Open Source and copyright infringement

Yesterday Till Klampaeckel proposed an S3 stream handler for PEAR. A great idea, as this should make integration PHP and S3 very easy.

However, it didn't take long for Cesar Rodas to respond to the proposal, claiming he was the original author of the code. Till first denied the allegations, but after Gregory Beaver presented the undeniable proof Till claimed he got the code from an intern at the company he worked with, who apparently lied about where he got the code from, and stripped out the original copyrights; violating the BSD license.

Cesar will now be credited for his code, so the issue seems somewhat resolved. This does however show a bigger problem.

If the code made it through PEAR, and was put in use in commercial applications, Cesar would have been able to claim his copyrighted code and for example sue the PHP Group or companies making use of the code. This is also exactly why any contributions to the Zend Framework requires a CLA to be signed, which effectively makes the coder responsible for only submitting code he or she owns. If a mistake such as this one would have been made, the original contributor would be liable for the legal violations, and not Zend or the entity using the code.

So the lesson of the day is, if you're going to contribute to any open source project; make absolutely sure you own the code or got explicit permission from the original author. If you don't, you can put both the open source project and the people who use your code in danger. Additionally, giving credit where its due is the decent thing to do. (and apologizing in the case you did make a mistake).