www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <rdon...@apache.org>
Subject Re: Corporate Contributions
Date Thu, 24 Mar 2005 22:51:05 GMT
On Thu, 2005-03-24 at 13:41 -0500, Geir Magnusson Jr. wrote:
> I got rid of all the CCs.
> On Mar 22, 2005, at 1:51 PM, Jim Barnett wrote:
> > Good points.  I agree that Apache could be made safer from submarine IP
> > by making the validation process for ICLA-only signators stricter.  The
> > question becomes "How strict is too strict?"
> I've proposed asking that a CCLA be required from everyone with an 
> employer specifically to protect the employee as well as the ASF, to 
> prevent accidentally (or intentionally) submarining IP into a project.
> I realize that this is an additional burden for contributors and the 
> foundation, but... ("SCO, anyone?")
> The JCP is also looking at this issue as there is a real fear there 
> that IP will be contributed accidentally by an individual that would 
> put the implementors and users of a spec (as well as the spec) at risk.

FWIW i fear that requiring CCLA may cause difficulties for (in
particular) european committers.

IANAL but...

employment law in the UK (and the rest of Europe, i think) is both
different and clear: any work you do in your own time on your own
machines belongs to you (unless you specifically assign it to your
employers). however, the CCLA is a difficult document for european
employers. the effect of it's incorporation into a UK employment
contract is hard to predict. it may not be enforceable. alternatively,
it may translate into a positive right to create open source on company
time. at the very least, any company would be faced with the not
inconsiderable expense of seeking a legal opinion. 

i have always asked whether there are any objections to my hacking OSS
in my own time (for politeness sake) but my experience has been that
though employers may agree verbally and may even be willing to agree to
a memorandum of understanding about the current UK employment statue,
they will not sign a document like the CCLA. it simply exposes them to
too many potential liabilities. 

i also find it hard to understand how any contribution by a UK employee
could put any downstream users at risk. if an employee takes existing
code copyrighted by their employer and intentionally makes it available
without permission then this is theft. a buyer acting in good faith who
purchased stolen goods is not liable (though stands to lose the good in
question which would mean that implementation would have to be rewritten
around the stolen material, i suppose). this applies in a very
straightforward fashion to open source contributions (from UK employees,
at least): providing that the copyright has been assigned to the ASF and
has no obvious signs that it has been stolen, then it can be safely

if the ASF is serious in going down this route then maybe some
consideration of the consequences on committers outside the US may be

- robert

DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message