www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joel West <svo...@gmail.com>
Subject RE: Corporate Contributions
Date Tue, 22 Mar 2005 06:55:54 GMT
On 10:55 AM -0800 3/21/05, Jim Barnett doth scribe:
>The CCLA-ICLA structure is certainly not foolproof.  Individuals
>(intentionally or, more likely, unintentionally) may not disclose their
>employment status at the time of contribution.  In some cases
>employee-contributors may sign ICLAs when their employers have not
>executed corresponding CCLAs.  In that case, the only assurance ASF (and
>its downstream licensees) have is the representation made in the ICLA by
>the contributor that he or she has the right to make the contribution.

It seems to me that the CCLA is fine. In fact, it is a model for other OSS communities, including
one I'm working on now. Instead, it's the option of the ICLA that creates the huge loophole
and potential for exposure.

Intentionally omitting one's employer is a problem. I don't know if the ASF has ever identified
(or enforced) sanctions for misrepresentation of intellectual property or the right to make
such a contribution.

Even if we identify the employer, it gets sticky.

If one is an employee of a company, and that company declines to sign a CCLA (either because
the counsel hates it or is too busy to be bothered), then I find it hard to imagine a case
where the employer/counsel would authorize the signing of the ICLA for IP generated by the
employee.

Suppose the employee is generating the IP on his own time, and it seems clear cut -- say the
employer makes disk drives and the project is a Java interpreter. Still, (from my own experience
as both an engineer and manager) interpretation of "own time" is a question of fact and law
that would depend on things like an employment agreement and the relevant restrictions of
state law.

ASF has only limited resources and (like a firm) cannot possibly eliminate every legal risk.
At the same time, the SCO suit is only the first example of other legal disputes that will
arise over open source.

One possibility to reduce the risk would be to create a questionnaire for ICLA signees. It
would ask about occupation, employment, consulting arrangements, and maybe a few yes/no questions.
The idea would be that if there are any factors that suggest a risk, perhaps it would be worthwhile
to do a follow up to get further information.

Another option is to take advantage of the skewed nature of contributions. For an ICLA contributor
who passes a certain threshold (5? 10? 20?), do a due diligence to make sure everything is
copasetic. That would cut down the amount a spadework to the cases with the most exposure.

ASF seems less vulnerable a submarine IP or other hostile attack because of the nature of
its market segment and competitors (as opposed to Linux that competes with lots of things).
But given how many projects are being added and how broad a net they encompass, it seems like
the risk would go up every month.

Finally, ASF has been a pioneer for IP, for organizational structure, for incubating new projects.
ASF's best practice will become the OSS's community's best practice, so the benefits of addressing
this would go beyond the Apache projects.

Joel



---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message