undefined | Better HN

0 pointssneak2y ago0 comments

The code is MIT licensed. Anyone is legally allowed to upload MIT licensed code to GitHub, it's free software and may be freely redistributed.

0 comments

treesknees2y ago

It’s alarming because, in my experience, anything you write for an employer is intellectual property of the company. Unless he wrote that Box demo all on his own time and his own equipment completely outside of work, or Box has some abnormal contract with their employees, he can’t just slap an MIT license onto it and call it open source.

I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.

lll-o-lll2y ago

Worse than that, many companies have clauses that indicate that any software you write (regardless of whether for the company or not), belongs to them. I don’t know if this would hold up in court, but it’s there in the contract.

fiddlerwoaroof2y ago

In California, at least, this is illegal unless the code competes with the company's products.

2 more replies

oddmiral2y ago

All your codebase are belong to us.

sneakOP2y ago

Yes, but if we speculate as to the invalidity of the explicitly published license, we basically can't use any foss code on GitHub.

Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.

Did Uber or Box explicitly agree to release it under an foss license? Is it the author's personal individual copyright made on personal hardware outside of work location/time? Does it predate their employment? Nothing in the article linked indicates clearly that it was written for an employer.

If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.

It's easiest and sanest to assume that people are not lying.

justinclift2y ago

> Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.

Yep, that's the reasonable default position.

If however, the author of the code wrote a length article about how they'd developed this code while working for a company (not in their spare time), and you happen to read the article in question... then for that specific repo you might look at it differently.

The article in question doesn't clarify things regarding the Box derived code, nor whether they sought and received permission from Uber prior to publishing. Absent both of those, I'd personally not use code from this repo.

That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)

nwiswell2y ago

"It's easiest and safest to assume that property is not stolen" is a parallel construction of your argument.

You can assume whatever you want but the cops may not be very impressed.

There are a lot of polite fictions in law, and this is one of them. If you had no reasonable way of knowing that a license was invalid (or property was stolen), the judge is probably going to be sympathetic, but the property will still get returned to its proper owner.

If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.

1 more reply

4m1rk2y ago

Isn't the person owning the repo responsible? We rely on them and partly on Github (as they would remove the code if they receive a legal complaint).

dclowd99012y ago

Not when he wrote it for and showed it to box. Doesn’t matter how he “licensed” it. They would have had good legal standing to come after him. I can’t believe he wrote that on his blog. He should honestly take it down.

xmcqdpt22y ago

Yes, that would look awful in a court case IMO,

> I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day.

emphasis mine

camkego2y ago

You can be 99.999% sure unless the engineer went through a long painstaking process to get Box or Uber to open-source and then re-license the code to MIT, it was fully owned under traditional copyright by Box when it was originally authored. Actually, it gets fairly complicated, because he created a derivate work at Uber with with what is likely Box's IP.

dima552y ago

Sorta. He has a license (MIT), but no copyright statement. The license is an agreement between the copyright holder and the user. Normally he would have gotten the sign-off from his employer to release this, and this thing would be Copyright: Box, License: MIT. But there's no explicit copyright holder stated, which makes me think that he just uploaded and "licensed" code that he doesn't own.

PeterisP2y ago

The code is MIT licensed if and only if the copyright holder - not the author of the story but respectively Box or Uber - explicitly made it MIT licensed. Without a legally binding commitment from these companies, a "license.txt" at the repository can't make it MIT licensed, all it means that the author is lying about its license. He doesn't own the code (despite writing it) so his "permission" is worse than worthless (by being dangerously misleading) without an explicit blessing by the company - even an implicit "we probably don't care" doesn't cut it.

acjohnson552y ago

It's probably not legally his code to license, if his employment agreement is like the vast majority of engineers'.

speedgoose2y ago

He could be authorised to open source the company code he wrote. Though, I wouldn’t bet it’s the case there. But Uber has a lot of Open-source projects so they are perhaps allowing engineers to decide themselves.

choppaface2y ago

It's MIT licensed now. It probably wasn't originally, and/or he may not have had the authority to choose the license while at Box / Uber.

camkego2y ago

You can't just re-license intellectual property that someone owns the rights to. EVEN if you authored originally. It's likely Box and Uber own rights to different parts of the IP, under both employment law, and his employment contract.

j / k navigate · click thread line to collapse

0 comments

treesknees2y ago

lll-o-lll2y ago

fiddlerwoaroof2y ago

In California, at least, this is illegal unless the code competes with the company's products.

2 more replies

oddmiral2y ago

All your codebase are belong to us.

sneakOP2y ago

Yes, but if we speculate as to the invalidity of the explicitly published license, we basically can't use any foss code on GitHub.

Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.

If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.

It's easiest and sanest to assume that people are not lying.

justinclift2y ago

> Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.

Yep, that's the reasonable default position.

That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)

nwiswell2y ago

"It's easiest and safest to assume that property is not stolen" is a parallel construction of your argument.

You can assume whatever you want but the cops may not be very impressed.

If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.

1 more reply

4m1rk2y ago

Isn't the person owning the repo responsible? We rely on them and partly on Github (as they would remove the code if they receive a legal complaint).

dclowd99012y ago

xmcqdpt22y ago

Yes, that would look awful in a court case IMO,

emphasis mine

camkego2y ago

dima552y ago

PeterisP2y ago

acjohnson552y ago

It's probably not legally his code to license, if his employment agreement is like the vast majority of engineers'.

speedgoose2y ago

choppaface2y ago

It's MIT licensed now. It probably wasn't originally, and/or he may not have had the authority to choose the license while at Box / Uber.

camkego2y ago

j / k navigate · click thread line to collapse