On 7/25/17 5:14 PM, Shawn Wells wrote:
On 7/22/17 2:46 AM, Philippe Thierry wrote:
> Le 22/07/2017 à 05:48, Shawn Wells a écrit :
>
>> Personally I've no idea how to handle this, so I asked members of Red
>> Hat's legal team for help.
>>
>> Also sent a note requesting feedback from other Red Hat members who
>> work on international FOSS projects on how they've handled this. Will
>> report back.
>>
> Ok. Thank you for that !
Turns out Red Hat has an open source legal affairs team, chartered
with helping projects tackle issues like this. Have connected with
them -- but nothing to report back yet.
Comments from that team:
Shawn, there are a lot of potential approaches here, but one I'd
recommend is what DoD
code.mil is doing. See:
https://github.com/deptofdefense/code.mil
The idea is basically this: A project will generally start out with public domain code in
the US (to the extent it has been created by federal civil servants). But the project will
designate a true open source license at the outset, such as GPLv3 or the Apache License
2.0 or what have you, and the project will use the Developer Certificate of Origin with
the understanding that non-civil-servant contributors are agreeing to license in their
contributions under the designated open source license. Over time the project becomes a
mix of (a) federal civil servant code that is public domain in the US, (b) federal civil
servant code that is under the designated project license outside the US, and (c) code
from other contributors that is under the designated project license.
As further explanation, note that the statement that US government employees "cannot
hold intellectual property" is not correct. What is true is that in the US Copyright
Act, works by federal civil servants in the scope of employment are outside the scope of
copyright - i.e., public domain. However, it is generally agreed that this has no
applicability to works published outside the US. Software today is generally published
simultaneously in multiple jurisdictions (for example, the SCAP Security Guide, by being
published on GitHub, is published internationally in multiple countries).
I have a contact who is a lawyer for the
code.mil people who may be able to help if there
is interest in this approach.
Still reading/learning about the
code.mil process, but it looks like
it'll really help contributions from the non-US community. This gives US
Gov employees/contractors what they need for Public Domain protections,
and non-US Gov people can follow an agreed license like MIT/GPL etc.
Added bonus: This might also be a way to solve a long-standing gripe
about certain vendors using the SSG content without attribution.
Philippe: Can you review the
code.mil process?
https://github.com/deptofdefense/code.mil
IIRC:
1) We add
https://github.com/deptofdefense/code.mil/blob/master/Proposal/INTENT.md
2) CONTRIBUTING gets updated to look like this:
https://github.com/deptofdefense/code.mil/blob/master/Proposal/CONTRIBUTI...
3) CONTRIBUTORS.md gets updated to look like this:
https://github.com/deptofdefense/code.mil/blob/master/Proposal/CONTRIBUTO...
3) We pick a new license that best serves the community