[wp-hackers] On Submitting Code

Tue Aug 31 12:55:43 UTC 2010

On Wed, Sep 1, 2010 at 12:17 AM, Jeremy Visser <jeremy at visser.name> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Hakre,
>
> hakre said:
> > Wordpress lacks a clear policy for submitting code[1].
> >
> > I got reminded yesterday on that one by one of the free software
> > guys.
>
> What would that achieve? In your blog post you wrote:
>
> > WordPress does not have such a policy right now [...] This is a
> > serious issue.
>
> > That’s really a big problem, because after code has made it in, it’s
> > very hard to find out for every contribution if the needed rights
> > were given or not. Just think a moment about that.
>
> You say that like it’s a bad thing. On the contrary, it is a good thing,
> and ensures that WordPress is and will always remain true to the spirit
> of free libre open source software.
>

I respectfully disagree. A code submission policy would ensure that everyone
understands that the code they submit is licensed under the GNU/GPL.
Assuming they know is no defense if problems arise later.
Such a policy is also invaluable for protecting WordPress. At the moment
there is no defense if code is submitted (and used) where the submitter had
no rights to the code.

People here may not know or remember the legal battle (and huge amount of
controversy played out on the Net) that arose when the Mambo CMS was accused
of using "stolen code" back in 2004. (
http://www.linuxtoday.com/developer/2004093001526NWLL) The code in question
was committed by a Mambo developer who had previously developed similar code
while working under contract to customise Mambo for a company. The company
claimed that his code was theirs and claimed the code that was distributed
in Mambo under the GPL was "code theft" and an infringment of their
copyright.

Resolving this issue was very costly for Mambo, both in time and money, and
made a lot of people wary about using it. If a code submission policy had
been in place at that time the responsibility would have fallen on the
developer involved, and not on the project. There is simply no way an open
source project like WordPress can know if developers are submitting code
they have the rights to, or whether the code is derived from something that
has an incompatible license.

A code submission policy can't stop unoriginal code from being submitted,
but it can provide a defense if anything blows up.

>   Maybe you weren’t suggesting a copyright assignment be included in a
> code submission policy. But if you’re not going to include that in the
> policy, there’s not much else to put in there that’s not already in
>  LICENSE.txt.

Copyright assignment can be as simple as sharing copyright. Sun Microsystems
used this approach (in the old days, before takeover) and it worked very
well. Developers do not have to give up copyright but can simply assign
rights to the project, thereby ensuring WordPress always stays licensed
under the GNU/GPL.

Including a link to LICENSE.txt does not confer anything. Especially since
WordPress is licensed under the GNU/GPL with no version number attached and
can therefore be redistributed under any GNU/GPL version. If someone uses a
defense that xyz is permitted under GPL v.3 or even GPL version 1, then it
would be hard to argue that they are wrong.

Implementing a code submission policy now does not mean previous submitters
must be contacted, or even agree to it. They would need to agree if there
was to be any licensing change, but a submission policy cannot be
retrospective. Should any issues arise from code that was submitted in the
past lawyers would have to look at how long the code had been in WordPress
and whether unchallenged pre-existing use that was publicly available and
seen by millions could raise grounds for a challenge. IANAL, but feel the
likelihood of challenges to historic code is highly unlikely.

However, we live in an increasingly litigious world, with software patents
and copyright infringement challenges arising every day. To make sure
everyone is on the same page, understands what submitting code under the GPL
means, and to protect WordPress, I believe a code submission policy is
necessary.

Regards,
Lynne