At 06:44 PM 3/25/2005, Jim Barnett wrote: >[...] I was responding to a >suggestion I've seen from a couple of others on this (growing) thread >that by conducting "public awareness" exercises emphasizing that >individual contributors are responsible for their contributions, and >that their employers, if any, are responsible for policing the >employee's actions, ASF would be in a strong defensive position in the >case of an improper contribution. I disagree.
It serves as one defense against willful collusion by the ASF. Publishing our position more clearly on the web site would only serve to inform the public. You are correct, it won't serve to protect our rights to use infringing code or methods. >[...] It is entirely >possible that a contributor might actually independently invent >something novel, and non-obvious, which is nevertheless subject to a >pre-existing patent or patent application. I agree with your assessment >that ASF could argue patent invalidity in the case where the patented >invention was not "novel" or "non-obvious," but that defense wouldn't >work except in those narrow circumstances. [...] Of course. We are no different than any other engineering/development effort, and the exact structure of ICLA's/CCLA's has no bearing on this. We completely expect, from time to time, to be deprived of the right to use specific code or methods. Our answer is to respond proactively to IP claims, and solve the issue promptly. >You are also focusing on money liability and overlooking the agony of >injunction. The right of an injured patent holder to obtain an >injunction against infringers does not depend on the infringers making a >profit. I'm not overlooking this. I thoroughly agree and totally expect us to remove the offending code when first brought to the ASF's attention. This would include removing all tarballs, sources etc from public download until the ASF board and it's attorney's had determined it was appropriate to continue to allow downloads. >An injunction would be devastating for the ASF project, but of more concern to >me, it would be even more painful for downstream licensees, whether >distributors or end users. Of course. But you have to consider that there is an entire crew of coders who would immediately seek a non-infringing solution, provided it was an active project. Probably the infringer would not be in a position to come up with the implementation. In fact, I'd expect that if a cleanroom was required, there are so many different developers in different corners of the foundation that we could find one never affiliated with the code of that project who would be willing to code the replacement. I feel this is a stronger position to be in than many small commercial development firms. >Hypothetically, think about key commercial distributors and >large scale end users of Tomcat getting served with a court order >instructing them to shut down their deployments and discontinue their >use. Scary to me, but I am a paranoid lawyer after all, so YMMV. :) Of course, if the very problem solved by the project was patented, and this was sprung on us, we would be in no better shape than any commercial engineering firm who's product was submarined in the same way, although all of the their code was developed under contract explicitly for them. Yes it's possible that the overall solution a specific project invents turns out to be defensively patented, and we are left with no solution other than closing a project. >Closing the circle, I think having employers of employee-contributors >sign a CCLA would be very beneficial in protecting ASF from a whole host >of potential IP entanglements. I'm still very unclear what the CCLA accomplishes in this respect. Even if my employer agrees that I can work on an open source project, it doesn't prevent them from sandboxing some work as open-source-able and others as proprietary, and when the line is crossed, going after me, the ASF etc for their 'trade secrets', patents and so forth. In general you can't expect the employer to give a blanket grant of all their technologies, and can't expect every open source developer to be employed on the far side of the chinese wall of their internal technologies. >To levelset, am I correct that the CCLA is currently used when a >corporation desires to make a contribution of pre-existing code to and >ASF project, and that individual contributors, whether employed or >independent, are only required to sign an ICLA with no hard and fast >requirement for a corresponding employer CCLA? Yes, it is an optional instrument that can be started by the developer when their situation is murky, or is directly presented to the company when they ask to donate their company's code. The CCLA is an instrument to protect the developer, and to protect the employer through a clearer dialog of what they do and do not wish their employer to contribute. The suggestion for an FAQ page pointing out many of the ways that either state law (perhaps with a breakdown like the AAA gives on which state you should wear a seat belt and which states you can't use tire chains within), or common employement contract clauses can trigger conflicts is a great start. But I'm pretty certain (though IANAL) that once the ASF starts insisting on a CCLA from one class of contributors, that we then open ourselves to the liability of not obtaining one from someone either in that class, or in another class that we overlooked? Today we rely on the integrity of each developer. Once we assume responsibility for policing the code beyond asking each developer to grant us license to their contributions, I was under the impression that we expose ourselves to greater liability when we do miss an invalid contribution. Comments? Bill --------------------------------------------------------------------- DISCLAIMER: Discussions on this list are informational and educational only, are not privileged and do not constitute legal advice. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
