tags:

views:

207

answers:

6
+6  Q: 

Making bug fixes to open source software when working for your employer

Many of us use open source software to make our jobs easier. Sometimes, we may come across a tweak or small fix to the open source project, and we would like to contribute that back to the project itself.

The problem is that software that you develop on company time often belongs to the company itself. Does your company allow you to provide fixes to open source software? Are there potential copyright issues involved, since the code you're contributing might officially be code that the company owns? Do you have any explicit legal or contractual statements in place to support this?

I'm not asking if your company allows you to devote long periods of time to contributing to open source software - I assume that's rare. But in the normal course of your job, if you see and fix a bug in, say, some Apache project, can you push that fix back to the project without incurring any liability on yourself, your company, or the open-source project?

+4  A: 

Be Careful.

Depending on the company, the size of the fix, and the license involved, you could either:

  • Not register as a blip on the radar
  • open your company up to risk (depending on the viral nature of the open-source license)

Disclaimer: I am not a Lawyer (IANAL), but your best bet would be to ask Human Resources/CTO of the company you work for. Or even better, consult a lawyer.

My company's policy is that any work I do on company time or company equipment belongs to the company. If I happen to find a bug in another application, and I want to fix it, then I'd better do it on my own time.

See also:

George Stocker  2009-02-10 16:12:37
One thing to note (Not a big enough note to submit my own answer) is that in this case, the company has already approved the using of Open Source software, and so it makes sense that they would approve the submission of a bug-fix, since it is in their best interest that the OS project be stable.
 2009-02-10 20:04:52
And since this coder would've had to fix it on company time regardless (to fix the Company project that relies on the broken OS component)
 2009-02-10 20:05:23
@Devinb: What is common sense to you and I is not common sense to business creatures. Better safe than unemployed.
George Stocker  2009-02-10 20:07:43
+2  A: 

I'm a contractor/consultant so the situation is slightly different for me, but the few times when I've made bugfixes to OSS code that was used by a client, I normally obtained the client's permission to submit the fixes. So far, it was granted every time I asked. However, I would not submit any fixes back without my client's express consent (usually in writing) as that's a can of worms that I would like to see remain firmly shut.

For the stuff I work on in my own time or my own company's time, I tend to submit the odd fix if the maintainer is interested.

Timo Geusch  2009-02-10 16:17:03
does that "OSS code that was used by a client" predates your work for that client? if so, i don't see why you have to ask. never hurts, of course, but i don't see the point.
Javier  2009-02-10 17:07:16
In my opinion, if the client pays for my time to fix an issue in some OSS code that they're using then it's still up to them to decide if it is OK to contribute this back or not - saves hassle and discussions in the longer run.
Timo Geusch  2009-02-10 17:38:34
ah, of course. i didn't get that the fix itself was the paid work.
Javier  2009-02-11 18:47:17
A: 

I have seen contracts that state than any software written whilst you're employed by the company belongs to them. Therefore, even in your own time it can be an issue.

I wouldn't consider the company to blame. They're just covering their backs. They don't want anything to come back to them if there is a problem. They also don't want you doing work that they could be making money from. Business is business.

Always try and look at the situation from all levels of the business and what effect it could have. What would the Lawyers say, what would the CEO say, what would the Receptionist say, what would your Manager say? Ask around if you're not certain and then decide what to do.

From my own perspective, do it on your own time keeping the company completely out of it.

Robin Day  2009-02-10 16:24:19
A: 

Always ask. If they say "no", tell them how much it will cost to do something they want without the open source software (since you won't use it unless you can submit the patch). Most people understand that it's fair to give something back when they have a benefit, too.

I had this issue with several companies. I usually got the OK, even though some would ask me to copy the fix on a floppy or send it home via mail and submit it from home. This is usually due to liability worries.

While that might look ridiculous, there are attack schemes: Say your company provides a patch for Apache. Some competitor sees this, downloads apache and configures it to break something. After that, they will sue your company "because they wrote the Apache software which you can use to kill innocent kittens". It will cost millions of dollars just to prove that this claim is in fact a joke (mostly because judges don't understand what it means "to write software").

Aaron Digulla  2009-02-10 16:34:44
+2  A: 

Never contribute anything to an Open Source Project during your working hours without explicit approval of your employer!

Even the tiniest bugfix (say, correcting an off-by-one error) opens a world of hurt upon you and the project if your employer decides to sue.

Accept it: Everything you do during the work time is owned by your employer. You cannot simply gift it away, even if it would be beneficial to the company.

Alphager  2009-02-10 16:37:21
I think it's applicable to every post made in SO :)
LicenseQ  2009-02-10 17:20:50
+3  A: 

As others have said, always get permission. For minor bug fixes it is almost always in the company's interests to submit the patch. There is unlikley to be any significant competitive advantage in keeping it to themselves and there will be a lot of inconvenience in maintaining their own branch of the project. Every time you download a new version (to get new features and other bug-fixes) you will have to re-apply your patch. Conversely, if the patch is accepted on the main branch, there's a lot less hassle.

Dan Dyer  2009-02-10 16:39:43

related questions

How to become a better programmer?
Is it ethical/legal to bring your favorite code with you after a job?
What are your weakness points?
How to Crack Google?
Maven or Ant?
How to get prepared for an interview?
What else does one need on top of programming skills to be a good Technical Lead?
Why has XSLT never seen the popularity of many other languages that came out during the internet boom?
Common comment tags
Should my C# .NET team migrate to Windows Presentation Foundation?
The best way to make a new site known?
How to remain employable in the face of constant technological change
Are there benefits to Classic ASP over ASP.net
How to improve problem solving skills?
What programs should I write to truly experience this fancy new language ?
Feasability of GPU as a CPU?
What is the best way to learn recursion?
Do you consider your job evil/neutral/good ?
What "already invented" algorithm did you invent?
Best IDE's for different programming languages
Programmer’s block
Dual vs. Quadcore on a Webserver
SQLite vs MySQL
A little diversion into floating point (im)precision, part 1
Should I learn C?