[oclug] Semi-[OT]: Source code ethical dilemma

[Greg]

Talk to a real lawyer.

The copyright terms you quote give you a clear right to copy, modify, 
translate, etc, limited only by the requirement to include the original 
author's notices.  (Although, term seven directly contradicts term 
four.)  The obfuscation is meaningless, except in USA where it may be a 
criminal offense to tamper with it.  Unless there was an enforceable 
EULA which you haven't told us about.

I think the obfuscation implies dishonesty.  A paranoid would never have 
inserted those liberal terms in the first place.  In my observation, 
courts rule that contracts mean what they say.

However, any competent lawyer will advise you to consider the costs of 
legal action, in addition to the law.

Talk to a real lawyer.


The moral question is more interesting.  We start with the ambiguity of 
the liberal copyright concealed by trivial obfuscation.  Then, it is 
hard to say from here whether you hesitate to ask because you suspect 
the legitimacy of the putative owner or because you distrust his/her 
stability.  (I certainly do not advise you to declare which.. only to 
know which.)

Is this a nice guy/gal? nice abs? sweet disposition? worthy soul? 
benevolent but bent? to whom you wish to be nice in return?

I still believe we should be nice to each other at every opportunity. 
Even nice despite some un-nice results.  To a limited extent.  Not 
regardless of cost.

However, I do not believe that anyone has the right "to own" what they 
do not use.  Never regardless of the detriment to others.  You get 
accolades, some cash, maybe a few free beers.  Then, get off your ass, 
before it gets fat, and go back to work.  This isn't Chacabuco.  It 
isn't quite Eden, either.  We certainly will not allow it to become the 
Narrow Land.

If Chairman Bill were claiming this code (and assuming importance, 
critical mass, etc), there would be already a FOSS project.  Perhaps 
clean-room, perhaps not.  Maybe people thought it was already?

The only consistent moral systems which allow people to be dog in the 
manger also allow anybody who wishes to kill them.

Try to be nice.  If you are rebuffed, I see no moral objection to 
distributing your work, with acknowledgement to previous workers if you 
think them significant.


I grew up in the intellectual commons.  The enclosure laws are a 
backroom form of theft.

On the other hand, I am not so psychotic as to ignore an Abrams tank 
trundling down the street.  Nor am I silly enough to broadcast what I 
intend to do to it.

Greg


Adrian Irving-Beer wrote:
> Someone released a program as a closed-source executable.
> 
> It was and still is highly praised in and recommended by the community
> it serves.  However, it only serves two of the three platforms of the
> (GPLed) program it was designed to support.
> 
> Users of the third platform (a small minority of total users)
> requested a version of the program.  The author agreed, but was having
> trouble providing it, and went AWOL before its release.  In his
> absence, data formats have been slowly changing, and the program has
> been slowly breaking over time.  It remains recommended because the core
> functionality is intact.
> 
> I came across this.  On a hunch, I poked around to see if I could
> extract a copy for personal use, so I could fix the broken stuff. The
> binary contained an interpreter, and the full source code encrypted
> with a symmetric key.  But given the limitations of self-decryption,
> it's really just obfuscation that happens to use a symmetrically-keyed
> algorithm to do it.  I was able to crack that file and acquire the
> source code, verbatim, in full.
> 
> To my surprise, I found a custom license notice at the top of the
> source file.  Essentially, the notice is as follows:
> 
> * A copyright notice.
> * A "no warranty" notice.
> * Freedom to copy and modify the program, as long as the beginning of
>   the source code contains the copyright, credits, and license.
>         * Derivative works must contain the original's copyright,
>           absence of warranty, and revision history.
>         * Executables must show the user the original's copyright and
>           absence of warranty.
> * Freedom to copy and distribute the program, but only under the same
>   license and with no fees.
> * To use parts of the program in other programs (any license, same
>   language or translated to another), contact the original owner.
> 
> Now, I've already made many modifications to the program to bring it
> back up to speed: Fixed some broken features, changed some data
> formats, changed some algorithms, made the memory management more
> efficient, applied different coding and formatting practices to make
> it more maintainable, etc.  (Only a few core parts have remained
> untouched, and it's only a matter of time.)
> 
> I'm now considering whether I can release it back to the community.
> I've already had discussions with the community about how to tune the
> algorithms to better support their most common or desired use cases.
> I'm not there yet, but it's only a matter of time.
> 
> So now it's time to start considering: Can I release it?
> 
> Seemingly, the technical answer is "yes, so long as I follow the terms
> of the license".  And ordinarily, I would do just that and think
> nothing of it.  But the original closed-source state has me wondering.
> 
> So, as I see it, I have three choices:
> 
> 1. Contact the author.
> 
>    This is the most logical approach, but also opens up a whole new
>    can of worms.  What if he says no? Technically, I don't think he
>    can stop me, but it puts me in a hard spot: Do I respect that and
>    rob the community of a useful tool, try to convince him otherwise,
>    or ignore it, effectively admitting that I really only contacted
>    him for his blessing?
> 
>    Also, the author has been AWOL for something like a year now.
>    Consequently, this option may simply be impossible.
> 
> 2. Release a binary-only version.
> 
>    By using the same program to obfuscate the source as he did, I
>    would be complying with the license, supplying users with a useful
>    program updated to the latest data formats, supported by an active
>    maintainer, and still not releasing the modified source code to
>    anyone not capable of acquring the original as I did.
> 
>    On the down side, I would almost certainly not be able to offer
>    support for the third platform.  I could probably offer the second
>    platform, but it would be tricky, and releases might lag behind
>    the primary platform.  It would still be closed source, and while
>    technically in the right (I think), I would still lack the
>    author's blessing.
> 
> 3. Release the source.
> 
>    Obviously, this is the most familiar option, and needs little
>    explaining.  It has the most advantages and only a single
>    disadvantage, but that's the biggest one -- opening up what was
>    possibly not intended to be open source (yet?).
> 
> 
> So, finally, the (highly subjective) ethical question: What are the
> ethical implications of the above?  Which do you consider the best?
> 
> Should I do a combination, like do (1), then (2) if no response for a
> few weeks, then (3) if no response for a couple of months?  Or (1)+(2)
> immediately, and wait for (3)?
> 
> Is there something better than any of the above?
> 
> You get the idea.  I've got my own ideas, but I'd like to hear everyone
> else's before diving into the troublesome issue of ethics.
>