I think their stated reason is very much to be expected: they are a financial institution, their whole business model (and therefore mentality) is to act quickly to decrease risk. Makes perfect sense that they would take it down first and judge later.
I'm not saying it was the right thing to do, but it's consistent with what I would expect, assuming the scenario is true (internal code, open-sourced without some higher-up knowing about it, higher-up hears about it, freaks out).
It's great that they decided to open source it (again?). But in some ways it would also have been interesting to see this go to court and establish a precedent on the authority required to license software.
Whose signoff do you need? A developer, your manager?, the CEO? Is it enough for people within the company to be "generally aware" of the fact. Seems like an interesting question to me.
sure, but what I mean is legally how does that policy need to be established? Does the CEO or board need to give individuals explicit authority to produce license agreements?
Some random googling brought up:
"Executing Corporate Contracts. Except as otherwise provided in the articles or in these bylaws, the board of directors by resolution may authorize any officer, officers, agent, or agents to enter into any contract or to execute any instrument in the name of and on behalf of the corporation." [1].
But does this apply to software licenses too? As a user of a software package is there any reasonable way for me to determine that the correct legal procedure has been followed. If the source has been out there under the GPL for 9 months, could they still revoke the license because it wasn't authorised? Or have they not done due diligence?
As a software engineer, what kind of authorisation should I be looking for? Does it need to come from upper management?
Those are the kind of issues that might have come up in a court case, and perhaps have been resolved to some degree (perhaps it's already been tested in a previous case, and I'm unaware of it).
From your own link:
(b) Any contract or conveyance made in the name of a corporation
which is authorized or ratified by the board, or is done within the
scope of the authority, actual or apparent, conferred by the board or
within the agency power of the officer executing it, except as the
board's authority is limited by law other than this division, binds
the corporation, and the corporation acquires rights thereunder,
whether the contract is executed or wholly or in part executory.
Also
313. Subject to the provisions of subdivision (a) of Section 208,
any note, mortgage, evidence of indebtedness, contract, share
certificate, initial transaction statement or written statement,
conveyance, or other instrument in writing, and any assignment or
endorsement thereof, executed or entered into between any corporation
and any other person, when signed by the chairman of the board, the
president or any vice president and the secretary, any assistant
secretary, the chief financial officer or any assistant treasurer of
such corporation, is not invalidated as to the corporation by any
lack of authority of the signing officers in the absence of actual
knowledge on the part of the other person that the signing officers
had no authority to execute the same.
Obviously that only applies to California, but the first sounds like you only have to verify that the person releasing to you appears to have the authority to do so; the second one specifically mentions vice presidents so it might be best to get a release from that level.
One wrinkle I'm aware of here in the UK is that you can't have a binding contract if one party receives no consideration for it. So you're on much firmer legal ground if you can arrange to pay $1 for your license.
It says that they regret attempting to revoke the GPL (which goes with out saying, since they got huge negative publicity) but it doesn't seem to acknowledge that revoking the GPL is not possible. Therefore there is nothing to stop them trying this again if they ever think no one is watching. I wouldn't rely on this software for anything mission critical.
There were interesting legal questions before to do with how an unauthorized release affects things - but this clearly an official release so that doesn't apply. If the GPL licence is valid, it clearly cannot be revoked.
IANAL but I presume the corporation is the copyright owner, not the developer. The developer is not authorized to act on behalf of the copyright owner.
Can you point me to links where they got negative publicity for this? I'd love to read the comments since I'm interested in software licenses and community reactions to licensing policies and policy changes.
We've experienced a (seemingly unrelated) GitHub Pages snafu that ended up borking the original nvd3.com. What you see on nvd3.org now is a cheap knockoff that will be fixed.
I'm one of the 30 other individuals that acutally patched and commited changes for Bob to include in nvd3.js; I'm looking for contacts for the other 29 contributors. (Please contact me at using the feedback form on congocart.com or master-technology.com) I would like one of us (I'm willing to volenteer) to contact Mr. Qunibi of Novus partners in a position of consensuses from those who actually have code in the product.
My thoughts that would I believe be amicable (i.e. win/win) to both sides is that they can have our permission to take ALL of our changes closed source in the own future versions as long as we also (the community) may use the last release under the open source (Apache) license it has been under since shortly after it was released on there official novus github account and go our own separate way. I know my changes were really early to the library and some of my code may not even exist anymore (lol).
But I believe the cost for them to audit the whole library and rip out all of our changes and rewrite it all could be major -- I believe Bob could legally remove all of our code; but for the actual re-implementation Bob would have to hand it off to someone to do a fully clean-room version to make them legally safe from being sued. And that could be very costly in time and resources. Cost wise for them It might even be cheaper for them to ditch the last 6-7 months of changes and to just revert to the version before my patch/commit (which was issue #3 <G>). So I think we might be able to make this a win/win proposition if I can get the consensuses of the other 29 contributors.
Nathanael A.
I'm one of the 30 other individuals that acutally patched and commited changes
for Bob to include in nvd3.js; I'm looking for contacts for the other 29
contributors. (Please contact me at using the feedback form on congocart.com
or master-technology.com) I would like one of us (I'm willing to volenteer) to
contact Mr. Qunibi of Novus partners in a position of consensuses from those
who actually have code in the product.
My thoughts that would I believe be amicable (i.e. win/win) to both sides is
that they can have our permission to take ALL of our changes closed source
in the own future versions as long as we also (the community) may use the
last release under the open source (Apache) license it has been under since
shortly after it was released on there official novus github account and go
our own separate way. I know my changes were really early to the library
and some of my code may not even exist anymore (lol).
But I believe the cost for them to audit the whole library and rip out all
of our changes and rewrite it all could be major -- I believe Bob could
legally remove all of our code; but for the actual re-implementation Bob
would have to hand it off to someone to do a fully clean-room version to
make them legally safe from being sued. And that could be very costly in
time and resources. Cost wise for them It might even be cheaper for them
to ditch the last 6-7 months of changes and to just revert to the version
before my patch/commit (which was issue #3 <G>). So I think we might
be able to make this a win/win proposition if I can get the consensuses of
the other 29 contributors.
Nathanael A.
[0]: Use what's best for you, but I pasted in vim, then 5gqq 8G=G gg>G
The numerical prefix repeats commands in vim, so '5gqq' means '5 times, format line'. The default format will wrap the text to an acceptable level, and 5 lines encompasses the 3 text lines plus the whitespace. The command 'gqq' here is a single one, you can read more with ':help gqq'.
8G moves to line 8, and =G is a command combined with a movement. The = command by default will remove any indentation on these lines, and the 'G' movement means 'to the end of the file'. This will remove the indentation from the 2nd and 3rd lines/paragraphs and the signature.
gg means 'move to top' and >G is another action/movement. > indents lines, and G means 'to the end', so this indents every line by one.
we believed it was prudent to take it down to undertake a code review to assess if there were any issues
There's a lesson here in making apologies. The best 360s and/or apologies are unreserved, never give an excuse.