Posting gov code to personal GitHub

[Josh Doe]

Suppose a federal government employee writes some code, then gets a public release for it. What are the issues with the employee putting the code on his personal GitHub repository, either on or off work hours?

I've gotten release for some code, and have even submitted it to a relevant project as a patch [1], but it's not garnered any interest. I was hoping that by putting it on GitHub that might change.

Thoughts?

-Josh

[1]: https://bugzilla.gnome.org/show_bug.cgi?id=666385

[Gunnar Hellekson]

On 3 Jul 2013, at 22:39, Josh Doe wrote:
> Suppose a federal government employee writes some code, then gets a public release for it. What are the issues with the employee putting the code on his personal GitHub repository, either on or off work hours?

I'm not a lawyer, but that code's in the public domain, right?

> I've gotten release for some code, and have even submitted it to a relevant project as a patch [1], but it's not garnered any interest. I was hoping that by putting it on GitHub that might change.
>

> [1]: https://bugzilla.gnome.org/show_bug.cgi?id=666385

I think the only thing preventing you from doing that would be your contract with the government. But, again, check with counsel.

g

[Steven Siebert]

Why not use a Github organization? https://github.com/blog/674-introducing-organizations

Using an organization, multiple people can own the projects - preventing vendor (you) dependencies.

Still free if all your projects on there are open source.

S

--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
 
www.mil-oss.org
 
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Josh D]

On Jul 4, 2013 10:29 AM, "Steven Siebert" <sms...@gmail.com> wrote:
>
> Why not use a Github organization? https://github.com/blog/674-introducing-organizations
>
> Using an organization, multiple people can own the projects - preventing vendor (you) dependencies.
>
> Still free if all your projects on there are open source.

I'm the said employee, so I have no contract or vendor dependency worries. I think getting my organization to approve a GitHub account might be a bit much, considering how long it took me to get an email address that I could associate with my public commits.

Josh

[Steven Siebert]

Sounds like your organization has a choice: release it affiliated with the organization and utilize something like Github organizations (sounds like this is a non-starter) or non-affiliated and they really probably (shouldn't?) don't care how you do it.  A recent mil-oss member released a DoE project under his personal github account (https://github.com/deanhiller/databus) - so it's not without precedence in our small community.  Gunnar suggested seeking counsel, and that's fair...but you can also just simple ask the release authority (those that approved it to go public) and see what they suggest - they've either already considered the legal implication or accepted the risk, how it gets disseminated seems like a minor consideration in relation.

I would love to see affiliation, though, it does more for the community that way...but we all understand the issues that brings.

--

[Kit Plummer]

Consider sending an incubation proposal to http://www.codices.org -  we can help. 

--

[Karl Fogel]

Steven Siebert <sms...@gmail.com> writes:
>Sounds like your organization has a choice: release it affiliated with
>the organization and utilize something like Github organizations
>(sounds like this is a non-starter) or non-affiliated and they really
>probably (shouldn't?) don't care how you do it. A recent mil-oss
>member released a DoE project under his personal github account
>(https://github.com/deanhiller/databus) - so it's not without
>precedence in our small community. Gunnar suggested seeking counsel,
>and that's fair...but you can also just simple ask the release
>authority (those that approved it to go public) and see what they
>suggest - they've either already considered the legal implication or
>accepted the risk, how it gets disseminated seems like a minor
>consideration in relation.
>
>I would love to see affiliation, though, it does more for the
>community that way...but we all understand the issues that brings.

Another answer is:

If the code is truly publicly released (i.e., public domain or freely
licensed), then in theory any *other* human being could host the code in
their Github account, so why can't you? In other words, does something
in your contract with the government prohibit you from doing things with
publicly-available material that anyone else could do?

After all, having code in one's Github account is not in itself a claim
or ownership nor of endorsement nor even of active participation. For
example:

https://github.com/OpenTechStrategies/openstv

I keep that code there -- in an organization account, but it would be
the same if it were my personal account -- basically to make sure
there's always a place where it's publicly accessible. I didn't write
the code, and I don't maintain it.

Another thought:

You can set up a Github Organization to hold the code, but that Github
Organization doesn't have to be related to the department or org you
work for, or to any other legal org previously associated with the code.

Why, heck, we could even set up a Github Organization whose sole purpose
is to be a place that hosts repositories containing publicly released
code that we both want to guarantee stays available and don't want to
associate with any particular individual...

...so I did: https://github.com/organizations/Conservatory

Anyone here who needs to preserve some code in a Github account that's
not their personal account, just say the word; we can put it in the
Conservatory. If you think you should be one of the owners of that
Github organization, just say the word too. All we need to know about
you is that you won't delete repositories :-).

-K

>--

[David Dyess]

http://www.codice.org

[Steven Siebert]

nice perspective, and I like the Convervatory idea.  Perhaps that can be a community "proving ground" for projects that may eventually make it into something like codice.  As they (codice) mentioned, not all projects would be appropriate for their "incubation"...

[Wheeler, David A]

On 3 Jul 2013, at 22:39, Josh Doe wrote:
>> Suppose a federal government employee writes some code, then gets a public release for it. What are the issues with the employee putting the code on his personal GitHub repository, either on or off work hours?

Of Gunnar Hellekson:

>I'm not a lawyer, but that code's in the public domain, right?

I'm not a lawyer either, but I have looked into this in depth with actual lawyers; here is my understanding.

If a U.S. federal government employee (including military personnel) develops software as part of his official duties, it normally has *no* copyright in the US. This is stated in 17 USC §105.

As always, there's fine print. The US *can* assert copyright outside the US... but since it can only enforce that in foreign courts (and not its own), that's often not worth doing. There are special cases where copyright can be claimed anyway when a government employee writes stuff, but they're really narrow (IIRC, NIST test materials and the US Postal Service).

Be careful. The term "public domain" has two different meanings. In copyright law, it means "no copyright". In export control rules, it means "accessible to the public (possibly for a fee)". So Microsoft Office is not copyright-law public domain, but it is export-control public domain. I swear this is NOT my fault :-).

--- David A. Wheeler

[Ben Balter]

Josh -

Sounds like there's a consensus, but if there is any way I can be helpful, please let me know. 

If you wrote the code as a government employee and have secured the necessary release internally (security, legal, etc.), then by all means, yes, please feel free to post to your personal account. This will probably allow you to be a bit more nimble, give it more attention, and increases the likelihood of growing a community around the code.

If you think the opportunity will arise again in the future, in parallel to the above, it may make sense to start the conversation internally about spinning up an Organization. The process is simply a matter of having counsel review the GitHub terms of service (which include a government amendment), and if everything looks okay, you can go ahead and sign up. This would be great in the long run, as hopefully it can be a "teach him how to fish" vehicle to show others within the organization the value of participating in open source. You can always fork or transfer the original repo at that time.

Cheers and open source,

- Ben

GitHub

[Arnie Shore]

Guys, I'm with you all on this, as a lurker/kibitzer. But there's an
associated support issue/expectation.

IMO, it wd be smart to include language re how much/little effort
you're prepared to offer. And that expression shd have yr
management's OK

AS

[Josh Doe]

Thanks to all for the the opinions. I think at this point I'll go
forward with putting the code under my personal GitHub account. I'd
love to have organizational affiliation, but the current environment
would not be very conducive to that happening. Codice and Karl's
Conservatory sound like a nice destination as well, but the current
user base is very small, only five or so (and only one developer,
guess who), with a possible user base of several dozen within DoD, but
possibly several hundred or so outside DoD (machine vision industry,
research, etc.). I'll stay on the lookout for an opportunity to
discuss creation of a GitHub organization, but that will be slow
coming I expect.

Now I just need to decide whether to squash the history down to one
commit, or scrutinize each commit.

Thanks,
-Josh

[Karl Fogel]

Josh Doe <jo...@joshdoe.com> writes:
>Thanks to all for the the opinions. I think at this point I'll go
>forward with putting the code under my personal GitHub account. I'd
>love to have organizational affiliation, but the current environment
>would not be very conducive to that happening. Codice and Karl's
>Conservatory sound like a nice destination as well, but the current
>user base is very small, only five or so (and only one developer,
>guess who), with a possible user base of several dozen within DoD, but
>possibly several hundred or so outside DoD (machine vision industry,
>research, etc.). I'll stay on the lookout for an opportunity to
>discuss creation of a GitHub organization, but that will be slow
>coming I expect.

Yay -- glad to hear it'll be posted!

Note the GitHub Conservatory is really intended for one somewhat narrow
use case:

Someone wants to ensure some code makes it out to the public, under open
source or PD terms, and in a place where it will be preserved. They
also want the release kept distinct from their personal or
organizational account.

That's what the the Conservatory is about. It's not a destination or a
working area; rather, it's an archive or, well, a conservatory.

So whenever there is a better place to put something (as in this case)
that place should probably be where the code is first posted. The
Conservatory can always fork it from there, to ensure preservation. In
fact, I have just done this with OpenSTV:

https://github.com/Conservatory/openstv

Might do it with yours too, once it's posted -- do post the URL when
you've got the code up.

Best,
-Karl

[Daniel Risacher]

I could point out a few other cases where gov't code has been posted to personal space. 
Some of those are spooks, so I won't.

One easy example that comes to mind is that I wrote patches to nenscript (and thus became the de-facto maintainer) when I was a 2LT.  The code is published today at http://risacher.org/nenscript/

The changes were made in response to a trouble report for the E-3 AWACS - and include this amusing (to me) comment:

I added the -U classification_1st_page flag to nenscript, because I             

needed it for HDSIUCS (Hard Disk Subsystem Interface Unit Control               

Software).  Since someone else might need this feature also, I am               

releasing my changes into the public domain also.                               

                                                                                

I made trivial modifications to the options handling to provide                 

marginally better diagnostics.                                                  

                                                                                

I also renamed the package nenscript-1.13.3, because I think 1.13++ is          

a poor choice of version number.                                                

                                                                                

These changes were made on my own time and on my own computer, but              

could easily be construed as being part of my official duties as an             

AWACS software programmer/analyst.  If this is the case, then any               

changes that I made are a work of the US government and are not                 

subject to copyright protection in the United States, and furthermore           

are provided, free of charge, with no warantee.  If my changes are not          

legally part of my official duties, then I hereby disclaim all rights           

to the aforementioned changes and explicitly put them in the public             

domain, and furthermore disclaim any warantee, express or implied.  I           

am not an intellectual property lawyer, so I'm not sure which of these          

situations applies.  Either way, the changes are free to you.                   

                                                                                

Daniel Risacher, 2Lt, USAF                                                      

28 Oct 1997

[Ex Nihilo]

Josh,

As a fellow DoD entity, once I was able to locate the GSA agreement with GitHub and also show prior use for my branch of military in the wild, I had the legal, security, and Public Affairs approvals to use right away.  Catch was that its blocked upstream on our GiG :-)  So have to use R&D networks to post.

[Jamie Jones]

if you don't mind me asking, which branch did you clear the field for?

------------------------------------------
Jamie Jones
jjo...@alumni.virginia.edu , jbjo...@gmail.com
------------------------------------------

--

[John Scott]

link please…

--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
 
www.mil-oss.org
 
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

----------------------------------------------

John Scott

 240.401.6574

< jms...@gmail.com >

http://powdermonkey.blogs.com

@johnmscott

[Wheeler, David A]

> As a fellow DoD entity, once I was able to locate the GSA agreement with GitHub and also show prior use for my branch of military in the wild, I had the legal, security, and Public Affairs approvals to use right away.  Catch was that its blocked upstream on our GiG :-)  So have to use R&D networks to post.

 

Link?  There’s also a negotiated agreement with SourceForge, but that seems to have disappeared as well (link wanted!).

 

While searching for that, I found these:

 

The HowTo.gov “Negotiated Terms of Service Agreements” lists tools that have federal–compatible Terms of Service agreements.  As of 2013-07-11, it includes GitHub and SourceForge <http://www.howto.gov/social-media/terms-of-service-agreements/negotiated-terms-of-service-agreements>.

 

Government Open Source software projects on git:

http://gsa.github.io/federal-open-source-repos/

 

 

--- David A. Wheeler

 

 

From: mil...@googlegroups.com [mailto:mil...@googlegroups.com] On Behalf Of Ex Nihilo
Sent: Wednesday, July 10, 2013 11:46 PM
To: mil...@googlegroups.com
Subject: Re: [mil-oss] Posting gov code to personal GitHub

 

Josh,

 

On Thursday, July 4, 2013 10:59:12 AM UTC-4, Josh wrote:

On Jul 4, 2013 10:29 AM, "Steven Siebert" <sms...@gmail.com> wrote:
>
> Why not use a Github organization? https://github.com/blog/674-introducing-organizations
>
> Using an organization, multiple people can own the projects - preventing vendor (you) dependencies.
>
> Still free if all your projects on there are open source.

I'm the said employee, so I have no contract or vendor dependency worries. I think getting my organization to approve a GitHub account might be a bit much, considering how long it took me to get an email address that I could associate with my public commits.

Josh

--

[Jamie Jones]

Paging Ben... Paging Ben Balter...

------------------------------------------
Jamie Jones
jjo...@alumni.virginia.edu , jbjo...@gmail.com
------------------------------------------

[Nihilo, Ex]

The HowTo.gov linked for GitHub TOS is a newer version then what I received from GSA.  Great, now I have to see if that matches the previous GSA agreement I had go through my chain ;-(

On furlough eve with my 32 hrs in for the week, so can't pull down till Monday to compare or share.

[Karl Fogel]

Daniel Risacher <mag...@alum.mit.edu> writes:
>I could point out a few other cases where gov't code has been posted
>to personal space.
>Some of those are spooks, so I won't.
>
>One easy example that comes to mind is that I wrote patches to
>nenscript (and thus became the de-facto maintainer) when I was a 2LT.
>The code is published today at http://risacher.org/nenscript/

nenscript is now in the Conservatory, because why not?

https://github.com/Conservatory/nenscript

(Dan, let me know if this is in any way a bad thing; I assumed it's fine
since you posted the code yourself.)

Best,
-Karl

>--