Much of the FUD that SCO's been throwing around recently comes down to: "how
can Linus prove that he is legally entitled to use all the patches that have
been contributed to Linux"? What if someone were to ask you the same question
about your CPAN modules? Well this week, it happened to me.
I got an email from IBM that began:
We are very interested in using your open source package, XML-Simple, as
part of an IBM software solution. Can you help us understand who actually
wrote the original XML-Simple code and whether any contributions were
The list of questions that followed included:
- Could you indicate how it is that you have all the rights to
distribute the code under the Perl 5 Artistic license?
- Do you have a process of checking that contributors have the rights to
contribute their contributions and that they provide those same rights to
- If contributors are employed, how do you confirm that their employer has
permitted the contribution?
- Who did you work for when you wrote the code?
- Did your employer disclaim any right to the code or otherwise approve of
- Is any of this stuff recorded?
Don't get me wrong, I can understand IBM's caution and I certainly don't mind
being asked. As I see it, the 'worst case' scenario is that if they don't like
the answers I provided then they simply won't use the code.
I'm interested to know what type of measures folks around here take to
address IP ownership issues when they accept or provide patches. I've
contributed patches to a number of CPAN modules and some other open source
projects and no one has ever asked me for a declaration on IP ownership or a
disclaimer from my employer. I guess the underlying assumptions are that you
wouldn't contribute code if you didn't have the right to do it and if you
weren't happy about it being distributed under the licensing terms of the main
package. But then we all know what they say about assumptions...