in reply to Re^9: Why non-core CPAN modules can't be used in large corporate environments.
in thread Why non-core CPAN modules can't be used in large corporate environments.

That's not how copyright works.

I am sorry, allow me to be more specific.

Devel::Trace does not seem to actually have a copyright attribution or license file attached to it at all. How can you honor the authors wishes if said author does not express them?
Now, this is not to say that the lack of copyright means that I think people are free to go running around doing anything they like to the code. I am only pointing out that the issue becomes fuzzy at this point. I know you agree with me on this since you explained very thoroughly the legal issues/problems in your response.

My real point here is that your nitpicking what Moron said, and bringing up legal questions, when the module itself (even without Moron involved in the equation) stands on already fuzzy legal ground (as you pointed out yourself). Since I am not a lawyer, and I assume that neither are you, nor is Moron, discussing the legality and illegality of someones 'alleged' actions on a perl programming forum seems kind of silly.

It is however most certainly not a good thing to ignore a free software author's copyright and use the code as if it were in the public domain ...

And I would never advocate such a thing either.

However, as an open source author myself, who works for a company which both uses OSS and sponsors the development of OSS, I realize that I am taking a risk by releasing my code open source. Despite any copyright or license I include, my code is out in the world, and I just simply cannot control its use 100%. I would be a fool to think I could.

Of course my company lawyer (if I had one) would tell me different (afterall, thats his job), but that won't stop some programmer in another country (one maybe where the American/Western legal system has no real bearing) from copying my code verbatim (minus the copyright) and making a million $some_currency with it.

I highly doubt I would have much recourse in such a situation, and so I have long ago resolved that if it were to happen, oh well. And to tell the truth, I would rather some random programmer (albeit a dishonest one) make $$ off my code than to have a lawyer take my $$ (or my companies $$) directly, while trying to get that money from said programmer (of which I would only see a fraction of after lawyer/court fees).

Again, let me say, I am in no way advocating that anyone just ignore a software license (OSS or otherwise), I am only trying to point out the reality that IP law concerning software (and especially when it is on a global scope) is a slippery issue at best. Just look at Microsoft's long battle with copyright issues in Asia to see that it's not so straightfoward and easily enforced as you seem to imply.

it is ridiculous to expect that you can retain any control what so ever over that code and how it is used.
That is not ridiculous at all, but rather written into every license on CPAN. Authors are giving anyone in the world the right to use the code, change it as they see fit, redistribute it and charge for this redistribution.

Yes, but they are all just words. Words which are only as effective as the legal might which can be bought to back them up. Words which have limited legal power (if any at all) in many countries.

Sure, in an ideal world, we would all respect these words, and the rights they give us. But this is not an ideal world, and so theory means very little if it cannot be enforced in practice.

Now, does that mean that I/you/Moron should ignore these words? Of course not, but MJD (and any CPAN author for that matter) should realize that these "rights" that you speak of, are just not that easily enforced. I mean to start with, you have to discover the violation in the first place (which is the proverbial needle in a haystack), then you have to prove that it is in fact your code (a very non-trivial thing indeed), then you have to fight out the (probably very expensive) battle in court. I would be very suprised if many people had the time and money to do those things.

Once again, I cannot stress enough that I do not feel that ignoring software licenses is an acceptable practice. But do not for one moment think that the legal system (american or otherwise) gives you some kind of assurance against this rude and illegal practice.

Am I picking nits? I don't know, the fact that you apparently were not aware of these details makes it worthwhile that I asked IMO

I am aware of pretty much all of the details you pointed out (although I agree I did not express that knowledge well in my first post). I guess I just don't have as much faith that the theory you speak of can be effectively practiced in a way which doesn't just end up benefiting the lawyers of the world.

-stvn
  • Comment on Re^10: Why non-core CPAN modules can't be used in large corporate environments.

Replies are listed 'Best First'.
Re^11: Why non-core CPAN modules can't be used in large corporate environments.
by tirwhan (Abbot) on Dec 07, 2005 at 01:50 UTC

    OK, I can agree with almost everything in this post. I am sorry I alleged that you were not aware of some of the details I posted, I know you're a CPAN author and was a bit surprised, but I apparently misunderstood your post, so I apologize.

    Just a nit ;-):

    ..issue becomes fuzzy at this point

    Yes, but it only becomes fuzzy in the other direction. If I find a CPAN module without a license file I cannot assume that I am (legally or ethically) correct to assume more rights than a standard CPAN license would give me, I can only assume that I have been given the same or less rights by the author.

    I agree with everything you say about practical enforceability and also about the desirability of lawyer involvement. But (going back to why I posted my question in the first place) Moron was advocating as good the practice of taking parts of CPAN modules and integrating them into his company's codebase. That is neither ethically nor legally correct IMO (regardless of enforceability) unless he has the permission of the author or is following the license (which in this case is an implicit one). If he doesn't fulfil these requirements he also exposes the original author to the legal risk I described in my last post. Which is why I asked whether he'd taken care of this side of things. Because it's still important to do the right thing, regardless of whether you will be caught/punished.


    Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
[reply]
      ... but I apparently misunderstood your post, so I apologize

      No, it was more that I wasn't clear than anything else. It was my fault.

      Moron was advocating as good the practice of taking parts of CPAN modules and integrating them into his company's codebase.

      I do agree with your overall point that people need to be careful about how they approach such things. However, as BrowserUK pointed out, where do we draw the line.

      What is the difference between installing a module on a server, and copy/paste-ing that same code into a single script file? Assuming I have retained the original authors copyright, I (as a non-lawyer) see very little difference in either practice. I would suspect both practices could be construed as "integrating into the companies code base" by a OSS/tech ignorant lawyer.

      What if I patch a module, and the author is not interested in integrating the patch? My natural inclination would be put the patched version into subversion and treat it like any other part of that codebase (keeping correct copyrights in place of course). This practice is part of why OSS is so useful, but from what you are saying it could place me, my company and the original developer at legal risk. That sucks.

      Anyway, all this legal mumbo-jumbo is giving me a headache. In the end I think we both agree that its a difficult and slippery topic off which many lawyers will certainly get rich. I think Moron was probably well within the boundries of "acceptable usage", assuming he left copyrights (implied or otherwise) in place, ... er rather,.. i really really really hope he is for the sake of OSS.

      -stvn
[reply]

        There is no difference between installing a module and copypasting the code into your own module. As long as the module license permits that (i.e. is one of the two commonly used licenses on CPAN) and you retain the copyright notice things are fine either way. I was not arguing that. I am talking about taking the code without attribution and integrating it into your codebase as if it were your own. That entails legal risks for both you and the original author.

        Same thing goes for modifying the code, if the module license permits that (the GPL and the PAL do) everything's fine. If you redistribute your modifications you need to make the code freely available, but that's a bit of a non-issue anyway with Perl (though it's one reason why trying to obfuscate your Perl code when selling it is a hare-brained idea).

        The whole point of my argument is that people should not try to "sneak" code from CPAN into their codebase. If you want to use code from CPAN do so, that's what it's there for and the legality is clearly (enough IMO) defined. If you want to create a derivative work do so, just stick to the licenses conditions on what you need to do in that case (i.e. retain the copyright attribution). Don't copy it in and assume you're doing the right or clever thing. And I wasn't saying Moron did that, I was asking.


        Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
[reply]
      About integrating code into a company codebase: from what I gather from my reading of FSF documents, you can do absolutely whatever you want with the code (that's what they call "freedom zero" and "freedom one"), as long as you don't redistribute it. If you redistribute it, then you have some constraints which are specified in the license (some licenses require attribution, some licenses require you to give the same freedoms to the recipient, etc.)
[reply]

        I assume you're referring to the GPL here, and you're wrong. Read section 1 and 2 of the GPL, you may use and modify any code however you see fit, provided you keep the license intact, make changes clearly visible and retain the copyright notice. Taking bits of GPL software into your codebase is such a modification. This does not mean your codebase suddenly becomes or needs to become GPL'ed itself, only the parts of the program that were originally under the GPL stay under the GPL. If you distribute your derivative work (i.e. the codebase into which you've integrated the GPL'ed code, or parts thereof, depending on the integration * ) it does need to be licensed under the GPL, but you are right, this does not need to happen if you use the work internally only.

        As an aside, the situation is a bit interesting for independent contractors who write code for other companies and uses GPL'ed software as the base, because this does constitute a distribution of derivative work and as such their work needs to be released under the GPL.

        * Update: I should probably clarify this before someone jumps on me. If you decide to use a GPL Perl module in your proprietary content management system and want to distribute said CMS, this does not mean you need to license the whole CMS under the GPL, unless the CMS can only work with the GPLed software and not with an alternative module (i.e. the module is at the heart of the CMS functionality and essential to it). However, if you take a piece of a GPL module and put that into your own module you are more than likely creating a derivative work, and as such your module needs to be licensed under the GPL. Feel free to correct me on this if you feel I have misunderstood the GPL, but this is how I believe it pertains to Perl modules/programs.


        Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
[reply]
Re^11: Why non-core CPAN modules can't be used in large corporate environments.
by Perl Mouse (Chaplain) on Dec 07, 2005 at 09:32 UTC
    Devel::Trace does not seem to actually have a copyright attribution or license file attached to it at all. How can you honor the authors wishes if said author does not express them?
    Well, that's very easy. In fact, that question is even easier than if there would be license file attached. The basics of copyright law is very easy. Unless specified otherwise, every original work is copyrighted, making it illegal for anyone else to copy the work in parts or whole. (Yeah, yeah, there are exceptions like 'fair use', don't bother stating that). The keys point is the "not specified otherwise". The only requirement needed to have the copyright on a work is to create it. The old (US) requirement that it needed a copyright notice was dropped somewhere in the early 80s or late 70s.

    So, unless a work clearly states otherwise, you do not have the right to copy the work.

    Perl --((8:>*
[reply]

      To pick another minor nit (while I'm at it :-)

      The only requirement needed to have the copyright on a work is to create it.

      You need to create and record it. An idea you have created in your head is not copyrighted, nor I think is an idea you have described verbally to another person (unless you tape that conversation). Recording the creative work on a medium gives you the copyright on the recording (painting/soundclip/program). This is important, because confusion often arises on whether you can copyright the idea of your creation. You can't, you can only copyright the manifestation of that idea.

      The OpenBSD project uses this fact creatively by using their copyright on the CD image of their official release and disallowing free redistribution of said image. Thus, while you're free to install, use and change OpenBSD in almost any way, you cannot get an official CD image without buying it from them.


      Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
[reply]

In Section Meditations