[Koha] Koha became a little more of a certainty last night

Dan Scott denials at gmail.com
Wed Oct 31 06:08:50 NZDT 2007 

On 23/10/2007, Joe Atzberger <ohiocore at gmail.com> wrote:
>
> On 10/23/07, Dan Scott <denials at gmail.com> wrote:
>
> > I would strongly suggest posting the code to the sirsiapi repository.
> > I'm not a lawyer, but (to my understanding) sirsiapi.org is the only
> > SirsiDynix-sanctioned location for hosting code that uses the Unicorn "API"
> > to extract information from Unicorn. Sites that have signed a contract with
> > SirsiDynix for Unicorn typically have agreed to not reverse-engineer the
> > product (meaning that they agree to not try and figure out how the Unicorn
> > "API" works) and if they have taken the "API" training course then they have
> > agreed to not share any of that information (including code examples)
> > outside of the SirsiDynix-sanctioned locations.
>
>
> In my opinion, the repository is an unsuitable venue, since it requires
> considerable cost and Sirsi's blessing to even evaluate the (mostly
> tentative) code in it.  There are less than 40 total contributors to it, all
> time.  So from a practical perspective, it's the wrong choice.
>
> As for the legal questions, I'm not a lawyer either, but I do take them
> seriously.  More seriously, I suspect, than the former management at Sirsi.
>
>
> I attended SD's week-long "API Training" course while in the employ of a
> 5-county educational consortium, with whom I had no non-disclosure
> agreements at the time, nor any other kind of contract now.  (I don't work
> there anymore.)  Since I was a public employee at the time, literally all
> the code I wrote is is a public work-product and like all my correspondence
> there, is subject to public disclosure laws.  Anyone could ask for it today,
> and my former employer would still be obligated to provide copies of it.
>
> The various warnings from SD about sharing materials did not amount to a
> NDA, in my opinion, just an acknowledgment of their copyright to the actual
> training materials.  (That's funny, since their main docs are a handbook
> containing mostly the STDERR "usage" messages from their various
> executables, but in an even less readable format.)  But even if they *did*
> have a bulletproof NDA, I certainly wouldn't have any authority to suspend
> state law in order to accept it.
>
> I would be concerned on behalf of the library posting Unicorn "API" code
> > to a public site like SourceForge.net that they could be opening
> > themselves up to lawsuits due to breach of contract, if the vendor was to
> > get to such a bad state that they started suing their (former) customers.
>
>
> It may be true that SirsiDynix eventually goes the way of SCO, adopting a
> litigation-heavy business model.  In either case, I don't consider it
> ethical to limit my behavior because of this possibility, in particular if
> the result is more people stuck paying a litigious vendor they'd prefer to
> leave.  If spurious liability is the real concern, in the modern era it
> would not be difficult to post the code anonymously, or via foreign proxy.
>
> Any code dealing with the results of using the Unicorn "API" to extract
> > data should be openly shareable, because at that point you're just dealing
> > with data structures. But I would be worried about openly sharing the actual
> > commands, err, "API instructions" required to get that data out of the
> > system.
>
>
> Unicorn uses either Oracle or an ancient version of Informix as the back
> end database, in conjunction with a bunch of flat files.  Nothing
> particularly special is required for anyone to access the information
> directly.  In that way, the API question could be sidestepped entirely.
> --
> Joseph Atzberger
> SysAdmin, LibLime
> http://liblime.com/koha
> 1(888)KohaILS
>
> ps: Needless to say, my comments are my own.
>
>
Fair enough, Joe. We each have our own, non-professional opinion of the
legality of publicly publishing code that uses the Unicorn API as part of a
migration process. I'm leaning towards the conservative side, whereas you're
leaning towards the aggressive side. The original poster has to form their
own opinion, and of course I would suggest that they seek out a professional
legal opinion on the matter. But then, we've already established that I'm
conservative in this regard.

Rather than putting the original poster in that position, there is an
alternative. As you have the required Unicorn and Koha skills, would you
(and your employer) be willing to publish a complete Unicorn-to-Koha
migration process & code to koha.org as a contribution from LibLime? I would
see this as a great contribution to the open-source ILS community in
general. Perhaps more valuable than the technical matters alone, it would be
a great test of the matters we've discussed in this thread.

-- 
Dan Scott
Laurentian University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20071030/2c0ebc73/attachment.htm

More information about the Koha mailing list