undefined | Better HN

0 pointsjchw1y ago0 comments

Firstly, if you are not a legal professional, please temper your statements somewhat. There are very few absolutes when it comes to interpreting legalese, and what is true for one jurisdiction may not be true for all of them. (Obligatory: yes, I am aware of the existence of international copyright treaties/Berne Convention.) That said, as I denoted, I am (also?) not a lawyer. I will try to follow my own advice and not make any strong claims I am not qualified to make.

Now with that said...

> I don’t believe this is actually true. These instructions are not in the actual license terms and conditions, but rather in a distinct information section after that. In GPL-3.0, “How to Apply These Terms to Your New Programs”; in Apache-2.0, “How to apply the Apache License to your work”. My understanding is that such prescriptions and sections are not normative.

There are a few lines in Apache 2 itself which are normative and make reference to obligations regarding notices attached directly to source files. Most notably, see section 4.a[1]:

> You must cause any modified files to carry prominent notices stating that You changed the files; [...]

Of course, you can argue about what might qualify or not qualify here, e.g. maybe Git metadata is good enough, but then a tarball produced by your Git host of choice would suddenly violate the copyright license obligations.

> From a pure copyright law perspective: no, you definitely don’t need to put the license in each source file. Copyright is automatic these many years, so you don’t even need a copyright line; and license can be (and practically always is) independent of the code.

I have no idea what you mean by this. First of all, of course you don't have to put the entire copyright license into each source file; this is solely about copyright notices, which typically point to a more complete LICENSE/NOTICE file. Secondly,

> license can be (and practically always is) independent of the code.

I'm not sure what this means. Each file of a project either needs to be in the public domain or has to be covered under some kind of copyright license for anyone (aside from the original authors) to be able to distribute it. At least from a conceptual sense, the code and the copyright license are definitely not independent (This still holds with dual licensing schemes.)

> There’s even more definitely no need for a dozen lines. If you really want to put anything, one line for a copyright declaration and one line for SPDX-License-Identifier seems fair.

Some projects do basically just do this, but many of them do both. The SPDX identifier is great because it is machine-readable, and it might help you if you're ever in a situation where it's necessary.

> As for copyright lines⸺ bah, they’re such a bunch of drivel. The way people use year ranges, or just bump the year, it’s almost all such legal nonsense. As in, “if this stuff actually mattered, you’d probably have lost your copyright protection” nonsense. The fact of the matter is that copyright year stuff wasn’t designed for such easily-edited stuff as software. It was designed for “first edition copyright 1925; renewed 1935; second edition copyright 1945”, that kind of thing.

While registering copyrights or including copyright notices explicitly is not necessary to have protection under copyright law, my layperson understanding is that it does indeed afford you additional protection under law in some cases. My understanding is that since Berne Convention, pretty much anywhere on Earth anything you produce that's eligible for copyright protection does implicitly get it. However, if you ever actually wind up in court over copyright issues, the lack of clarity on what licenses go where could possibly create reasonable doubt. It's a lot of risk for what ultimately amounts to an aesthetic concern.

P.S.: Also, just so it's clear, I am mainly concerned about the copyright notices because they explicitly denote the copyright license, not because they denote the existence of copyright protection. This is especially nice to have when people contribute patches to your projects, so that it can be as explicit as possible that their contributions are under the same license as the original file.

I will stress again that I am not a legal professional, I don't study law, and at best I have spoken to people who do irregularly. However, I haven't found anyone that would disagree that it is a good idea to provide a full-fat copyright notice when possible. All else the same, it's just good hygiene at a cost of a kilobyte or so per file.

[1]: https://www.apache.org/licenses/LICENSE-2.0#redistribution

0 comments

5 comments · 3 top-level

chrismorgan1y ago· 1 in thread

> There are a few lines in Apache 2 itself which are normative and make reference to obligations regarding notices attached directly to source files. Most notably, see section 4.a[1]:

> > You must cause any modified files to carry prominent notices stating that You changed the files; [...]

If you think that’s in any way relevant, please reread it. It’s nothing to do with what I’ll call a first-party copyright notice. Yes, it’s about stapling a notice, but if anything that strengthens my argument, because that’s all you can find, because that’s all there is. (Incidentally, very few people ever comply with that term, and the specific nature of it has aged badly so that it’s often not even clear in what situations you even need such notice—just another place in which these old licenses really need replacing.)

I wish BlueOak-1.0.0 <https://blueoakcouncil.org/license/1.0.0> was more popular. Good work has gone into it.

https://writing.kemitchell.com/2020/12/27/War-on-License-Not... is good related reading, from a tech lawyer, who has been involved in a lot of this good progressive stuff. Aspects like: do these notices even actually do anything, and what, and when; and how much is direct inclusion even valuable? It doesn’t talk about including notices in individual files, but you can readily apply some of the principles discussed. People are regularly making things much harder than they need to be, for reasons that boil down to superstition, and frequently with as much accuracy as superstition often has.

—⁂—

> I will stress again that I am not a legal professional, I don't study law, and at best I have spoken to people who do irregularly. However, I haven't found anyone that would disagree that it is a good idea to provide a full-fat copyright notice when possible. All else the same, it's just good hygiene at a cost of a kilobyte or so per file.

I’d be curious to know kemitchell’s opinion on this. For my part, I baulk at calling such verbose notices “good hygiene”.

chrismorgan1y ago

Oh yes, also https://writing.kemitchell.com/2020/10/21/Copyright-Notices (note that that’s copyright notices, not license notices).

kelnos1y ago· 1 in thread

> I have no idea what you mean by this. First of all, of course you don't have to put the entire copyright license into each source file; this is solely about copyright notices, which typically point to a more complete LICENSE/NOTICE file.

You don't even need a copyright notice. Under current US law (and that of many other countries that have harmonized their copyright regimes), copyright is automatic, and requires no notice at all. Obviously it is better/safer for you to put a copyright notice on everything you create, but it is not required. You will hold copyright on a work you create and distribute today, even if you don't put your name or the magic "Copyright 2024 $NAME" bit anywhere on it.

I think there's some confusion here about copyright vs. licensing: those two things are independent, except of course that you need to hold the copyright to be able to set licensing terms. The default, without any provided license, is the most restrictive of one: that no one else has any rights toward the covered work.

> While registering copyrights or including copyright notices explicitly is not necessary to have protection under copyright law, my layperson understanding is that it does indeed afford you additional protection under law in some cases.

Registering does, yes. In the US, at least, you cannot file suit to protect your copyright unless it is registered. I don't believe the presence or absence of a copyright notice matters one bit; ultimately regardless of the presence or absence of a copyright notice, if it ends up in court, everyone will be providing more documentation as to the provenance of the work in question.

The dates you list in the copyright notice are perhaps useful for readers, but if a dispute ends up in court, part of the proceedings may involve determining the creation date/year of any bits under dispute, independent of what you put in the copyright notice. But in practice, with software, considering the stupid-long time things remain under copyright these days, the exact date doesn't matter much, as pretty much anything anyone is going to bring a dispute about is going to still be under copyright.

> However, if you ever actually wind up in court over copyright issues, the lack of clarity on what licenses go where could possibly create reasonable doubt

"Beyond a reasonable doubt" is a standard applied to criminal cases; civil cases have a lower burden of proof. But yes, you're always better off with things documented than not. A judge/jury will certainly appreciate a plaintiff or defendant who has all their ducks in a row vs. one that is disorganized. But they'll also be cognizant of (and try to determine) what the copyright holder intended to do, even if the documentation doesn't spell it out as clearly as one would like.

The law is not a computer; you're not likely to get away with copyright infringement just because the copyright holder missed some detail.

> I am mainly concerned about the copyright notices because they explicitly denote the copyright license

No they don't. A "copyright notice"[0] is simply something that says "Copyright $YEAR $NAME". A "copyright license" is a list of terms that give people more rights to use and distribute the work than they would get under copyright law.

You don't need to put licensing information in each source file. If everything in a project is released under the same license, noting the license in a single place is fine. If different files have different licenses, of course you'll need to note things specifically; though, again, if you don't want to put licensing information in each file, you can still note in a single place which files are under which license.

But as I mentioned above, more documentation is better/safer than less. Personally I put licensing information in every source file of the things I release, even if every file is under the same license as the project as a whole.

[0] https://en.wikipedia.org/wiki/Copyright_notice#Form_of_notic...

jchwOP1y ago

> You don't even need a copyright notice. Under current US law (and that of many other countries that have harmonized their copyright regimes), copyright is automatic, and requires no notice at all. Obviously it is better/safer for you to put a copyright notice on everything you create, but it is not required. You will hold copyright on a work you create and distribute today, even if you don't put your name or the magic "Copyright 2024 $NAME" bit anywhere on it.

> I think there's some confusion here about copyright vs. licensing: those two things are independent, except of course that you need to hold the copyright to be able to set licensing terms. The default, without any provided license, is the most restrictive of one: that no one else has any rights toward the covered work.

There is no such confusion on my part, rather it's simply that I should've said "copyright and license notices" instead of just "copyright notice", but my entire point in that line is that the notice and the license are two different things. The only case where you'd put the entire license inline into the source code files is when the license notice is the entire license, for short licenses like 3BSD or MIT.

> Registering does, yes. In the US, at least, you cannot file suit to protect your copyright unless it is registered. I don't believe the presence or absence of a copyright notice matters one bit; ultimately regardless of the presence or absence of a copyright notice, if it ends up in court, everyone will be providing more documentation as to the provenance of the work in question.

> The dates you list in the copyright notice are perhaps useful for readers, but if a dispute ends up in court, part of the proceedings may involve determining the creation date/year of any bits under dispute, independent of what you put in the copyright notice. But in practice, with software, considering the stupid-long time things remain under copyright these days, the exact date doesn't matter much, as pretty much anything anyone is going to bring a dispute about is going to still be under copyright.

As to whether including a copyright notice on each file is useful, I will defer to the U.S. Copyright Office, which lists a few points in which a copyright notice is still useful.

https://www.copyright.gov/circs/circ03.pdf

> "Beyond a reasonable doubt" is a standard applied to criminal cases; civil cases have a lower burden of proof. But yes, you're always better off with things documented than not. A judge/jury will certainly appreciate a plaintiff or defendant who has all their ducks in a row vs. one that is disorganized. But they'll also be cognizant of (and try to determine) what the copyright holder intended to do, even if the documentation doesn't spell it out as clearly as one would like.

I'll quote from the document I linked above:

"In the case of a published work, a notice may prevent a defendant in a copyright infringement action from attempting to limit his or her liability for damages or injunctive relief based on an innocent infringement defense."

So yes, it definitely does matter. This is especially true if there's a possibility your source code could wind up being distributed in some fashion that you did not originally intend, e.g. outside of source control, possibly copied into a bigger repository, where it's easier to miss the separate NOTICE/LICENSE/etc.

> The law is not a computer; you're not likely to get away with copyright infringement just because the copyright holder missed some detail.

Yes, I know, color of your bits, whatever. (The notice I really need is a 8 paragraph long disclaimer I can affix to my posts to cover all of the things I already understand and don't need described to me again in a mildly condescending fashion.)

However, I will note that being legally boned due to a technicality is absolutely a thing that exists. Hell, this was the reality prior to the Berne Convention: even if you intended for something to have copyright protection, failing to put a copyright notice on it could indeed cause you to lose out on copyright protection. So I'm not sure what this has to do with anything here. Technicalities exist just as much in law and bureaucracy as they do in computers...

> No they don't. A "copyright notice"[0] is simply something that says "Copyright $YEAR $NAME". A "copyright license" is a list of terms that give people more rights to use and distribute the work than they would get under copyright law.

> You don't need to put licensing information in each source file. If everything in a project is released under the same license, noting the license in a single place is fine. If different files have different licenses, of course you'll need to note things specifically; though, again, if you don't want to put licensing information in each file, you can still note in a single place which files are under which license.

> But as I mentioned above, more documentation is better/safer than less. Personally I put licensing information in every source file of the things I release, even if every file is under the same license as the project as a whole.

I re-iterate again that I should have said "copyright and license notices". I really wish I had done that, because it could've saved a lot of typing to have gotten that part right.

tempfile1y ago

> > From a pure copyright law perspective: no, you definitely don’t need to put the license in each source file.

> I have no idea what you mean by this.

I think they interpret your original comment as "do you need to do this [to obtain copyright protection]? Maybe" rather than "do you need to do this [to comply with the license terms]? Maybe", which is what I think you intended. If I'm right, this explains a lot of the stuff in their comment that doesn't really make sense.

j / k navigate · click thread line to collapse