It’s alarming because, in my experience, anything you write for an employer is intellectual property of the company. Unless he wrote that Box demo all on his own time and his own equipment completely outside of work, or Box has some abnormal contract with their employees, he can’t just slap an MIT license onto it and call it open source.
I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.
Worse than that, many companies have clauses that indicate that any software you write (regardless of whether for the company or not), belongs to them. I don’t know if this would hold up in court, but it’s there in the contract.
It’s pretty hard not to overlap with big tech companies. Everything has been touched internally.
My understanding is the same though. Unfortunately whether a clause is legal or not may matter little - you’ll run out of cash for legal bills before they do. The best defense is probably just that most companies don’t care about your side projects.
Yes, but if we speculate as to the invalidity of the explicitly published license, we basically can't use any foss code on GitHub.
Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Did Uber or Box explicitly agree to release it under an foss license? Is it the author's personal individual copyright made on personal hardware outside of work location/time? Does it predate their employment? Nothing in the article linked indicates clearly that it was written for an employer.
If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.
It's easiest and sanest to assume that people are not lying.
> Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Yep, that's the reasonable default position.
If however, the author of the code wrote a length article about how they'd developed this code while working for a company (not in their spare time), and you happen to read the article in question... then for that specific repo you might look at it differently.
The article in question doesn't clarify things regarding the Box derived code, nor whether they sought and received permission from Uber prior to publishing. Absent both of those, I'd personally not use code from this repo.
That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)
"It's easiest and safest to assume that property is not stolen" is a parallel construction of your argument.
You can assume whatever you want but the cops may not be very impressed.
There are a lot of polite fictions in law, and this is one of them. If you had no reasonable way of knowing that a license was invalid (or property was stolen), the judge is probably going to be sympathetic, but the property will still get returned to its proper owner.
If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.
I'm not talking about this code in particular - I am talking about all code presumably written by individuals and posted on GitHub with a LICENSE file saying it's free software.
It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
This case is no different.
Nothing in the author's linked story suggests this code is not MIT licensed as the repo claims. It is unreasonable to assume that the license file in the repo is false; nothing available to us supports this assumption.
I think it's reasonable to assume that it belongs wholy to Uber and that he was acting illegally to publish it on github. He even showed us the sofa in the Uber office where he wrote it. He told us his manager asked him to write the code and seemingly had no idea that he'd written a database engine. He told us that they were paranoid of industrial espionage at the time. There seems to be zero reason to suspect that Uber carved out a specific exception to the usual employment contract enabling him to work on and release this code as FOSS while at the company.
Yeah, you want to get rid of uncertainty, but it's here to stay. The whole legal system is not brought to its knees over the fact that no code on GitHub (gasp) is automatically guaranteed to be safe against copyright infringement.
> It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
Yes, absolutely: presumption, not certainty. (Nitpicking the phrasing: presumption that the copyright is not a lie, the issue does not even venture into licensing.)
You seem to be using an absence of evidence as evidence of absence.
There's nothing to explicitly suggest that either is the rightsholder; that is another assumption, which is directly counter to the fact that the person who wrote the code posted it alongside an MIT license.
I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.