the author's name?
Nope, nothing at all. No license blurb, no copyright notices, not even the author's name, anywhere, in any files. ??? Which is odd, because some of the author's other GitHub projects do include this stuff - for instance, one other is GPLv2 licensed.
The thought occurred that maybe the author didn't actually write it and has stolen it from somewhere else and stripped all attribution, but I'm 99% sure that's not the case. The code style definitely fits with the author's other published projects (and in fact even reuses some stuff).
For commercial use, definitely avoid.
I plan to only make personal use of it.
The lack of response from the author is actually kind of annoying now, because I found today a fairly egregious bug that is a show-stopper for my particular usage, which I've fixed, but can't send in another pull request until the author accepts my existing one.
-
If the name of the author was in the source files, I would assume that copyright laws would apply by default.
Now if there is absolutely no mention of anything, I think you can safely assume it's in the public domain. But: the residual problem you get is that the source code might actually belong to someone else and might have been "stolen" with any mention of its origin removed by the "stealer". That happens. So even an absence of any mention is not proof it's in the public domain.
Now if it's strictly for personal use, frankly... do whatever you like. The question might be if you wanted to share it. But even so, the worst that could happen is that the author might politely ask you to stop sharing it. So yeah, for commercial use, I wouldn't do this, but for personal use, don't even fret about it.
As a side note to authors: beware of sharing any project with no mention of copyright or license of any kind. I don't know the minute details of the EULA for github, but I'm afraid that if you do this, the project might de facto belong to github (so, Microsoft.) Something to check for sure.
-
How long has it been since the author was active? You mentioned other projects by the same author. Are any of them still active?
What kind of master rules does Github have in place? "By publishing a project on Github, you agree to ........"
Regardless of any stated licensing, by publishing source code on Github you're inviting others to copy, use, and modify the code for personal use. Otherwise, why post the code in the first place?
Ed
-
If the name of the author was in the source files, I would assume that copyright laws would apply by default.
Now if there is absolutely no mention of anything, I think you can safely assume it's in the public domain.
I think that would be a bit of a stretch, especially in this case that the author is readily identifiable, albeit not mentioned explicitly within the work. I mean, the author's GitHub username is his full name.
I don't believe works can be assumed to be in the public domain unless either specifically stated to be by the creator, or published in a truly anonymous manner, although maybe I'm wrong.
As a side note to authors: beware of sharing any project with no mention of copyright or license of any kind. I don't know the minute details of the EULA for github, but I'm afraid that if you do this, the project might de facto belong to github (so, Microsoft.) Something to check for sure.
From a brief read of GitHub's Terms of Service (https://docs.github.com/en/site-policy/github-terms/github-terms-of-service), it appears that GitHub assume that you have the rights to any content you upload, and if you don't you're responsible for ensuring that content is licensed under terms that grant suitable permissions to do so, as well as to publish it to other GitHub users.
How long has it been since the author was active? You mentioned other projects by the same author. Are any of them still active?
The author was last active on this project about a year ago. Last activity on GitHub around mid-2021.
I was thinking about trying to track down the author outside of GitHub and maybe try and use some other means of communication (e-mail, etc.), but from a quick search all I can find are some forum posts by someone with the same username from, at latest, 2020. I'm a bit hesitant to look any deeper - don't want to give off stalker vibes if I'm successful... :-\
-
If the name of the author was in the source files, I would assume that copyright laws would apply by default.
Now if there is absolutely no mention of anything, I think you can safely assume it's in the public domain.
I think that would be a bit of a stretch, especially in this case that the author is readily identifiable, albeit not mentioned explicitly within the work. I mean, the author's GitHub username is his full name.
If the account can identify the person who has uploaded the code, then ok, but that by itself doesn't mean that this person was the author of the work they uploaded.
That's the big issue there. Note that even if there were explicit mentions and licensing terms in the source code, that would still be no guarantee such mentions are legit. As I said, anyone can take source code and add or remove anything in it. That means squat, unfortunately. And it's a lot more common than one may think.
And sure, github mentions they don't want to have anything to do with that crap: they're assuming you either are the author of what you upload, or otherwise have sufficient rights to do so.
But as a user of someone else's github project, you have absolutely no guarantee.
There's no problem if you're using a well known project for which everything will be clear, but for more obscure projects, you never know. Which is why using them for any commercial use is like shooting yourself in the foot. But again, for personal use, I wouldn't fret about it whatsoever.
-
Fork it, add your own fixes to your version, don't waste your time reporting under their version.
Maybe note in one of your bug reports, "fixed here" if you want to lead others to your fixes.
-
Fork it, add your own fixes to your version, don't waste your time reporting under their version.
Maybe note in one of your bug reports, "fixed here" if you want to lead others to your fixes.
This. This happens all the time. People upload code to github that solves a problem they have but once they aren't using or developing it they move on. If it's useful for you, that's great. Fork it and move on. There is no sense going to extreme lengths to track someone down that clearly isn't maintaining an old project.
You can submit a pull request from your fork back to the original if you like.
-
Writing from my experience as a software developer.
First, to sort out the most important thing. That original author holds copyright over that work and to do anything with it you must obtain a license. Under Berne Convention (https://en.wikipedia.org/wiki/Berne_Convention), which is the foundation of copyright laws across the planet, obtaining copyright is automatic and requires no registration or other formalities. As soon as they created the code, they became the exclusive owner of their work and anyone must get a permission to do anything, unless covered by some exceptions in your local law.(1) So no: you can not simply fork it, as suggested above, or depend on whether they put a notice in the sources. The source being available is irrelevant here. You can’t take it, just like you can’t snatch a bag someone left in their car with the window open.
Which basically closes this case, if you can’t contact the author. That kinda falls under the concept of orphaned works (https://en.wikipedia.org/wiki/Orphan_work), but recognizing a work as orphaned and using that in your defense are two different beasts. The latter is stepping on extremely thin ice even for old works. Using it for something that clearly has a living and still active owner is borderline suicidal, unless your local law makes very explicit exception there. If you suspect it does, consult a lawyer, not random people on a forum.
You may still try to determine the author by finding connections they might’ve had with other projects. You may also see if you can’t find the code elsewhere. Though tiny, there are chances they themselves copied it from someone else. Or that it is being developed by another party, which itself is big enough to take the hit and shield you(2) in case the original author wakes up.
On less practical and more philosophical part: that’s an unfortunate fallout of ideas being understood only superficially and hostility towards red tape. In the case of people who oppose copyright: not understanding, that the law still applies to them. That’s a story repeated over and over again, with people not being explicit about licensing terms and thinking it’s equivalent to putting your work in the public domain.(3) Not only it’s not, it makes the entire situation even worse. :(
(1) For example US fair use (https://en.wikipedia.org/wiki/Fair_use) and counterparts elsewhere, de minimis rule (https://en.wikipedia.org/wiki/De_minimis), nationalization (https://en.wikipedia.org/wiki/Nationalization), emergency, specific exceptions for science, education and religion, and so on. Neither of which applies to your case, I suppose. Either because it simply does not, or because it’s not used for software in practice (de minimis).
(2) A random student, that forked it for their course project is not such an entity. More towards stable companies of reasonable size.
(3) Which, in many many places, can’t even legally be done. Hence Creative Commons 0.
-
Okay, I exercised my Google-Fu and found the guy's Reddit account. ;D
Last posted there about a month ago. Resides in the USA. Seems to be quite interested in cryptocurrency. Maybe he invested all his money in crypto, lost everything, and is now living like a hobo in a van down by the river... :-DD
Anyway, enough speculation. I think golden_labels has somewhat of a point. It would be foolish to invest my time and effort any further without clarifying both the copyright and licensing status of the project, so I think I'm going to wait a while longer and see if he resurfaces.
-
If the name of the author was in the source files, I would assume that copyright laws would apply by default.
Now if there is absolutely no mention of anything, I think you can safely assume it's in the public domain.
That is not how copyright law works, not in any country that is party to the Berne Convention (which is most). Copyright vests in the creator (or their assignee) as soon as a work is made, nothing needs to be done, no magic words need to be spoken or included in or on the work, and particularly there is no need for the creator to put their name on it.
Assuming it is in the public domain is the opposite of what one should do if there's no particular markings. One should assume that the copyright is the sole property of the (unnamed) creator unless you have a clear indication otherwise.
-
If the name of the author was in the source files, I would assume that copyright laws would apply by default.
Now if there is absolutely no mention of anything, I think you can safely assume it's in the public domain.
That is not how copyright law works, not in any country that is party to the Berne Convention (which is most).
Yes yes. And suddenly everyone is becoming a specialized copyright lawyer. :)
If you read everything I wrote, you'll see that I was being a bit more nuanced, then, than the part you just quoted.
There are a few things to consider here IMO, in no specific order:
- If you, as an author, share some work on a platform such as github which targets open source software, and you want to hold your copyright on it, and you leave it with no mention an no means to identify or contact you, you're an idiot. It's like leaving your front door open with a big sign "come in", and expect nothing bad will happen to your house.
- Open source and copyrights are for a large part incompatible. That's likely to trigger huge debates, but all in all, the whole spirit of open source that I've gathered and understood goes against the idea of copyright. So as related to the above, sharing something copyrighted on some open-source platform is sort of mind-boggling. I'm sure many will find no issue with that though. Who cares about consistency, right?
- As I explicitely mentioned, the person publishing some work on github may not be the author nor have any explicit authorization of the author to share it (unless it's explicitely open-source licensed, in which case the license SHOULD come with the work.) In that case, that basically means the person behind the github (or similar) account stole the work. Also as I said, it's unfortunately extremely frequent on those websites. There's a lot of stolen work with no means of knowing who ever did it.
- Which, as I also mentioned, makes using any such project, unless it's one of the well known open-source projects with no ambiguity, basically impossible for any commercial application, because you just can't know who owns it. There is a significant amount of projects in the same case as the OP's, but even when there's an explicit license, it's impossible to know whether it's legit or just stolen copyrighted work with an added license that the true author never intended to add or even knows about. A can of worms. So of course github doesn't want to be held responsible. It's almost intractable.
And with all that said, if again this is for pure personal use, wow. Are some of you serious for fretting? If you're really in doubt, just don't share your derived work until you know for sure where the original one was from and what kind of license it has. Keep it to yourself. Nobody gets hurt.
-
Yes yes. And suddenly everyone is becoming a specialized copyright lawyer. :)
If you read everything I wrote, you'll see that I was being a bit more nuanced, then, than the part you just quoted.
One doesn’t have to be a lawyer, to know and recognize often repeated misconceptions. You know, I am neither an astrophysicist nor a geologist, but I could say that claims about Earth being flat are wrong.
- If you, as an author, share some work on a platform such as github which targets open source software, and you want to hold your copyright on it, and you leave it with no mention an no means to identify or contact you, you're an idiot. It's like leaving your front door open with a big sign "come in", and expect nothing bad will happen to your house.
Where you host your code doesn’t void your rights. Neither does “being idiot”, even assuming “being idiot” is a concept recognized by your local law. You don’t need to offer signing any particular contract to make your work protected, even if you show your work to others. A copyrightable work is protected just because it exists. No further conditions.
Publication on GitHub might imply anyone can see the code without obtaining a license, but the question is not about seeing it. It’s about creation of derived works.
Open source and copyrights are for a large part incompatible. That's likely to trigger huge debates, but all in all, the whole spirit of open source that I've gathered and understood goes against the idea of copyright. So as related to the above, sharing something copyrighted on some open-source platform is sort of mind-boggling. I'm sure many will find no issue with that though. Who cares about consistency, right?
Yes, they are very incompatible. Yet the law still holds, even if someone doesn’t like it.
As I explicitely mentioned, the person publishing some work on github may not be the author nor have any explicit authorization of the author to share it (unless it's explicitely open-source licensed, in which case the license SHOULD come with the work.) In that case, that basically means the person behind the github (or similar) account stole the work. Also as I said, it's unfortunately extremely frequent on those websites. There's a lot of stolen work with no means of knowing who ever did it.
It may be, which possibility has included in my response, but that doesn’t address OP’s problem in any way. They still need to obtain permission from the copyright holder. Also note that the publisher may be the author, but not the copyright holder.
- Which, as I also mentioned, makes using any such project, unless it's one of the well known open-source projects with no ambiguity, basically impossible for any commercial application, because you just can't know who owns it. There is a significant amount of projects in the same case as the OP's, but even when there's an explicit license, it's impossible to know whether it's legit or just stolen copyrighted work with an added license that the true author never intended to add or even knows about. A can of worms. So of course github doesn't want to be held responsible. It's almost intractable.
You can never be sure, no matter where you obtain your dependencies at. What matters is how well you can protect yourself in the case of a fuckup. If you can prove that you were yourself a victim of a scam, it is a whole different story than ignoring copyright altogether. Which is why I mentioned finding someone, whose presence in the chain covers OP’s ass up.
And with all that said, if again this is for pure personal use, wow. Are some of you serious for fretting? If you're really in doubt, just don't share your derived work until you know for sure where the original one was from and what kind of license it has. Keep it to yourself. Nobody gets hurt.
Unless your jurisdiction has provisions in criminal law against using unauthorized software. Of course someone may be in a position where chances of discovery are very low, but do you think OP would ask how to do that legally, if that was their goal?
-
Yes yes. And suddenly everyone is becoming a specialized copyright lawyer. :)
If you read everything I wrote, you'll see that I was being a bit more nuanced, then, than the part you just quoted.
However nuanced your other points, it doesn't alter that your fundamental premise was opposite of what the law is, and yes, I do actually have some specialist copyright and libel training, my former publisher (the late, infamous Felix Dennis) insisted that all of his commissioning editors went on courses because "I've already spent enough time in court over things I've published, thank you very much!".
While it is highly likely that something posted on github is intended to have some more liberal license than naked unmodified author's copyright making assumptions is foolhardy. I wouldn't want to be in front of a judge trying to argue that there was some defacto implied licence in place just because it had been posted on github. In practice you're unlikely to get into trouble, assuming your uses are personal and assuming that the posting to github is deliberate and not an error. However, use it in a commercial project without permission and if the author takes exception you're in for damages of typically 3 times what you'd have had to pay for a commercial license. Heck, it's not beyond the sociopathic nature of some people to post it in the hope that happens.
I'll exclude the possible use-case of incorporating it into any other open source project because well managed ones would reject it as a submission precisely because there's no way for them to determine of it has a compatible licence to whatever licence(s) the project redistributes under.
Bottom line: Use it privately and don't redistribute it and I'd say they risk would be acceptable - technically unlawful, but given the source highly unlikely to cause problems. Do more and I think you're definitely on a potentially sticky wicket without getting clarification from the original author first. It doesn't need to be anything too formal, an informal agreement via email such as a "yes" from the author to the question "Is it OK if I redistribute this under XYZ licence?" is all you need.
-
For commercial use, definitely avoid.
I plan to only make personal use of it.
Just pirate it ;)
-
IANAL, TINLA.
I'll just reiterate what golden_labels and others said:
No license means literally No License.
This is, in fact, the very first content slide in the FOSS licenses course I keep at work*.
You can look at the code - sometimes, it would be better not to - but definitely not use it.
There is only one point I beg to differ:
Open source and copyrights are for a large part incompatible. That's likely to trigger huge debates, but all in all, the whole spirit of open source that I've gathered and understood goes against the idea of copyright. So as related to the above, sharing something copyrighted on some open-source platform is sort of mind-boggling. I'm sure many will find no issue with that though. Who cares about consistency, right?
Yes, they are very incompatible. Yet the law still holds, even if someone doesn’t like it.
Actually I maintain the opposite: Copyright is the pedestal that sustain FOSS licenses, especially copyleft ones.
Straight from GPLv3:
Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it.
Without the intellectual property rights granted by owning the copyright to some piece of code, one would not be able to (effectively) impose a license.
In a world without copyright, we'd probably end up with either code in public domain (a thorny subject in itself: e.g., in some jurisdiction you cannot relinquish the rights to your work) or tightly kept as a trade secret. No nuanced liberal licenses like Apache or copyleft ones.
*We have a very good and thorough FOSS process, but my intro course is useful to give designers a rough idea if it's even worth it to put all the wheels in motion to use some source found in GH or similar.
-
First, to sort out the most important thing. That original author holds copyright over that work and to do anything with it you must obtain a license.
This is absolutely correct, except for all the footnotes that goes with it.
In this case the author has put it on github, which indisputably amounts to "disclosure" in the world of copyright.
Once disclosed to the public, a lot of "strictly personal use" comes into play.
For instance you are freely allowed to sing the songs, hum the tunes and quote the lines when you have been in the theater, but you are of course not allowed to publish, print or stage the work and so on. Lots of grey lines: Can you sing the song for your kids ? Yes. For a friend ? Yes. For 5 friends ? Maybe... For 10 friends ? Probably not...
Github allows other users to (trivially!) clone the repo, and the author is aware of this (it's in github's terms), and therefore putting a work on github tacitly grants a right of both "replication" and "derivation" in the sense of copyright.
Therefore there is absolutely no doubt that you can use the code for your strictly personal project.
But other than that: Nope, need the authors permission.
-
Without the intellectual property rights granted by owning the copyright to some piece of code, one would not be able to (effectively) impose a license.
Well well. Yeah. It's like biting its own tail here.
Since copyright is the default (at least in most countries, might not be completely universal, I'm not sure), you need to hold the copyright to something before you can give it up, which is essentially what an open-source license does.
What you're saying (and which is legally right, but still is by no means a way of contradicting what I said, which was that copyright and open-source were incompatible) is that you need a copyright to be able to give it up. But once you define an open-source license for some work, what is left (no pun intended) of your copyright rights? I'm genuinely curious. There may be legal subtleties, and I'm no lawyer (as most of us here I guess), but concretely?
-
you need to hold the copyright to something before you can give it up, which is essentially what an open-source license does.
Nope, this is essentially wrong - I start to think you have a basic misunderstanding of the concepts here, don't worry, as you are in wide and good company.
Had I not needed digging (barely scratching the surface) into it, I would be with you.
An open source license does not in any way give up your rights.
This is so true that you, as the rights holder, can put a FOSS license on piece of SW and, at the same time, sell the very same code with a proprietary one or change the license at will.
Also, as another example, the FSF asks authors to explicitly transfer the copyright to them for some projects they maintain in order to simplify the handling.
OTOH, putting something in the public domain means abandoning your rights - note that this is not even possible everywhere (e.g., Germany, IIRC), so that SW in PD is usually frowned upon in a corporate environment, as there's no clear legal status for it and its rights: any license, even WTFPL is better than PD.
-
An open source license does not in any way give up your rights.
Again, Any categorical statement about copyright is (almost) by definition wrong.
Any license, open or closed, will be "giving up (some of) your rights" because if you were not, there would be no need for the license to exist in the first place.
Depending on the precise text of the license (Open Source or otherwise) you may be "giving up" rights permanently, temporarily, for free, for money, for other "considerations", conditionally, unconditionally and so on.
To complicate matters, licenses may not be legal in all countries. This is mostly theoretical for FOSS, but for specifically many countries do not have "Public Domain".
Having spent almost 40 years in Open Souce, my advise is:
0. If you need to, or feel like, spending a lot of money: Ask a lawyer.
1. If you just want to share your code as freely as possible, no strings attached, use the BSD license.
2. If you subscribe to the agenda of FSF, and you should research that first, use the GPLv2 license.
3. If you really want to prevent companies with lawyers from using your code, use GPLv3
4. Never use code without a proper license in any commercial context.
5. Never remove or modify somebody else's copyright or license, unless they explicitly permit you to.
6. Never write your own license text. (...said the guy who came up with the beerware license. (http://phk.freebsd.dk/sagas/md5crypt/ (http://phk.freebsd.dk/sagas/md5crypt/)))
In my experience, that will keep you out of trouble.
-
Any license, open or closed, will be "giving up (some of) your rights" because if you were not, there would be no need for the license to exist in the first place.
Mmmh, I see this as giving other the permission of using your work (in liberal or not so liberal ways, source or binary, according to the license), not giving away any of the rights you have on it (specifically, copyright was the topic): you are still holding them, and can decide to do whatever you want with it.
But yes, it's an oversimplification.
I think we are starting to go a bit into the philosophical/splitting hair field - we agree on the fundamentals (also, the PD thing).
Moreover:
0. If you need to, or feel like, spending a lot of money: Ask a lawyer.
1. If you just want to share your code as freely as possible, no strings attached, use the BSD license.
2. If you subscribe to the agenda of FSF, and you should research that first, use the GPLv2 license.
3. If you really want to prevent companies with lawyers from using your code, use GPLv3
4. Never use code without a proper license in any commercial context.
5. Never remove or modify somebody else's copyright or license, unless they explicitly permit you to.
6. Never write your own license text. (...said the guy who came up with the beerware license. (http://phk.freebsd.dk/sagas/md5crypt/ (http://phk.freebsd.dk/sagas/md5crypt/)))
This should be carved in stone with gold letters.
For the OP: I do not use code without a license even for personal projects and as you did try to contact the author when I encounter it. I also try to stay away from GPLed code due to its viral nature. Though I'm not opposed to it in principle, when/if I publish a personal project I prefer it to use more liberal licenses (Apache or BSD) - GPL makes it impossible.
-
Any license, open or closed, will be "giving up (some of) your rights" because if you were not, there would be no need for the license to exist in the first place.
Mmmh, I see this as giving other the permission of using your work (in liberal or not so liberal ways, source or binary, according to the license), not giving away any of the rights you have on it (specifically, copyright was the topic): you are still holding them, and can decide to do whatever you want with it.
Look at it this way around: By licensing another to make copies or derivative works of something in which you hold the original copyright you have given up your right (or power) to prevent them from making copies or derivative works.
-
By licensing another to make copies or derivative works of something in which you hold the original copyright you have given up your right (or power) to prevent them from making copies or derivative works.
I agree, that statement was too strict - though the intellectual property remains fully with the entity holding the copyright, you are sharing some of those rights with the licensee.
Thanks all for the clarification.
Which brings an interesting, albeit probably purely theoretical, question.
The text of some FOSS license explicitly mention that the license is perpetual, e.g. Apache. Deal done.
Some other, like BSD, does not mention perpetuity.
As the copyright holder, I think I could revoke it (generally, or just to you because I don't like your t-shirt).
Would it be possible, and if yes, has something similar happened?
I'm not talking of termination due to non-compliance of the licensee (as can happen with GPL), but just unilateral revocation - I fully expect the practical effects to be null, TBH as the cat is already out of the bag.
-
Interesting discussion. Yes, I was probably being not detailed enough when I said that it meant giving up the copyright altogether, but surely it is giving up some of the associated rights.
Now, this is a huge mess in itself, and whoever claims to fully understand not the concept itself (which I guess most of us do, at least here in this thread), but all the consequences, is probably a bit delusional. It's a major rabbit hole. And there are tens, if not hundreds of open-source licenses, all with subtle differences.
The fact the holder of the copyright might give their work some open-source license, and possibly change it "at will" is horrible for whoever chose to use said work based on the license that was attached to it when they made the decision. I'm no lawyer, so I don't know what exactly the copyright holder can or cannot do once they publish some work with a given license (so can the author really change the license at will at any moment?) And what about the derived work? (Forks, etc?) Any license not mentioning "perpetuity" is a time bomb.
Let alone that "open source" and "free software" are not the same thing, and while each has its own issues, "free software" tends to - while being "restrictive" in some ways - be more consistent and easier to grasp. I'm not particularly "advocating" it, I'm just saying. And I know how there is almost a "war" between the two. At least there is some serious activism there.
-
The fact the holder of the copyright might give their work some open-source license, and possibly change it "at will" is horrible for whoever chose to use said work based on the license that was attached to it when they made the decision. I'm no lawyer, so I don't know what exactly the copyright holder can or cannot do once they publish some work with a given license (so can the author really change the license at will at any moment?) And what about the derived work? (Forks, etc?) Any license not mentioning "perpetuity" is a time bomb.
There's nothing stopping several licenses applying to a work at the same time that have been granted at different times. So if you license a work under licence 'A' in 2019 and then the author switched to licencing under licence 'B' in 2020 for new licences granted, you will still be licenced under the terms of licence 'A' unless license 'A' includes explicit provision for the grantor to unilaterally withdraw it or unilaterally impose new terms.
-
If the name of the author was in the source files, I would assume that copyright laws would apply by default.
Now if there is absolutely no mention of anything, I think you can safely assume it's in the public domain.
I think that would be a bit of a stretch, especially in this case that the author is readily identifiable, albeit not mentioned explicitly within the work. I mean, the author's GitHub username is his full name.
I don't believe works can be assumed to be in the public domain unless either specifically stated to be by the creator, or published in a truly anonymous manner, although maybe I'm wrong.
Copyright must be transferred explicitely. Even an 'EULA' on Github saying that anything that is posted without a copyright belongs to Github, might not hold up in court at all.
All in all: Don't use code like that in a commercial project. Sorting out the copyright situation first is mandatory.
-
Which brings an interesting, albeit probably purely theoretical, question.
The text of some FOSS license explicitly mention that the license is perpetual, e.g. Apache. Deal done.
Some other, like BSD, does not mention perpetuity.
As the copyright holder, I think I could revoke it (generally, or just to you because I don't like your t-shirt).
Would it be possible, and if yes, has something similar happened?
Strictly speaking, that question which can only be settled in a court.
Licenses are "contract-law" and what a contract means depends on the country you are in, or even the judge or jury you are in front, because that is entirely a matter of interpretation. With that said, the most pervasive paradigm is to ask what "a reasonable person would expect".
If the BSD license came in two variants, one saying "for ever" and one not, a reasonable person would not expect the variant without those words to be eternal.
Without such a "legal hook", the court will look at the "overall structure and intent" and almost certainly find that the license amounts to "Have at it, dont claim you wrote this, and dont bother me." and conclude there is no sign of intent to limit the duration of the license.
Having granted such a license, if you tried to pull it back, for reasons unrelated to the text of the license, for instance an ugly T-Shirt, you will run into tons of contract-law, about proper notice, about breach of contract etc. etc. and you will almost guaranteed loose on a legal theory of "you signed it then, you cant change it now." (I cant remember the fancy latin name for that.)
The reason why US corporate lawyers (slightly) prefer the BSD to the Apache or MIT license, is that the BSD license has been in court.
In what was probably one of the most suicidal legal maneuvres ever, USL, UNIX System Laboratory, sued University of California, Berkeley - which happens to have one of the better law-schools in USA, without doing their homework.
UCB sued back, pointing out that USL had lifted a lot of BSD licensed material and not complies with the terms of the license.
Novell, who had bought USL in the meantime, folded and agreed to a very one-sided settlement, because if they lost, they would have to reprint, or otherwise update, every single UNIX manual then in existence to acknowledge the BSD license applied.
But lawyers still see this as very strong evidence that the BSD license will "hold up in court", even though the court did not actually decide the case.
See: https://en.wikipedia.org/wiki/UNIX_System_Laboratories,_Inc._v._Berkeley_Software_Design,_Inc.
-
So yeah, this is indeed a major rabbit hole.
I've also seen a court decision stating that the violation of an open-source license was actually the violation of the copyright. Which might seem to make sense, but again opens a huge can of worms.
-
I've also seen a court decision stating that the violation of an open-source license was actually the violation of the copyright.
It would be extremely surprising if a court would say otherwise.
Offering any particular licensing terms does not make you lose ownership of the work. Even if you release under CC0 (https://creativecommons.org/choose/zero/) or WTFPL (https://en.wikipedia.org/wiki/WTFPL), you do remain the owner. This is why it is important to retain copyright notices in pseudo-PD works whenever possible: there are still rightholders, even if effectively they disarmed themselves. If you want to protect people using a work, it’s of uttermost importance to make terms clear and to maintain provenance of the work. Failing to do so is causing trouble downstream.
When talking with people that’s the recurring theme: inverted perception of the situation. People often think that a license is what reserves rights and no license means “do what you want”. In reality it’s exactly opposite: the default is “you can do pretty much nothing” and the license is a permission to do something. It’s literally in the name: word “license” is a synonym for “permission”.
-
Which might seem to make sense, but again opens a huge can of worms.
No, it is the lid that keeps the worms in the can to begin with.
You create something, you have all rights to it, if anybody else wants to do something with that work, except comment on a (public!) disclosure of it, they have to ask for your permission, and if you give it, you have offered given them (a) license.
-
Which might seem to make sense, but again opens a huge can of worms.
No, it is the lid that keeps the worms in the can to begin with.
You create something, you have all rights to it, if anybody else wants to do something with that work, except comment on a (public!) disclosure of it, they have to ask for your permission, and if you give it, you have offered given them (a) license.
It's interesting how some people are oversimplifying things and refuse to acknowledge the potential consequences ARE a rabbit hole and almost impossible to fully grasp. Some humility might help?
There is precisely a major issue with the above. Typical open source projects are collaborative by nature, there isn't just a single creator to them. That's where the rabbit hole starts, but not where it ends, of course.
While some people are against copyright altogether (which is another story), I am not. If I'm the creator of some work, I want to hold a copyright. That's fine. Now if I become part of a large project with thousands of contributors, and potentially even many forks, then it does become absurd if I still claim ownership. And again the subtle consequences of any kind of license you could put on some work quickly become intractable. Even the concept of a single original author can become almost absurd at some point.
That's why I said that, not necessarily that I promote it, but at least I do understand the "free software" movement that, even if it poses other problems, at least gets rid of all those potentially absurd issues.
-
Which might seem to make sense, but again opens a huge can of worms.
No, it is the lid that keeps the worms in the can to begin with.
You create something, you have all rights to it, if anybody else wants to do something with that work, except comment on a (public!) disclosure of it, they have to ask for your permission, and if you give it, you have offered given them (a) license.
It's interesting how some people are oversimplifying things and refuse to acknowledge the potential consequences ARE a rabbit hole and almost impossible to fully grasp. Some humility might help?
There is precisely a major issue with the above. Typical open source projects are collaborative by nature, there isn't just a single creator to them. That's where the rabbit hole starts, but not where it ends, of course.
Yep. At some point they changed the license of an opensource project -IIRC OpenOCD-. For that to work out they had to chase down every contributor to the code and get permission to change the license.
-
just because some people are trying to kill FOSS doesnt mean that they will or that the concept is dead or thats its okay to steal everything and anything thats not clearly owned by some oter rich person.
There is a reaction to that and one could argue that its a theft of everything thats going on. I think the evidence for that being true is fairly strong.
Useless rant deleted
-
Maybe the author is absent because he or she has been targeted by people who want it, for some bad reason. Or maybe they arent absent, copyright and patent owners have to register their names and addresses. In each jurisdiction.
I recently came across a piece of software published on GitHub that could prove very useful to me. There are a number of bugs I have discovered, and there are a few improvements I want to make. However, the situation that has cropped up is:
- The author seems to be absent or incommunicado. I have filed a few bug reports, and even a pull request with some fixes. But it has been a few weeks since, and no response to anything at all.
- The software is not branded with any kind of licensing information. Not in readme, source code, etc. I assume it is meant to be open source, as otherwise the author would not have published it on GitHub, right? And I do believe the author intentionally did so - i.e. not some private thing made public inadvertently - because the readme file is very much written in a way that is providing documentation and explanation for other people.
So what do I do? I'm hesitant to fix any more bugs or make any significant changes or improvements without knowing how it's licensed, but nor am I able to find out due to lack of response from the author."
-----end of quote---
What would you do? *Make your changes to the project and list your contact info on github.*** Be open and publlic..
Be honest
*
Use your changes. I dont get what you want to do, if its free software, use it.
Are you trying to steal it? Its NOT just yours, you know.
-
Or maybe they arent absent, copyright and patent owners have to register their names and addresses. In each jurisdiction.
It never ceases to amaze me how many people will make definitive statements about copyright who clearly don't know how copyright works. If you are in a Berne Convention country* you do not have to register copyrights, copyright vests (without any formalities) in the creator the moment a work is made. Half the world seems to think that copyright works the way it did in the USA before it joined the Berne Convention in 1989.
* List of parties to international copyright agreements (https://en.wikipedia.org/wiki/List_of_parties_to_international_copyright_agreements)
Berne convention countries in blue, non signatories in grey:
(https://upload.wikimedia.org/wikipedia/commons/thumb/7/76/Berne_Convention_signatories.svg/2880px-Berne_Convention_signatories.svg.png)
-
I've repeatedly heard that the more recent instruments are in charge and that Berne, was dead, for examplewho says that there is intelectual property anyway, what about TRIPS and TRIMS, and the WTO?
Who crowned them?
who made up the patent system, and what exactly is owned, and who owns who?
https://www.youtube.com/watch?v=BCJ2cDgoZ_Q (https://www.youtube.com/watch?v=BCJ2cDgoZ_Q)
-
Now if I become part of a large project with thousands of contributors, [...]
[...] then that project better have an 'on-boarding' procedure which informs and educates you, about the project's copyright strategy and compliance requirements, or they will soon have a proper mess on their hands ?
Yeah, that's pretty much how the world works ?
But the mess does not emerge because of the rules of copyright, it emerges from the lack of attention to copyright.
Note that some see such a mess as an strategic advantage, with an argument that goes roughly "Any lawyer hungry for a fight, will first have to figure out who to sue, where to sue them, and which copyright law applies there. Centralizing the copyright only makes that easier for them."
I have myself seen indications that such a strategy will work, in the form of US lawyers asking "Denmark, that's in Minnesota, right ?", who after being taught a bit of geography, is never heard from again.
That is not to say that only US lawyers cause copyright heartburn for FOSS projects, but they are certainly the main cause of it.
-
For personal use? Who cares? Just do whatever you want with it, nobody is going to come knocking.
-
But the mess does not emerge because of the rules of copyright, it emerges from the lack of attention to copyright.
Having been part of a failed attempt to relicense a piece of LGPL2 FOSS (to Apache 2), I can testify the difficulty and pain when such policies are not in place.
Some of it had copyright from no longer existing firms and passed away persons.
In some case it was possible to track the new owners, in others it was impossible.
Even if the technical board, representing the majority of the current enterprise and personal contributors, was in full agreement, we realized very soon it was an impossible task.
Of course, when the product was born it was not expected for it to grow enough for these things to matter...
-
Lawyers are "only" $1200/hour.
Buy your rights.
But the mess does not emerge because of the rules of copyright, it emerges from the lack of attention to copyright.
Having been part of a failed attempt to relicense a piece of LGPL2 FOSS (to Apache 2), I can testify the difficulty and pain when such policies are not in place.
Some of it had copyright from no longer existing firms and passed away persons.
In some case it was possible to track the new owners, in others it was impossible.
Even if the technical board, representing the majority of the current enterprise and personal contributors, was in full agreement, we realized very soon it was an impossible task.
Of course, when the product was born it was not expected for it to grow enough for these things to matter...
-
For personal use? Who cares? Just do whatever you want with it, nobody is going to come knocking.
He wants to own/steal it, cant you tell from how he phrased it?
FOSS is against their religion.
-
Now if I become part of a large project with thousands of contributors, [...]
[...] then that project better have an 'on-boarding' procedure which informs and educates you, about the project's copyright strategy and compliance requirements, or they will soon have a proper mess on their hands ?
Yeah, that's pretty much how the world works ?
But the mess does not emerge because of the rules of copyright, it emerges from the lack of attention to copyright.
Note that some see such a mess as an strategic advantage, with an argument that goes roughly "Any lawyer hungry for a fight, will first have to figure out who to sue, where to sue them, and which copyright law applies there. Centralizing the copyright only makes that easier for them."
I have myself seen indications that such a strategy will work, in the form of US lawyers asking "Denmark, that's in Minnesota, right ?", who after being taught a bit of geography, is never heard from again.
That is not to say that only US lawyers cause copyright heartburn for FOSS projects, but they are certainly the main cause of it.
Its a global grab, a big theft of the world from we, all its people, one that started on January 1, 1995.
-
Fork it, add your own fixes to your version, don't waste your time reporting under their version.
Maybe note in one of your bug reports, "fixed here" if you want to lead others to your fixes.
Good advice, don't buy into the war on FOSS and public education!
-
Or maybe they arent absent, copyright and patent owners have to register their names and addresses. In each jurisdiction.
Half the world seems to think that copyright works the way it did in the USA before it joined the Berne Convention in 1989.
That assumption got the MD of a company I was involved with in court, he'd worked on the premise that because it didn't include any copyright info that it was fine to pirate software.
However:
If I were the OP, I'd have no qualms fixing and using the code for personal use
-
For personal use? Who cares? Just do whatever you want with it, nobody is going to come knocking.
He wants to own/steal it, cant you tell from how he phrased it?
FOSS is against their religion.
Could you please refrain from slurring the character of the OP? The very fact that he has bothered to ask for people's opinions is a sign of good intent and I can find no trace of the motivation to steal that you're claiming he has.
-
He wants to own/steal it, cant you tell from how he phrased it?
FOSS is against their religion.
Who are you referring to? Me? How on earth did you arrive at the conclusion that I want to "own/steal" the software? When did I phrase anything that implies I want to do that? And who is this "they" against whose religion FOSS is against? Me again? Certainly not. I think you need to take that damn chip off your shoulder and stop making assumptions about people's motivations.
All I would like to do is ensure that the code is licensed in a way that will allow me to make changes to it, use it, and in case I think anybody else may find it useful, potentially redistribute that modified version (not for commercial gain, I might add). You know, just like any other open-source code. At present, the code's licensing state is unclear, so I'm refraining from doing any of that until such time as the situation is clarified.
-
I'm sorry, Ive just seen that happen too often at this point. There is a well organized war on open source. there ar people who insist that its a bad thing.
IMHO they are a bad thing. FOSS is a bit like a freeing of the slaves, as such its a good thing and a positive development without which many of the world's biggest companies of today would not exist.
Subcontractors say that FOSS makes people too equal and makes it hard for them to make money as easily as they like..
Thy want to go back to the way things were.
-
Other than possibly a few software companies I haven't seen a major war on FOSS. It is alive and well, and growing all the time.
-
Yes yes. And suddenly everyone is becoming a specialized copyright lawyer. :)
If you read everything I wrote, you'll see that I was being a bit more nuanced, then, than the part you just quoted.
One doesn’t have to be a lawyer, to know and recognize often repeated misconceptions. You know, I am neither an astrophysicist nor a geologist, but I could say that claims about Earth being flat are wrong.
- If you, as an author, share some work on a platform such as github which targets open source software, and you want to hold your copyright on it, and you leave it with no mention an no means to identify or contact you, you're an idiot. It's like leaving your front door open with a big sign "come in", and expect nothing bad will happen to your house.
Where you host your code doesn’t void your rights. Neither does “being idiot”, even assuming “being idiot” is a concept recognized by your local law. You don’t need to offer signing any particular contract to make your work protected, even if you show your work to others. A copyrightable work is protected just because it exists. No further conditions.
Publication on GitHub might imply anyone can see the code without obtaining a license, but the question is not about seeing it. It’s about creation of derived works.
Open source and copyrights are for a large part incompatible. That's likely to trigger huge debates, but all in all, the whole spirit of open source that I've gathered and understood goes against the idea of copyright. So as related to the above, sharing something copyrighted on some open-source platform is sort of mind-boggling. I'm sure many will find no issue with that though. Who cares about consistency, right?
Yes, they are very incompatible. Yet the law still holds, even if someone doesn’t like it.
As I explicitely mentioned, the person publishing some work on github may not be the author nor have any explicit authorization of the author to share it (unless it's explicitely open-source licensed, in which case the license SHOULD come with the work.) In that case, that basically means the person behind the github (or similar) account stole the work. Also as I said, it's unfortunately extremely frequent on those websites. There's a lot of stolen work with no means of knowing who ever did it.
It may be, which possibility has included in my response, but that doesn’t address OP’s problem in any way. They still need to obtain permission from the copyright holder. Also note that the publisher may be the author, but not the copyright holder.
- Which, as I also mentioned, makes using any such project, unless it's one of the well known open-source projects with no ambiguity, basically impossible for any commercial application, because you just can't know who owns it. There is a significant amount of projects in the same case as the OP's, but even when there's an explicit license, it's impossible to know whether it's legit or just stolen copyrighted work with an added license that the true author never intended to add or even knows about. A can of worms. So of course github doesn't want to be held responsible. It's almost intractable.
You can never be sure, no matter where you obtain your dependencies at. What matters is how well you can protect yourself in the case of a fuckup. If you can prove that you were yourself a victim of a scam, it is a whole different story than ignoring copyright altogether. Which is why I mentioned finding someone, whose presence in the chain covers OP’s ass up.
And with all that said, if again this is for pure personal use, wow. Are some of you serious for fretting? If you're really in doubt, just don't share your derived work until you know for sure where the original one was from and what kind of license it has. Keep it to yourself. Nobody gets hurt.
Unless your jurisdiction has provisions in criminal law against using unauthorized software. Of course someone may be in a position where chances of discovery are very low, but do you think OP would ask how to do that legally, if that was their goal?
wow, some folks must spend all their time thinking about this stufff. wow.
-
wow, some folks must spend all their time thinking about this stufff. wow.
You have some problem? Or perhaps have anything of value to say?
Discussion fora exist for, surprisingly, discussion. If you find weird that people use them for the intended purpose or try to help others, you are free to not participate. Similarly, if you find the act of thinking something worth of ridicule, you may be in a wrong place.
-
wow, some folks must spend all their time thinking about this stufff. wow.
You have some problem? Or perhaps have anything of value to say?
Discussion fora exist for, surprisingly, discussion. If you find weird that people use them for the intended purpose or try to help others, you are free to not participate. Similarly, if you find the act of thinking something worth of ridicule, you may be in a wrong place.
I just find it interesting, that as I said, As I found it strange that the British Empire considered so many of those born in Kenya to have become squatters in their own land.
-
Algorithms can't be copyrighted but implementations can. At least in the US...
So, rip the algorithms and rewrite the code.
-
Allow me to be Ralph Wiggum for a moment...
So you build and release a product containing code to carry out its intended function.
Regardless being able to protect the code from being read within the device, even if you could it would be a binary blob, at what point do you have to provide to others source code?
If the device has closed source code and some entity suspects copyright infringements is there some legal mechanism that forces the designer to provide source code for scrutiny?
I ask because I have always found it strange on the insistence of code source stipulating that copyright notices in comments must remain and should not be used without prior consent etc
Is this simply a case of not being a thief and being honest about it and if you were how easy would it be to be found out?
-
If the device has closed source code and some entity suspects copyright infringements is there some legal mechanism that forces the designer to provide source code for scrutiny?
A court-order, issued during the discovery-phase would do that.
What evidence you would need to get to that point depends on pretty much anything.
-
Allow me to be Ralph Wiggum for a moment...
So you build and release a product containing code to carry out its intended function.
Regardless being able to protect the code from being read within the device, even if you could it would be a binary blob, at what point do you have to provide to others source code?
If the device has closed source code and some entity suspects copyright infringements is there some legal mechanism that forces the designer to provide source code for scrutiny?
I ask because I have always found it strange on the insistence of code source stipulating that copyright notices in comments must remain and should not be used without prior consent etc
Is this simply a case of not being a thief and being honest about it and if you were how easy would it be to be found out?
The US Government wrote a demand for source code into its contracts.. Way back in the 90s. with DFARS.. Because they had been burned too many times.. I saw some of these source code gold CDs.
Thats where open source originated from. After being burned quite a few times, the USG started writing this into contracts. So that all computer relaed products they buy included a gold CD with SRC. I think this has now changed in that now the US is demanding that nobody should be required to provide source... At least we've been proposing that in the WTO proposals we are now making. Corporate lobbyists for big Indian staffing companies are demanding this. They say that requiring source would break the deal we made with them which the WTO is part of. They seem to be tryijng to patent certain business processes.. which they claim to have invented.. And demand the "right" to create a proprietary software ecosystem. Obfuscate everything, And lock people in. They really see FOSS as a threat to their (IMHO elitist) business model. Its too egalitarian.
-
The US Government wrote a demand for source code into its contracts.. Way back in the 90s. with DFARS.. Because they had been burned too many times.. I saw some of these source code gold CDs.
Thats where open source originated from.
Utter rubbish. Open source was alive and well long before then. If you want to cite an origin, a much more likely proximal origin would be the source tapes that circulated among members of various user groups in the 1970s, including the IBM user group and DECUS to name but two.
-
Thats where open source originated from.
Ehh no ?
Open Source originated with computers, because the first generation of programmers were smart enough to recognize that their job was hard enough with the source code, and impossible without.
Academia has of course always been open source, you get no publication credit for things you dont publish.
Throughout the 1960'ies, Open Source was the norm, also in commercial settings. You might not get the source in machine readable form, you might get it on actual printouts, or you might get microfiche (IBM!) but you (could) get the source if you wanted it.
Closed source was very much a phenomena which came in and grew with the microprocessor in commercial environments, very much exemplified by Bill Gates' famous rant.
(Looking through the thread I see a lot of other crap you have been spewing, but I wont address that, I'll merely note that you seem to have very little clue about things you very confidentely pontificate on.)
-
i'll try to moderate pontifications, as your experience is more extensive than my own! And predates it.
:) Hopefully I am wrong as to these forces I describe as against open software. If that is the case, I wouldn't mind that one bit. Crossing my fingers..
The WTO since the beginning oif 1995 has controlled "Goods" and "Services" (around 80% of the global economy) seems to see open licensing as a trade barrier, and therefore prohibited by treaties.
Kind of like they seem to see any regulations like wage and hour laws, and labor standards .Framing such laws as speed bumps on the highway of trade. TRIPS and TRIMS regulate the new "IP" landscape. Not the Berne Convention, these days. (Or so I am told) Patents, such as patents on drugs.. were a benefit to being in it. If you are a country and you want to trade, you must accept their rules.. in order to become a WTO member.. first. So this meant that a great many poor people would die. Since they didnt have that money.
What are the implications of that? Well one was the acceptance of the drug IP landscape.. a story laid out in the award winning 2013 film Fire in the Blood.. These laws made the manufacture of patented drugs incredibly profitable for the "owners" of these patents, even though they cost literally pennies to make, they cost tens of thousands in most of the world. Buy ir die, they seemed to be sayiing. Its now said that COVID-19 represents a once in a lifetime, Business opportunity.
They are trying to patent natural substances that should be unpatentable because they have shown promise in improviong the body's resistance to certain viruses. Because vaccines gradually offer less protection to evolving pathogens..And the SIRT system evolved to fight them. They claim a right to patent it. Buy or die.
Since Jan 1, 1995 Science doesn't belong to the Earths people. Irt belongs to the IP owning corporations! There is no such thing, legally, it seems, as a gift to everybody. At least that seems to be the officials position. That its holding the making of money back. Thats what scares me. The taking of science away from we the people. If you get better, you have to pay. Pay to live? Thats what we are heading towards with the Market spiral pricing of drugs.
Wheredoes FOSS stand without anybody standing up for it showing how many millions in sales that it has?