GitHub needs to take open source seriously

The legal details of copyright licensing are complex and off-putting -- but that doesn't mean they should be ignored

Some of the would-be cool kids of software say we are in the "post open source" world. Several weeks ago, James Governor, founder of analyst firm RedMonk, put it this way on Twitter: "younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github."

But as Outercurve Foundation's CTO Stephen Walli replied, "promiscuous sharing w/out a license leads to software transmitted diseases." Since then, I have heard more and more people mention this trend of regarding the copyright and collaboration terms of a project as irrelevant bureaucracy. Appealing as it may be to treat the wisdom of the years as pointless, doing so creates a problem for the future.

[ GitHub CEO: We're helping software eat the world | Track the latest trends in open source with InfoWorld's Technology: Open Source newsletter. ]

I've seen this devil-may-care attitude crop up in many contexts, but one of the most important places it has manifested itself has been the popular source-code hosting site GitHub, which offers version control and project hosting using the Git version control system pioneered by Linus Torvalds for the Linux kernel. While GitHub is a commercial system, it offers unlimited free-of-charge usage for public projects. But what are the legal terms under which those public projects are made available?

Whose code is it, anyway?
A casual survey of the projects on GitHub by a specialized analyst revealed that as many as half include no easily identifiable copyright licensing information. About 30 percent include some sort of licensing information in the source files, and around 20 percent have a clear license or notice file that makes it obvious under what terms the code is made available.

You don't have to include a copyright statement for your creative work to be under copyright. In any country that's a signatory to the Berne Convention, copyright -- or stronger -- is the default as soon as something is created. If you completely ignore the subject, all your work is copyrighted to you (or to your employer in many cases), and anyone who copies it to use or improve it is in breach of your copyright.

What are the terms under which the code in all those GitHub projects is made available? A precise answer depends on your jurisdiction and would require a lawyer's advice, but it's likely that the answer for most people is "all rights reserved" -- in other words, you have no rights to use the code. GitHub does not include any useful default licensing terms in its terms of service; the most likely scenario is that any use of the copyrighted material in one of those no-license projects is formally a breach of copyright. Under copyright law, code without a license cannot be legally shared, as the default for copyrighted materials is that all rights are reserved.

Brian Doll, GitHub's VP of Marketing, confirmed this arrangement is intentional:

Code without an explicit license is protected by copyright and is by default All Rights Reserved. The person or people who wrote the code are protected as such. Any time you're using software you didn't write, licensing should be considered and abided.

Ironically, this situation exists because the founders of GitHub want to ease code sharing. They were worried that selecting a license for a new project was so difficult that requiring new project initiators would be a barrier to the adoption of GitHub. But completely ignoring the issue is just as bad, because it exposes every participant in an unlicensed GitHub project to the risk that subsequently, license terms will be imposed that they don't like and would not have accepted at the inception of the project. Worse, it introduces the risk that using the code in the project could result in litigation for copyright infringement in the future.

1 2 3 Page 1
Page 1 of 3