Return to Level1Techs.com

Hi guys , I m doubt about whether my project canbe opensource or not


#1

Hi
my company want to make project opensource in the future but not now.
its based on linux & python.
I think maybe I can directory upload to github.
someone maybe copy my project,but my repo was the oldest one,and our forum will be online soon.

I m new to publish an opensource project.Is there any useful advice?

#2

If your company is involved, then until they say you can open source it (and get that in writing!), you can’t put it on github.

If you are developing this on company time (or maybe even in your own time whilst employed if you are on salary) then it is possibly owned by the company. Check your employment contract.

So whatever you do, unless they explicitly say “it is now open source” DO NOT put it on github.

Once it is out there, it is impossible to undo that.


#3

my company decided that it will be opensource in the future.but,they were not PRO,they let me to decide when to make it opensource,to a certian extent.


#4

As far as the process of publishing, I typically just create a github organization for it (probably your company name) and upload the git repo there.

It’s pretty simple, but making a readme file, choosing a license and all that are a bit more complicated.

Have a look here, so you can understand the difference between popular open source license:


#5

then why are you asking here?

read your employment contract…legally there is no “to a certain extent”; you either own the code you write or the company paying you does. whoever owns it makes the call.


#6

I think he means the company put him in charge of making the code open source, implying they’ve authorized him to, or they will authorize him to do so.


#7

either they have authorised him, or they haven’t
if they have it is up to him and no need to really ask here?

if they have not… he needs permission…

first post includes the words “not now”…


#8

It’s true. Don’t risk it. I have seen good devs get escorted out of the building because of putting code online.


#9

If you only get fired, that would be a less bad outcome than getting sued into oblivion - if you release code without the full and proper authority.


#10

Ooops,I didnt express the situation clearly

I m the leader of the project.
the project will be open source at a proper time.maybe few weeks,maybe few months,maybe long. my company agreed to it very much.but they were not pro ,they let me to decide when to publish it.

So I need to know the risk of making it open source


#11

yes, I m in charge of the project.
if I decide it to be opensource ,I will also have a meeting with my company before publishing.


#12

Since the power of it being open source or not is in your hands then you need to go through everything in the project and make sure you fullfil the requirements of their licenses.

Some things might require you to get permission before you use it in a open source project, others might require that every part of your project be open source, etc. If you dont do this step then your exposing yourself and your employer to potential legal action.


#13

Ok, if you’re authorised to release the code you write then your risks (as I see it) will include:

  • any and all security vulnerabilities in your code will be exposed to the world. you may get patches to fix them, you may not - depending on how many other people find your code useful. if it is very niche but does an important job there may be more people interested in breaking into it than fixing it
  • if you have either deliberately or accidentally included code from third parties that is not open sourced (or possibly even “open source” but not license compatible - e.g., you release as BSD but contain GPL code, accidentally forget to include a license, etc.) there may be legal issues.
  • depending on what industry you are in, you may be giving up a competitive advantage on the business side. you are essentially maybe doing R&D for your competitors. whilst your company is paying for your time, they are getting the results for free

If someone was to take your code and use it without giving you anything back, will you be OK with that?

Whilst open source can mean that you get feedback, bug-fixes, etc. back there is no guarantee of it. If this an acceptable thing to you/the business then go for it.

edit:
I’m not trying to be too “negative nancy” on this, but be careful. Open source is a great thing, but in some cases what you’re giving up may be a lot more than you can expect to get back. And once you’ve set it free, you can’t undo that decision. Good luck!

If this was a personal project i’d just suggest to go for it. But when business is involved so is money and some people will want to take that money off you or your company…


#14

I’d suggest spending the time to read the common opensource licenses and their CLAs if you haven’t already picked one, and think about what happens after the initial code is published, maybe prepare some internal documentation guides for how you’re expected to continue working on it after that.

Do you happen to have legal council at your company who deal with this? Does your company have prior experience doing this sort of thing.

In general, at large companies that have plenty of lawyers taking care of patents and copyrights and intellectual property, there is usually a clause put in the employment contract when employees are hired that stipulates that the company owns everything you develop 24/7, using whatever resources. Whether or not this is enforceable in practice in all jurisdictions and to what extent remains to be seen, what it does in practice is ensure that the company has “first dibs” on anything you develop, because any sane individual would like to avoid litigation in this case.

In these cases, there’s two ways to opensource code as an individual, one is for the company to do intellectual property reassignment into the employee. This means that the company hands over the ownership of the project to the individual code, patents and the lot, and from there on it has nothing to do with it. You’re free to attach a license and publish, what happens with the project afterwards is up to you.

This also usually serves to insulate the company by helping to limit their liability somewhat for employees hobby projects.

The other way is to assign a copyright license to the code and publish it. In which case company still owns all the IP, or it owns parts and has been previously licensed to publish the remainder.

In either case there needs to be a document trail leading up to someone who has power of attorney to act on behalf of the company in these matters.

If there’s not, an argument can be made that the employee is acting as an agent of the company at the time, but opposite argument can be made too, making the employee liable (to repeat, any sane person would avoid dealing with lawyers as much as possible).

After publishing the code - what do you do with third party contributions, and how do you handle continued development. You can move all development in the open, or you can periodically republish from internal repos. Typically, when you get pull requests from third parties, you’d ask the committers to sign CLAs, contributor license agreements, where they assign the copyright containing the lines of code to the company and provide patent licenses to any user of the code (common with Apache), or they license anyone to transitively use it under license conditions patents be damned (common with GPL), or they reassign the IP to the company (random CLAs out there).

If you have any unclean development practices of copy pasting code from different projects under various licenses (e.g. from stack overflow); that would now be done in the open, and the company would assume the responsibility for it.

Read the licenses, think about the future.


#15

good advice,so which license can I read about

My project based on linux (LFS 7.10 chapter 1~9)

all compiled at local machine.

contains libvirt,qemu,udev,acpid,sensors,brctl.

some python code(no other modules),shell.


#16

Youll need to verify every package that youve used. Their repos are probably the best starting point


#17

As per above, i’d also talk to the company lawyer/legal counsel and ensure that any agreements are declared in writing with supporting documentation. Otherwise as above, you or the company may be liable for legal proceedings if something should go awry…


#18

https://www.gnu.org/licenses/