Some thoughts inline, below. -----Original Message----- From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED] Sent: Friday, March 25, 2005 3:56 PM To: Jim Barnett Cc: [EMAIL PROTECTED]; Geir Magnusson Jr.; [EMAIL PROTECTED] Subject: RE: Corporate Contributions
At 03:49 PM 3/25/2005, Jim Barnett wrote: >I also agree that ASF should disclaim liability to the fullest extent >possible. ... General disclaimers published on a website, however, >are not as effective at limiting exposure. "Jim you have totally missed the boat here. Please read the CLA you signed. Understand that you OWNED the responsibility to grant us license and the you OWNED the authority to do so, when you signed the CLA. We do not disclaim liability in the sense you are thinking, by posting notices on our web site. We disclaim liability because it *is* the liability of our contributors." Bill: I wasn't suggesting that ASF currently places general disclaimers on its website, nor that it should do so. Rather I was responding to a suggestion I've seen from a couple of others on this (growing) thread that by conducting "public awareness" exercises emphasizing that individual contributors are responsible for their contributions, and that their employers, if any, are responsible for policing the employee's actions, ASF would be in a strong defensive position in the case of an improper contribution. I disagree. I have read the CCLA and ICLA. I understand that the contributor signing the document makes representations to ASF that it has the right to make the contribution, and that ASF relies on those representations. That is great as far as establishing liability of the contributor who breaches those obligations to ASF. Absent some collusion between the true owner (an employer for example) and the contributor, Apache's reliance on the representation and resulting rights against the contributor are not a perfect defense against the true owner. ASF's innocence and reasonable reliance may help in reducing monetary liability, but it does not protect ASF or downstream licensees taking through ASF from injunctions against use of the offending code, or other undesirable consequences. "At times, without the contributor's intent, it may be that they independently discover the patently obvious and previously (or in the one year window) Patented invention, committing it to our repository. In that case, the ASF would either contest the patent, appeal to the holder for License, or remove the patented invention from our code. If none of these three solutions satisfied the patent holder, they would have to prove injury to themselves and profit to the Foundation. The foundation doesn't profit so this would be a hollow lawsuit, and we would pursue through our legal team that the patent is invalid because it was too obvious to be patentable. Let's say that the contributor was -aware- of the patent and took the idea from the patent holder, and that it is a defensible patent. In that case, it actually becomes a matter that the contributor has broken patent law, and further, that they broke their contract with the ASF. Further action against the ASF would be partially mitigated by the breach of contract against us, and we would argue an innocent party defense. In fact, if there is a finding against the foundation, and the committer malevolently contributed the IP, you could see the Foundation suing the committer for breach of contract and resulting damages. (If there was no malice this would simply not happen.)" Bill: Again I think you are missing some other fairly credible possibilities. You're assuming that the only invention an ASF contributor is likely to invent is one that is obvious. It is entirely possible that a contributor might actually independently invent something novel, and non-obvious, which is nevertheless subject to a pre-existing patent or patent application. I agree with your assessment that ASF could argue patent invalidity in the case where the patented invention was not "novel" or "non-obvious," but that defense wouldn't work except in those narrow circumstances. In any case invalidity would be an argument, not a guarantee. You are also focusing on money liability and overlooking the agony of injunction. The right of an injured patent holder to obtain an injunction against infringers does not depend on the infringers making a profit. (More importantly, ASF not making a profit doesn't really affect its damages liability either, since a legitimate measure of damages would be profits lost by the patent owner, not gains made by the infringer. But that's another topic.) An injunction would be devastating for the ASF project, but of more concern to me, it would be even more painful for downstream licensees, whether distributors or end users. Hypothetically, think about key commercial distributors and large scale end users of Tomcat getting served with a court order instructing them to shut down their deployments and discontinue their use. Scary to me, but I am a paranoid lawyer after all, so YMMV. I do think that ASF (and successful OSS organization for that matter) has one key advantage not shared by proprietary software shops when it comes to third party IP claims. The PR fallout alone for attacking established, depended on OSS, is devastating. That fact, illustrated in spades by the SCO shenanigans and resulting public lambasting of SCO, mitigates many of these concerns to an extent. Closing the circle, I think having employers of employee-contributors sign a CCLA would be very beneficial in protecting ASF from a whole host of potential IP entanglements. I also understand that many employers are going to be unwilling to do that, either out of lack of interest or paranoia. If ASF had an inflexible rule that all employee-contributors must have their employers sign a CCLA would injure diversity in contribution and therefore be a bad thing. Honestly before this thread started, I was naively under the impression that the ASF rule already was that all employee contributors were required to have their employers sign a CCLA. I understand now that the rule is otherwise. I also now understand much more clearly the concerns and challenges such a rule would present. To levelset, am I correct that the CCLA is currently used when a corporation desires to make a contribution of pre-existing code to and ASF project, and that individual contributors, whether employed or independent, are only required to sign an ICLA with no hard and fast requirement for a corresponding employer CCLA? Thanks, Jim --------------------------------------------------------------------- DISCLAIMER: Discussions on this list are informational and educational only, are not privileged and do not constitute legal advice. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
