That's not how copyright works.

I am sorry, allow me to be more specific.

Devel::Trace does not seem to actually have a copyright attribution or license file attached to it at all. How can you honor the authors wishes if said author does not express them?

My real point here is that your nitpicking what Moron said, and bringing up legal questions, when the module itself (even without Moron involved in the equation) stands on already fuzzy legal ground (as you pointed out yourself). Since I am not a lawyer, and I assume that neither are you, nor is Moron, discussing the legality and illegality of someones 'alleged' actions on a perl programming forum seems kind of silly.

It is however most certainly not a good thing to ignore a free software author's copyright and use the code as if it were in the public domain ...

And I would never advocate such a thing either.

However, as an open source author myself, who works for a company which both uses OSS and sponsors the development of OSS, I realize that I am taking a risk by releasing my code open source. Despite any copyright or license I include, my code is out in the world, and I just simply cannot control its use 100%. I would be a fool to think I could.

Of course my company lawyer (if I had one) would tell me different (afterall, thats his job), but that won't stop some programmer in another country (one maybe where the American/Western legal system has no real bearing) from copying my code verbatim (minus the copyright) and making a million $some_currency with it.

I highly doubt I would have much recourse in such a situation, and so I have long ago resolved that if it were to happen, oh well. And to tell the truth, I would rather some random programmer (albeit a dishonest one) make $$ off my code than to have a lawyer take my $$ (or my companies $$) directly, while trying to get that money from said programmer (of which I would only see a fraction of after lawyer/court fees).

Again, let me say, I am in no way advocating that anyone just ignore a software license (OSS or otherwise), I am only trying to point out the reality that IP law concerning software (and especially when it is on a global scope) is a slippery issue at best. Just look at Microsoft's long battle with copyright issues in Asia to see that it's not so straightfoward and easily enforced as you seem to imply.

it is ridiculous to expect that you can retain any control what so ever over that code and how it is used.

That is not ridiculous at all, but rather written into every license on CPAN. Authors are giving anyone in the world the right to use the code, change it as they see fit, redistribute it and charge for this redistribution.

Yes, but they are all just words. Words which are only as effective as the legal might which can be bought to back them up. Words which have limited legal power (if any at all) in many countries.

Sure, in an ideal world, we would all respect these words, and the rights they give us. But this is not an ideal world, and so theory means very little if it cannot be enforced in practice.

Now, does that mean that I/you/Moron should ignore these words? Of course not, but MJD (and any CPAN author for that matter) should realize that these "rights" that you speak of, are just not that easily enforced. I mean to start with, you have to discover the violation in the first place (which is the proverbial needle in a haystack), then you have to prove that it is in fact your code (a very non-trivial thing indeed), then you have to fight out the (probably very expensive) battle in court. I would be very suprised if many people had the time and money to do those things.

Once again, I cannot stress enough that I do not feel that ignoring software licenses is an acceptable practice. But do not for one moment think that the legal system (american or otherwise) gives you some kind of assurance against this rude and illegal practice.

Am I picking nits? I don't know, the fact that you apparently were not aware of these details makes it worthwhile that I asked IMO

I am aware of pretty much all of the details you pointed out (although I agree I did not express that knowledge well in my first post). I guess I just don't have as much faith that the theory you speak of can be effectively practiced in a way which doesn't just end up benefiting the lawyers of the world.

OK, I can agree with almost everything in this post. I am sorry I alleged that you were not aware of some of the details I posted, I know you're a CPAN author and was a bit surprised, but I apparently misunderstood your post, so I apologize.

Just a nit ;-):

..issue becomes fuzzy at this point

Yes, but it only becomes fuzzy in the other direction. If I find a CPAN module without a license file I cannot assume that I am (legally or ethically) correct to assume more rights than a standard CPAN license would give me, I can only assume that I have been given the same or less rights by the author.

I agree with everything you say about practical enforceability and also about the desirability of lawyer involvement. But (going back to why I posted my question in the first place) Moron was advocating as good the practice of taking parts of CPAN modules and integrating them into his company's codebase. That is neither ethically nor legally correct IMO (regardless of enforceability) unless he has the permission of the author or is following the license (which in this case is an implicit one). If he doesn't fulfil these requirements he also exposes the original author to the legal risk I described in my last post. Which is why I asked whether he'd taken care of this side of things. Because it's still important to do the right thing, regardless of whether you will be caught/punished.


Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan

... but I apparently misunderstood your post, so I apologize

No, it was more that I wasn't clear than anything else. It was my fault.

Moron was advocating as good the practice of taking parts of CPAN modules and integrating them into his company's codebase.

I do agree with your overall point that people need to be careful about how they approach such things. However, as BrowserUK pointed out, where do we draw the line.

What is the difference between installing a module on a server, and copy/paste-ing that same code into a single script file? Assuming I have retained the original authors copyright, I (as a non-lawyer) see very little difference in either practice. I would suspect both practices could be construed as "integrating into the companies code base" by a OSS/tech ignorant lawyer.

What if I patch a module, and the author is not interested in integrating the patch? My natural inclination would be put the patched version into subversion and treat it like any other part of that codebase (keeping correct copyrights in place of course). This practice is part of why OSS is so useful, but from what you are saying it could place me, my company and the original developer at legal risk. That sucks.

Anyway, all this legal mumbo-jumbo is giving me a headache. In the end I think we both agree that its a difficult and slippery topic off which many lawyers will certainly get rich. I think Moron was probably well within the boundries of "acceptable usage", assuming he left copyrights (implied or otherwise) in place, ... er rather,.. i really really really hope he is for the sake of OSS.

-stvn

About integrating code into a company codebase: from what I gather from my reading of FSF documents, you can do absolutely whatever you want with the code (that's what they call "freedom zero" and "freedom one"), as long as you don't redistribute it. If you redistribute it, then you have some constraints which are specified in the license (some licenses require attribution, some licenses require you to give the same freedoms to the recipient, etc.)

Devel::Trace does not seem to actually have a copyright attribution or license file attached to it at all. How can you honor the authors wishes if said author does not express them?

Well, that's very easy. In fact, that question is even easier than if there would be license file attached. The basics of copyright law is very easy. Unless specified otherwise, every original work is copyrighted, making it illegal for anyone else to copy the work in parts or whole. (Yeah, yeah, there are exceptions like 'fair use', don't bother stating that). The keys point is the "not specified otherwise". The only requirement needed to have the copyright on a work is to create it. The old (US) requirement that it needed a copyright notice was dropped somewhere in the early 80s or late 70s.

So, unless a work clearly states otherwise, you do not have the right to copy the work.

Perl --((8:>*

To pick another minor nit (while I'm at it :-)

The only requirement needed to have the copyright on a work is to create it.

You need to create and record it. An idea you have created in your head is not copyrighted, nor I think is an idea you have described verbally to another person (unless you tape that conversation). Recording the creative work on a medium gives you the copyright on the recording (painting/soundclip/program). This is important, because confusion often arises on whether you can copyright the idea of your creation. You can't, you can only copyright the manifestation of that idea.

The OpenBSD project uses this fact creatively by using their copyright on the CD image of their official release and disallowing free redistribution of said image. Thus, while you're free to install, use and change OpenBSD in almost any way, you cannot get an official CD image without buying it from them.


Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan

Taking ideas and integrating them into your own code, absolutely. Copy-pasting non-trivial bits of code into a commercial codebase without proper attribution is not just "bad manners" it is downright illegal and extremely poor behavior.

A few questions arise from that, and since you seem to understand this stuff:

• Define non-trivial?

  Presumably, copying the word 'if' into my program would require a consultation with the author of the code I took it from?

  How about an if condition?

  What if I change the variable names?

  What about merlyn's is_numeric() function?

  sub is_numeric {
    ($_[0] & ~ $_[0]) eq "0";
  }
  [download]

  Under what circumstances should I take a consultation or negotiate a licence before using that in a commercial Perl project? And how does this affect commercial organisations using CPAN modules as a whole?

  Where do you draw the line?

• From what you say above, it would suggest that it's the "copy-paste" operation that is the key here?

  So, if I re-type the code I wish to use, then it's okay?

• At what point do I have to consult with merlyn if I want to use a Swartzian Transform in my code?

The only real legal answer to that if you are concerned is talk to a lawyer (which I am not). As far as I understand these questions are still very much in the defining stage for the programming world, and the law varies quite considerably from country to country. There are far older forms of expression to which copyright law also applies which still suffer from the same definability problem. For example, the fact whether a certain piece of music is a derivative work from another can be governed by the length of a melody they share (in bars or seconds) as well as the length of the music in it's entirety. As far as I understand that is considered to be a pretty well nailed-down definition :-). I don't know if similar definitions will become commonplace for code (or what definitions are used in courts at the moment), but the problem seems to me to be much harder.

The bit about commercial organisations using CPAN modules in their entirety is relatively clear though. The modules license itself states under what terms and how you can and cannot use the module, abide by those rules and there should not be a problem (as long as no-one challenges the license in court in future and it is found to be invalid in itself). If a module does not come with a license, a paranoid company lawyer might want to contact the author and make sure that the license your company is presuming to use the module under (e.g. the Artistic License) is granted by the author.

My sarcasm filter seems to be slightly faulty atm, I can't really tell which part of your question was facetious and which wasn't. Once you "derive" from a piece of code you are copying from it and changing the variable names doesn't alter that fact more than playing "Johnny B.Goode" on a harp makes it your original work. If you look at an algorithm in a piece of code and then go away and reimplement it yourself you should be allright. I think. It depends. Ask a lawyer.

Oh, and if you were asking for my opinion on what's ethical as opposed to what's legal, it's quite simple, I try to respect an authors wishes to the best of my abilities.

Update: Trying to actually answer the questions:

• Define non-trivial: None of the examples you give are what I would consider non-trivial, they're all pretty commonplace elements of Perl programs and as such no author can go ahead and claim copyright for them. The is_numeric function is maybe the only one where this view is questionable, but again the idea isn't unique and it's "easy" to come up with on your own without having seen this example. A major part of determining whether a piece of creative work is copyrightable is the originality of the piece. Just as one cannot claim copyright for the musical note G you cannot claim copyright for 'if'. It's hard to define in terms of volume whether a piece of code is in itself copyrightable, particularly since algorithms as such cannot be copyrighted (they may be patentable, depending on your country's legislation, but that's a different story entirely). The only real guide one has is to ask, am I copying this code or am I taking the idea behind the code and using it for my own program. The former would be copyright infringement, the latter not.

• No, copy-paste has nothing to do with it and that was a bad choice of words on my part. The important part here is that you are copying a piece of work, the mechanism of the copy is irrelevant. It may be relevant in court, because it's easier to prove copyright infringement if the copied code retains the original comments and tab spacings, but that's just an artefact of truth-finding, not that copy-pasting itself is more or less illegal than other kinds of copying.
• Schwartzian Transform: I don't know whether merlyn claims copyright for that or whether he could if he wanted to, I'm not knowledgeable enough to determine that. I'm pretty sure you do not need his permission to use the Transform (it's available under the Perl Artistic License at least), I don't know whether you should attribute it to him. And again, the algorithm of the transform is not copyrightable, a specific representation of the algorithm may be.
• And again, I am not a lawyer, any opinion I give here is my interpretation of laws and based solely on others (often non-lawyers themselves) interpretation of the law.
  
  Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan

My sarcasm filter seems to be slightly faulty atm, I can't really tell which part of your question was facetious and which wasn't.

Believe it or not as you will. The entirety of my 3 part question was in earnest. I would seriously like to know the answer to those questions that you carefully avoided.

Oh, and if you were asking for my opinion on what's ethical as opposed to what's legal, it's quite simple, I try to respect an authors wishes to the best of my abilities.

I thought that the purpose of the Perlish "Artistic licence" was essentially that the author was saying

"Here it is. If it is useful to you, use it as you see fit for whatever purpose including commercial ones. Don't remove my copyright notice, and I'd appreciate attribution should you produce a derivative work."

The funny thing is that this thread started out describing technical limitations on why some corporates might be reluctant to use CPAN modules in there code-bases. These have been mostly refuted.

What you have done with your post is to provide ample reasons why I, as a former consultant architect, could never recommend that a client that they use any CPAN module, or maybe even perl itself on any commercial project. The effort required in contacting, negotiating and getting legally binding clearance from all those copyright holders would be a nightmare. Simply impossible and untenable for any company to risk having to fight legal battles in country after country all around the world as every author of every CPAN module takes your stance that they must be contacted for every use of their modules, or any derivative works arising from them, on every Perl project they undertake.

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.