Half of GitHub Code Unsafe To Use (If You Want Open Source)

WebMink writes "GitHub is a great open source hosting site, right? Wrong. There's no requirement that projects on GitHub provide any copyright license, let alone an open source one, so roughly half the projects on GitHub are "all rights reserved" — meaning you could well be violating copyright if you make any use of the code in them. And GitHub management seem just fine with this state of affairs, saying picking a license is too hard for ordinary developers. But if you're not going to give anyone permission to use your code, why post it on GitHub in the first place?"

Not a new problem

[MightyYar]

This certainly isn't a new problem. If you work for a corporation, you aren't going to use code without a clear license. At least, I hope you aren't. If you need clarification about a license, you can often just contact the author. Just because the website is called "Github" doesn't mean you should treat the code any differently than code you find laying around anywhere else.

Re:Because

[Bieeanda]

And it's probably one of the first places that comes to mind, shows up on a cursory search, or is suggested by someone in passing. Given that the site maintainers are fine with the state of things, the issue would seem to lie with the assumption that all code there is OSS licensed, rather than its use as a catch-all repository.

Re:Because

[Anonymous Coward]

this. i've only used github for my personal projects. not everyone cares about contributing to open source projects, or making their code available to others. and there's nothing wrong with that. not everyone should be expected to share their work.

shocking and unbelievable, i know, but it's true.

Why?

[gcnaddict]

But if you're not going to give anyone permission to use your code, why post it on GitHub in the first place?"

Lets say I stumble across a fantastic utility, and the source is open for me to view. I'll dive through the code and make sure I'm comfortable with its functionality (i.e. it's not doing anything I don't want it to do) before grabbing the tool.

I'm not using the code for my own projects. I'm just vetting the code. Plenty of developers throw code for small utilities up for exactly this reason, and the vast majority of the world is totally cool with it.

Why post it on GitHub?

[Opportunist]

C'mon, it ain't that hard.

1. Post it on Github
2. Make everyone think it's free to use.
3. Sue everyone you can get your hands on who do.
4. Profit

Reading code can be useful on its own

[Hentes]

The author seems to confuse open source with copyleft. Open source is not a legal thing. And a ban on redistribution of derivative works doesn't mean that it's useless. Knowing the source code of a piece of software is important if you want to use it for any security-sensitive work or if you want to implement some modifications of your own (which you don't intend to distribute). It's not unheard of even that a developer company only gives the source code to their paying costumers.

Sensationalist article stating the obvious

[caseih]

Whether you are working on proprietary code or open source code, you can't just paste code from the net into your project without a license, regardless of whether it's GPL, BSD, or some royalty-free use grant. Unless the code has an explicit license, or states explicitly that it is in the public domain, you simply cannot use it without express permission from the copyright holder, because no law grants you that right. Plain and simple. So if code in a git repo is "all rights reserved," the you can look, and even download it, but you cannot put it into your own code. So I don't see what the problem is here. License always matters, whether you're a FLOSS person or developing commercial software.

So of course half of all git repos are unsafe to use. Why does this warrant some big sensationalist article? Kind of along the lines of articles claiming the GPL is a threat to proprietary software companies because it will "infect" them somehow magically. Folks, a little bit of understanding of copyright law will go a long ways I think. Open source, even copyleft, depends on copyright to keep it as such. We should all have a basic understanding of it.

Missing the problem here

[dugjohnson]

Github is a great place to store your repository. It is ALSO a great place to share code with people you want to work with who may or may not be really conversant with git.
Github doesn't claim to provide a repository for open source software...just a place to store repositories which you (as an author) may or may not choose to attach a license to. But that doesn't remove the responsibility of the copier to determine what the license on that software may be. If I copy anything, I need to know if I have the right (copy right) to do that. The onus is and always has been on the copier. That said, the copyright owner is the one who will follow up with violations.
Just because I choose to use github to store my repositories (and, in my case, I use and pay for private repositories for those things that I don't want to share) does not mean that I want everyone in the world to download and use my stuff. I'm an idiot if I am surprised when people DO use my stuff that I make publicly available, but without an explicit license allowing use of my code, it is protected in the US by copyright laws as soon as I write it...and IANAL.
Github is just a great service for those of us who don't want to set up our own repository. They are not a guarantor of free software, nor a nanny to protect me.

Re:Reading code can be useful on its own

[icebraining]

Open Source, as defined by the Open Source Initiative, is most definitively a legal thing.

a ban on redistribution of derivative works doesn't mean that it's useless. Knowing the source code of a piece of software is important if you want to use it for any security-sensitive work or if you want to implement some modifications of your own (which you don't intend to distribute). It's not unheard of even that a developer company only gives the source code to their paying costumers.

This is why the author says it's dangerous.

Unlicensed code ("All rights reserved") is not a ban on redistribution. It's a ban on any copying, including forking the code to your machine. You most definitively can't modify the code, even if you don't intend to distribute it.

Re:Because

[Mike_EE_U_of_I]

not everyone should be expected to share their work.

Nor should Github be expected to host such repositories for free.

That's true. However, if Github can afford to provide the service for free and chooses to do so, I see no harm in it.

Re:Because

[Short Circuit]

If I understand what you're saying, you're expressing the same ignorance about downloadable material that people downloading warez and mp3s in the 90s had. "It's free, so it's probably legal, right?"

Re:Because

[HairyNevus]

That's a false comparison; those mp3s weren't uploaded by the artist themselves. If a musician uploads a track today with a free download, and provides the link without any password protection or encryption so anyone can link to and download it willy nilly, then yes, it's free and you can run it on your computer and listen to it.

I think they should put a warning up for people, that by downloading and compiling the code you could be in violation of the law,

By analogy, this would be like the artist putting up a track for download and saying it's illegal to listen to.

Re:Because

[Kergan]

A developer who downloads code for use in his project, without checking the licence first, shouldn't be coding in the first place. Seriously...

"All Rights Reserved." Is a meaningless phrase

[imp]

The phrase "All Rights Reserved" is a totally meaningless phrase. It used to be required to retain certain rights in central american countries. It was created by the Buenos Ares convention, and once everybody in central and south america adopted the Berne convention, the phrase no longer had any recognized legal meaning.

It has falsely been asserted that the phrase "All Rights Reserved" makes the Berkeley Copyright statement non-free. This is false because the copyright notices from the Berkeley Unix code base date to a time when the phrase had meaning.

It's only use today is due to inertia.

In short, this article is quite sensational in its ignorance.