www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject RE: Corporate Contributions
Date Sat, 26 Mar 2005 02:00:40 GMT
At 06:44 PM 3/25/2005, Jim Barnett wrote:

>[...] I was responding to a
>suggestion I've seen from a couple of others on this (growing) thread
>that by conducting "public awareness" exercises emphasizing that
>individual contributors are responsible for their contributions, and
>that their employers, if any, are responsible for policing the
>employee's actions, ASF would be in a strong defensive position in the
>case of an improper contribution.  I disagree.  

It serves as one defense against willful collusion by the ASF.
Publishing our position more clearly on the web site would only
serve to inform the public.  You are correct, it won't serve to
protect our rights to use infringing code or methods.

>[...] It is entirely
>possible that a contributor might actually independently invent
>something novel, and non-obvious, which is nevertheless subject to a
>pre-existing patent or patent application.  I agree with your assessment
>that ASF could argue patent invalidity in the case where the patented
>invention was not "novel" or "non-obvious," but that defense wouldn't
>work except in those narrow circumstances.  [...]

Of course.  We are no different than any other engineering/development
effort, and the exact structure of ICLA's/CCLA's has no bearing on this.

We completely expect, from time to time, to be deprived of the right
to use specific code or methods.  Our answer is to respond proactively
to IP claims, and solve the issue promptly.

>You are also focusing on money liability and overlooking the agony of
>injunction.  The right of an injured patent holder to obtain an
>injunction against infringers does not depend on the infringers making a

I'm not overlooking this.  I thoroughly agree and totally expect
us to remove the offending code when first brought to the ASF's
attention.  This would include removing all tarballs, sources etc
from public download until the ASF board and it's attorney's had
determined it was appropriate to continue to allow downloads.

>An injunction would be devastating for the ASF project, but of more concern to me, it
would be even more painful for downstream licensees, whether distributors or end users.

Of course.  But you have to consider that there is an entire crew
of coders who would immediately seek a non-infringing solution,
provided it was an active project.  Probably the infringer would
not be in a position to come up with the implementation.  In fact,
I'd expect that if a cleanroom was required, there are so many
different developers in different corners of the foundation that
we could find one never affiliated with the code of that project
who would be willing to code the replacement.  I feel this is 
a stronger position to be in than many small commercial development 

>Hypothetically, think about key commercial distributors and
>large scale end users of Tomcat getting served with a court order
>instructing them to shut down their deployments and discontinue their
>use.  Scary to me, but I am a paranoid lawyer after all, so YMMV.


Of course, if the very problem solved by the project was patented,
and this was sprung on us, we would be in no better shape than any
commercial engineering firm who's product was submarined in the same
way, although all of the their code was developed under contract
explicitly for them.  Yes it's possible that the overall solution 
a specific project invents turns out to be defensively patented,
and we are left with no solution other than closing a project.

>Closing the circle, I think having employers of employee-contributors
>sign a CCLA would be very beneficial in protecting ASF from a whole host
>of potential IP entanglements.

I'm still very unclear what the CCLA accomplishes in this respect.
Even if my employer agrees that I can work on an open source project,
it doesn't prevent them from sandboxing some work as open-source-able
and others as proprietary, and when the line is crossed, going after
me, the ASF etc for their 'trade secrets', patents and so forth.

In general you can't expect the employer to give a blanket grant of
all their technologies, and can't expect every open source developer
to be employed on the far side of the chinese wall of their internal 

>To levelset,  am I correct that the CCLA is currently used when a
>corporation desires to make a contribution of pre-existing code to and
>ASF project, and that individual contributors, whether employed or
>independent, are only required to sign an ICLA with no hard and fast
>requirement for a corresponding employer CCLA?

Yes, it is an optional instrument that can be started by the developer
when their situation is murky, or is directly presented to the company
when they ask to donate their company's code.  The CCLA is an instrument
to protect the developer, and to protect the employer through a clearer
dialog of what they do and do not wish their employer to contribute.

The suggestion for an FAQ page pointing out many of the ways that
either state law (perhaps with a breakdown like the AAA gives on which
state you should wear a seat belt and which states you can't use tire
chains within), or common employement contract clauses can trigger
conflicts is a great start.

But I'm pretty certain (though IANAL) that once the ASF starts 
insisting on a CCLA from one class of contributors, that we then 
open ourselves to the liability of not obtaining one from someone 
either in that class, or in another class that we overlooked?  
Today we rely on the integrity of each developer.  Once we assume
responsibility for policing the code beyond asking each developer
to grant us license to their contributions, I was under the 
impression that we expose ourselves to greater liability when we
do miss an invalid contribution.  Comments?


DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message