 Yeah, and so it was also kind of interesting to get his take on the home page of the party thing. I used to read that. Yeah, he was very informed as to... Okay, yeah, I mean, you know, we were at that conference here, historically, however, no one had ever said that a friend or a friend would be decided in a college whatsoever. I'm sorry, yeah. I don't know that guy. Well, on his wife... You can't really tell really. Yeah. I completely forget, I guess. No, he has to pay. He's on the appeal company. The company, they have a preliminary injunction on the appeal. I saw that one of the issues was the same. They thought maybe he failed to identify his contributions well enough because the member was... That was the original. Right, right. And so they also thought that as well. And eventually, McCarty decided to withdraw off. And by doing that, he had to keep all those full comps with both of us. So that was a bad day. I don't know, it's curious. He said he didn't really go into... Farrell didn't go into kind of the why. But it was, really. Oh, yeah, yeah, yeah. He came here for about five years. I should like for a vacation. It was a nice gift for a witness. Thank you for reminding me. It's been a while. I thought it was. Oh, my God. You're at the win of the court. You're at the right. I guess that's the schedule of these bids and all of them. And I think, great, being a small firm, I don't know how you would handle a gait. Not pat on the gait. Right. And yeah, you can just any way you can. And be afraid. I don't know the local way. Right. It's like... And the liability, you know. I think both of them like pat on the gait. Oh, yeah, no. I still have a good number. I started this pat prom cator. I was trying to get a copy just from my not-marketing what it means. I would just give up my red number. Yeah, yeah. But did you do that? No, but I do a lot of university licensing. Licensing is the least risky area. But it's still considered very high-risk. Sure, sure. Well, anything I see almost is very high-risk. Yeah. And I'll occasionally be brought in in your shoes. One of the things that you are, basically none. Everyone's got to get a client who also misunderstands this. You know, that guy doesn't litigate, right? I'm the guy you call in as an expert or as a witness. Yeah, you know, I draft. But everyone's got to look at somebody who's like, and you show up for litigation to defend this. No. No. Just going in a file. And the legal, the engineering. And while the last panel was a very kind of, I think, legal and formalistic discussion of contracting clauses, I think this conversation is going to be a little bit more pragmatic about, kind of, profit on the company side. So I have multiple panels, I guess. I think most of you have interred. You already interred. Yeah. Okay. We've all been interred. We go way back. Well, and there might be new people, though. I know. Who's not seen them. Okay. Why don't you quick, quick, quick. I am a solo attorney in Raleigh, North Carolina, working at Red Hat. So I primarily do trademark work. And Raleigh's a nice town. Oh, yeah. Well, no. How do you know? How does the company end up in Raleigh? Okay. And mostly actually working, what we're talking about today, a lot of governance, type issues, and helping companies kind of figure out how to move. Just a question about whether or not you've seen. The thing I'm wondering if you've seen is, have you ever come across a situation where there has been a source code made available publicly by a company by probably engineers and other people within the organization who were unaware of it? And if so, were those projects, you know, released by the engineers under licenses that were appropriate? Have you ever experienced kind of, is that worst case disaster where like, proprietary stuff is made available or were these things that actually were probably best suited for open source anyways? So I'm just wondering if any of you guys have any experience with that? I, you know, so I haven't been at that situation. One of the things we do set up is the process for getting approval for doping a contributing code and doing that. I actually haven't luckily, I guess, none of my clients have reported to me at least this idea of kind of going outside the process and just contributing it themselves. I've not felt that. Yeah, I think, um, to all the processes and so where we have had issues in the past has been either confusion about what's proprietary and what's not or the controls where code might have been released. It's like, oh, we thought this was more for lack of understanding of the controls where it was released. Yeah, and I would say it's a question of making a contribution without the authority of their company to do that versus any sort of nature, like, hey, you know, I wrote this for the company and I'm going to put it on GitHub and see what happens. That's what happens. A really common experience mine is I'll be called in for some open source issue at a company and I'll, you know, I'll have a GitHub account. I'll go check out their GitHub and I'll show up and say, oh, I see you have like 10 repos and five of them have licenses and none of them are under the same license and I'm curious, you know, how'd you get here? And more often than not, the person who brought me in is like, what? Yeah, so on one hand I think that's kind of like the worst case scenario, but I'm curious if you guys have actually seen any harm of this or if it's really just a surprise and then it gets cleaned up and it's not usually a big problem. No, I haven't seen it. Yeah, I guess I like this. Developers, I think, are fairly specific. Throughout all the talks, it's engaged. You can just, you know, you can say, hey, we thought this exception was the reason which is, you know, made in the life of clients versus not. And then the other part might be, huh, the cleanup that we've had to do has been pretty much wrong. And usually I think it involves a lot of time cleaning up the process or making the process easier than just seeing harm. I think I have seen instances where somebody goes outside the process, but usually it's just about trying to correct it and make the process easier so that it doesn't happen again. Yeah, the reason I started with this question is a lot of times I encounter a sense of fear and strong concerns from the non-technical people with the company when they're kind of starting to, okay, we're going to use, well, I've seen this kind of term and I think it's because of your point. There's no reasonable engineer who's going to say, oh, this is the core of our proprietary technology. Let me go throw it up in the air vent. I think most people are fairly thoughtful and they think, oh, this is just a little widget I wrote that someone else will have to write next time if they go looking for it and then they don't have to value the company. Yeah, and it's handsome. I mean, maybe it's specification things. A lot of my clients are bigger companies. I actually see it go the other direction where they're very reluctant to even try to contribute or, you know, they're almost scared of engaging without getting the approval of their manager or somebody. So usually, you know, they reach out to somebody before they just start throwing. There may not be an answer to that, but in your experience and your typical, who is ultimately responsible for the sign-off on whether or not open work can be used, whether or not it can be incorporated into various products and others, employment issues, and what not. I have a strong opinion on this. And the strong opinion is business always wins. So, accepted idea. But anybody? Anybody from IBM here? No. Now, which is, you know, some of the legal department has a voice and has a say. I always felt that my job was to counsel people on the risks. And once I got to a person who I felt understood the risks and had the authority at that company to make the, to make, to make, to understand the risk assessment and make the risk choice, my job was done. So I've never felt that it was my job, that it was a legal job to do that. I've always strongly felt that the legal job is just a counselor and it's a business who should decide what, what risks to take. When I was in house, I felt that way too. Sometimes you do pull the, pull the, like, I said no and we did it no. You know, I mean, sometimes you just, sometimes you can't do it because you can't get to the right person to understand or, or whatever, or they, they have bad judgment. But most of the time, it would differ. So if you're at a, you know, if you're at a VP level or DTO level and they, and they say, that's a really high risk but we're going to do it anyway, that's my, my job, I always felt that my job was done. So I've never thought that the legal department should be the owner of it. I've always thought that the legal department should be in the role of counsel. We actually do a dual-track escalation. So what, what we have is, we have an open source policy and it's kind of one of the other questions. And slow charts. So we've made it in a manner that's really consumable for developers because they're the ones who care the most about it. It's kind of a budget gift-end statement. And then we have a list of pre-approved licenses and escalation licenses. And at that point, it is a dual-escalation to me and the VP of Engineering. I totally agree, absolutely, it's a business decision but the thing that I kind of bring to that is, you know, understand you want to use this TPL-3 widget here but let me tell you about the perception of customers, you know, when customers start from a place of no open source at all and give me your 440-page list license, you know, so helping the hearing understand how this could have a, kind of, bigger picture impact to the company outside just the technicality. So, actually, kind of, ironically, I'm the voice of business and I'm not a piece of it and so we do a dual-escalation and so far as we're doing it. Yeah. I just delivered that a little bit. I do offer the other thing I also left about being in house with, or I thought that the critical role of being a house lawyer was you're the nurse and so you are hearing, you are informed, you are getting information from different sources that the other side may not have heard or the DTA may not realize the impact that take the GKLB free license will have on sale, for example. And so you are the person who's a defender who collects all that information so that you can make sure that everybody is fully informed on it. So, yeah, I think it's kind of fun to be in that position. Yeah, and I echo that completely. Very often, legal controls the process in the sense that it all kind of flows through legal but with almost all of my clients, once you get a point of question of, hey, we want to release IT, or hey, we're going to require this. Yeah, it's almost always that it needs to be kind of offer something like that because, you know, there is the legal what's going to happen but the implication of that, attorneys are not really in a position to know your business tonight, especially if it's a big company. I don't know your business. I don't know if this is good, bad or in between. And so as you were saying, it's more about kind of keeping people informed. But because legal is usually the most scared, a lot of times, they can take the process and say, okay, we'll run it to make sure it's going through all the hoops but inevitably, there's kind of a VP dino or something like that. And then kind of as an extension of that, at what point do most companies first move into legal with respect to free and open source issues and then in a perfect world, at what point should they? I think it varies dramatically and this is something I've done for a lot of different companies. The best open source policy for your company is one that fits the way they already developed and released code. You have to make the process match the company, not the company match the process. And so for example, I had some companies where because of how it just worked out better for the project manager to initially field all open source requests that are not pre-approved, right? A lot of times, with the same thing, we pre-approved that or something like that. But a lot of times we have the project manager field that then it goes to legal. But again, it really depends on the company itself and kind of how they develop and release code and trying to get the process to add the least of them and add the least amount of inconvenience to that process. Trying to fit it into something that's already comfortable with an already known. Yeah, and I'm thrilled being like I'm involved super early at SHAP which has been fantastic. Probably a fact earlier than a lot of commercial conversations kind of erotic. And it's worked out really well because now it's gotten to the point where as they're developing updates and you know the next product they're like, all right, how are we going to manage life? Let's talk to Jen and let's see, you know, what she thinks about that. And so, I mean, the answer always I think with when does legal get involved in the early years is better. You know, and just how you come up with a way to make sure that you're approachable and you're not the department of no and you know that they're going to kind of value your input. That's really the tip of all this. You know, you want to make sure that they want you to be involved. Yeah, I would, I would, that's, you took my word. Sorry. The tip of all this? Yeah. Now that, that really is, you know, as early as possible but to me the biggest problem is always, I've been in companies where the legal department just was this, this no organization and all that happens is nobody tells me what's going on and that's just so counterproductive that it's just, you know, sort of silly. So that, so it's not sort of enforcing any kind of when should you come to me but it is, gosh, let's go ask Jen because she might be able to help us with this problem and so if you foster that interaction with them then you'll be you'll be fine. And it's kind of a feeling of prophecy because the later you're brought in the more likely you are seeing that. Yeah. Right? Because it's already a mess. Right. Yeah. I just want to explore some areas that may or may not be areas of, you know, communication issues and your personal experience and the first one I'm wondering do you find in today's open source environment that we still have confusion around terms? No. Yeah. Yeah. So, you know, things I've heard many times that I literally, my brain goes off and I think that has no meaning because so many people understand it differently are things like, oh, we've open sourced the code or it's in the public domain. We hear that a lot. Yeah. And I'm wondering if you guys have any other examples of things here where you're like, oh, wow, it would almost be better if we just didn't say these things because so many people have different ways of sourcing is the big one. Yeah. We hear that when you really have to fill in. Well, I actually, I've seen a commercial agreement from a bunch of you know, kind of old school big companies, you know, that thou shall not use open source clause, which is my favorite. My first question is, do you know what you're buying? Yeah. You know, I would never do a company. Followed by, do you have any idea what that means? So, yeah, I think for us, it's a real challenge I see a lot of, I think we've all seen it, as well as being savvy on legal issues, developers, a lot of developers are also strongly opinionated on what the right answer is or what the right outcome is. And they confuse a little bit, what they have concluded is right with what actually happens or what the enforcement landscape looks like and those sort of things. So there are times when, you know, you're dealing with someone and like they're convinced, oh, you can link with GPL software and it's going through an API. Maybe not, but we don't know. And so they're kind of, so you have to, I think that's a lot of the misunderstanding about what's required or what's kind of the common opinion in the industry and stuff like that. I see a lot of that. Yeah. Well, in terms of terms, I think this one that's on the mailing list on the list are on, which I'll mention, which is commercial versus proprietary. I think that those are, the thinking that those are, I mean, that commercial and proprietary or that open source cannot be commercial, but commercial means proprietary. Again, to proprietary, that just means property. Well, it means you're maintaining all of your IP right now. Yeah. You're not granting. I mean, it's actually technically, it's actually not accurate either because it means it's owned. Yeah, right. Which is true about the source also. Right. But it is, yeah, but it is, I'm not, I don't take credit for that. I read it on the mailing list. Yeah, yeah. I know it's a closed, I mean it's closed to open. Right. But proprietary is closed. Well, the biggest one with open source is that the source code is available. This is a misunderstanding I had when I first started with the piece that simply that you can see the source code. That's probably the most common, common misuse of open source is, it's not about what the license is, it's about L, you gave the source code versus binary that's their word open. Yeah. I encounter that one a lot. Yeah. And I also encounter that one which gets mixed into, you know, APIs on top of services where they have API documentation. And so they say, oh well we've open sourced our API because they're talking about accessing it back in service. Yeah. And it's like, okay. I'm curious if you guys still run into the traditional fear, uncertainty, and doubts around open source software. All the time. Yeah. Yeah. And it's, you know, a lot of times still you just have companies that maybe haven't developed a policy and they're taking a good look at how they use open source. And very often because I think IP lawyers are trained to protect, right, at all costs, protect the IP, don't let it escape. Folks will show up and they'll be incredibly frightened about using open source software and all that sort of stuff. And so in a lot of ways you have to kind of tranquilize them and help them understand there are good uses, there are bad uses. What we need to figure out is how to make sure we're using it appropriately. I think if lawyers were trained to not trust what we don't understand. So we're, we really see this as selling to big traditional companies in their legal department. You know, either said no open source and I have to educate them or they don't have the money to use and those are changed dynamically. We have a link because they're updated day to week, the hourly and finally gets a headway when I say our list is currently 440 pages and I don't, we should attach that to contracts. But it's, you know, it slows down the sales cycle and you're misunderstandings about one's size. It's super fabricated, you run into it because you do obviously the people who want to buy e-commerce know what they're getting but yet, the legal department is not always there. The legal department is definitely there. Yeah, yeah, yeah. And so, yeah, that's a fascinating, yeah. I, I do think that that companies that, that it over maybe past say 10 years it's gone from legal departments you know, just know anything about open source with no concept of it to realize that they were distributing products with that open source software and that they were completely oblivious to it. Now I think the legal department understand that they had been forced down their craw by their developers and they just, so they're kind of kicking and screaming and have had to come into the fold and do a more careful analysis than just no copy left or like no open source, right? That they are starting to get more sophisticated about their risk tolerance and taking a more realistic view of risk tolerance given their business model. So I think they are getting more educated. They are more educated about it and more willing to kind of understand and work with you because I don't know anybody now at this point who object to MIT like open source software. That's just like, oh yeah. Because they didn't know what it was. Yeah, yeah. And so, yeah, I mean, I'm more cynical to both because you're probably negotiating more contracts with the rest of the people. Again, again, traditional companies don't, they just don't know it so they don't trust it. And you know, you're best advocate and that's your perspective to customers and others, not what you guys mentioned earlier. It's like, go talk to your engineer and they will get you comfortable if you don't want to trust me. Yeah, yeah. Have any of you run into the specific problem of engineering teams not wanting to be slowed down by legal in their use of open source and how do you address that? Try and streamline the process as much as I can. It's always the resistance and the truth is if it slows them down too much, they won't use it in the process. Right. They just won't do it. Okay, well I'm not gonna do that anymore. If I have to wait three weeks for you to get back to me, I'm just not gonna do it. And so, it's really about getting your process streamlined to the point where you're not inconveniencing them so much. And that can be things like almost all my clients seem to be using Jira and so if we're not using an open source product and we're gonna do open source requests or something, we put it through Jira because we know they already know Jira. They always know how to use it, right? All those sort of things. But in pre-approving permissive licenses is another big one. Don't take up cycles and waste time on whether or not we're gonna use MIT software, right? And so, it's really about getting the process streamlined which is also really important because oftentimes when people are designing an open source process or their policy, they really don't appreciate how this is going to scale. Right, so there's a lot of temptation like the lawyer has to look at everyone that comes through but then that's fine when you're getting one a week. But what are you gonna do when you're getting 100 a week, right? And so, for a lot of people kind of involved on it, you really need to be kind of aware of how it's gonna impact them and you try to minimize it as much as you can. I think also, I was gonna open with this but I think it's a good time to put it is as a lawyer, an open source lawyer I guess now, I know more about open source than 95% of the lawyers in the universe. And I know less about open source than 95% of the engineers in my country. So, I think a lot of this is acknowledging that in practice, they know the ins and outs of these licenses and they know how, like where on the license file you put the attribution and you know all that, I don't know that stuff. So, I think really trusting them and making them be part of the process too and opening it up so that they have the freedom to do this and acknowledging that they know more about it is probably what I do for sure in practice. Yeah, so when you're talking about that difference between one week and 100, I feel like that's changed a lot in the past six, five years. The last time I was serving your shoes is five years ago. He was okay to recommend it's not a super heavyweight process, like you still want it to be lightweight but like at least some depth was okay because it wasn't something that would happen if it wasn't weak. It feels like it's not happening. On the other hand, it's not exactly how you do it. How do you see that change in your career? Absolutely, and I actually see that for every company that ends up adopting a process is initially when they don't have a process that developers don't know about it. So they're not requesting to use open source and all that stuff. So even for the company individually, as opposed to all companies, the requests they feel are gonna grow. They're only gonna grow over time exponentially. And I forgot. So what were you talking about? I mean, is that, I guess, it's sort of like a data point. Is that real, right, that escalation? Yes, yes, almost universally as developers understand there is a process to use and that they can use it and as they get beat successful. That's another big one. They request and they get an approval, maybe even for the use of GPL software or something. Once they see that the process works, the requests are just gonna keep going up over time more and more. You then advise your client to crash down to the level that they apply or? So we try to start with a streamlined process with that in mind that this could grow and become very big. We also though, we go back and tweak with most of my clients, we'll go back and tweak the process, right? You always kind of make your initial choices. This is how we handle GPL requests or modifications, these sort of things. And you wanna go back six months, a year later, once or twice a year, how's it working? You get together with the stakeholders. You know, what are you hearing from developers? What are the complaints? How can we improve it? Where are we spending too much time? A lot of times the patent review ends up being way too much, you're just spending way too much time on patent review for silly reasons. So that one gets you to a lot. Well, I'm gonna say invest. Well, because we're kind of talking about two different things here. I think one is putting code under a free software license or a free software license together is ingesting free software. I was gonna comment that I think that a lot more companies are ingesting much more freely and taking it off the shelf is the two most components of the commoditized, you know, plugging in the code, laps the license and the documentation, we're done. You know, so that, and that doesn't require so much patent reviews. It's certainly the other way for people when they wanna release the source code over to the state to do something. A lot of times I agree that the patent review process is, and I just think that I mean personally, I wanna tear my hair out of this. Yeah. Well, it almost always starts out with, like every company almost initially chooses that anytime we're gonna modify an LGPL library or a Mozilla Public License Library and ship it, we're gonna grant an outbound IP license. So we have to review it, right? And then it goes to the patent team and sits there for a month. And also the truth is that the patent team is going through and looking at each package and looking at it against their patent foil, that's a waste of the patent team's time, right? So we kinda come up with tricks and like a big one that we use quite a bit is let's identify types of technology that is important to us, where our portfolio, our core technology and maybe we only up the review when it's a core technology, right? Or something like that. And so again, it's kinda tweaking the process but a lot of companies will start with, if there's any outbound IP grant, it's gotta have this really in-depth process. And then after they've done that for about a year and that's all they're doing, they're like, okay, let's maybe trade into that a little bit, right? Yeah, so the most important thing, I think, is that you guys are more concerned about the security of the product than just a bigger part of the company. Excellent question. Yeah, yeah. So I see security driving a lot of the purchase of products. So like for example, if you look at like BlackDoc or Palomita and one of my clients bought BlackDoc and it just be completely open. When they're looking at that, the cost of that, who's gonna bear the cost? The legal department in this was very much driven for many years by the legal team. If we're gonna have this software, if we're gonna scan our software and look for these problems, legal's gonna pay for it. As security issues have come up front, it's much easier for companies to go, oh wait, we're also gonna be scanning for security problems so they're much quicker to just kinda sign on to, yeah, let's do this. And I've also seen the cost shift away from legal to where the product development is now kinda bearing the cost of that scanning. Yeah, what I've seen is there's a really nice marriage between the concerns of open source process management and security teams when it comes to keeping very good records about exactly what version you're on, exactly what the license is, when you switch to that version, so that when you get a huge announcement of some zero day bug that you need to patch ASAP, you know exactly which customers are actually affected. That's a really nice kind of repurposing of a very well-billed open source software process because you can use it in that kind of journey. Yeah, use your business strategy. Because I'll get you to have their meeker answer on this one, which I think is a really smart answer, which is it will always be distributed just as soon from the get-go that at some point it's gonna be distributed because you know what's gonna happen, you're gonna have a very big, very wealthy, very smart client come to you and say, we love your product, but we wanna run it on- On-prem, yep. And you're gonna say, okay, great, here you go. And that was the distribution. So to cut yourself off at the knees when you're starting by not allowing those, by not giving yourself the latitude to be able to distribute and do it, you have to start from the beginning. If you don't start from the beginning, it's an nightmare, but if you start from the beginning, architecting everything carefully, then you'll be fine. So that's, and I think that's a great, the reason I give that answer is because I think that's a very understandable answer to a business person who's just like, oh, it's gonna be, you know, oh, this whole, it's gonna be, you know, software as a service, not gonna be a problem, I don't have to worry about it. I can do all this mixing and matching of software, I don't have to worry about it. But that's a very real example of like, oh, and you're gonna turn away, you know, maybe company who wants, who loves the product, but wants it on-prem. I will say, we have on-prem software and we actually have that. So we have an open source policy where we have, you know, a specific on, what do you call it, exception, where you can use GTL-3 as long as it's internal, not, you know, not distributed. And what we've done there is we've like, and it sounds maybe naive with that, but I mean, you know, I feel confident that we've locked down that process. It's totally, you know, everybody who's involved that is super clear that it's internal only, and we have escalation, so if you do wanna move it out. So that's the place because we're the higher risk where we're a little more, you know, firm about what the policy is. Is it perfect? I don't know, I guess we'll find out. But it's definitely a different flavor of enforcement than we have with our other stuff, which is, you know, pre-approved license, soon positive intent, and people know what they're doing. Yeah, so I have a question that comes from probably not a lot of people, because it's more of a non-profit for research and expansion to show around it. But the issue is that the idea that we're gonna make products that are created at the Institute of Open Access or Open Source, pretty non-contentious with a bunch of stuff like the Caltech would be publicly funded or funded by a foundation that's making the condition of the funding be that there's some kind of societal benefit. So the idea of the open access of open source is really pretty normative. But what we're pumping into for legal interoperability, the ability not to establish open licenses is that these staples are still wanted with sort of other things, like the case of Caltech's general counsel office. They wanna make sure that we don't suffer any claims against like liability, responsible for, responsibility for a change that's needed. Sometimes because we live in an economy of credit, not money, people may want something more than what the attribution assertion requires for a state-of-the-art process or some kind of software licenses. So they may wanna require notification. Sometimes they wanna, because again, we're in the non-profit sort of good to be, they wanna be good actors. We run into like, they wanna know if something's gonna be using it. They want notifications because they may want to make sure they're not gonna do any harm and I'm gonna harm the climate or take this data and then use it for unacceptable purposes. So I don't know if there's an analog in your world, but I think this is the major barrier, the legal interoperability and the uptake of open life today and the community that you think, like what kind of skin is in the game? Like it isn't about the money, but it's actually the other stuff and it's not being just, they're so attached to it as much as it was before. I'll feel that. So I think that open content is a little different from open-source software, and that's the reason you can use identified one reason. There's something, to me there's just something different about absolution, maybe I'm wrong, but the lesson that is that I would try to teach people who want open culture and open access is, I think one of the most brilliant things that happened in open-source licensing, I don't know if it was website sign or not, was the concept of equality and Richard could probably say it better than me in terms of, you know, if you limited to only certain channels of trade or certain types of use like non-commercials, it's not open-source. And so I think that while there's, and there are a lot of licenses that do impose those limitations and they are rejected as open-source licenses because of that. And I think that while on one hand it is a struggle when you realize that what you've written maybe used for a purpose that you have a ideological disagreement with, I think it's critically important that this is functioning properly. So I think you just have to kind of swallow that possibility and, you know, and I don't actually know that it's caused a lot of problems in terms of. It's a proven barrier to open software and open data, I'm sure, where people are being funded or to create stuff. So they're under a mandate to share it and then we'll be actually evaluating you know, systematically the barriers which is happening to different sources, like the data alliance, the open software budget. There's a whole bunch of communities in this area trying to understand why the updates for open sharing is, first of all, and it is given that a lot of the stuff really is funded for, and there's actually a mandate or a contractual obligation to share and then there will be barriers that are coming. Yeah, very scary part. Yeah, and another thing, the open source initiative tried to stop like, pros and cons. I can never, which I think was also just a really important, you know, they may be ugly lenses, but they work and we all know how they work. And so to me, it's not the problem with the system, it's the problem with teaching the consumers that it's not gonna be horrible despite their disinclination to allow the use of content in some way they don't like. It's actually not that hard one outcome and you know, to just kind of force people along the path. So I think having the precedent of the open source was the foundation? Open source initiative. Open source, okay. Yeah, so the gentleman there, and then we'll be sure back there is, what's your, are you the executive, not what's your title there? Oh, I thought, you're on the board, I'm on the board, board director? Yeah. So I think maybe that's at least we have precedent there around the idea of like, yeah, yeah. The more spoke we go, the less improper we'll do it. Exactly, that's a good way to put it. Yeah. But it brings the value of introvert. Well, and very often you're releasing it because you want lots of people to use it and if it's a new license, you're wiping out so many people who otherwise would have used it because we've pre-approved MIT but I don't know what this license is so this has gotta go through legal, so forget about it, they just won't use it. And so you can really affect what you're trying to do or the success of your project by doing that. All right, so a lot of clients come in, they just don't have a compliance process, right? So for me, that's one of the big ones that they don't have or don't have an adequate compliance process. So a lot of times we're dealing with that. I think you're absolutely right in that even if there is an open source group, there or an open person responsible for open source, they're often kind of disconnected from the procurement group that's gonna go out there and sign contracts with the ones that are gonna go out and sell licenses and so there is, I mean, one of the things that it takes them a while to catch up on is that these two kind of need to be connected if you're gonna make open source representation, right? Like a lot of times the company doesn't want you to say we don't use LDPL software or something. Well, we do, right? And so it's important that somebody, you know, you kind of have to teach them internally that it's not the opposite of the data that's going to go out. So sometimes things like this go back. I think one thing you could do is sort of life cycle, right? You know, understand where both internally and externally, you know, kind of wipe all it out. Where the software is gonna be using so you can do it in half an hour. So you can figure out, you know, through the life cycle, okay, we're gonna be selling to the government. The government usually has a clause or they own everything. They also acknowledge that, you know, background data or, you know, however they want to define it, you know, you bring something that either belongs to you or a copywriter, you know, however you want to describe them. So the life cycle is that way. And then, you know, figure out, okay, we're gonna be hiring people and what are we expecting them to do? And it's no fun at all. But anybody who's been working for GDPR is doing this anyway. So, you know, a lot of that work ties into, I think, comments about security and just, you know, data mapping in general, which I think most of us are gonna have to be doing for different reasons. So you can just kind of tie it all in together and maybe buy it that way. I was gonna say it. And then after you do that, then you have a playbook and then anything. It's kind of the same thing as the process with open source. It's simply when you have an agreement, it's, you know, this kind of term for a assignment of copyright or, you know, who's gonna own it. If these three provisions are okay, anything else gets kicked out and has to get kicked up to someone who can sort of make the decision on what's appropriate or not. But then you have, it's exactly the same that you have to have the process. You have to know what's okay. And if it's not, then, you know, it's gonna get kicked out for a further review or analysis or negotiation or whatever. And one simple tool that maybe your friends is probably getting QT, the order of precedent span, because, you know, if you've got a bunch of different contracts and licenses and, you know, things going out there to find what is, what trunks. Because you can get, you know, you can get a government contract that says we own everything on. That may or may not have a background IP clause in it. So if you've got, you know, some sort of order of precedent clause and they're saying, you know, our trade, I don't even know. I'm just making stuff up, you know, our trade mark policy or our T's and C's, you know, and then your agreement, that's also the way to manage those internal conflicts and party your data mapping or whatever you want to call it, is decide what's most important, what's when, in case you mess up the other issue. And that's the last thing that I had. It sounds like you were trying to identify places where these conflicts might actually be occurring that you weren't aware of. Yeah. Yeah. Do you know that there's still a lot of marriage and so on with trade and security? Mm-hmm. When I tell my team, like, my new clients that come on board that don't really have dedicated legal anything, the thing I generally tell them about, okay, so you need to start thinking about when to live me in so that I can help you be, fill processes so you can kick me out. I usually say there's two main things on the IP side to me to worry about and that's stuff coming in and stuff going out. And so, you know, any time something's coming in, whether it's through an employee, a contractor, an in-license from a commercial company, open-source licensing, and then the same thing, if you're buying something, and the same thing, everything's on the way out. And you can start there because those are the most likely places where the conflicts do occur. I've encountered legal teams being overwhelmed by open-source open-source and not having the resources to perform the legal review in a timely manner and is this something where they just need more budget and they need to hire more people and it hasn't been addressed to sufficient kind of importance or are there just solutions to make more efficient? What's your general opinion? Well, a little bit of both. You know, you can always try and make a process leaner but I'd say most of my clients, when they come, they help me like, okay, let's do a policy. A lot of times they want to buy a product and they think like, I'm gonna install this product and I'm done, right? And you really, I think, have to emphasize it early that this is a lot of overhead or else another thing I see all the time is, well, Steven Patton knows a little bit about this so we'll make it Steve's job. Like, Steve isn't doing anything right now, right? So we see that a lot. So I do think it's important to help them understand that this is a very labor-intensive at times process and that you really need to, if the only way it's gonna work is if you do allocate the resources. And for big companies especially, it's hard not to have someone dedicated to this. It doesn't have to be a lawyer. You know, it can be someone but you almost have to have someone dedicated to the process, the internal open-source process that is just in charge and that's probably all they do. Maybe they also do compliance or whatever but you need somebody who's just focused on that. I feel like, I like your comment, kind of think about it on data in, data out. So, you know, mostly I'm thinking about data out concept and having it fell into people comfortable doing it. So if you can include sort of overall policy statement of the wrong word but kind of a description of what our open-source does and you know, kind of a high level, here's the license, you know, kind of the way it's not copy-left, it's permissive, so you're okay, everybody's fine. You know, to sort of help people that way, comment, your point really, it's not a scam. You can't retire more people. It's absolutely not a big scale. You've got to come up with a way and there's a lot of products on the market that I think are being built to help people as well as you know, I think that's a good point. Yeah, I wish I could say that I never seen or worked at companies where you could say, gee, we need another body and they'd say, great, that's good. That's a good point. That's a good point. That's a good point. That's a good point. Right now, I think that's a good point. So it just becomes, you know, this ever-crushing burden of trying to do more work with less people and so yeah, absolutely scaling process is having processes, changing your risk assessment, changing your risk alignment. I, a lot of times, a lot of times that tells me, you know, I have a, you might start out with a lightweight, heavy-handed process because you don't even know the problem you're trying to solve yet. So first you have to kind of see what the ins and outs are to be able to be able to set up a system for you. You don't even know what kind of system to set up until you've seen some of the things to give and take and when you start seeing repeat others. Then you can say this is kind of true across the board is when you start seeing repeat times you say, okay, we can set up a rule for this one. We know how to deal with this so that you just hopefully keep re-examining and keep streamlining your processes, first flying them down and the other. But then you get in some companies, you know, where it's just trying to encourage you to get involved because they don't have the ability of a desire or too much politics or something going on that allows them to actually, you know, product out the door. But, yeah, yeah, you know, I don't, I agree with you it would be nice to have a body, but. So it's still hard to get companies dedicated only in the largest clients with, you know, or massive companies that are real quick to usually do it they'll hire somebody, but it's hard not just to get them to hire a body but just to dedicate real resources to it, right? Like, okay, like with the Steve example, let's not expect Steve to be a full-time patent attorney and also do this other stuff. Somebody always gets kind of jammed with it and then ultimately they can't handle it and you gotta come back and figure it out. But, you alluded to this earlier, I think maybe also start with the question what's the worst that could happen, right? Because I think that sort of frames the perspective and it informs the answer you're trying to solve or I get the question you're trying to answer. What's the worst that can happen? You know, okay, we missed it. Does a company go under or do we fix it? And, you know, sometimes the company may go under in which case all hands on deck, sometimes you fix it and you move on. And so we think that helps. Yes. How do you get your arms around like what's already in there? And there are a lot of different ways to skin that cat, right? Maybe you instead of buying the tool for Black Doctor Palomita, you just go have them once a year, you have them on a scan and then we go to the inventory and then look at what's changed. Stuff like that. There are a lot of free tools as well that you can use. I can tell you all about them. I'm trying to tell you. Yeah, yeah, there are tons of them. And also I think it goes back a little bit to my earlier point of it really depends on how your company operates. So what we've seen is where there is that sort of concern or even when you have a company with different departments that are really separate, they may have different ways that they wanna handle it. And so a lot of times what we'll do is we'll leave the, we'll push that responsibility down and say, you know what? I don't care how your team lists out all the open source it uses or exactly how that does that. It just has to be done, right? And it has to truly be part of kind of the job description of the project manager or whoever is responsible for it. It really has to become an important part of their job. And so I've definitely, some of the companies that will push that down and just leave it to the department and say, this is what we require. You know, you gotta list it all out so we can provide this bill of materials, open source bill of materials, do that sort of stuff. How you do it, it's up to you. And I think this actually ties back in with the security question, which is it's a lot easier battle now to say you gotta tell me everything in the software now that there's so much concern about security about, yeah, about top of security. So if someone to say, oh, like, I don't know what's in there, it's just not an acceptable answer anymore. Well, I was like, we live this. So, you know, we went through that. And I don't know, yeah, our team did it internally. They built some magic and, you know, and it started out as a super manual and really the impetus for it originally we've been through that before. So, you know, sometimes you do need a forcing function on, you know, and it kind of goes to the point you just made, if it's gotta happen, you know, thankfully, it's, you know, like maybe we have, you have a lot of smart developers who, you know, build software for a living. So maybe it's something they can build inside too. I think it was relatively drama free at the time it happened. Maybe that's what it was. I have had clients who've built tools that just stripped the whole source code base for the word license. And that alone pulls out a non-truvial portion of the files that are necessary, you know, but yeah. Yeah, or like a lot of them will adapt to Phosology is a scanning tool that's free and open source tool. That's a great one. I mean, there are a lot, like I said, there's a lot of ways to scan it, right? It's just about finding the right one for your company. And there's probably someone within your organization who is pretty ideologically in line with wanting to be in compliance. And that person can probably write a script that does a lot of the work. And those are great people a lot of times for resources to get involved in the kind of your open source compliance because they believe in it, right? They want it to happen. Because a lot of the people, this stuff is being applied to them, right? And they kind of don't want to do it. It's more work. It's resist, but if you find someone who kind of philosophically agrees with doing that, I find a lot of times those people are a great resource to help you kind of push the process internally. They become stronger. Yeah, yeah. And now, you know, it opens up kind of the whole point of the panel, and there's your partnership with the chair. You can kind of, you know, open up a lot of the doors. And if it's not obvious, start with the product to go down the door. Yeah. Yeah. Yeah. Yeah. Don't worry about the, you know, whether or not they have, you know, open TV, a reader on them. They're using the DELA. Exactly. Don't worry about that. DELA's fine. But, you know, in the desktop, it's fine. Totally fine. Right? I was wondering if any of you have personally experienced conflicts between individuals at companies that have different free and open source goals than the company itself? Do you have shared anonymized details? So, I will say that I worked at Red Hat. And yeah. Not at all. No, but just in terms of, I mean, one of the things that I was fascinated about to me about working at Red Hat is you just had this whole range of developers from very pragmatic to very ideological. And so, trying to, you know, just, always fascinating to me. My most fascinating was where the people who were just trying to figure out how they deserve proprietary copyright-like rights in order to make money for the company because they're a product manager, whatever, and their job was to monetize the thing that there were no proprietary rights for. And so, they were just like, I was one memorable person who I just would spend hours in my office. I would not have put him on the ideological side of it, but then there were some who were just so highly ideological as a very famous person who, you know, very famous in his disagreement with Stephen about the way that Red Hat does things. So, I mean, it was a fascinating, it was really fascinating because I had the whole range, so it was just fun. I don't know if I have a solution to that, but it's the whole thing. Yeah, again, it goes back to what I mentioned earlier today. So, you know, we started as an open-source company and then built commercial offerings. And there were a lot of developers who were shocked and appalled and a lot of members of our community who were shocked and appalled by that. So, you know, we really had to balance that, you know, and through that process, you know, to be respectful and, you know, understand the feedback of those people, you know, some didn't stay. Some, you know, shop was no longer the right place for them to work, but they started building a commercial offer and a proprietary offering on, you know, but that said, we've come up with other ways to do it. We still have open-source projects with people who are, you know, find commercial proprietary to be most disgusting, you know, mostly work on the open-source projects, but they understand that if we need them, that's kind of part of working as a company. Yeah, I definitely see it quite a bit. For some reason, embedded winning seems to bring a lot of that with us. Yeah, the device companies that are shipping Linux, you'll get some internal kind of GPL Linux advocates who really will get upset by the fact that you're not able to come to replace the code or something and do stuff like that. I think what you hit the nail on the head, you have to listen to them and understand where they're coming from, acknowledge their feelings, and a lot of times, explain, you know, I understand where you're coming from. This is kind of the policy we've adopted as a company, you know, that tries to factor in all these different people's opinions, and this is kind of where we're at, so this is how we have to operate, but I think you need to hear them. It's always important to hear them. If nothing else, because if they feel blown off, it might become a whistleblower, which is a bigger headache, right? So, yeah. Do you guys have any experience on the receiving contribution side with getting either CLA's or copyright assignments, and can you talk to them? So on behalf of a client receiving CLA's. We moved from CLA to DCO about a year and a half ago, so everybody knows CLA, DCO? Correct. Okay, so CLA is just like, it's a standard license, contributor license agreement on, I don't know if there's more than one, we use the one from the Apache Foundation, so I don't know if there's other ones out there. Oh, there's like 20,000. Okay, and, you know, and we really had a challenge with that, because even though, you know, as a lawyer, I certainly felt like a very lightweight and non-occuperational and inoffensive. A lot of people had a real hard time with this, like, why do you make me do this? I don't want to tell you my name. I just, you know, I don't want to tell you who I am, and we had a lot of pushback on that. It's just so corporate and, you know, big, bad companies. And so in October, 2016, we moved to the developer certificate of origin, which is just basically a way to make an ad to say it's at-temptation. That's the word you can't say that's why. Correct, correct, correct. In the code, saying it seems like it's, you know, a lot more lightweight and a lot more acceptable to developers. Again, so I got to kind of speak their language rather than forcing a legal process onto developers. That's exactly how plenty of people who are unhappy. Definitely been a lighter process and I think overall positive and as a company and in terms of compliance and security and all those things. We have a good speed, so I haven't seen any negative repercussions for making this decision, that's great. And I think like Pam was saying earlier, a lot of times we're here to inform and make sure that you're making an informed decision. So a lot of times we'll talk to the company about whether to adopt a CLA, right? You go through that, well, okay, we're probably going to see fewer contributions if we go this route, because some of the people are going to end up jacked with these sort of things. You know, and here's the benefit, here's the potential licensing nightmare. You know, do we see that happen very often? Kind of walk them through all of that. Once they decided they want to do a CLA, I've really tried to steer them to be a patchy software Google because for the same reason we don't like license proliferation, right? If somebody's going to have to re-read or figure out your CLA as opposed to going, oh yeah, this is the patchy software foundation CLA. I remember this, we've already approved this. It's going to throw a wrench in the process. So what point, what point did you leave? I did, too. I had a question, and that was part of the analysis, right? And you know, in our blog post, you can see we decided maybe that makes it more acceptable. And you know, we listed a bunch of leading companies that had opted for this process. We clarified it's not just for Linux, and yeah, I don't know. So you just reminded me, you just reminded me of something that's not at all on the panel that I've been struck by it a couple of times at this conference, which is so much of what we bring to the table is analyzing these open source norms. And if there's kind of that extrinsic stuff around the contract that is often used in contract group negotiations, or when you're trying to figure out, that wasn't part of the actual words, but everybody's doing this. And so it seems like this, I think for the CDOs, for example, if you look at it and you try to apply a purely legal analysis to it, you're not getting any rights under any regimes that we as lawyers understand. But once you have kind of critical math, it just becomes the standards and norms, and it's like shipping law. A lot of the papers used in shipping laws don't have actual legal meaning, but everybody knows you need this bill and this receipt over here to make things work. So I wish I could remember, I've heard Karen Koskova-Naver, who counsels the Linux Foundation with Instrumental, I believe, and the DCO, talk about why it was adequate versus a CLA. And you kind of tore apart a CLA and every aspect of it and why it was just really not helpful anyway. So why are we putting this on helpful? Does it vary? This thing that makes the lawyers feel okay, but actually doesn't do anything. And I wish I could remember everything that she said, but at one of the points is, are you really gonna sue that developer anyway? So they make a misrepresentation, they don't have the right, like, are you really gonna, what are you gonna do? You're not gonna go after him. So just that the burden of doing that was so outweighs the true benefits that you were getting versus the one that we used to have paper, sign, think we're getting, just made it just not worth it. So this is a really interesting concept. I've got to admit, I'm thrilled when we need to hear you both say that. Even though we did it, it's still nice to hear it. It's still a little happy. All right, so we have exactly one minute left that I think can get through both your questions. I'll just ask her. Karen. Karen Copinghaver, C-O-P-E-N-H-A-B-B-E-R, and then in the back. Now it's gonna be far enough for the company to pay it to the water about the depth of our actions here. Yes. What you're gonna have to pay attention to. Yeah. The one thing you used to have was you don't have any work in the situation for a right, but there are lots and lots that you're likely to do. Let's say about re-licensing under other license. I don't feel as far as copyrighted, but there's certainly more than just giving this to you. Unfortunately, but those are ridiculous numbers that will allow you to do it. I think that concludes our panel. Thank you all very much for going. Thank you. Is your role to be checked out of the population? This is great. It's hard to get there. All the others that we've talked about as before, yes, so we'd be at our nation. And there are a lot of points to last. The top, the elimination of BIOCOP. So please don't be the one who needs them when talking about the individual. I don't know what you're talking about. How do you get the data to make the world better and make things better? I don't know about that. I don't know what you're talking about. The idea of being there, you can't go into the size of the process. So we see it as a big one. So we, as part of our effort, we're going to do everything we're going to do to make the world better. And around legal interests, right, right, right, right, right. A definition of research data is very important. Anything that's used to support the country. So we've been issued a set of, that's right, we have a number of data that I have for destructibility and, but now we're going to set them, yeah. We really don't know where it's going to go. Oh yeah, I'm glad you're here. Everybody has, data, people are gonna have to have it. Yeah. And where are they gonna go? So we're gonna need your help. Yeah, but I heard this over, and this is the first day. Yeah. Yeah. So I'm gonna be sure some of my things will come to me, a lot of my ideas, I'll have my thoughts later on, night, morning. Yeah, I'm gonna need your help home. Yeah, we can all get, I don't know, maybe the next thing we think, maybe the next thing we'll see, I don't know, I don't know. Yeah, I'm definitely gonna go. There's a lot of new, uh, people, there's, I'll be ready to talk where it's starting to standardize the act. But what would be the perfect way to run? Yeah, yeah, yeah. I'd rather be in the fight with the US and the American Air Force. I'm sorry. I've got a question. But what do you make of Rosie down the street? Yeah, yeah. Yeah, yeah. Yeah, yeah. Yeah, yeah. Yeah. Yeah, yeah. Yeah, yeah. Yeah, yeah. Yeah, yeah. Yeah, yeah. Yeah, yeah. Yeah, yeah. Yeah, yeah, yeah. Yeah, yeah. It's gonna run to court. I know, Marvin. Yeah, yeah, yeah, yeah, yeah. Yeah, yeah. Yeah, we have to go back to the camp. We have to go back to the camp. And then just camp. We don't know. Ten years ago, most people are going to know. We begin to know. But I feel like now we're going to be in that house. We need to have an actually red house in the car. But now they're going to go, oh right. And then they're going to teach me how to do it. But the approximate time. Probably yeah. Yeah. We have to go back to the camp. But it's just before today. I know what I'm talking about. We're going to lock it up. So we're trying to figure it out. And now we're going to start a new company. A company that's funding them. See the work data. So look at how much of your life is trading. You're making money. Like, where things are, right, like that compliance with licensing, enforcement of licensing.