12

I have seen several different posts which suggest "code contributed to a repository inherits the license of the repository contributed to". It is not clear to me what this means when there is no license.

A repository with no license is "All rights reserved". That is, the owner of the repository is sole owner of all its code. If someone else has a repository, and I submit a pull request which is merged successfully, does that code, which is part of the repository to which they reserve all rights, belong to them?

What does the process of submitting a pull request entail, in terms of copyright ownership? It seems like submitting a pull request (asking the owner of the upstream repository to incorporate my code) involves an implied permission to incorporate my code. But what does that mean beyond that? How does ownership work on code that becomes a mix of multiple contributors' creations, after years of tweaks and adjustments?

Ultimately, if applying a license to an unlicensed repository, does the owner of the repository need permission from contributors? Why, if they reserve all rights?

If a repository has a license, such as MIT, the license will say "You may use this code as long as you do XYZ". If the contributor uses such a license, the upstream repository has that permission. What permission is granted, if a contributor's submission has no license? If I merge a pull request from someone, can they retract the code I've merged at an arbitrary time in the future?

Improve this question
6
  • Your question about contributions specifically to MIT licensed projects is interesting, and may warrant its own question. Bart's answer still applies & without an explicit license, the contribution must be considered ARR, and the owner of the repository would be unable to legally accept it. Copyleft licenses like the GPL do not have this problem, because the changes can only be legally made if the changes are also GPL. I asked a similar question here a few years ago: opensource.stackexchange.com/questions/10491/… Commented Sep 4, 2024 at 6:28
  • You should consider accepting one of the answers below, by clicking the "tick" outline next to it; this drives the SE reputation system for both you and the author of the accepted answer, and the community expects it. If some of your questions remains unanswered, you might want to consider editing your question to bring that to light. Thanks. Commented Aug 12 at 19:46
  • I have considered it. As of now, the answers are advice-oriented saying things like "you shouldn't do this" and do not provide a direct answer to ownership. I suspect that this is ultimately an unanswerable question that needs to be tested by the courts. Commented Aug 13 at 21:56
  • Bart writes in his answer that "the changes you made are still owned by you."; that seems like a direct answer to the question of ownership to me. I really think you need to accept an answer to this question; that's the social compact of this site. You knew this wasn't a court when you asked the question, so to refuse to accept an answer simply because you feel only the courts can answer to your satisfaction is not really within the spirit of the process. Commented Aug 14 at 11:52
  • @MadHatter As a moderator I will comply with your demands and accept Bart's answer, rather than risk any consequences. Good day. Commented Aug 14 at 15:38

3 Answers 3

Reset to default
12

A repository with no license is "All rights reserved". That is, the owner of the repository is sole owner of all its code.

It also means that this person is the only one who is allowed to make copies of the code and to make changes to the code.

If someone else has a repository, and I submit a pull request which is merged successfully, does that code, which is part of the repository to which they reserve all rights, belong to them?

When you make changes to someone else's codebase that is "all rights reserved", then you have violated the rights of the owner of the code. But the changes you made are still owned by you.

If you have made an accepted contribution to a repository without a license and you have not stated a license on your contribution either, then the two of you (yourself and the repository owner) have created a legal quagmire where neither of you is allowed to make further changes.

If you did state license terms, then by accepting your contribution, the repository owner is now obliged to abide by the license terms with regard to your contribution.

How does ownership work on code that becomes a mix of multiple contributors' creations, after years of tweaks and adjustments?

Under copyright law, each contributor owns their own contributions. This means that if there are several contributors, then the code becomes co-owned by all contributors.

This co-ownership is also why all contributors must agree to a change in license (beyond what the current license allows).

What permission is granted, if a contributor's submission has no license?

I will assume you meant that the submission does not state a license (rather than an explicit statement that there is no license). It then depends on a number of factors.

If the receiving project has an explicit policy that contributions must be made under license X, then you can assume that this submission was meant to be under that license. But it doesn't hurt to double check, especially with new contributors, if they are aware of the policy and agree with it.

The platform hosting the project's repositories can also have a policy that, unless indicated otherwise, submissions are made under the same license as what the project uses. GitHub, for example, has this policy and is often referred to as "inbound = outbound".

If neither of the above applies, then you must assume that the submission is not licensed and that you cannot incorporate it in your project without clarification from the contributor on the license terms.

Improve this answer
3
  • 1
    It could be argued that submitting code is an implicit gift to the owner of the repository. Commented Sep 2, 2024 at 10:50
  • 5
    @MikeB, you can try to argue that, but I am not aware of a jurisdiction where it is that easy to lose your copyrights. Most require at least a positive statement from you that you are transferring your rights. Commented Sep 2, 2024 at 12:14
  • Comments have been moved to chat; please do not continue the discussion here. Before posting a comment below this one, please review the purposes of comments. Comments that do not request clarification or suggest improvements usually belong as an answer, on Open Source Meta, or in Open Source Chat. Comments continuing discussion may be removed. Commented Aug 14 at 11:47
7

It seems like submitting a pull request [...] involves an implied permission to incorporate my code.

Implied permission, yes. However as I think you've worked out, implied permissions are not something you want to be relying on.

The answer to all the rest of your questions is "maybe"; copyright law (very deliberately and correctly) doesn't go into that sort of detail. The only other one I'll call out is this one:

If I merge a pull request from someone, can they retract the code I've merged at an arbitrary time in the future?

The solution to this one is simple - don't merge code with unclear licensing. If someone submits a pull request where it isn't 100% clear what the copyright status of the new code is, ask them to clarify. If they don't clarify, reject the pull request, or you risk exposing yourself to all sorts of problems in the future.

(The corollary of this is of course that if you are submitting a pull request to equally be clear about the licensing of the code you are submitting)

Improve this answer
3
  • 7
    All I'd add is that if there's no licence on the original code, you have no rights with respect to it. This means you lack the right to create derivative works - so you shouldn't be writing updates in the first place, and the situation should never arise. Ask for the licence to be clarified, then modify the code. Commented Sep 1, 2024 at 5:54
  • @MadHatter Don't you only lack the right to distribute/publish your derivative work? Modifying the original source-available code privately should not pose a problem. Commented Sep 1, 2024 at 14:26
  • 6
    @Bergi No, one of the rights granted by Berne convention copyright is the right to control the making of derivative works ("adaptations and arrangements"). You may never get found out, if you don't publish it, but you're still not allowed to do it. Commented Sep 1, 2024 at 14:38
3

The repository is just a publication channel, it does not change anything about the license under which somebody publishes.

Many public repositories are owned by projects or other entities that won't accept contributions unless under a specific license.
This is often done via the repository software, which won't accept or process a PR unless you have agreed to put your contribution under whatever license it requires.
However, this is by policy of the repository owner, it is not the repository itself.

To further muddy the waters, many repository hosters have a free plan but require that any repository owner that selects such a plan configure all their repos so they enforce agreement to some FOSS license.
It's still not the repo itself that applies the license, it's still the repo owner's policy, which in turn is forced by the repository hoster.

Another thing that I see is that projects don't require an agreement, assuming that you implicitly consent to putting your contribution under "the usual license of the project".
I don't know if this holds up in practice. In particular, projects without any regard for the actual license tend to have code snippets with an explicit license statement, and they end with code that is partly license A, partly license B, and partly license unknown but probably A or B but nobody cares - until somebody does care, in which case the project will be occupied with license clean-up for quite some time.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.