incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <>
Subject RE: proposal: modify incubation application process to require a reference to the code itself
Date Tue, 13 Jul 2004 06:14:57 GMT
Brian Behlendorf wrote:
> If a company isn't willing to put the code base out themselves under
> their own ownership, but would rather it be (C) ASF, that leads me to
> wonder about what liability the company is attempting to avoid by doing
> so.  It may be paranoia, but seeing a company willing to put the code out
> under an open source license with a (C) to them does a lot to quell
> concerns about whether the codebase is IP-clean.

> To be clear, the ASF takes a legal risk with every line of code it
> publishes to the public.

> > An IP pre-review could cause a problem.  IP made available for review
> > have to be free of encumbrances.  We do not want a situation where
> > who have reviewed it become tainted.  Certainly that can be the case if
> > license were a proprietary one, but it does not seem to matter if the
> > license is an OSI-approved one or not.  Claims can be made based upon
> > as easily as upon more classically recognized proprietary licenses.  So,
> > I do not agree that "any legal mechanism that provides for anyone in the
> > community to conveniently read the source should be acceptable, even if
> > license restricts distribution, for instance."
> Good point; that suggests the requirement be to be very clear that review
> of the code places no encumbrances.

Brian, the gist of your message appears to be a concern that the Foundation
could be exposed, at least unintentionally and possibly intentionally, by a
contribution, and therefore you want to vet the code first.  I respect your
intention to protect the Foundation.  Neither of us, last time I checked, is
an IP attorney.  If the Board wishes to put this issue to our lawyer, that'd
be great.  However, my understanding is this:

 - As has been said before, when we receive a Software Grant
   and/or CLA, the presumption is that the contributor has
   the right to provide it.

 - We do not have an indemnification clause in the Software
   Grant, but that is not necessary if there is fraudulent
   conduct.  Nor would it be realistic or even appropriate
   to have one.

 - We neither can, nor want to, claim that we have reviewed
   the code to ascertain that it does not infringe on IP
   owned by someone else.  Instead, we required that to be
   stated by the Contributor in the Software Grant for the
   initial donation, along with CLAs for continuing work.

 - When we review code, we look to make sure that we have
   a Software Grant, correct licenses and copyright.  As
   people work on the code, if someone notices something,
   such as someone's name or other thing that flags a
   question in their mind, they should point it out and ask.

 - If there are specific allegations made, we respond to them
   with alacrity and honesty.  But it is simply not possible
   to claim that no line of code, contributed at any time, does
   not infringe some third party's rights without an exhaustive
   analysis to make sure it wasn't lifted from another source
   and doesn't infringe on some patent.

 - Our potential liability is very limited.  Roy has spoken about
   this on multiple occassions.

 - A corporation that has closed source under their own copyright
   putting it out under their copyright on its way to us does not
   appear to provide any protection once it is distributed under
   our copyright and via our infrastructure.  And I don't believe
   that it is reasonable to put a corporation's through multiple
   relicensing phases, nor their developers for that matter.  Why
   should we impose these expenses if there is no real benefit?

Craig McClanahan wrote:
> would we reject an entry into incubation if there *was* code,
> but we couldn't look at it unless the incubation was accepted?

> Whether or not we'd be willing to do such a code review privately
> (under some form of NDA) is a separate question.

If there is any encumbrance, then I don't believe that we should look at the
code.  Which means we wait for the Software Grant.

Again, none of us are IP attorneys.  If the concern is limiting the
Foundation's liability, let's push this to the Board to put to our counsel.
Unless our legal counsel says differently, I don't see any reason to impose
this as a mandate for reasons that I laid out earlier today.

	--- Noel

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message