[Koha] Koha became a little more of a certainty last night

Joe Atzberger ohiocore at gmail.com
Wed Oct 24 11:21:28 NZDT 2007


On 10/23/07, Dan Scott <denials at gmail.com> wrote:

> I would strongly suggest posting the code to the sirsiapi repository. I'm
> not a lawyer, but (to my understanding) sirsiapi.org is the only
> SirsiDynix-sanctioned location for hosting code that uses the Unicorn "API"
> to extract information from Unicorn. Sites that have signed a contract with
> SirsiDynix for Unicorn typically have agreed to not reverse-engineer the
> product (meaning that they agree to not try and figure out how the Unicorn
> "API" works) and if they have taken the "API" training course then they have
> agreed to not share any of that information (including code examples)
> outside of the SirsiDynix-sanctioned locations.


In my opinion, the repository is an unsuitable venue, since it requires
considerable cost and Sirsi's blessing to even evaluate the (mostly
tentative) code in it.  There are less than 40 total contributors to it, all
time.  So from a practical perspective, it's the wrong choice.

As for the legal questions, I'm not a lawyer either, but I do take them
seriously.  More seriously, I suspect, than the former management at Sirsi.


I attended SD's week-long "API Training" course while in the employ of a
5-county educational consortium, with whom I had no non-disclosure
agreements at the time, nor any other kind of contract now.  (I don't work
there anymore.)  Since I was a public employee at the time, literally all
the code I wrote is is a public work-product and like all my correspondence
there, is subject to public disclosure laws.  Anyone could ask for it today,
and my former employer would still be obligated to provide copies of it.

The various warnings from SD about sharing materials did not amount to a
NDA, in my opinion, just an acknowledgment of their copyright to the actual
training materials.  (That's funny, since their main docs are a handbook
containing mostly the STDERR "usage" messages from their various
executables, but in an even less readable format.)  But even if they *did*
have a bulletproof NDA, I certainly wouldn't have any authority to suspend
state law in order to accept it.

I would be concerned on behalf of the library posting Unicorn "API" code to
> a public site like SourceForge.net that they could be opening themselves
> up to lawsuits due to breach of contract, if the vendor was to get to such a
> bad state that they started suing their (former) customers.


It may be true that SirsiDynix eventually goes the way of SCO, adopting a
litigation-heavy business model.  In either case, I don't consider it
ethical to limit my behavior because of this possibility, in particular if
the result is more people stuck paying a litigious vendor they'd prefer to
leave.  If spurious liability is the real concern, in the modern era it
would not be difficult to post the code anonymously, or via foreign proxy.

Any code dealing with the results of using the Unicorn "API" to extract data
> should be openly shareable, because at that point you're just dealing with
> data structures. But I would be worried about openly sharing the actual
> commands, err, "API instructions" required to get that data out of the
> system.


Unicorn uses either Oracle or an ancient version of Informix as the back end
database, in conjunction with a bunch of flat files.  Nothing particularly
special is required for anyone to access the information directly.  In that
way, the API question could be sidestepped entirely.
-- 
Joseph Atzberger
SysAdmin, LibLime
http://liblime.com/koha
1(888)KohaILS

ps: Needless to say, my comments are my own.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20071023/fb4fb8b2/attachment.htm


More information about the Koha mailing list