[License-discuss] [Non-DoD Source] Re: (no subject)

Karan, Cem F CIV USARMY RDECOM ARL (US) cem.f.karan.civ at mail.mil
Tue Sep 5 13:12:49 UTC 2017

> -----Original Message-----
> From: License-discuss [mailto:license-discuss-bounces at opensource.org] On 
> Behalf Of Ben Hilburn
> Sent: Friday, September 01, 2017 2:06 PM
> To: license-discuss at opensource.org
> Subject: [Non-DoD Source] Re: [License-discuss] (no subject)
> Hi all -
> I figured I would throw in my thoughts for this discussion. IANAL and all of 
> the usual disclaimers. My expertise, as it pertains to this
> thread, is really in the building & sustainment of F/OSS communities and 
> projects, albeit outside of the government space.
> On Fri, Sep 1, 2017 at 11:13 AM, Karan, Cem F CIV USARMY RDECOM ARL (US) 
> <cem.f.karan.civ at mail.mil < Caution-
> mailto:cem.f.karan.civ at mail.mil > > wrote:
> 	> I'm now encountering a slightly different situation in government, is 
> there a way to ensure modifications and fixes are made
> available to
> 	> the originator in a limited distribution scenario? Something like a 
> limited distribution GPL, but unlike before, there would be no
> non-
> 	> government contribution's copyright to piggyback off of.
> 	If this is government-only, then it is possible to use various contract 
> mechanisms to enforce what you want.  ARL has done this
> kind of thing for a long time now, and can share what we do with you 
> directly (contact me off list).
> In my experience, contracts are tremendous burden, both for individuals and 
> organizations, and pose a significant barrier to both adoption
> and upstreaming. As an FSF maintainer of a large GNU project, I can tell you 
> that even the FSF CLA causes significant issue for many
> groups, and outright inhibits growth of the developer community. I can't 
> speak to how burdensome it is to get contracts signed within a
> government agency, but I have to imagine it is still burdensome. And 
> requiring a contract for not just upstreaming, but adoption, in my
> opinion would cripple all but the largest projects.
> Related - If you haven't yet, I highly recommend reading these two articles:
> Caution-https://opensource.com/law/11/7/trouble-harmony-part-1 < 
> Caution-https://opensource.com/law/11/7/trouble-harmony-part-1
> > Caution-https://sfconservancy.org/blog/2014/jun/09/do-not-need-cla/ < 
> > Caution-https://sfconservancy.org/blog/2014/jun/09/do-not-
> need-cla/ >
> Have you seen something different at ARL? How have you worked things to be 
> successful with your F/OSS projects and external groups?
> I'm really interested to learn more about your approach and the results 
> you've seen.
> Cheers,
> Ben

There are a number issues at work here.  First, since ARL is part of the 
Government, we're governed by the Anti-deficiency Act 
(https://en.wikipedia.org/wiki/Antideficiency_Act).  The issue is that 
'voluntary' doesn't mean the same thing as 'gratuitous'; I work for the 
Government on a voluntary, but not gratuitous basis.  If I, as a Government 
employee, accept work from a volunteer without a well-defined contract in 
place regarding payment, there is a chance that someone could send Congress a 
bill for their contributions, and I could be sent to jail for having committed 
funds I don't have.  ARL has a CLA that covers this particular issue for this 
exact reason.

Second, there is the question of liability and warranty; in theory, the 
Government can hold a contributor liable for their contribution, and demand 
support for it, even if the contribution was gratuitous.  I suspect that most 
contributions are going to be done on an 'as-is' basis, with no offer of 
support.  That is made explicit in ARL's CLA, protecting the contributor from 
the Government.

Third, there are the usual IP rights declarations that need to be fully 
spelled out.

I suspect that in 99.9999% of the contributions that the Government receives, 
none of this will be a problem.  However, the Government is a very large 
entity, which means that the Law of Truly Large Numbers 
(https://en.wikipedia.org/wiki/Law_of_truly_large_numbers) applies. 
Basically, since the Government is a very large entity, and since under 
Federal Source Code Policy it is dedicated to trying to make 20% of all of its 
custom written code be Open Source 
(https://code.gov/#/policy-guide/docs/overview/introduction), there are going 
to be a very, very large number of external contributions being made to 
Government projects.  Given this, even if there is less than a 0.0001% 
probability that someone will sue over a particular contribution, it is almost 
certain that there will be a lawsuit over something at some point in time.  To 
avoid being sued, the Government needs to take steps to protect itself, and 
CLAs are one part of that.

This is also important for Open Source in general; large organizations tend to 
protect themselves from being sued by curtailing activities that they see as 
unnecessary and risky.  Open Source has not yet proven itself to the upper 
levels of the Government as being necessary; that means that for some managers 
it will be viewed as unnecessary.  If there are risks associated with it as 
well, then there will be a push to end Open Source within the Government. 
CLAs help reduce risk, which may give Government Open Source the time it needs 
to prove itself as necessary to upper level managers.

Cem Karan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6419 bytes
Desc: not available
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20170905/4242cf8c/attachment.p7s>

More information about the License-discuss mailing list