GitHub needs to take open source seriously

The legal details of copyright licensing are complex and off-putting -- but that doesn't mean they should be ignored

1 2 3 Page 2
Page 2 of 3

This is exactly the problem open source was invented to solve. Open source licenses provide a copyright that gives everyone the freedom to make copies so that they can use, study, improve, and share it without asking permission. When code is licensed under open source, the situation for those collaborating with you over your source code is as simple as it can possibly be. You don't have to be familiar with open source licenses; you can just rest assured that, if there's an OSI-approved license applied to the code, you may legally and freely use and improve the code for any purpose.

Risky business
Who is at risk? People who fork projects on GitHub believing that gives them the right to use the code -- it doesn't. People who accept pull requests believing that gives them the right to use the code -- it probably doesn't. In both cases, a user with little care for or understanding of copyright licensing may well believe that sharing is fine, then discover down the road they've been violating someone's "all rights reserved" copyright.

Doll pointed out some default language in the terms of service: "People put code on GitHub in public repositories because they want to share them with the world. That is what GitHub is for, collaboration around software projects. The expectation, then, further clarified by our terms of service, is that by placing code on GitHub they are allowing anyone to view and fork those repositories."

However, since GitHub has not elaborated or defined those terms "view" and "fork," its users can have no certainty about their use of the code. Can they use it to start a business? Can they publish it in a book? Can they give training courses based upon it? The questions are endless, and the language used doesn't give any answers strong enough to rely on without expensive case-by-case legal advice. It creates a severe imbalance empowering the initial project copyright owner at the expense of collaborators.

The terms also appear to make no mention of the status of pull requests. Once again, the absence of either an open source license around each pull transaction or of any form of certification of ownership and originality means there's massive uncertainty that one day will "blow someone's leg off."

All the time everyone is friendly, things appear to be good. But then one day something will go badly wrong. When Oracle sued SAP for copyright infringement based on materials that had been assumed to be reasonably shared between two other companies, PeopleSoft and TomorrowNow, the cause was exactly this sort of ill-defined sharing between friends, which -- when shifted by acquisitions into conflict between competitors -- cost SAP an enormous financial and market penalty.

By "hiding" copyright licensing issues and delivering capabilities in ways that make people believe a concern for licensing is outdated, GitHub has encouraged platform growth by appealing to younger developers' "licensing is for losers" sensibilities, at the expense of the long-term consequences those users face from potential copyright infringement.

1 2 3 Page 2
Page 2 of 3
InfoWorld Technology of the Year Awards 2023. Now open for entries!