|
in reply to Re^10: Why non-core CPAN modules can't be used in large corporate environments.
in thread Why non-core CPAN modules can't be used in large corporate environments.
OK, I can agree with almost everything in this post. I am sorry I alleged that you were not aware of some of the details I posted, I know you're a CPAN author and was a bit surprised, but I apparently misunderstood your post, so I apologize.
Just a nit ;-):
..issue becomes fuzzy at this point
Yes, but it only becomes fuzzy in the other direction. If I find a CPAN module without a license file I cannot assume that I am (legally or ethically) correct to assume more rights than a standard CPAN license would give me, I can only assume that I have been given the same or less rights by the author.
I agree with everything you say about practical enforceability and also about the desirability of lawyer involvement. But (going back to why I posted my question in the first place) Moron was advocating as good the practice of taking parts of CPAN modules and integrating them into his company's codebase. That is neither ethically nor legally correct IMO (regardless of enforceability) unless he has the permission of the author or is following the license (which in this case is an implicit one). If he doesn't fulfil these requirements he also exposes the original author to the legal risk I described in my last post. Which is why I asked whether he'd taken care of this side of things. Because it's still important to do the right thing, regardless of whether you will be caught/punished.
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
|
Re^12: Why non-core CPAN modules can't be used in large corporate environments.
by stvn (Monsignor) on Dec 07, 2005 at 03:00 UTC
|
... but I apparently misunderstood your post, so I apologize
No, it was more that I wasn't clear than anything else. It was my fault.
Moron was advocating as good the practice of taking parts of CPAN modules and integrating them into his company's codebase.
I do agree with your overall point that people need to be careful about how they approach such things. However, as BrowserUK pointed out, where do we draw the line.
What is the difference between installing a module on a server, and copy/paste-ing that same code into a single script file? Assuming I have retained the original authors copyright, I (as a non-lawyer) see very little difference in either practice. I would suspect both practices could be construed as "integrating into the companies code base" by a OSS/tech ignorant lawyer.
What if I patch a module, and the author is not interested in integrating the patch? My natural inclination would be put the patched version into subversion and treat it like any other part of that codebase (keeping correct copyrights in place of course). This practice is part of why OSS is so useful, but from what you are saying it could place me, my company and the original developer at legal risk. That sucks.
Anyway, all this legal mumbo-jumbo is giving me a headache. In the end I think we both agree that its a difficult and slippery topic off which many lawyers will certainly get rich. I think Moron was probably well within the boundries of "acceptable usage", assuming he left copyrights (implied or otherwise) in place, ... er rather,.. i really really really hope he is for the sake of OSS.
| [reply] |
|
|
There is no difference between installing a module and copypasting the code into your own module. As long as the module license permits that (i.e. is one of the two commonly used licenses on CPAN) and you retain the copyright notice things are fine either way. I was not arguing that. I am talking about taking the code without attribution and integrating it into your codebase as if it were your own. That entails legal risks for both you and the original author.
Same thing goes for modifying the code, if the module license permits that (the GPL and the PAL do) everything's fine. If you redistribute your modifications you need to make the code freely available, but that's a bit of a non-issue anyway with Perl (though it's one reason why trying to obfuscate your Perl code when selling it is a hare-brained idea).
The whole point of my argument is that people should not try to "sneak" code from CPAN into their codebase. If you want to use code from CPAN do so, that's what it's there for and the legality is clearly (enough IMO) defined. If you want to create a derivative work do so, just stick to the licenses conditions on what you need to do in that case (i.e. retain the copyright attribution). Don't copy it in and assume you're doing the right or clever thing. And I wasn't saying Moron did that, I was asking.
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
| [reply] |
Re^12: Why non-core CPAN modules can't be used in large corporate environments.
by itub (Priest) on Dec 07, 2005 at 14:46 UTC
|
About integrating code into a company codebase: from what I gather from my reading of FSF documents, you can do absolutely whatever you want with the code (that's what they call "freedom zero" and "freedom one"), as long as you don't redistribute it. If you redistribute it, then you have some constraints which are specified in the license (some licenses require attribution, some licenses require you to give the same freedoms to the recipient, etc.) | [reply] |
|
|
I assume you're referring to the GPL here, and you're wrong. Read section 1 and 2 of the GPL, you may use and modify any code however you see fit, provided you keep the license intact, make changes clearly visible and retain the copyright notice. Taking bits of GPL software into your codebase is such a modification. This does not mean your codebase suddenly becomes or needs to become GPL'ed itself, only the parts of the program that were originally under the GPL stay under the GPL. If you distribute your derivative work (i.e. the codebase into which you've integrated the GPL'ed code, or parts thereof, depending on the integration * ) it does need to be licensed under the GPL, but you are right, this does not need to happen if you use the work internally only.
As an aside, the situation is a bit interesting for independent contractors who write code for other companies and uses GPL'ed software as the base, because this does constitute a distribution of derivative work and as such their work needs to be released under the GPL.
* Update: I should probably clarify this before someone jumps on me. If you decide to use a GPL Perl module in your proprietary content management system and want to distribute said CMS, this does not mean you need to license the whole CMS under the GPL, unless the CMS can only work with the GPLed software and not with an alternative module (i.e. the module is at the heart of the CMS functionality and essential to it). However, if you take a piece of a GPL module and put that into your own module you are more than likely creating a derivative work, and as such your module needs to be licensed under the GPL. Feel free to correct me on this if you feel I have misunderstood the GPL, but this is how I believe it pertains to Perl modules/programs.
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan
| [reply] |
|
|
But if you don't distribute the software, it's all theoretical. If I modify John Doe's module to use it to run my website, for example, and I never distribute the modified version, who cares if I posted the list of modifications and copyright notice in the source files (that only I ever see)? That's a formality that only becomes meaningful when you publish the modified version. Otherwise it's just paperwork for the sake of paperwork.
| [reply] |
|
|
|
|
|
|
|
