CLA concerns

CLA concerns

[Timothy Pearson]

All,

While we would like to upstream the Talos II / Blackbird BMC patches to the OpenBMC project, our legal folks will not approve the CLA.  The main concern is the patent section, since our mainboards do contain patented technology that is not part of OpenBMC, but that OpenBMC may interface with.  We are not trying to upstream any code that would result in patent action, but are very concerned that the CLA would end up granting a license for the patented technology that exists outside of OpenBMC, merely because the OpenBMC codebase is able to interface with that external technology.

The specific clause in question is:
"...or by combination of Your Contribution(s) with the Work to which such Contribution(s) were submitted."

This is ambiguous enough that legal is concerned an external entity wishing to clone the patented technology from our mainboards without a license would simply be able to merge our contributions with their own de novo code duplicating parts of the patented technology, then claim a license for the patents was automatically granted by the CLA.  As such, we are currently blocked from upstreaming code to OpenBMC, despite the fact that our patches are freely available under GPL and MIT licenses, and that those patches are not covered by any of our patents (past or future).

Is there a way to clean up the patent section of the CLA to make it clearer that only the patches submitted are released from patent infringement claims, and that any third party modifications to those patches (or to the codebase created in part by those patches) must still be cleared by their respective authors / maintainers not to infringe on the patent rights of other contributors to the codebase?

Thank you!

--
Timothy Pearson
Raptor Engineering, LLC
https://www.raptorengineering.com
+1 (415) 727-8645

Re: CLA concerns

[James Mihm]

[-- Attachment #1: Type: text/plain, Size: 2089 bytes --]

Timothy, Thanks for your input. I'll add this topic to the agenda for the
next TSC meeting.

James.


On Wed, May 1, 2019 at 12:39 AM Timothy Pearson <
tpearson@raptorengineering.com> wrote:

> All,
>
> While we would like to upstream the Talos II / Blackbird BMC patches to
> the OpenBMC project, our legal folks will not approve the CLA.  The main
> concern is the patent section, since our mainboards do contain patented
> technology that is not part of OpenBMC, but that OpenBMC may interface
> with.  We are not trying to upstream any code that would result in patent
> action, but are very concerned that the CLA would end up granting a license
> for the patented technology that exists outside of OpenBMC, merely because
> the OpenBMC codebase is able to interface with that external technology.
>
> The specific clause in question is:
> "...or by combination of Your Contribution(s) with the Work to which such
> Contribution(s) were submitted."
>
> This is ambiguous enough that legal is concerned an external entity
> wishing to clone the patented technology from our mainboards without a
> license would simply be able to merge our contributions with their own de
> novo code duplicating parts of the patented technology, then claim a
> license for the patents was automatically granted by the CLA.  As such, we
> are currently blocked from upstreaming code to OpenBMC, despite the fact
> that our patches are freely available under GPL and MIT licenses, and that
> those patches are not covered by any of our patents (past or future).
>
> Is there a way to clean up the patent section of the CLA to make it
> clearer that only the patches submitted are released from patent
> infringement claims, and that any third party modifications to those
> patches (or to the codebase created in part by those patches) must still be
> cleared by their respective authors / maintainers not to infringe on the
> patent rights of other contributors to the codebase?
>
> Thank you!
>
> --
> Timothy Pearson
> Raptor Engineering, LLC
> https://www.raptorengineering.com
> +1 (415) 727-8645
>

[-- Attachment #2: Type: text/html, Size: 2543 bytes --]

Re: CLA concerns

[Brad Bishop]

On Wed, May 01, 2019 at 02:38:41AM -0500, Timothy Pearson wrote:
>
>Is there a way to clean up the patent section of the CLA to make it
>clearer that only the patches submitted are released from patent
>infringement claims, and that any third party modifications to those
>patches (or to the codebase created in part by those patches) must
>still be cleared by their respective authors / maintainers not to
>infringe on the patent rights of other contributors to the codebase?

Hi Timothy

I'm guessing the first thing the lawyers will want to know is, what
wording would be acceptable to Raptor?  Do you think you could ask your
legal team to take a crack at the actual wordling they'd like to see
such that Raptor could sign?  Then any interested legal party can simply
review the wording and accept the change or propose an alternative.

thx - brad

Re: CLA concerns

[krtaylor]

Hi Timothy, You are absolutely right to examine the CLA/CCLA IP terms 
and make sure that they are compatible with your product legal team.

I am not an attorney, but do have several years experience with these 
things. See my questions/comments below inline.

On 5/1/19 2:38 AM, Timothy Pearson wrote:
> All,
> 
> While we would like to upstream the Talos II / Blackbird BMC patches to the OpenBMC project, our legal folks will not approve the CLA.  The main concern is the patent section, since our mainboards do contain patented technology that is not part of OpenBMC, but that OpenBMC may interface with.  We are not trying to upstream any code that would result in patent action, but are very concerned that the CLA would end up granting a license for the patented technology that exists outside of OpenBMC, merely because the OpenBMC codebase is able to interface with that external technology.

Is the concern about releasing IP about the interface, in that it might 
give clues to what/how the patented technology operates? What if that 
interface was abstracted in some way and kept in a downstream private 
(behind your firewall) fork of OpenBMC that you built and supported for 
your customers?

This is a typical practice for keeping company value-add or patented 
technology separate from the upstream open code base.

> 
> The specific clause in question is:
> "...or by combination of Your Contribution(s) with the Work to which such Contribution(s) were submitted."
> 
> This is ambiguous enough that legal is concerned an external entity wishing to clone the patented technology from our mainboards without a license would simply be able to merge our contributions with their own de novo code duplicating parts of the patented technology, then claim a license for the patents was automatically granted by the CLA.  As such, we are currently blocked from upstreaming code to OpenBMC, despite the fact that our patches are freely available under GPL and MIT licenses, and that those patches are not covered by any of our patents (past or future).

Patches/features contributed to OpenBMC should not contain any patented 
technology. Any value-add or patented technology that you have should be 
kept in your downstream fork (see above).

> 
> Is there a way to clean up the patent section of the CLA to make it clearer that only the patches submitted are released from patent infringement claims, and that any third party modifications to those patches (or to the codebase created in part by those patches) must still be cleared by their respective authors / maintainers not to infringe on the patent rights of other contributors to the codebase?

You can imagine that requiring a developer to clear modifications of 
patent infringement would be a monumental task to burden the repo 
maintainer with on a per-patch basis. As said above, any patch that 
would require this special treatment should be kept in a downstream 
product fork.

I would like to learn more about this, and help if I could. Apologies in 
advance if I have misunderstood any of your points.

Kurt Taylor (krtaylor)

> 
> Thank you!
> 
> --
> Timothy Pearson
> Raptor Engineering, LLC
> https://www.raptorengineering.com
> +1 (415) 727-8645
> 

Re: CLA concerns

[Timothy Pearson]

Thank you for your response!

No, we are not looking to upstream any patches that contain any patented technology.  The main concern is that the language is somewhat open-ended, and an argument exists that if a third party wanted to infringe on the patented parts (which we were planning to maintain downstream as you mention) all they would need to do is to extend the code we added to tree, then claim that the combination of our code and their new infringing code was authorized by the CLA.

If it could be made clearer that our patent release /only/ holds for the patches that were signed off by us, that would probably allow us to proceed.  Just as the project and its contributors are not in general able to perform a full search to avoid infringement, it is similarly unreasonable to require us to audit the entire extant codebase against our patent portfolio before we can contribute patches in one specific, audited, and cleared area.

----- Original Message -----
> From: "krtaylor" <kurt.r.taylor@gmail.com>
> To: "Timothy Pearson" <tpearson@raptorengineering.com>, "openbmc" <openbmc@lists.ozlabs.org>
> Sent: Wednesday, May 1, 2019 1:51:30 PM
> Subject: Re: CLA concerns

> Hi Timothy, You are absolutely right to examine the CLA/CCLA IP terms
> and make sure that they are compatible with your product legal team.
> 
> I am not an attorney, but do have several years experience with these
> things. See my questions/comments below inline.
> 
> On 5/1/19 2:38 AM, Timothy Pearson wrote:
>> All,
>> 
>> While we would like to upstream the Talos II / Blackbird BMC patches to the
>> OpenBMC project, our legal folks will not approve the CLA.  The main concern is
>> the patent section, since our mainboards do contain patented technology that is
>> not part of OpenBMC, but that OpenBMC may interface with.  We are not trying to
>> upstream any code that would result in patent action, but are very concerned
>> that the CLA would end up granting a license for the patented technology that
>> exists outside of OpenBMC, merely because the OpenBMC codebase is able to
>> interface with that external technology.
> 
> Is the concern about releasing IP about the interface, in that it might
> give clues to what/how the patented technology operates? What if that
> interface was abstracted in some way and kept in a downstream private
> (behind your firewall) fork of OpenBMC that you built and supported for
> your customers?
> 
> This is a typical practice for keeping company value-add or patented
> technology separate from the upstream open code base.
> 
>> 
>> The specific clause in question is:
>> "...or by combination of Your Contribution(s) with the Work to which such
>> Contribution(s) were submitted."
>> 
>> This is ambiguous enough that legal is concerned an external entity wishing to
>> clone the patented technology from our mainboards without a license would
>> simply be able to merge our contributions with their own de novo code
>> duplicating parts of the patented technology, then claim a license for the
>> patents was automatically granted by the CLA.  As such, we are currently
>> blocked from upstreaming code to OpenBMC, despite the fact that our patches are
>> freely available under GPL and MIT licenses, and that those patches are not
>> covered by any of our patents (past or future).
> 
> Patches/features contributed to OpenBMC should not contain any patented
> technology. Any value-add or patented technology that you have should be
> kept in your downstream fork (see above).
> 
>> 
>> Is there a way to clean up the patent section of the CLA to make it clearer that
>> only the patches submitted are released from patent infringement claims, and
>> that any third party modifications to those patches (or to the codebase created
>> in part by those patches) must still be cleared by their respective authors /
>> maintainers not to infringe on the patent rights of other contributors to the
>> codebase?
> 
> You can imagine that requiring a developer to clear modifications of
> patent infringement would be a monumental task to burden the repo
> maintainer with on a per-patch basis. As said above, any patch that
> would require this special treatment should be kept in a downstream
> product fork.
> 
> I would like to learn more about this, and help if I could. Apologies in
> advance if I have misunderstood any of your points.
> 
> Kurt Taylor (krtaylor)
> 
>> 
>> Thank you!
>> 
>> --
>> Timothy Pearson
>> Raptor Engineering, LLC
>> https://www.raptorengineering.com
>> +1 (415) 727-8645

Re: CLA concerns

[Timothy Pearson]

----- Original Message -----
> From: "Brad Bishop" <bradleyb@fuzziesquirrel.com>
> To: "Timothy Pearson" <tpearson@raptorengineering.com>
> Cc: "openbmc" <openbmc@lists.ozlabs.org>
> Sent: Wednesday, May 1, 2019 10:44:12 AM
> Subject: Re: CLA concerns

> On Wed, May 01, 2019 at 02:38:41AM -0500, Timothy Pearson wrote:
>>
>>Is there a way to clean up the patent section of the CLA to make it
>>clearer that only the patches submitted are released from patent
>>infringement claims, and that any third party modifications to those
>>patches (or to the codebase created in part by those patches) must
>>still be cleared by their respective authors / maintainers not to
>>infringe on the patent rights of other contributors to the codebase?
> 
> Hi Timothy
> 
> I'm guessing the first thing the lawyers will want to know is, what
> wording would be acceptable to Raptor?  Do you think you could ask your
> legal team to take a crack at the actual wordling they'd like to see
> such that Raptor could sign?  Then any interested legal party can simply
> review the wording and accept the change or propose an alternative.
> 
> thx - brad

Absolutely!  As the entire problem revolves around this language:

"where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted."

we would propose to strike that and replace with:

"where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) to the Work, in isolation, at the time of submission.  If Your Contribution(s) do not infringe on patent claims licensable by You at the time of submission to the Work, no license to patent claims shall be granted under this section by You as a result of submission of Your Contribution(s)."

This has two effects: 
1.) It reduces the burden of accepting the CLA from having to audit the entire codebase of OpenBMC and its linked projects for potential patent infringement.  This level of audit is not in the best interests of Raptor or the OpenBMC project; we do not engage in "patent trolling" as a general policy, and as such there is no tangible benefit for us to engage in this type of audit activity.  This is the reasoning behind the "in isolation" wording and related changes.

2.) It closes the loophole of a third party extending "The Work" once it contains "Your Contributions" to infringe on patented technologies, then claiming the CLA allowed said extension under automatic patent grant.  This is why we specifically state "at the time of submission to the Work", to avoid Section 3 from triggering an automatic patent grant as a result of subsequent third party modification of "The Work".

Please let me know if there are concerns with the new wording that are not addressed so that we can try to find common ground if possible.

Thank you!