The framing matters: don't say "can I please do some charity work because it makes me feel good".
Say, "can I have your permission to get free rigorous review from experts in my field, and zero out all future maintenance costs for your company by contributing my fixes to the upstream open source project?"
Because that's really how it is. No employer of mine has ever said no to that. It is entirely in their interest for you to do this, you just have to help them see it.
I rewrote a lot of stuff while keeping the API mostly compatible, focusing on emphasizing non-blocking IO with backpressure semantics available if necessary. It was really cool and enabled a lot of interesting stuff involving the state store and mixing+matching blocking and non-blocking IO in a way that was still relatively performant. I think it was really neat and it's one of the projects I am most proud of because I was able to squeeze out performance in a lot of places that were non-obvious.
I was pushing to allow us to release it to Github and/or make a PR to the upstream Kafka Streams project, but sadly they did layoffs before that was completed and afterwards there was really no "champion" to do that, so it's stuck in proprietary land.
I might still do it from scratch and FOSS it, it's been long enough to where I think I wouldn't get in trouble if I rewrote it and released it (there weren't any patents or anything attached to it), and there are a few things I'd like to change anyway (like getting rid of the dependency of Vert.x). Maybe if I ever get a week off I'll do that.
I think it is good that you were taking the legal + compliance sign-offs before pursuing it.
I am sure they have their reasons even if I don't agree with them, but it's made me very cautious about making PRs and the like while working at BigCos and making outside contributions to FOSS stuff.
This even more so, though, because of course I was doing it on company time, so I wouldn't really blame them for wanting to audit stuff to ensure I'm not divulging company secrets and the like.
During a recruitment process with a company a few years ago, they quite early asked for my GH profile and complained that I hadn't much content available.
Later, they asked me to do a small exercise and put it on my GH account.
When they sent me the contract, there was a clause telling that I would work for them exclusively and would not be allowed to contribute to anything else than company projects, even in my own time.
I didn't signed, and every person in the process seemed unable to understand what was wrong.
i had one contract where i was able to replace the standard "we own all your work" passage into: "all your work will be released under the GPL"
Kafka Streams is one of those things that I think is like 95% cool, but there are some design decisions I have mixed feelings on. One big thing is that while it does give an API for making new state stores out of the box and it's not too hard to write that, it is all dependent on blocking IO. This isn't that big of a deal with the built in RocksDB store because the latency isn't that high for it, so you can get away with everything being blocking, but if you want to substitute another store (e.g. Redis or even something like PostgreSQL), the naive version has you dealing with round trip latency for every item for a join, which can two or three orders of magnitude more expensive.
Less naively you can implement batching and the like in your driver, which is what my first version did, but you do eventually have to add blocking, and the Kafka Streams library doesn't really utilize virtual threads so you're paying the full cost of it at the end. Eventually I just found it more elegant to make Kafka Streams non-blocking-aware and adding built-in semantics for batching to automatically amortize the cost of these things.
Anyway, sorry, just kind of miss working on that project. I really should redo it.
Some employers get tangled up in just the legal review process.
Once I asked permission to submit a patch to a project and it had quite an interesting email trail. It came down to a single question: if the patch was written during hours billed to a customer for the purpose of fixing a bug in a deliverable product, and the library being patched had to be recompiled and delivered with the source code, and the contract states that all work and intellectual property associated to the product would be transferred to the customer, do we have authority to release the patch in the public domain?
Legal didn’t want to answer it.
Note that the resulting patch is almost assuredly not public domain and you should never use that term.
Luck with your employer also plays a big part in how you approach this too.
In all the juridictions I have worked in, the code I ship during my work hours is owned by my employer, not me. I simply just can't decide on my own to contribute during my work hours. I need a formal agreement to work on open source code, and every single time I asked for it it took so much time (months) to run through legal department that I simply gave up or another contributor had shipped a PR in the meantime so I just gave up asking.
This point is obvious to devs with more experience but has been a real problem with some junior devs at some of my companies: They see something cool the company is doing in an internal project and think it would make a great contribution to some open source project, without thinking about the problems with using their knowledge of closed-source code to submit substantially similar code (or in some cases, copy and pasting) to an open source project.
Most employers that are not IT focused wont even understand what open source is or how it works. So I guess it's hopeless for many to get permission.
The linked site should probably focus on explaining benefits of open source and advocate legal guidelines for _employers_ primarily.
That would be relevant, for example, when the company goes defunct, and no one else holds any usage rights for the work. Then you'd regain those usage rights.
That of course is iffy to make use of because you'd need to be sure that you are considered the exclusive author, and that no one else acquired these exclusive usage rights.
Same in most countries I worked in. Generally it's not just the business hours, but also any kind of device used. If code got edited at one point on a company laptop, or during office hours, then it's the company's.
Most intellectual jobs in quant finance will also routinely enforce an intellectual property clause in their work contract, which extends appropriation to anything resulting from the knowledge you acquired at the company. Not sure if that is enforceable in practice, but it's always there.
This AFAICT, isn't the case where I live, I usually have to sign something actively giving the the employer ownership (And usually it's scoped to the project), but I'm not sure if this is a formality
Your job, likely, is to achieve some goal. You're the specialist who gets to decide how to achieve that goal. If open source software is part of that decision, then maintaining it is should also part of that decision. It's not radical, it's just doing your job by protecting the future stability and maintainability of things you rely on for that job.
Just give estimates which include time for not doing things the dumb way, and then don't do things the dumb way. When it comes time to talk about performance reviews, call it "taking ownership."
> In the United States, United Kingdom, and several other jurisdictions, if a work is created by an employee as part of their job duties, the employer is considered the legal author or first owner of copyright.
https://en.wikipedia.org/wiki/Work_for_hire
That being said, I do think open source work (maintenance/development) should happen by salaried professionals instead of volunteers begging for donations. The big question is how to make that happen, how to get companies accept oss contribution as standard practice instead of something that needs separate individual negotiating.
The problems you are describing are not actually "problems in practice", as you say. They are theoretical problems.
In practice: You can just do stuff. There is no subroutine on your computer stopping the git push. In practice: Employers just write stuff in their employement contracts. They'll write everything they possibly can, to cover asses in every possible direction. If they're allowed to just write stuff, why aren't you allowed to just do stuff? Nothing matters. In practice: Roughly zero open source projects have had their IP challenged because of this technicality.
I'd be surprised if there was any actual burden on the upstream maintainer to care whether I was on my lunch break or whether I was on the clock when I made the fix.
this is not just about you and your risk, but also about the risk for the project.
IANAL but if you give your co-worker a copy to run, you've just used the OSS license to be able to do that right? The co-worker now has legal rights granted by the license right? Including to redistribute your changes?
This all seems really silly since pushing changes upstream is by far the best way to be sure the changes are maintained. Not to mention legal uncertainty around maintaining an internal proprietary fork.
If any of the work is related to what you do for your job this is true.
If the work is not related to the job it depends on the state. Many states have limitations on what employers can claim as their IP. Generic contracts will try to claim everything because they keep the language broad, but laws often say that an employer can't claim work you did in your free time if it wasn't related to the employer.
If you do the work during work hours or you use the company laptop, they would have a claim to it. Most companies aren't going to care, but you shouldn't get relaxed about this because you want to keep everything clean if a dispute arises.
Do the work on your own time, on your own hardware, and don't overlap the work you're hired to do or anything you might have been exposed to during your time at work.
We always advise our employees to request an exception for it. We are pretty relaxed about it, but we don't give out a blanket exception
The GitHub liberal IP agreement is a good example of being even more chill here.
It's never been a problem, and I feel is perfectly reasonable in the grand scheme of things.
If a company pays for your work time not work products (many contracts work like this) they have the full right to expect that during this work time you do the work explicitly ordered by them. It’s not only the law - it’s common sense.
This is such a bad idea, it's impressive.
I think it makes more sense for the commons to be built on mutuality and some kind of antibody against parasitic exploitation.
There is no “tragedy of the commons”. Private enterprise is the only tragedy.
The "polite" channels (Open Source Pledge, GitHub Sponsors, Open Source Friday) ask companies nicely to contribute. I argue instead that maintainers inside those companies should just take the work time they need to maintain the open source those companies already benefit from.
Happy to take questions.
(I'm not a lawyer: please read your employment contract before acting on any of this!)
If you can do 1000x surely most projects are now essentially “complete” and bug free.
I don’t get this contradiction. Something is wrong.