> What prevents other open source projects from being taken down with a "management did not authorize this" notice?
Retracting an open-source product is a move without a lot of upside. What business goal is promoted by such a retraction? It seems like it will just generate controversy, tarnish the company's reputation, and lead to endless ownership fights with contributors.
In addition, I suspect that major open-source projects usually actually do have the approval of people who have the authority to make that decision.
> What happens to the commits by other authors to the source tree? Do they own the copyright to their commits, even if they modify invalid open source code?
My understanding is that a contributor (or his employer) owns the copyright to his own patches when they are written. Larger open-source projects often require contributor agreements before they'll accept patches; the contributor must legally give the copyright to the project as a condition of their patch being incorporated into the official tree. If there's no contributor agreement in place, the patches continue to belong to the contributor.
You can think of the pre-patch tree and the patch as two parent nodes of the patched version. Novus owns the pre-patch tree; the contributor owns the patch; the post-patch tree is a derivative work of both of them, and can only be distributed with permission of both owners.
The contributor's patches may be useless without the parent tree to patch against. But if the contributors own the copyright to their patches, they can still use that copyright to forbid Novus from using or distributing the patched child tree.
> How does the open source community react when this happen?
Read the Google group and see. My feeling of how they should react is by the contributors banding together and telling Novus the following:
We contributed patches to Novus based on the understanding that the patched software would be released publicly as open source.
As soon as Novus became aware of the situation, it made a clear, unambiguous statement that Novus is not, and never was, willing to agree to these terms.
Therefore, since Novus does not accept the terms under which we gave them the patches, we revoke all permission for Novus to use these patches, or any version of the software which includes them.
If the contributors do this, and Novus is using the project internally, then Novus will have to either (1) back down and say that they're okay with open-source after all, (2) spend engineering resources on proprietary reimplementation of the features the community gave them for free, or (3) live without those features. Only option (1) lacks significant cost and/or risk from Novus's point of view.
> Perhaps there are reasonable solutions to these
This suggests that the more contributors an open-source project has, the stronger it is against any one person or company claiming ownership in this way. The remaining contributors can band together in response and pull out their patches, leaving the proprietary project at a feature-poor, ancient version -- especially compared to people's still-fresh memories of the open-source version -- if not making it entirely nonfunctional. The contributors could even attempt to make their patches useful again with an independent implementation which presents the same interface as Novus's now-proprietary code. Or they could toss their patches and rewrite the library from scratch. It would presumably take much less effort because, while they can't re-use the proprietary code from the Novus version, it should be okay to re-use the design decisions and API that may have been a big reason that the Novus version was so successful.
> What prevents other open source projects from being taken down with a "management did not authorize this" notice?
Retracting an open-source product is a move without a lot of upside. What business goal is promoted by such a retraction? It seems like it will just generate controversy, tarnish the company's reputation, and lead to endless ownership fights with contributors.
In addition, I suspect that major open-source projects usually actually do have the approval of people who have the authority to make that decision.
> What happens to the commits by other authors to the source tree? Do they own the copyright to their commits, even if they modify invalid open source code?
My understanding is that a contributor (or his employer) owns the copyright to his own patches when they are written. Larger open-source projects often require contributor agreements before they'll accept patches; the contributor must legally give the copyright to the project as a condition of their patch being incorporated into the official tree. If there's no contributor agreement in place, the patches continue to belong to the contributor.
You can think of the pre-patch tree and the patch as two parent nodes of the patched version. Novus owns the pre-patch tree; the contributor owns the patch; the post-patch tree is a derivative work of both of them, and can only be distributed with permission of both owners.
The contributor's patches may be useless without the parent tree to patch against. But if the contributors own the copyright to their patches, they can still use that copyright to forbid Novus from using or distributing the patched child tree.
> How does the open source community react when this happen?
Read the Google group and see. My feeling of how they should react is by the contributors banding together and telling Novus the following:
We contributed patches to Novus based on the understanding that the patched software would be released publicly as open source.
As soon as Novus became aware of the situation, it made a clear, unambiguous statement that Novus is not, and never was, willing to agree to these terms.
Therefore, since Novus does not accept the terms under which we gave them the patches, we revoke all permission for Novus to use these patches, or any version of the software which includes them.
If the contributors do this, and Novus is using the project internally, then Novus will have to either (1) back down and say that they're okay with open-source after all, (2) spend engineering resources on proprietary reimplementation of the features the community gave them for free, or (3) live without those features. Only option (1) lacks significant cost and/or risk from Novus's point of view.
> Perhaps there are reasonable solutions to these
This suggests that the more contributors an open-source project has, the stronger it is against any one person or company claiming ownership in this way. The remaining contributors can band together in response and pull out their patches, leaving the proprietary project at a feature-poor, ancient version -- especially compared to people's still-fresh memories of the open-source version -- if not making it entirely nonfunctional. The contributors could even attempt to make their patches useful again with an independent implementation which presents the same interface as Novus's now-proprietary code. Or they could toss their patches and rewrite the library from scratch. It would presumably take much less effort because, while they can't re-use the proprietary code from the Novus version, it should be okay to re-use the design decisions and API that may have been a big reason that the Novus version was so successful.