Re: [Koha] Koha became a little more of a certainty last night
On 10/23/07, Dan Scott <denials@gmail.com> wrote:
I would strongly suggest posting the code to the sirsiapi repository. I'm not a lawyer, but (to my understanding) sirsiapi.org is the only SirsiDynix-sanctioned location for hosting code that uses the Unicorn "API" to extract information from Unicorn. Sites that have signed a contract with SirsiDynix for Unicorn typically have agreed to not reverse-engineer the product (meaning that they agree to not try and figure out how the Unicorn "API" works) and if they have taken the "API" training course then they have agreed to not share any of that information (including code examples) outside of the SirsiDynix-sanctioned locations.
In my opinion, the repository is an unsuitable venue, since it requires considerable cost and Sirsi's blessing to even evaluate the (mostly tentative) code in it. There are less than 40 total contributors to it, all time. So from a practical perspective, it's the wrong choice. As for the legal questions, I'm not a lawyer either, but I do take them seriously. More seriously, I suspect, than the former management at Sirsi. I attended SD's week-long "API Training" course while in the employ of a 5-county educational consortium, with whom I had no non-disclosure agreements at the time, nor any other kind of contract now. (I don't work there anymore.) Since I was a public employee at the time, literally all the code I wrote is is a public work-product and like all my correspondence there, is subject to public disclosure laws. Anyone could ask for it today, and my former employer would still be obligated to provide copies of it. The various warnings from SD about sharing materials did not amount to a NDA, in my opinion, just an acknowledgment of their copyright to the actual training materials. (That's funny, since their main docs are a handbook containing mostly the STDERR "usage" messages from their various executables, but in an even less readable format.) But even if they *did* have a bulletproof NDA, I certainly wouldn't have any authority to suspend state law in order to accept it. I would be concerned on behalf of the library posting Unicorn "API" code to
a public site like SourceForge.net that they could be opening themselves up to lawsuits due to breach of contract, if the vendor was to get to such a bad state that they started suing their (former) customers.
It may be true that SirsiDynix eventually goes the way of SCO, adopting a litigation-heavy business model. In either case, I don't consider it ethical to limit my behavior because of this possibility, in particular if the result is more people stuck paying a litigious vendor they'd prefer to leave. If spurious liability is the real concern, in the modern era it would not be difficult to post the code anonymously, or via foreign proxy. Any code dealing with the results of using the Unicorn "API" to extract data
should be openly shareable, because at that point you're just dealing with data structures. But I would be worried about openly sharing the actual commands, err, "API instructions" required to get that data out of the system.
Unicorn uses either Oracle or an ancient version of Informix as the back end database, in conjunction with a bunch of flat files. Nothing particularly special is required for anyone to access the information directly. In that way, the API question could be sidestepped entirely. -- Joseph Atzberger SysAdmin, LibLime http://liblime.com/koha 1(888)KohaILS ps: Needless to say, my comments are my own.
On 23/10/2007, Joe Atzberger <ohiocore@gmail.com> wrote:
On 10/23/07, Dan Scott <denials@gmail.com> wrote:
I would strongly suggest posting the code to the sirsiapi repository. I'm not a lawyer, but (to my understanding) sirsiapi.org is the only SirsiDynix-sanctioned location for hosting code that uses the Unicorn "API" to extract information from Unicorn. Sites that have signed a contract with SirsiDynix for Unicorn typically have agreed to not reverse-engineer the product (meaning that they agree to not try and figure out how the Unicorn "API" works) and if they have taken the "API" training course then they have agreed to not share any of that information (including code examples) outside of the SirsiDynix-sanctioned locations.
In my opinion, the repository is an unsuitable venue, since it requires considerable cost and Sirsi's blessing to even evaluate the (mostly tentative) code in it. There are less than 40 total contributors to it, all time. So from a practical perspective, it's the wrong choice.
As for the legal questions, I'm not a lawyer either, but I do take them seriously. More seriously, I suspect, than the former management at Sirsi.
I attended SD's week-long "API Training" course while in the employ of a 5-county educational consortium, with whom I had no non-disclosure agreements at the time, nor any other kind of contract now. (I don't work there anymore.) Since I was a public employee at the time, literally all the code I wrote is is a public work-product and like all my correspondence there, is subject to public disclosure laws. Anyone could ask for it today, and my former employer would still be obligated to provide copies of it.
The various warnings from SD about sharing materials did not amount to a NDA, in my opinion, just an acknowledgment of their copyright to the actual training materials. (That's funny, since their main docs are a handbook containing mostly the STDERR "usage" messages from their various executables, but in an even less readable format.) But even if they *did* have a bulletproof NDA, I certainly wouldn't have any authority to suspend state law in order to accept it.
I would be concerned on behalf of the library posting Unicorn "API" code
to a public site like SourceForge.net that they could be opening themselves up to lawsuits due to breach of contract, if the vendor was to get to such a bad state that they started suing their (former) customers.
It may be true that SirsiDynix eventually goes the way of SCO, adopting a litigation-heavy business model. In either case, I don't consider it ethical to limit my behavior because of this possibility, in particular if the result is more people stuck paying a litigious vendor they'd prefer to leave. If spurious liability is the real concern, in the modern era it would not be difficult to post the code anonymously, or via foreign proxy.
Any code dealing with the results of using the Unicorn "API" to extract
data should be openly shareable, because at that point you're just dealing with data structures. But I would be worried about openly sharing the actual commands, err, "API instructions" required to get that data out of the system.
Unicorn uses either Oracle or an ancient version of Informix as the back end database, in conjunction with a bunch of flat files. Nothing particularly special is required for anyone to access the information directly. In that way, the API question could be sidestepped entirely. -- Joseph Atzberger SysAdmin, LibLime http://liblime.com/koha 1(888)KohaILS
ps: Needless to say, my comments are my own.
Fair enough, Joe. We each have our own, non-professional opinion of the legality of publicly publishing code that uses the Unicorn API as part of a migration process. I'm leaning towards the conservative side, whereas you're leaning towards the aggressive side. The original poster has to form their own opinion, and of course I would suggest that they seek out a professional legal opinion on the matter. But then, we've already established that I'm conservative in this regard. Rather than putting the original poster in that position, there is an alternative. As you have the required Unicorn and Koha skills, would you (and your employer) be willing to publish a complete Unicorn-to-Koha migration process & code to koha.org as a contribution from LibLime? I would see this as a great contribution to the open-source ILS community in general. Perhaps more valuable than the technical matters alone, it would be a great test of the matters we've discussed in this thread. -- Dan Scott Laurentian University
participants (2)
-
Dan Scott -
Joe Atzberger