[License-discuss] exploring the attachment between the author and the code

Gil Yehuda gyehuda at verizonmedia.com
Sun Mar 1 15:50:58 UTC 2020


Thank you Stuart, you are right. The fear of losing control is a big part
of this. Josh, indeed. All code is based on other code. This is why there's
such a conflict. Russel, I'm asking about all code authors because there
are many ways to view this.

A few times a year I get a report of code on GitHub that contains a
cleartext password to a server or an account my company owns. I find a
(usually) former employee had published a large bundle of code on her
personal GitHub repo on the day she left the company. I contact her and
request removal of that code -- it leaks a company secret. Most of the
time, it's removed right away.

Sometimes she'll say, "but it's my code." and I'll say, technically it's
work for hire that you assigned the copyrights to the company, but I
understand you feel like it's yours. Sharing internal information is a
violation of an agreement you signed. Also, it contains a cleartext
password in the code. Do you want people to think you are the kind of coder
who puts passwords in code? Or the kind of coder who takes the employer's
code and publishes it without permission first? If you would have asked, we
would have reviewed the code and potentially given you permission to
publish it once you remove the confidential information. But this was an
unauthorized publication, we didn't put an open source license on it, no
one can use it unless we do.

Usually that works, but once in a while I'll hear "No. it's my code, I can
do whatever I want with it." and I'll say: Do you think you'd get in
trouble if someone used the password leaked in your code as part of a
larger campaign that helped them break in to our systems and expose user
data? "Um, I guess so." It this publication that important to you that
you'd take that risk? And then she takes the code down.

I could simply issue a DMCA takedown to nuke the code, but I'm interested
when an engineer insists "that code is mine" even when it is a liability.
This is a different case than we typically talk about, but I bring it to
show that some people are attached to their code since they invest
considerable energy into it -- and fear that letting go removes their
control of the code. Indeed this is the reality of the corporate-employed
engineer -- but it's not always the way the perceive that reality. I'm not
suggesting this is ideal, but I think control and trust are factors here.

Gil Yehuda: I help with external technology engagement

>From the Open Source Program Office
<https://developer.yahoo.com/opensource/docs/> at Yahoo --> Oath - ->
Verizon Media



On Sat, Feb 29, 2020 at 1:00 PM Russell McOrmond <russellmcormond at gmail.com>
wrote:

>
> On Fri, Feb 28, 2020 at 11:31 AM Gil Yehuda via License-discuss <
> license-discuss at lists.opensource.org> wrote:
>
>> I'm exploring the psychological relationship between the author of a
>> work, and the work. i.e. parsing the phrase "my open source code" and would
>> like your thoughts.
>>
>
> What you appear to be asking is how proprietary people feel about the
> software they have authored.
>
> Google has one of the early questions I asked in gnu.misc.discuss back in
> 1992:
>
> https://groups.google.com/forum/#!msg/gnu.misc.discuss/PWcsCnGzDkI/DwXUQ5Lg_OwJ
>
> I wanted to add a GPL license to my derivative of software that was
> dedicated to the public domain, as I wanted to ensure that follow-on
> contributions would not be able to be made proprietary (meaning, software
> licensed primary for the benefit of a proprietor). The only restriction I
> wanted was the restriction to not allow personal/proprietary restrictions
> on derivatives (freedom from).  This was a concept that wasn't as clear
> with the 4 software freedoms from the FSF at the time, but became much more
> clear with the Debian Free Software guidelines that became the OSD.  This
> includes the non-discriminatory core of the OSD, understanding that demands
> for discrimination are personal to a proprietor and thus make the license
> proprietary.
>
>
> I liked what I learned in gnu.misc.discuss back in 1992, and became an
> active part of the movement as a software contributor and policy advocate.
> In 2002 I was the private-sector co-founder of GOSLING (Getting Open Source
> Logic INto Government) http://goslingcommunity.org/
> <http://goslingcommunity.org/#content> , and have been a witness at
> various parliamentary committees, met many members of Canada's federal
> parliament, and have been both a volunteer and paid consultant to
> bureaucracies on FLOSS policy.
>
>
> While I did these things, and I enjoy receiving credit for the
> contributions I have made, I do not at all feel proprietary about any of
> the results.  Whether my work is encoded in the form of machine readable
> instructions (software) or human readable instructions (policy, submissions
> to government consultations, etc), I consider the work to have more value
> the more it is built upon, and the less personal to me the results become.
>
> One of my influences is Lawrence Lessig and his "Code and other laws of
> cyberspace". http://codev2.cc/
> I believe there are many things in common between software code and legal
> code.
>
> If the elected official who introduced a bill in a parliament kept
> referring to it as "my law" after it passed and became the law of the land,
> people would not be respectful of that proprietary perspective.  If there
> was preamble that said that the policy encoded in the bill could not be
> introduced in the governments of unfriendly parliaments,t he preamble would
> be ridiculed.  I have the same view about software code which I consider to
> be part of the rules that govern our lives, and while I don't ridicule
> people for feeling proprietary about their contributions as that is not yet
> the common culture, it is not something that I personally respect.
>
> I am grateful for when I'm in the company of fellow long-time FLOSS
> advocates who feel the same way, and who don't need to have explained why
> the personal desires/politics/etc of an individual software author should
> not be a consideration once software has been released and is used publicly.
>
>
> _______________________________________________
> License-discuss mailing list
> License-discuss at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20200301/d89e6419/attachment.html>


More information about the License-discuss mailing list