couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Damien Katz <>
Subject Re: Licensing is not important
Date Wed, 12 Aug 2009 20:09:15 GMT
Thank you Bernd. The CouchDB PMC and anyone else interested in  
contributing to development should take this advice to heart.


On Aug 11, 2009, at 4:33 AM, Bernd Fondermann wrote:

> Hi,
> I'd like to try and maybe provide some insights on the topic of
> licensing, dependencies, IP and so on.
> The current discussion mainly focuses on licensing, but this is only
> one aspect. If including some specificly licensed code is allowed or
> not is not always a binary decision. You can have very bad
> ASL-licensed code.
> At first, a quick example: Two developers, Mathilda and Sven start a
> cool open source project A. Sven finds some nifty third party open
> source library B which (as code) they include in their own repository.
> They make a release, they fix some bugs and their project quickly
> gains attraction. Company BigCo uses their product and they are very
> happy with it, they even hire Mathilda as a consultant for some time
> and release their own product "BigCo DB".
> Then, one day, small company Moronz & Sons sues BigCo for patent
> infrigement. Oops, library B implemented an algorithm which Moronz &
> Sons hold a patent on (or claim some other IP for).
> BigCo is no longer so happy and now sues poor developer Mathilda,
> because they can. The shit hit the fan. Mathilda is broke after
> fighting BigCo, Sven is scared away. Project is dead.
> To prevent anything like this, the ASF has put up all these processes
> and firewalls like being a foundation, having insurance, having a PMC,
> requesting CLAs and code grants, having licensing policies, holding
> votes etc. It's for the sole purpose to secure the code we are
> developing here to be freely distributed to our users.
> Often, these are only seen as tedious, bureaucratic overhead. And
> indeed they are. They aren't fun. But they can make you as developers
> and your users more relaxed that nothing bad comes out of it.
> So I suggest to be double careful. Don't discuss licenses only. Look
> at the code. Make sure the stuff you are distributing is your own and
> you know it is safe to distribute. Otherwise, back it out, check with
> the original developers, re-implement, request code grants etc. That's
> the task of the PMC. By +1ing a release you say that all this is
> properly checked.
> I like CouchDB quite a lot and when I use it I want to be absolutely
> sure I'm safe both using it and suggesting it to my customers.
> Thanks,
>  Bernd

View raw message