Dear Heather: We hope to be able to facilitate this quickly for you, but I do need to pose two questions first. You're welcome to share this message with UI and with your Board if you wish.Â
Subject to those two matters, we'll be happy to get this signed for Samvera;Â As a legal entity contract, as you know, it requires an OODF officer's signature. Â(Thus my sharing this with Scott, who usually fills that role.)Â
(
1) ÂPlease advise S
cott tha
t the $40,000 planned expense and
part time assistance of the
IU develop
er has been appro
ved by your board of directors
. (That could also have occurred by intentional inclusion in your approved foundation budget.
)
(2) The one possible show-stopper is the indemnification clause in UI's draft paragraph 11, which is unusual for open source development. Under it, Samvera would give an unlimited indemnity to UI for hypothetical third party claims of infringement or otherwise. That might be appropriate to ask commercial software production developers in some cases, but it poses several problems in an open source context:
- It's atypical in open source work because those kinds of chain of title and liability issues are intended to be addressed by the "AS IS" terms, and exculpation of the offerer of the work from any such liability, in Sections 7 and 8 of the Apache 2 License (https://www.apache.org/licenses/LICENSE-2.0). Is it possible that UI's team reviewer is more familiar with commercial than open source licenses? In the latter, the right of every user to use, implement and derive from the licensed work is conditioned upon the exculpatory terms in that license.Â
- Any work by UI under UI's draft agreement is to be contributed to the project and subject to Apache 2 terms, which will give UI the direct benefit of those exculpations, as the contributor. So there should be no practical exposure to UI for donating the new code increments. (Arguably UI's draft paragraph 12 in part duplicates that protection, but I see no harm in that.)Â
-
Prior work in the Hyrax project also was donated under Apache 2 terms (https://github.com/samvera/hyrax/blob/main/LICENSE), which as a practical matter should rule out such liability for claims.
- Realistically, new code will come from UI, who wishes to retain title and principal credit (per UI's draft paragraph 9, which is fine.)  Any errant, unexpected or troll claim made against any new, old or aggregate work would be completely outside Samvera's control -- the Samvera community and foundation did not give rise to the risk. Both Samvera and UI likely are better off relying on the standardized, well-understood "as-is, where-is" clauses, than some uniquely drafted risk arrangement. It also strikes me that, though you would know better than us, this seems likely to be is a low-risk, non-fractious IPR domain, with no expected infringement risks on the horizon.
- In any case, Samvera is a limited-size, nonprofit entity not really in the position to give unlimited indemnities to anyone.Â
We're happy to talk further with the UI folks about these issues, if that would be helpful, but we do not recommend agreeing to the current draftÂÂ
draft section 12.
Best regards, Jamie Clark
| James Bryce ClarkGeneral Counsel OASIS Open |
| |