lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <93d470e7054eb9268179b60bc567e95e@redchan.it>
Date:   Mon, 13 May 2019 05:14:24 +0000
From:   informator@...chan.it
To:     linux-kernel@...r.kernel.org
Subject: [License-discuss] Can a contributor take back open source code ? -
 Yes, if he has not signed over the copyright.

Hello Kevin.
> but there is no path which would force the project to do so.
This is incorrect.

> If the contributions were legitimately provided under an OSI-approved 
> (or similar) license, the license cannot be terminated for convenience.
This is also incorrect. Free non-exclusive licenses can be terminated 
at-will by the copyright owner. A non-exclusive license, in and of 
itself, confers no enforceable rights against the grantor without being 
merged into a contract - regardless of whatever assertions are made in 
the text.

The very quality that makes opensource attractive makes any attempt to 
create a mutually enforceable agreement an artifice - and one that will 
fail.

(And, Yes I am an attorney)


----
> I have a "not easy" question: is it possible for a contributor to 
> remove his contributions (code, translations, ...) from an open source 
> project?

In short: Yes the copyright holder can do just that in most cases we see 
in the wild (where there is no copyright assignment and the licensees 
are free-takers).

It seems to the policy of the FSF, SFLC, etc to claim to you that 
Illusory Promises are enforceable in the US courts, or to claim that 
obeying a preexisting legal duty is valid consideration for a mutually 
enforceable agreement (contract). Obviously you have an inkling to the 
contrary since you are asking this question. Your suspicion is well 
founded, as consideration, contrary to what interested parties may want 
you to believe, is still generally a requirement for a promise to be 
held enforceable, in the US.

-----

Assuming: Contributor has not signed over his copyrights, and the entity 
did not pay consideration to the "contributor":

Yes.

Free Non-exclusive licenses are revocable.

For a promise not to revoke or to revoke only under certain 
circumstances to be binding against the grantor he must have received 
some bargained-for consideration in exchange.

"Nothing" is not valid consideration.

Offering what you are trying to contract for as "consideration" for that 
very contract is not valid consideration.

Obeying a pre-existing legal duty (not violating the copyright holder's 
copyright) is not valid consideration.

You can read a lengthy explanation for the lay person here:
lkml.org/lkml/2019/5/3/698
(and it covers the 9th circuit
Artifex case and 9th circuit Artistic License case which some people
will try to make you think invalidates your proprietary rights)
or here:
lkml.org/lkml/2019/5/4/334


Note: If you would like a nice expansive legal paper to read on this
issue, Sapna Kumar's paper is good:
scholarship.law.duke.edu/faculty_scholarship/1857/
www.amazon.com/Open-Source-Licensing-Software-Intellectual/dp/0131487876
papers.ssrn.com/sol3/papers.cfm?abstract_id=243237


> And, if someone do that, is it possible for the project to continue to 
> maintain the previous version, thanks to the license? (I mean, before 
> the deletion)

No. Once the license is revoked, if the licensee cannot show that it has 
an attached interest (ie: a valid contract), by law the licensee 
no-longer has permission from the copyright owner to 
use/distribute/modify/etc the work of authorship. They may beg the court 
under equity for some accommodation, of course.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ