Rendered at 17:51:48 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
jcalvinowens 1 hours ago [-]
My employers have generally been fine giving me blanket permission to contribute to specific open source projects.
The framing matters: don't say "can I please do some charity work because it makes me feel good".
Say, "can I have your permission to get free rigorous review from experts in my field, and zero out all future maintenance costs for your company by contributing my fixes to the upstream open source project?"
Because that's really how it is. No employer of mine has ever said no to that. It is entirely in their interest for you to do this, you just have to help them see it.
throw1234567891 56 minutes ago [-]
“Sure, let me run this through the compliancy team. Just to make sure there’s no intellectual property infringement. Which repository and issue, exactly?”
lqstuart 13 minutes ago [-]
it hurts how true this is
prmoustache 1 hours ago [-]
> "and make sure you own the open source IP you ship. "
In all the juridictions I have worked in, the code I ship during my work hours is owned by my employer, not me. I simply just can't decide on my own to contribute during my work hours. I need a formal agreement to work on open source code, and every single time I asked for it it took so much time (months) to run through legal department that I simply gave up or another contributor had shipped a PR in the meantime so I just gave up asking.
Aurornis 50 minutes ago [-]
I think they were trying to say that you shouldn't try to commit work that is not yours to give away. There's another section down below about it, but the bullet point up top became confusing.
This point is obvious to devs with more experience but has been a real problem with some junior devs at some of my companies: They see something cool the company is doing in an internal project and think it would make a great contribution to some open source project, without thinking about the problems with using their knowledge of closed-source code to submit substantially similar code (or in some cases, copy and pasting) to an open source project.
Yokohiii 48 minutes ago [-]
I have never investigated, but I was under the impression that in Germany the employer owns all source code created during working hours by default.
Most employers that are not IT focused wont even understand what open source is or how it works. So I guess it's hopeless for many to get permission.
The linked site should probably focus on explaining benefits of open source and advocate legal guidelines for _employers_ primarily.
Galanwe 19 minutes ago [-]
> in Germany the employer owns all source code created during working hours by default.
Same in most countries I worked in. Generally it's not just the business hours, but also any kind of device used. If code got edited at one point on a company laptop, or during office hours, then it's the company's.
Most intellectual jobs in quant finance will also routinely enforce an intellectual property clause in their work contract, which extends appropriation to anything resulting from the knowledge you acquired at the company. Not sure if that is enforceable in practice, but it's always there.
blurbleblurble 1 hours ago [-]
I wouldn't take a job where the employer wasnt publishing permissively licensed code for all but the production bits. It's demoralizing for me and would stress my soul to the brink. I'd rather be broke.
jagged-chisel 28 minutes ago [-]
In the US, you’d definitely be broke. There just aren’t many employers willing to deal with it. All the ones I’ve worked for just use what’s available without modification.
__MatrixMan__ 2 hours ago [-]
This is a good idea, a great idea even, but I'm not sure it's a good idea to position it as "resistance".
Your job, likely, is to achieve some goal. You're the specialist who gets to decide how to achieve that goal. If open source software is part of that decision, then maintaining it is should also part of that decision. It's not radical, it's just doing your job by protecting the future stability and maintainability of things you rely on for that job.
blurbleblurble 51 minutes ago [-]
It's also just good business sense. Companies that promote collaboration via open source are promoting the ecosystem that feeds their business.
aleqs 39 minutes ago [-]
While I agree with everything you say, the reality of most tech companies these days (based on my experience), is that they will not even invest time into maintaining their own infrastructure and libraries unless forced to do so - much less OSS. Building useless features for gaming metrics, enshitification, dark patterns, borderline malware/hype integration - all would be prioritized over foundational infra/library investments.
__MatrixMan__ 22 minutes ago [-]
I've seen plenty of the evils you're talking about, managers tend to make terrible engineering decisions and then instruct their engineers to go forth and make it so. I guess what I'm saying is that, as an engineer, your value proposition is that you can shield your manager from getting mired in such details by not asking for their unqualified opinion in the first place.
Just give estimates which include time for not doing things the dumb way, and then don't do things the dumb way. When it comes time to talk about performance reviews, call it "taking ownership."
redwood 2 hours ago [-]
Agree. The characterization makes it seem like somebody's trying that extra attention on social media. It's sad that we're at the point where everything has to be hyperbolic
zokier 2 hours ago [-]
While I wholeheartedly agree this as a general concept, I find it tricky to accomplish in practice. Ianal, but afaik in general your employer owns the ip, and as such publishing it as oss requires explicit permission. And getting that permission often is difficult, needs to go through endless red tape and legal departments etc.
> In the United States, United Kingdom, and several other jurisdictions, if a work is created by an employee as part of their job duties, the employer is considered the legal author or first owner of copyright.
That being said, I do think open source work (maintenance/development) should happen by salaried professionals instead of volunteers begging for donations. The big question is how to make that happen, how to get companies accept oss contribution as standard practice instead of something that needs separate individual negotiating.
827a 1 hours ago [-]
> While I wholeheartedly agree this as a general concept, I find it tricky to accomplish in practice.
The problems you are describing are not actually "problems in practice", as you say. They are theoretical problems.
In practice: You can just do stuff. There is no subroutine on your computer stopping the git push. In practice: Employers just write stuff in their employement contracts. They'll write everything they possibly can, to cover asses in every possible direction. If they're allowed to just write stuff, why aren't you allowed to just do stuff? Nothing matters. In practice: Roughly zero open source projects have had their IP challenged because of this technicality.
em-bee 56 minutes ago [-]
when you commit code to a project you are warranting that you have the legal right to do so. the bigger projects will not even accept your contribution done at work without an explicit permission from your employer.
this is not just about you and your risk, but also about the risk for the project.
mrob 1 hours ago [-]
You might be comfortable taking that risk yourself, but if you misrepresent your FOSS contributions as your own copyright you impose that risk on third parties. Tricking people into infringing your employer's copyright is asshole behavior.
__MatrixMan__ 56 minutes ago [-]
Has that ever happened?
I'd be surprised if there was any actual burden on the upstream maintainer to care whether I was on my lunch break or whether I was on the clock when I made the fix.
Aurornis 47 minutes ago [-]
> Ianal, but afaik in general your employer owns the ip, and as such publishing it as oss requires explicit permission
If any of the work is related to what you do for your job this is true.
If the work is not related to the job it depends on the state. Many states have limitations on what employers can claim as their IP. Generic contracts will try to claim everything because they keep the language broad, but laws often say that an employer can't claim work you did in your free time if it wasn't related to the employer.
If you do the work during work hours or you use the company laptop, they would have a claim to it. Most companies aren't going to care, but you shouldn't get relaxed about this because you want to keep everything clean if a dispute arises.
Do the work on your own time, on your own hardware, and don't overlap the work you're hired to do or anything you might have been exposed to during your time at work.
jonas21 39 minutes ago [-]
Yes, but the title of this page is literally "Keep OSS alive on company time".
Aurornis 37 minutes ago [-]
Good point.
vips7L 32 minutes ago [-]
If the current state of programming has showed anything, IP and copyright law don't exists anymore.
gchamonlive 1 hours ago [-]
You don't need to push for full opensource to be able to contribute. You can negotiate time to help maintain oss packages the company IP relies upon and design your IP around creating agnostic modules that can later be released to the community.
hkolk 1 hours ago [-]
In the Netherlands the law is pretty straigtforward that this is a bad idea:
> The "Nature of Employment" Rule: If you are hired as a software developer, almost any software you create (even in your own time) can be claimed by your employer.
We always advise our employees to request an exception for it. We are pretty relaxed about it, but we don't give out a blanket exception
NewJazz 52 minutes ago [-]
Luckily in California your own time is your own time.
1 hours ago [-]
mikemcquaid 1 hours ago [-]
I'd personally got specific contract carveouts for this to only apply e.g. during working hours on company equipment (or even more liberal).
The GitHub liberal IP agreement is a good example of being even more chill here.
NewJazz 53 minutes ago [-]
Yeah this is a problem with the advice. On company time. They should have said "on personal time (winky face)".
shimman 1 hours ago [-]
This doesn't apply to every state. In California you have the California Labor Code Section 2870 which prohibits employers from stealing workers IP.
em-bee 52 minutes ago [-]
that does not apply to work done during work hours or on company equipment.
voxic11 1 hours ago [-]
[dead]
donatj 1 hours ago [-]
I work for a reasonably large company. We have an Open Source policy that boils down to ask your manager first, don't do it in the name of the company and don't release anything confidential.
It's never been a problem, and I feel is perfectly reasonable in the grand scheme of things.
wbolt 2 hours ago [-]
This is so crazy. Companies benefit from OSS so they need to pay? Come on. Companies benefit from OSS because the core idea of most of these licenses is exactly this - everyone can benefit even without contributing back. Don’t like it? Think this is not fair? Don’t do OSS or pick a more restrictive license.
If a company pays for your work time not work products (many contracts work like this) they have the full right to expect that during this work time you do the work explicitly ordered by them. It’s not only the law - it’s common sense.
telesilla 1 hours ago [-]
Unfortunately there are often questions of liability. What if you commit code that later becomes subject to litigation? It's more complicated than "we don't want to". (I'm fully supportive but when legal is involved you have to be able to justify the risk).
groby_b 2 minutes ago [-]
Every single fucking employee contract in the US mentions that the company has the right to any work done on company equipment and/or on company time.
This is such a bad idea, it's impressive.
aleqs 38 minutes ago [-]
Absolutely love this!
ktallett 1 hours ago [-]
Whilst not viable in every business, I do this a lot in my research, scripts I create, custom software I make for the lab, I have been fortunate to be able to plop online. It is extremely niche software (power meter, and in the pipeline, aligning photonic chips) and often simply a linux/haiku version of existing windows based software but I like to at least give a little bit back considering all the taking the institute does.
jmclnx 2 hours ago [-]
Where I use to work, you got 4 hours per week to work on your on thing, but that ended when covid hit and the company started feeling some financial pain.
mikemcquaid 3 hours ago [-]
Author here. I've maintained Homebrew since 2009. This manifesto is for the maintainers I know who have quietly built a sustainable OSS practice inside companies that directly or indirectly depend on their work. I'm also at the point in my career where I can say these things with fewer negative consequences than most maintainers can.
The "polite" channels (Open Source Pledge, GitHub Sponsors, Open Source Friday) ask companies nicely to contribute. I argue instead that maintainers inside those companies should just take the work time they need to maintain the open source those companies already benefit from.
Happy to take questions.
(I'm not a lawyer: please read your employment contract before acting on any of this!)
chrisweekly 2 hours ago [-]
Great post. Also thanks for homebrew! And for your post on sandboxes... secure agentic setup!
lacymorrow 45 minutes ago [-]
[flagged]
keybored 1 hours ago [-]
Don’t give shit away for free if you expect something in return, even something altruistic like for the recipients to be nice to the gift and keep it in good shape.
I think it makes more sense for the commons to be built on mutuality and some kind of antibody against parasitic exploitation.
There is no “tragedy of the commons”. Private enterprise is the only tragedy.
beastman82 2 hours ago [-]
This is an ethical disgrace and everyone involved should be ashamed.
keybored 1 hours ago [-]
Elaborate?
beastman82 42 minutes ago [-]
Read "Not everyone will approve of this" section. You are not free to make any of these decisions on behalf of your employer.
rhubarbtree 1 hours ago [-]
Surely OSS is a solved problem. AI generates everything automatically. You don’t need to look at the code, so there is nothing for humans to do but prompt.
If you can do 1000x surely most projects are now essentially “complete” and bug free.
I don’t get this contradiction. Something is wrong.
The framing matters: don't say "can I please do some charity work because it makes me feel good".
Say, "can I have your permission to get free rigorous review from experts in my field, and zero out all future maintenance costs for your company by contributing my fixes to the upstream open source project?"
Because that's really how it is. No employer of mine has ever said no to that. It is entirely in their interest for you to do this, you just have to help them see it.
In all the juridictions I have worked in, the code I ship during my work hours is owned by my employer, not me. I simply just can't decide on my own to contribute during my work hours. I need a formal agreement to work on open source code, and every single time I asked for it it took so much time (months) to run through legal department that I simply gave up or another contributor had shipped a PR in the meantime so I just gave up asking.
This point is obvious to devs with more experience but has been a real problem with some junior devs at some of my companies: They see something cool the company is doing in an internal project and think it would make a great contribution to some open source project, without thinking about the problems with using their knowledge of closed-source code to submit substantially similar code (or in some cases, copy and pasting) to an open source project.
Most employers that are not IT focused wont even understand what open source is or how it works. So I guess it's hopeless for many to get permission.
The linked site should probably focus on explaining benefits of open source and advocate legal guidelines for _employers_ primarily.
Same in most countries I worked in. Generally it's not just the business hours, but also any kind of device used. If code got edited at one point on a company laptop, or during office hours, then it's the company's.
Most intellectual jobs in quant finance will also routinely enforce an intellectual property clause in their work contract, which extends appropriation to anything resulting from the knowledge you acquired at the company. Not sure if that is enforceable in practice, but it's always there.
Your job, likely, is to achieve some goal. You're the specialist who gets to decide how to achieve that goal. If open source software is part of that decision, then maintaining it is should also part of that decision. It's not radical, it's just doing your job by protecting the future stability and maintainability of things you rely on for that job.
Just give estimates which include time for not doing things the dumb way, and then don't do things the dumb way. When it comes time to talk about performance reviews, call it "taking ownership."
> In the United States, United Kingdom, and several other jurisdictions, if a work is created by an employee as part of their job duties, the employer is considered the legal author or first owner of copyright.
https://en.wikipedia.org/wiki/Work_for_hire
That being said, I do think open source work (maintenance/development) should happen by salaried professionals instead of volunteers begging for donations. The big question is how to make that happen, how to get companies accept oss contribution as standard practice instead of something that needs separate individual negotiating.
The problems you are describing are not actually "problems in practice", as you say. They are theoretical problems.
In practice: You can just do stuff. There is no subroutine on your computer stopping the git push. In practice: Employers just write stuff in their employement contracts. They'll write everything they possibly can, to cover asses in every possible direction. If they're allowed to just write stuff, why aren't you allowed to just do stuff? Nothing matters. In practice: Roughly zero open source projects have had their IP challenged because of this technicality.
this is not just about you and your risk, but also about the risk for the project.
I'd be surprised if there was any actual burden on the upstream maintainer to care whether I was on my lunch break or whether I was on the clock when I made the fix.
If any of the work is related to what you do for your job this is true.
If the work is not related to the job it depends on the state. Many states have limitations on what employers can claim as their IP. Generic contracts will try to claim everything because they keep the language broad, but laws often say that an employer can't claim work you did in your free time if it wasn't related to the employer.
If you do the work during work hours or you use the company laptop, they would have a claim to it. Most companies aren't going to care, but you shouldn't get relaxed about this because you want to keep everything clean if a dispute arises.
Do the work on your own time, on your own hardware, and don't overlap the work you're hired to do or anything you might have been exposed to during your time at work.
We always advise our employees to request an exception for it. We are pretty relaxed about it, but we don't give out a blanket exception
The GitHub liberal IP agreement is a good example of being even more chill here.
It's never been a problem, and I feel is perfectly reasonable in the grand scheme of things.
If a company pays for your work time not work products (many contracts work like this) they have the full right to expect that during this work time you do the work explicitly ordered by them. It’s not only the law - it’s common sense.
This is such a bad idea, it's impressive.
The "polite" channels (Open Source Pledge, GitHub Sponsors, Open Source Friday) ask companies nicely to contribute. I argue instead that maintainers inside those companies should just take the work time they need to maintain the open source those companies already benefit from.
Happy to take questions.
(I'm not a lawyer: please read your employment contract before acting on any of this!)
I think it makes more sense for the commons to be built on mutuality and some kind of antibody against parasitic exploitation.
There is no “tragedy of the commons”. Private enterprise is the only tragedy.
If you can do 1000x surely most projects are now essentially “complete” and bug free.
I don’t get this contradiction. Something is wrong.