Proposal: Get rid of copyright headers on each file

[yanokwa]

There are a few problems with the copyright headers on each file

• It's annoying to drive-by contributors to put their names on each file.
• It's annoying to folks who then come and change that file to also put their names on the file.
• As the files get more contributors, you then have a long list of copyright owners. Annoying.

None of this is necessary. Apache says.

Each original source document (code and documentation, but excluding the LICENSE and NOTICE files) SHOULD include a short license header at the top. If the distribution contains documents not covered by CLA, CCLA or Software Grant (such as third-party libraries) then see the policy guide."

I propose we get rid of the copyright headers on each file and instead have a NOTICE.md file that has an alphabetical list of names of contributors. The contribution guide will encourage contributors to add their names. And regardless of whether or not they choose to add their names, they still keep copyright (at least in US copyright law). And if we ever want to know who wrote what class, that's what git blame is for.

[mitchellsundt]

I think you need a intellectual property lawyer.

Historically, each file has been considered an individual document, which led to the need for a copyright (claim of ownership) at the top of it -- and also the need for the license at the top (granting free use without assumption of liability). I don't think anything can change that, so I think you still need both, otherwise how can you know upon whose authority the license has been granted? Lawyer would know.

I agree that attribution is best left to git blame and a contributors notice.

I think this is why Apache and other projects require contributors to submit legal release documents. Then the files can have Copyright The Apache Software Foundation and not get cluttered with subordinate copyrights for each change.

[ghost]

Disclaimer: I also am not a lawyer, however I have worked with open source focused lawyers on similar questions via multiple FOSS projects. Don't take legal advice from me.

I agree with Yaw's list of 3 problems, and also support the ideas behind his proposed solution. Many if not most files in open source projects are collective works made and evolved by several authors (i.e., several copyright holders). There is an agreement (implicit or otherwise) between those copyright owners who contribute to Project X and the Project's maintainers, that they have the legal authority to submit their contributions in an unencumbered way. Traditionally, this may be done in one of multiple ways:

• Dedicating one's individual work into the public domain,
• Licensing the work contributed to the project for use under a Free or Open Source license (or another license agreement), or
• Assigning the copyright ownership of the work to a third party (such as the project itself) who is then either are licensed to use the work (or owns it) for inclusion in a larger collective work (e.g. a packaged version of software called "Open Data Kit").

The "default path" that I typically see these days is what's known in the field as "license in = license out", where the creator of the original or modified work is licensing that work under a Free or Open Source license compatible with the license that the project (e.g. ODK & APL) wants to use to combine all of the smaller works to create their "software product".

There may be exceptions requiring additional agreements, such as work made for hire, or where one's employer is sponsoring one's work on an open source project under a condition that they sign some type of agreement (either between the contributor and their employer, or between the contributor and the project).

And to clarify the comment from @mitchellsundt, Apache projects do not generally require contributors to sign a CLA -- only committers which is a higher level of responsibility/accountability within the project. Details here: http://permalink.gmane.org/gmane.comp.apache.legal.discuss/6064

Thanks for thinking about this often-tricky topic!

[wbrunette]

I do not think you can get rid of the copyright headers without some sort of agreement from previous parties (though again like everyone else not a lawyer) as the license says (http://www.apache.org/licenses/LICENSE-2.0)

4.c You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and

[ghost]

Interesting find @wbrunette on 4.c. (I have limited experience with the specific requirements of the APL.) We can certainly ask some authorities to learn more about it!

[yanokwa]

@downeym Can you please find someone in your network (preferably from Apache) to provide a definitive answer? No point in IANALs arguing when we know lawyers.

@batkinson Do you know someone at Apache who knows if we can remove the copyright headers?

[ghost]

Sure @yanokwa, I will ask around to see if anyone has specific input on removal of copyright notices from headers in APL-licensed files. But anyone else with contacts should feel encouraged to do the same!

[batkinson]

@yanokwa I will see if someone is willing to field it on legal-discuss. In the mean time you can see that the ICLA sections 2&3 say the signer is granting

a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.

From the src-headers document document, you can see that:

If the source file is submitted with a copyright notice included in it, the copyright owner (or owner's agent) must either:

• remove such notices, or
• move them to the NOTICE file associated with each applicable project release, or
• provide written permission for the ASF to make such removal or relocation of the notices.

You can also see that they say:

• Each source file should include the [APL] license header -- note that there should be no copyright notice in the header

[batkinson]

So, specifically, what should I be asking? Something like this?

> To what extent can copyright notices on project files be modified/moved/removed?
> Who is able to do this?

[yanokwa]

I think the ask is...

Our goal is to give credit to contributors, but we also wish to avoid putting contributor names and long copyright notices in each file. We do not have a CLA or CAA. We do have a LICENSE file in the repo. We are glad to add a NOTICE file with a list of contributors who wish to have their names listed as contributors. Our former contributors are also likely willing to assign or license copyright to the project (or the public domain).

1. Assuming a LICENSE file exists in the repo, what, if any, is the minimum source header that is required by the Apache license? And what is best practice given our goals of minimizing copyright notices in individual files.

2. If individual files that have already been contributed have a copyright header, what is the best way to remove these headers while still giving credit to contributors?

[LawrenceRosen]

Extensive copyright notices can be annoying when you're reading the code. But they can be valuable for those using and modifying the code to determine who wrote it and who might claim intellectual property rights in it. But other than one comprehensive copyright notice identifying the creator of the module-as-a-whole, other individual copyright notices are not legally required; they are just helpful.

All those copyright notices don't have to be at the beginning of the source code, although it is very helpful to have a short copyright notice in that known place. But you can move extensive attribution and other notices to the bottom of the source code or to the NOTICE file for the application. Just point to where these notices can be found. Will that avoid the "annoyance" to subsequent programmers?

Please don't think only about the few expert engineers who are reading the source code. There are others who may need that information. Asking engineers to page down through copyright notices is a small price to pay for complete authorship attribution that users and distributors might be interested in.

There is a group of lawyers and others working on an improved standard way to identify intellectual property interests in open source software. It is called SPDX. I mention this not because you have to follow that standard yet, but because it demonstrates that this is not just a problem with annoying copyright notices. There is legal importance to these issues involving many experts and some good solutions.

/Larry Rosen

"If this had been legal advice it would have been accompanied by a bill."

Lawrence Rosen Rosenlaw (www.rosenlaw.com) 3001 King Ranch Rd., Ukiah, CA 95482 Cell: 707-478-8932

[yanokwa]

Thanks, @LawrenceRosen! And in your opinion, do you see moving pre-existing copyright headers to the NOTICE file as a violation of 4c in the Apache License?

[LawrenceRosen]

Hi @Yanokwa, no problem doing that. Until there is SPDX, the NOTICE file is a good place to aggregate such notices and they remain useful.