 One is once we usually get kind of a template together for the company, they don't need us anymore. We kind of give them a framework how to do this, how to think about it. I also think that companies are becoming much more attuned to open source contribution. A lot of them are doing it as part of their business, and so they're just much more comfortable with the topic. And so there isn't that initial on what do you mean, what do you mean? Okay, I've got to go get some special counsel on that, but certainly I do see it. Well, you are not going to get to someone. You're right. I know, I know. That was very funny. But actually when you think about it, when you talk about the abstract, it has the great feel of the fact that they let that employee own the copyright on that project. So is there any argument that you have to negotiate against yourselves, Pam? Well, I mean, it would be, you know, it is the value, I mean, it's the whole value of what's open source. You are using third party IP. You talked about, I don't know, over, but if you're talking about everything that I do while I am in a place by you, but, you know, that's pretty, that's pretty big. Because they're also, okay, software development in particular is out of our enterprise job. And so if you try to say, well, it's only during work hours, that's not fair to you. You're pretty good for the company that was related to their technology or you license it to them. Yeah. And so they've been involved in related technology. If it is related on the employees on time, you can have resources in the materials, why this area? So that they get from pigs, they'll come across and say, like, oh, these are also corporations that try to grab everything. It's not that low. The most company favorable, I suppose, is the most, you know, one contract or one thing that I see quite a lot with companies will agree, basically, that any of the development of this employee will be contributed to this project under the license or, you know, under those terms. Going a little bit more favorable to the employee, I've seen where the employees actually authorized. And the problem with the first one is, okay, you've agreed to contribute it, but if you don't, is the employee going to choose the company to make the contribute it? Do they have the resources to do that? So actually authorizing the employee. So the company says, yes, we own it, but I guarantee you a license to reuse all these developments under the MIT or some really broad, permissive open source license that enables them to go around and contribute it. I'm always reluctant to rely on it. It's always better to have it codified than not, of course, right? But I wonder how that would work. You wouldn't see this for a proper escape. I'm just bringing the organizers this check. What about hiring people located abroad and selecting them as a contractor versus an employee given their geographic set? Yes, as the companies have to, I'm just trying to see, you know, the employees pushing back, they may be able to just be really careful. And you know, I do worry that people in these types of getting hired are limited because they read a lot of responses about it. But then they go to Schedule A and it's like a premium project. The whole contract is invalidated. We talked about that. And so this isn't sort of our retort to that. It's a policy decision. It's an employee we want to remember, which is to give this an information. Never this provision. They have a policy that provisions are standardized across the country. Technology is a problem of issues like, hey, there's party code anyway, maybe we don't. Thank you. I admit I was fishing a little. Someone's got to do it. Special, skilled people in a particular field from like Harvard. Yeah, yeah. So that's what I'm trying to learn. It's in there. Yeah, right. The company I work for, I guess, is the act of our trade. They do take this here. Yeah. But yeah, so are you located in California? Yeah. I see it. I'm working on that. Right. Absolutely. Yeah. Ideally, then, I deal with them. I'm working on the back of the company. I dealt with them last year on the back of trade. I'm dealing with them. I'm dealing with them. I dealt with them, not as much, not as much, as I think we're going to deal with. Yeah. All good stuff, yeah, I'm located in Colorado. I'm a folder, I try to be close in between so I feel close, and I have a call, I call myself a friend, so I have a friend, I call myself a friend, and that's when I do the predication, exactly, all my action, employment, contract, stuff like that, I don't know what happened, and it's cool there's the other people doing it and doing it, but I'm sure there are other people. Yeah, so I'm definitely going to press over to be more successful, that's what I want to kind of always say, I get the word because of something like hey, here's stuff that I've been coming to do. Yeah, right? So kind of I'm going to give you a little context here. Yeah, I know, I'm just going to give you a little context here. Yeah, I just want to give it a little context here. Sure, I want to give it a little context here. I'm going to do it, right? Right? How do we do it? We're going to do it, right? Yeah, yeah, yeah. It's just quite an emergency thing to do on this thing. Yeah, yeah, that's why it's kind of you're going to have to play by yourself. Yeah, okay, I usually have it, I usually have to try over three options. Yeah, yeah. Now that's cool. Yeah, yeah, it's not very healthy. I haven't tried it twice this week. Seriously, we're not, we're just talking about what you call it. Yeah, that's why I got into this area of law. You know, not just your source, but in a lot of your properties that are in general, in terms of the law, because I knew there was a lot that you guys would be dead. Yeah, property law is pretty well risked. Yeah, that's right. People on the other hand, especially, I guess, I got into it maybe ten years after being able to do it. So, you know, I thought it's time there's a lot of stuff still to be clarified. Yeah. There's a lot of that has to be done. Well, then we can see the target moving a lot. There's a lot of investment that's going to be for things, right? People will be, people will be, people will be that sort of shifting. Yeah, that's right. Yeah, that's a rare case. Not the case with the law moves in a bad case. The IP law, it needs to be a kind of curve. Like, there's so often the subject matter technology moves so fast. So, you would kind of settle this, figure it out. Okay. Oh yeah. Line wire. Is that effective? Yeah, right. A lot of times the technology is pretty interesting. Yeah, no, it's, it's very interesting. I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I work for it, I'd love to be a member of LONDRA. Well, I would let LONDRA. Do you want to keep on that? Yeah. I'll bring you to that. Hold on. I'd like to touch this. I'll hold it for you. Yeah. That's the ICANN. Boom. We're going to have a state market discussion. We're going to have an ICANN. We have private entertainment. It's like a state market. We're going to have a three-level metal market. We're trying our best. Yeah. Right now. All right. What we're going to do is we're going to have a history game. We're going to have a history game. We're going to have a history game. We're going to have a show set. We are going to have a little industry based market. We're going to have a talk center, but you know, I was just curious because my opinion, I think we're just trying to make a lot of work. We're going to be mined up more quickly. I hope you find it would be great. I'll probably be doing that. Hey guys, I'd like to know why my individual is being so spread, I mean, I would probably do thatMusic Bank, and be like, I only do products for users because mitigation... I don't take her weight too much, kind of, to grant her... She would be bold. Yeah. I don't know. You don't need to buy a new product. No. You don't need to buy new products. Yeah. I got to have a note for mitigation. I handle that. I just like... You have to train people. Yeah. Even then, that's... Yeah. I don't think you've paid enough. Yeah. It's not the time you have to pay. You need to do some life. Yeah. That's right. You don't want to have deadlines. You don't want to play. Yeah. If you're going to be on the local news or filing... Right. You got some folks you know how to go. Right. You have to go to the EVBA to do the marketing or whatever. You're going to screw up stuff. Right. I don't want that. Yeah. I do... I do it anyway. Right. I read about that while. You write, right. I've been doing it for three months. I didn't know who... I don't know what to write. I actually like mitigation. Yeah. My grandfather... Yeah. A great hard one. But I found out more than once I kind of knew I was going to do mitigation. And I was going to do... Yeah. I'm going to do mitigation. I don't know how to... Oh. Okay. I got a thing on my diet. I got a walkie. I'm going to do some diet supplements. Yeah, it's a very good idea. Yeah, that does a good point. That's a good challenge. It would have been a good idea. You can use it more to have a wide field and more confidence. There's a lot more complex stuff, there's a lot more. But that's why I was curious, what other people do, especially given that you've got the real form of that kind of thing going on. Yeah. Yeah. I don't even know what you're saying. Do you think that ever we're going to do? Do you think that is what it gives people ideas? Yeah, right. Oh, you're right. Hello. We've got an idea right here. Yeah. I like being on the phone. Yeah. Yeah, right. Talk to me. Yeah. That's reasonable. Especially if it's not where it's at. Why is it not? It's the alley. That's the other case. Yeah. That totally makes it less palatable from a reasonable perspective. Right? Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. When I saw for licensing, you're like, it's deep enough for you. Yeah. So I moved from your area? Yeah. Oh, I get it. Yeah, right. Then maybe we can ... Yeah. I try to stay out of it, just what my agency does and I do the legal access. Sure. Either just the violent, heal-based. Yeah. I think you can take a look at that. No. I think that's cool, man. I were in the Bay Area. I was considering the software. Yeah. I just want to see a place where you can do it. Like, I can run my voice. Maybe you can get it there. You can get a phone call. Yeah. Yeah. Yeah, right. Yeah, right. Yeah, right. Yeah, right. Yeah, right. Yeah, right. Yeah, right. Yeah, right. Yeah, right. Yeah. Yeah. Yeah. Yeah. M. M. rights. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah, no, I like having that together with my cast, and I think it certainly is a hell of a story. Even yesterday, somebody contacted me about that. You're both like, just get out compared to the majority of the billiards I see. Sure. So, yeah, I think it's a smart idea. What made you decide to just go into CS and begin with? Well, I didn't know what else to do, and I ended up with a computer geek. College? College. College? Yeah, college. Yeah, that would've been like the first wave. E.com boom? Right. It was time to go be an engineer and write your own thing. Yeah, I would not live with a phone anymore, so I recall that era. I was like, hi, our team's new for you. Well, yeah, yeah, yeah, yeah, yeah. We have a webpage bloaker that's really slow, but she went to computer lab. Yeah, yeah. I mean, the, I don't know, it's kind of like when I was a computer computer, you know, like, probably, without knowing what I wanted to do, it was the one I was looking for. I'm like, okay, yeah, I'm gonna go. I'm gonna work on it. Yeah, right, I'm gonna, no, that's, that's, I'm curious, I don't know if people can see it, it's where they did. Yeah. I'm like, I said, you're a similar track to myself. I went to the little art throughout, I was like, how are you, but I realized that I was just here for you. Yeah. I'm better than you. Yeah, I'm just, I love it, I'm still a kid. I would just be a little purely honest, like, you know, something like that. I thought it was gonna happen, the actual code, right? Yeah, yeah. That is, you know, something like that. I'm curious because it's fun to find a correlation. Yeah, variable, how to properly correlate. Yeah. But I think that's, you know, like, and I realized that was your law school, like, if I weren't gonna take off, I'd probably take a video of you coming out, based on the career, but they had a present position, because I was there, my friend was there with me. You were there? Oh, yeah. Yes, yeah. Okay. You teach for undergraduates, or you teach for long periods. Yeah. Yeah, what is the UC Berkeley for? Yeah, yeah, yeah, yeah. But, yeah, you know, now that I've lived in elsewhere, I don't really need to teach, but after living in... I agree. And it's always a caveat. Right, right, right. I would say, make her parents. Yes, yes, right, but... This is gonna be, the last comment. Yeah, yeah. But I feel like it is an awareness, but it's an awareness in the middle of the desert. Yeah, right, right. Try going to an ancient town. Try going to an ancient town. Yeah, yeah, yeah. And it's like, off to an evil place. Yeah, yeah. Yeah, you can get barbecue there, but it's not an environment. I know. I get it. I get it. Yeah. And this is one of those situations that I use, I use, like, whatever, or gold, if that's what it's called. Yeah, my wife got it. Okay. So it's like, we got Christmas, holiday treats, from New York. I agree. So they get it, they get it from here. Yeah, they, basically it's like, yeah, that's it. They get the order, or whatever, then they send it to the restaurant, the restaurant, the overnight, the dry ice, or whatever you get. And literally, they've got some L.A., Daly's here at us, and stuff like, Texas Barbecue, Great New York. It's all like, let's forget it. Yeah, yeah, yeah. They'll deliver it. Yeah, county line. It's potentially worth it. If you have that, the dire, because it's a big program. It's free from the people who came out after I left. Yeah. I mean, it's crazy, people. And so it blows my mind. I'm like, people waiting the line. Yeah. Okay. Because there are so many, so many people in the line. I know. What is it about? Is this one of them? Crack in their head. Okay. So here's where they're reading an article. Most, first it seems like, not a USDA crime. They use like, something else or whatever. I don't know what. I don't know. Oh, I think Colorado. Oh, Colorado. I'm sorry. Right, Michael? Okay. So, I try to, as I said, it's kind of like, a good middle ground, like, you know, that it kind of bodies, a lot of the value. California, and I suppose, we would accept it as a text. Yeah. Yeah. Yeah. You know the one thing that's frustrating is, not to say, all of these guys, I don't know. Like, I would say that, we're all, cycling through the, a lot of, yeah, however many people. No, no, no. Yeah. No way. I'm just going to look up, what is this? I just want to know, if people like this. Yeah. Okay. Yeah. He posted it there, I think, I want to say, it was a really nice, about it. Yeah. And so, it was also kind of interesting, to make up, the whole fact of, the party thing. But, Yeah, I would be very, I'm fascinated to read that. Yeah. It was a good read. Very informed as to, Okay. Yeah, I mean, you know, no, no. Well, I mean, it would be just, I don't know that guy. I don't know that guy. Well, he's like, Yeah. I've never heard of him. You still know him. He might have, he might not have, he might, So I guess, so he ended up withdrawing. So, which couldn't cost me for him, I guess, because now he has to pay, he can't, you know, get the company, the company, they have a preliminary junction, they kill, I saw that one of the issues was, saying, they thought maybe he failed to identify his contributions well enough, which he remember was, That was the original, that's all. Right, right. And so, they also thought that as well, and then eventually, McCarty decided to withdraw. It's like, doing that, he had to keep all those legal costs both sides. So, that, that day, I don't know, I think that he didn't really go into, Farrell didn't go into kind of the why, but, it was, it was about five years. I should like litigation, but the life, maybe it's been a while, but I thought it does, oh my God. You're at the win of the court, you're at the right, the judge sets the schedule, as you see fit, and also everybody's rambles and stuff. And I think, at being a small firm, I don't know how you would handle the case. Not having the case. Right. You can, you can, you can be, I'm afraid, I don't know the local, you know, this, and liability, you know, I think both of them, have property. Oh yeah, no, I still have property, I can't, probably double what it means, to give up my rent, and I can't, but, but then, do you, do you have property? No, but I do a lot of, I do a lot of university licensing, and so they, they basically have a very complex, but it's still considered very high-risk. Sure, sure. Well, anything I see almost. Yeah. And I, you know, I'll occasionally be brought in in your shoes. Also misunderstand that if you don't call, that guy doesn't litigate, right? I'm the guy you call in as an expert or as a witness. Yeah, you know, I draft it. But everyone's always going to be like, can you show up for litigation to defend this? No. No. Just going in a pile. Yeah, I'll start. And while the last panel was a very, kind of, I think, legal and formalistic discussion of contracting clauses, I think this conversation is going to be a little bit more pragmatic about, kind of, processes and policies on the company side. So I have both the panel, I guess, I think most of you have entered. You already entered. We've all been entered. We go way back. Well, and there might be new people, though. I don't know. Who has not seen us? Okay. Why don't you quick, quick, quick. Oh, okay. I'm Pamela Chastik. I am a solo attorney in Raleigh, North Carolina. And everybody says, why Raleigh? And it's because I work at Red Hat, so. And Raleigh's a nice town. You have a Raleigh, yeah. Well, no. Well, no. Because I kind of, you know, have a Raleigh. Still the VP of Legal Society. And Andrew Hall outside council for a number of different tech companies from giants to small. And mostly actually working, what we're talking about today, a lot of governance, site issues and helping companies kind of figure out how to manage open source. Whether or not you've seen, the thing I'm wondering if you've seen is have you ever come across a situation where there has been a lot of people publicly by a company by probably engineers and other people within the organization were unaware of it. And if so, were those projects, you know, released by the engineers under licenses that were focused, was have you ever experienced kind of, was that worst case that after Raleigh, for providers that was made available or were they used that actually were probably best suited for open source anyways. So I'm just wondering if any of you guys have any experience with that. I, you know, if I haven't been at that situation, one of the things we do set up is the process for getting approval for doping and contributing codes and doing that. I actually had, luckily, I guess, none of my clients had reported to me at least this idea of kind of going outside the process and just contributing it themselves. I've not known about that. Yeah, I think there's definitely an intent and a desire to follow the processes. And so where we have had issues in the past it's been either confusion about what's proprietary and what's not, or the controls where code might have been released. It's like, oh, we thought this would lock down when in fact it's not. So yes, sadly, that's not a high war for the lack of understanding of the controls where it was released. I would say it's a question of, so I think it's more happening on the level of making a contribution without the authority of their company to do that for any sort of nature, like, hey, you know, I wrote this for the company and I'm gonna put it on GitHub. A really common experience of mine is I'll be called in for some open source issue at a company and I'll, you know, have a GitHub account and I'll just check out their GitHub and I'll show up and say, oh, I see you have, like, 10 repos and five of them have licenses and none of them are under the same license and I'm just curious, you know, how'd you get here? And more often than not, the person who brought me in is like, what? Yeah, so on one hand, I think that's kind of, like, the worst case scenario, but I'm curious if you guys have actually seen any harm of this, or if it's really just a surprise and then it gets cleaned up and it's not usually a big problem. I guess I'd like to, some of us, I think, are fairly specific. You know, you go, they say, hey, we thought this exception and the cleanup that we had to do had been pretty much wrong. And usually I think it involves a lot of time cleaning up the process or making the process easier than just being harm. I mean, I have seen instances where something goes outside the process, but usually it's just about trying to correct it and make the process easier so that it doesn't happen again. Yeah, the reason I started with this question is a lot of times I encounter a sense of fear and strong concerns from the non-technical people with the company when they're kind of starting to, okay, we're going to... And while I've seen this kind of failure of the processing many times, I've also never seen any harm. And I think it's because of your point. There's no reasonable engineer who's going to say, oh, this is the core of our proprietary technology. Let me go throw it up on the air vent. I think most people are fairly soft when they think, oh, this is just a little widget I wrote that someone else won't have to write next time looking for it and then doesn't have the value to accompany. Yeah, and in SAMHSA, I mean, maybe just specification things, a lot of my clients are bigger companies. I actually see it go the other direction where they're very reluctant to even try to contribute or they're almost scared of engaging without getting the approval of their manager or somebody. But usually, you know, they reach out to somebody before they just start throwing stuff out. Okay. And then I'm curious about, and there may not be an answer to this, but in your experience in your typical client procedures, who is ultimately responsible for the sign-off on whether or not a drug can be used, whether or not it's going to be incorporated into various products among others, employment issues, and whatever. And the strong opinion is business always wins. So, accepted idea. But anybody, anybody that, anybody from IBM here from the staff. Now, which is, you know, the legal department has a voice and has a say. I always felt that my job was to counsel people on the risk. And once I got to a person who I felt understood the risk and had the authority at that company to make this, to make, to make, to understand the risk assessment and make the risk of choice, my job was done. So I've never felt that it was my job, that it was the legal job to do that. I've always strongly felt that the legal job is just a counselor and it's a business who should decide what what risk to take. When I was in house I felt that way too. Sometimes you do pull the, pull the like, I said no and we did it no. You know, I mean sometimes you just, sometimes you can't because you can't get to the right person who understands or whatever or they say have bad judgment. But most of the time it would defer so if you're at it, you know, if you're at a BP level or DTO level and they say, yeah, I understand that's a really high risk but I always felt that my job was done. So I've never thought that the legal department should be the owner of it. I've always thought that the legal department should be in the role of counselors. We actually do a dual track escalation so what we have is we have an open source policy and it's kind of one of the other questions and slow charts. So we've made it in a manner that's really consumable for the developers because they're the ones who care the most about it. It's kind of a budget gift then statement and then we have a list of pre-approved licenses in relation to me and the VP of Engineering. Totally agree. Absolutely. It's a business decision but the thing that I kind of bring to that is, you know, understand you want to use this TPL-3 widget here but let me tell you about the perception of customers. You know, when customers start from a place of no open source at all and give me your 440-page list license, you know, so helping the hearing understand how this could have a kind of bigger picture impact ironically, I'm the voice of business and I'm a piece of it and so we do a dual escalation and so far, unfortunately. Yeah, I just delivered that a little bit. I do also, the other thing I also love about being in-house with or I thought the critical role of the in-house lawyer was you're the nurse and so you are hearing, you are informed, you are getting information from different sources that the other side may not occur, the TPL may not fail, for example. And so you are the person who is at the center who collects all that information so that you can make sure that everybody is fully informed on it. So, yeah, I think it's kind of fun to see that position. Yeah, and I active that completely. Very often, legal controls the process in the sense that it all kind of flows through legal, but with something like that because, you know, there is the legal what's going to happen but the implication of that, attorneys are not really in a position to know your business tonight, especially if it's a big company, I don't know your business, I don't know if this is good, bad, or in between and so, as you were saying, it's more about kind of keeping people informed but because legal is usually the most scared a lot of times they even take some kind of kind of as an extension of that, at what point do most companies first with respect to free and open source issues and then in a perfect world at what point should they? I think it's very dramatically and this is something I've done for a lot of different companies, the best open source policy for your company is one that fits the way they already developed and released code. You have to make the process to add the least amount of inconvenience to that process trying to fit it into something that already comfortable with and already know. So, I think it's a good idea because it's a good idea because it's a good idea because it's a good idea because it's a good idea because it's a good idea because it's a good idea to make the process that you already know. Yeah, I'm really like, I'm involved super early at Shaap which is fantastic. Probably a fact earlier than a lot of commercial conversations kind of erotic. And it's worked out really well because now it's gotten to a point where as they're developing updates and the next couple of ways to make sure that you're approachable and you're not the department of no and that they're going to kind of value your input that's really the typical you know you want to make sure that they want you to be involved. Yeah, I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I would I want to explore some areas that may or may not be areas of communication issues in your personal experience. And the first one I'm wondering, do you find in today's open source environment that we still have confusion around terms? Yeah. So, you know, things I've heard many times that I literally, my brain goes off and I think that has no meaning because so many people understand it for differently. Or things like, oh, we've open sourced the code. Or it's in the public domain. Yeah. And I'm wondering if you guys have any other examples of things that are here where you're like, oh wow, it would almost be better if we just didn't say these things because so many people have different understandings of what they mean. Open sourcing is the big one. We do that when you really have to build it. What exactly do you think that means? Well, I actually, I've seen a commercial agreement from a bunch of kind of old school big companies, you know, that thou shalt not use open source clause, which is my favorite. My first question is, do you know what you're buying? Do you know what I'm buying? Followed by, do you have any idea what that means? So, yeah, I think for us it's a real challenge to not be opening position in the commercial competition. I see a lot of, I think we've all seen it, as well as being savvy on legal issues developers, a lot of developers are also strongly opinionated on what the right answer is or what the right outcome is. And they confuse a little bit what they have concluded is right with what actually happens or what the enforcement landscape looks like and those sort of things. So there are times when, you know, you're dealing with someone like they're convinced, oh, you can link with GPL software and it's going through an API. Maybe not, but we don't know. And so they're kind of, so you have to, I think that's a lot of the misunderstanding about what's required or what's kind of the common opinion in the industry and stuff like that. I see a lot of that. Yeah, in terms of terms, I was one that's on the mailing list on the list around which I'll mention, which is commercial versus proprietary. Like that's the thinking that those are, I mean the commercial and proprietary that open source cannot be commercial. The commercial means proprietary. That's the thing that's understanding. Again, to proprietary that just means property. Well, it means you're maintaining all of your criteria. Yeah, I mean it's actually technically, it's actually not accurate either because it means it's owned. Which is true of open source also. But it is, I don't take credit for that. I read it on the mailing list. I do. I know it's a quote. I mean it's supposed to open. Right. Well, the biggest one with open source is that the source code is available. This is a misunderstanding I had when I first started with the thesis that simply the human being would see the source code. That's probably the most common misuse of open source. It's not about what the license is. It's about how we gave the source code versus binary that is therefore open source. Yeah, I encounter that one a lot. And I also encounter that one, which gets mixed into, you know, APIs on top of services where they have API documentation. And so they say, oh, well, we've open sourced our API. But they're talking about accessing it back in service. Yeah. And it's like, okay. I'm curious if you guys still run into the traditional fear of uncertainty and doubt around open source software. Yeah, all the time. You know, a lot of times still you just have companies that maybe haven't developed a policy or just haven't really taken a good look at how they use open source. And very often because I think IP lawyers are trained to protect, right, at all costs, protect the IP, don't let it escape. Folks will show up and they'll be incredibly frightened about using open source software and all that sort of stuff. And so in a lot of ways, you have to kind of tranquilize them and help them understand there are good uses. There are bad uses. So what we need to figure out is how to make sure we're using it appropriately. I think if lawyers were trained to not trust what we don't understand. So we're, again, where I really see this as selling to big traditional companies in their legal department, you know, either set no open source and I have to educate them or they don't have the right component to use. And those are changed dynamically. We have a link because they're updated, you know, days speak to the hourly. And finally, I get some headway when I say there's currently 440 pages and I don't think we should attach that to the contract. But it's, you know, it slows down the sales cycle significantly because there's so much fear and misunderstanding about what's actually happening. It's super fascinating that you run into it because you do, obviously, the people who want to buy your software know what they're getting, but yet the legal department... Not always. The legal department. Yeah. Right. Yeah. That's fascinating. Yeah. I do think that the companies that... I did it over maybe 10 years. It's gone from legal departments who were like, you know, just know anything about open source with no concept of it to realize that they were distributing products without open source software and they were completely oblivious to it. Now I think the legal department understands that they had been forced down their craw by their developers and they just... So they're kind of kicking and screaming and have had to come into the fold and do a more careful analysis than just no copy left or like no open source, right? That they are starting to get more sophisticated about their risk tolerance and taking a more realistic view of risk tolerance given their business model. So I think they are going to be more educated. They are more educated about it and more willing to kind of understand and work with you because I don't know anybody now at this point who objects to MIT like open source software. That's just like... I do. Oh yeah, right? Because they didn't know what it was. Yeah, yeah. And so, yeah, maybe I'm more cynical than both because... You're probably negotiating more contracts with the rest of them. Again, again, it's just, you know, traditional companies don't know it so they don't trust it. And, you know, you've got to advocate that circumstances to customers. That's what you guys mentioned earlier. It's like, go talk to your engineer and they will get you comfortable if you don't want to trust me. Yeah. Have any of you run into the specific problem of engineering teams not wanting to be slowed down by legal in their use of open source? And how do you address that? Try and streamline the process as much as I can. It's always the resistance. And the truth is if it slows them down too much, they won't use the process. Right. They just won't do it. Okay, well I'm not going to do that anymore. If I have to wait three weeks for you to get back to me, I'm just not going to do it. It's really about getting your process streamlined to the point where you're not inconveniencing them so much. And that can be things like, you know, almost all my clients seem to be using JIRA. And so if we're not using an open source product and we're going to do open source requests or something, we put it through JIRA because we know they already know JIRA. They always know how to use it, right? All those sort of things. So in pre-approving permissive licenses is another big one. Don't take up cycles and waste time on whether or not we're going to use MIT software, right? And so it's really about getting the process streamlined, which is also really important because oftentimes when people are designing an open source process or their policy, they really don't appreciate how this is going to scale, right? And so there's a lot of temptation, like the lawyer has to look at everyone that comes through, but then that's fine when you're getting one a week. But what are you going to do when you're getting a hundred a week, right? And so for a lot of people kind of involved on it, you really need to be kind of aware of how it's going to impact them and try to minimize it as much as you can. I think also, sorry, and I was going to open with this, but I think what's a good time to put it is as a lawyer, an open source lawyer, I guess, now I know more about open source than 95% of the lawyers in the university. And I know less about open source than 95% of the engineers in my company. So, you know, I think a lot of this is acknowledging that, you know, they, in practice, they know the ins and outs of these licenses. They know how, like, where on the license file you put the attribution, you know, so I think really trusting them and making them be part of the process, too, and opening it up so that they have the freedom to do this and acknowledging that they know more about it than I do for sure in practice. Right, yes. So, you know, you were talking about that difference between one week and a hundred a week. I feel like that's, I feel like that's changed a lot in the past six, five years, right? The last time I was serving here, two to five years ago, he was okay to recommend it on a super heavyweight process. Like, he still wanted to be lightweight, but like, at least some depth was okay. He wanted something that would happen in one week. He feels like it's now happening a hundred times a week. He's not exaggerating. Right, yeah. Like, how do you, you know, you've been doing this a while, how do you see that that's changed for years? Absolutely, and I actually see that for every company that ends up adopting a process is initially when they don't have a process, the developers don't know about it. So, they're not requesting to use open source and all that stuff. And so, even for the company, individually, as opposed to all companies, the request they feel are going to grow. They're only going to grow over time, right? Exponentially. And I forgot. So, what were you talking about? I mean, it's so like, I mean, is that, I guess, it's sort of like a data point. Like, is that real, right? Yes, yes. And that's almost universally, as developers understand there is a process to use and that they can use it, and as they can't be successful. That's another big one. They request and they get an approval, maybe even for the use of GPL software or something. Once they see that the process works, the requests are just going to keep going up over time. More and more. So, you then advise your client for rushing down to the level of scrutiny they apply? Or... So, we start to, we try to start with a streamlined process with that in mind that this could grow very big. We also though, we go back and tweak, with most of my clients, we'll go back and tweak the process, right? You always kind of make your initial choices. This is how we handle GPL requests or modifications, these sort of things. And you want to go back six months, a year later, once or twice a year. How's it working? You get together with the stakeholders. What are you hearing from developers? What are the complaints? How can we improve it? Where are we spending too much time? A lot of times the patent review ends up being way too much. We're just spending way too much time on patent review for silly reasons. So, that one gets used a lot. Well, I'm going to say invest. Well, because we're kind of talking about two different things here. I think one is, is putting code under a free software license, or a social license together, is adjusting free software. I was going to comment that I think that a lot more companies are adjusting much more freely and taking it off the shelf. It's a component that's commoditized. Right. You know, plug it in the code, that's the license and the documentation were done. Yeah. So, that doesn't require so much patent review, but certainly the other way for people when they want to release the source code or for some space to do something, a lot of times I agree that the patent is a patent review process. And I think personally, I want to tear my hair out. Yeah. Well, it almost always starts out with like every company almost initially chooses that anytime we're going to modify an LGPL library or a Mozilla Public License Library and ship it, we're going to grant an outbound IP license. Yeah. So, we have to review it, right? Yeah. And then it goes to the patent team and sits there for a month. Yeah. And also the truth is is if the patent team is going through and looking at each package and looking at it against their patent portfolio, that's a waste of the patent team's time. Yeah. Right. So, we kind of come up with tricks and like a big one that we use quite a bit is let's identify types of technology that is important to us where our portfolio, our core technology. Yeah. And maybe we only up the review when it's a core technology, right? Or something like that. And so, again, it's kind of tweaking the process but a lot of companies start with, if there's any outbound IP grant, you know, it's got to have this really in-depth process. And then after they've done that for about a year and that's all they're doing, they're like, okay, let's maybe trade into that a little bit, right? Yeah. So, most importantly, I think, are you guys being more concerned about the security, about the legal process getting involved with that? Excellent question. Yeah. Yeah. Yeah. So, I see security driving a lot of the purchase of products. So, like, for example, if you look at, like, BlackDoc or Palomita, and one of my clients bought BlackDoc and it's just completely open. But when you're, when they're looking at that, the cost of that, who's going to bear the cost? The legal department in this was very much driven for many years by the legal team. If we're going to have this software, if we're going to scan our software and look for these problems, legal is going to pay for it. As security issues have come up front, it's much easier for companies to go, oh, wait, we're also going to be scanning for security problems. So, they're much quicker to just kind of sign on to, yeah, let's do this. And I've also seen the cost shift away from legal to where the product development is now kind of bearing the cost of that scanning. Yeah. What I've seen is there's a really nice marriage between the concerns of open source process management and security teams when it comes to keeping very good records about exactly what version you're on, exactly what the license is, you know, when you switch to that version, so that when you get a huge announcement of some zero-day bug that you need to patch ASAP, you know exactly which customers are actually affected. Mm-hmm. And that's a really nice kind of re-purposing of a very well-billed open source software process because you can use it in a sense of security. Mm-hmm. To protect against kind of future business transactions that you don't like a product. I'll get you to have their meet-your-answer on this one. Because I think it's a really smart answer. Which is it will always be distributed just as soon from the get-go that at some point it's going to be distributed because you know what's going to happen. You're going to have a very big, very wealthy, very smart client come to you and say, we love your product but we want to run it on time. And you're going to say, okay, great, here you go. And that was the distribution. So to cut yourself off at the knees when you're starting by not allowing those by not giving yourself the latitude to be able to distribute it to which you have to start from the beginning. If you don't start from the beginning it's an nightmare. But if you start from the beginning architecting everything carefully, then you'll be fine. So that's and I think that's a great the reason I give that answer is because I think that's a very understandable answer to a business person who's just like, oh, it's going to be, you know, oh, this whole, it's going to be, you know, software-of-the-service. It's not going to be a problem. I don't have to worry about it. I can do all this example of like, oh, and you're going to turn away, you know, maybe company who wants, who loves the product but wants it on-front. I will say we have we have on-front software and we actually have that. So we have an open-source policy where we have, you know, a specific what do you call it, exception where you can use GPL3 as long as it's internal not, you know, not distributed. And what we've done there is we've like and it sounds maybe naive with that but I mean, you know, in that process it's solely, you know, everybody who's involved that is super clear that it's internal only and we have escalation so if you do want to move it out so that's the place because we're the higher risk where we're a little more, you know, firm about what the policy is. Is it perfect? I don't know. I guess we'll find out. But it's definitely a different flavor of enforcement than we have with our other stuff which is, you know, pre-approved license and positive intent and people that know what they're doing. Yeah. So I have a question so a lot of people could form a non-profit for research and retention issue around it but the issue is that the idea that we're going to make products that are created at the Institute open access or open source is pretty non-contentious with a bunch of stuff that likes to tell tech would be publicly funded or funded by a foundation that's making the submission of the funding be that there's some kind of a vital element. So the idea of the open access open source is really pretty normative. But what we're bumping into for legal interoperability the ability not to establish open licenses is that these stakeholders still want to assert other things like the case of tell tech general counsel office they want to make sure that we don't suffer any claims again like liability responsible for responsibility for a gene sometimes because we live in an economy of credit not money people may want something more than what the attribution the solution to require is more so they may want to require notification sometimes they want to because again we're in the nonprofit sort of good duty good you know they want to be good actors we run into like they want to know if something's going to be using it they want notifications because they may want to make sure they're not going to do any harm and I'm going to harm you know climate you know take this data and then use it for unacceptable purposes so I don't know if there's an analog in your world but I think this is the major barrier the legal interoperability and the update of open licensing and the community that you face like it is in the game like it isn't about the money but it's actually the other stuff and stuff being just they're so attached to it as much as it was I'll feel that so I think that open content is a little different from open-source software for and that's the reason you can you can identify one reason there's something to me there's just something different about attribution maybe I'm wrong but the lesson that is that I would try to teach people who want open culture and open access is I think one of the most brilliant things that happen to open-source life that happen to know that there's licensing on the website or not was the concept of equality and Richard could probably say it better than me in terms of you know if you if you limited to only certain channels of trade or certain types of use like non-commercial it's not open-source and so I think that while while there's and there are a lot of differences that do impose those limitations and they are rejected in open-source life because of that and I think that while on one hand it is a struggle when you realize that you are that what you've written may be used for a purpose that you have a ideological disagreement with I think it's critically important that the system functioning properly right so I think you just have to kind of swallow that possibility and you know so and I don't actually know that it's caused a lot of problems well in terms of it's a proven barrier to open open software and the opening up for sure where people are being funded for to create this stuff so they're under a mandate to share it and then we'll actually evaluate you know systematically the barrier which is happening to different sources like the state alliance the open-source there's a whole bunch of communities in this area trying to understand why the updates for open sharing is first of all it is given that a lot of the stuff really is funded for and there's actually a mandate or a contractual obligation to share and then we'll see barriers that come in and very hard yeah and another thing the open-source initiative at some point how would they try to stop like I can never tell you proliferation which I think was also really important you know they may be ugly like this but they work and we all know how they work and so to me it's not the problem with the system it's the problem with teaching the consumers that it's not going to be horrible despite their disinclination to allow to use this content in some way they don't like it's actually not that horrible outcome and to just kind of force people on the path so I think having the president of the open-source initiative open-source okay the gentleman and then we'll be sure back there what's your type are you the executive not what's your title there oh it's I you're on the board I don't know board director that's the guy so I think maybe that at least we have precedent there around the idea of like the more the more the more we go the less improper exactly that's a good way about well and very often you're releasing it because you want lots of people to use it and if it's a new license you're wiping out so many people who otherwise would have used it because we've pre-approved MIT but I don't know what this license is so this has got to go through legal so forget about it they just won't use it and so you can really affect what you're trying to do or the success of your project by doing that so I probably don't know what the process is but I'm involved with the person I am and where is he I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm I'm It's important that somebody, you know, you kind of have to teach them internally. Yes? I think one thing you could do is sort of life cycle. Right? You know, understand where both internally and externally, you know, kind of whiteboard it out, where stuff we're going to be using so you can do it in the oven house. You can figure out, you know, through the life cycle, okay, we're going to be selling to the government. The government usually has a clause where they own everything, but they also acknowledge that, you know, background data, you know, however they want to define it. You know, you bring something that either belongs to you or a copywriter, you know, however you want to describe it. So, the life cycle is that way. And, you know, figure out, okay, we're going to be hiring people and what are we expecting them to do? And it's no fun at all. But anybody who's been working through GDPR says, doing this anyway. So, you know, a lot of that work ties into, I think, common back security and just, you know, data mapping in general, which I think most of us are going to have to be doing for different reasons. So, you can just kind of tie it all in together and maybe buy it that way. And then after you do that, then you have a playbook and then anything. It's kind of the same thing in the process with open source. It's simply when you have an agreement, you know, this kind of term for assignment of copyright or, you know, who's going to own it. If these three provisions are okay, anything else gets kicked out and has to get kicked up to someone who can sort of make the decision on what's appropriate or not. But then you have, it's exactly the same as you have to have the process. You have to know what's okay. And if it's not, then, you know, it's going to get kicked out for a further review or analysis or negotiation or whatever. And one simple tool that maybe your friends are probably getting QT is the order of precedent span. Because, you know, if you've got a bunch of different contracts and licenses and, you know, things going out there, define what Trump is. Because you can get, you know, you can get a government contract that says we own everything. That may or may not have a background IP clause in it. So if you've got, you know, some sort of order of precedent clause and they're saying, you know, our trade, I don't even know. I'm just making stuff up, you know, our trade mark policy or our T's and C's, you know, and then your agreement. That's also the way to manage those internal conflicts and party your data mapping or, you know, whatever you want to call it. It's decide what's most important and what wins in case you mess up the other issue. The last thing I thought I had, it sounds like you were trying to identify places where these conflicts might actually be occurring that you weren't aware of. Yeah. When I tell my team, like, my new clients to come on board that don't really have dedicated legal anything. The thing I generally tell them about, okay, so you need to start thinking about when to live me in so that I can help you be filled processes that you can kick me out. I usually say there's two main things on the IP side to me to worry about and that's stuff coming in and stuff going out. And so, you know, anytime something's coming in, whether it's through an employee, a contractor, an in-license from a commercial company, open source licensing, and then the same thing. If you're buying something and the same thing, everything on the way out. And you can start there because those are the most likely places open source. Have you guys encountered legal teams being overwhelmed by open source and not having the resources to perform the legal review in a timely manner? And is this something where they just need more budget and they need to hire more people and it hasn't been addressed to the sufficient kind of importance? Or are there just solutions to make more efficient? What's your general opinion? Well, a little bit about, you know, you can always try and make the process leaner. But I'd say most of my clients when they come, they help me, like, okay, let's do a policy. A lot of times they want to buy a product and they think, like, I'm going to install this product and I'm done, right? And you really, I think, have to emphasize early that, you know, this is a lot of overhead. Or else, another thing I see all the time is, well, Steven Patton knows a little bit about this. So we'll make it Steve's job, like, Steve isn't doing anything right now, right? So we see that a lot. So I do think it's important to help them understand that this is a very labor-intensive at times process and that you really need to, if the only way it's going to work is if you do allocate the resources. And for big companies especially, it's hard not to have someone dedicated to this. It doesn't have to be a lawyer. You know, it can be someone, but you almost have to have someone dedicated to the process, the internal open-source process, who's just in charge and that's probably all they do. Maybe they also do compliance or whatever, but you need somebody who's just focused on that. Yeah, I feel like, I like your comment, kind of, think about it on data in, data out. So, you know, mostly I'm thinking about data out concept. You're having to sell it to get people comfortable doing it. So if you can include some sort of overall policy statement of the wrong word, but kind of a description of what our open-source does and, you know, kind of a high level, here's the license, you know, kind of the way it's not copy-left, it's permissive, so you're okay, everybody's fine. You know, to sort of help people that way. Comment, your point really, it's not a scale. You can't retire more people. It's absolutely not a scale. You've got to come up with a way. There's a lot of products on the market that I think are being built to help people as well, you know. Yeah, I wish I could say that I, you know, I've never seen a work-a-company where you can say, gee, we need another body and they'd say, great, let's get it. Right now, I think, so it just becomes, you know, this ever-crushing burden of trying to do more work with less people. And so, yeah, absolutely scaling processes, having processes, changing your risk assessment, a lot of times that helps, you know, I have a, you might start out with a lightweight, heavy-handed process because you don't even know the problems you're trying to solve yet. So first, you have to kind of see what the ins and outs are to be able to set up a system for you. You don't even know what kind of system to set up until you've seen some of the things to give and take and when you start seeing repeat patterns, then you can say, this is kind of true across the board, is when you start seeing repeat patterns, you say, okay, we can set up a rule for this one. We know how to deal with this, so that you just hopefully keep re-examining and keep straight-lining your processes. First, going down the other, but then you get in some companies, you know, where it's just trying to do a screeching halt because they don't have the ability to resist desire or too much politics or something going on that allows them to actually get the product off the door. But, yeah, yeah, you know, I agree with you, it would be nice to have a body, but... so it's still hard to get something dedicated, only in the largest clients that are massive companies that are a little quick to usually do it, they'll hire somebody, but it's hard not just to get them to hire a body, but just to dedicate real resources to it, right? Like, okay, like with the Steve example, let's not expect Steve to be a full-time patent attorney and also do his other stuff. Somebody always gets kind of jammed with it and then ultimately they can't handle it and you gotta come back and figure it out. But, you know, you alluded to this earlier, I think maybe also... start with the question, what's the worst that can happen, right? Because I think that sort of frames the perspective and, you know, it informs the answer you're trying to solve or I get the question you're trying to answer. What's the worst that can happen? You know, okay, we missed it. Does a company go under or do we fix it? And, you know, sometimes the company may go under, in which case all hands on deck, or sometimes you fix it and you move on. I think that helps with your social allocation privacy. Yes. They're not going to be able to communicate on the concept, on the development process. How do you get your arms around, like, what's already in there? There are a lot of different ways to skin that cat, right? Maybe you instead of buying the tool for Black Doctor Palomita, you just go have them once a year, you have them run a scan and then we go over to the inventory and then look at what's changed, stuff like that. There are a lot of free tools as well that you can use. I can tell you all about them. Yeah, yeah, there are tons of them. And also, I think it goes back a little bit to my earlier point of it really depends on how your company operates. So what we've seen is where there is that sort of concern or even when you have a company with different departments that are really separate, they may have different ways that they want to handle it. And so a lot of times what we'll do is we'll leave the, we'll push that responsibility down and say, you know what, I don't care how your team lists out all the open source it uses or exactly how that does that. It just has to be done, right? And it has to truly be part of the job description of the project manager or whoever it is that's responsible for it. It really has to become an important part of their job. And so I've definitely, some of the companies that will push that down and just leave it to the department and say, this is what we require. You know, you got to list it all out so we can provide this bill of materials, open source bill of materials and do that sort of stuff. How you do it, it's up to you. I think this actually ties back in with the security question which is it's a lot easier battle now to say you've got to tell me everything about software now that there's so much concern about security about, yeah, about software security. So if someone to say, oh, like, I don't know what's in there, it's just not an acceptable answer anymore. Well, I'll say, we lived it. So, you know, we went through that and, I don't know, yeah, our team did it internally. They built some magic and, you know, and it started out as a super manual and really the impetus for, originally, we used to do that before. So, you know, sometimes you do need a force of function on, you know, any kind of, the point you're seeing if it's got to happen, you know, thankfully. It's, you know, like, maybe we have, you have a lot of smart developers who, you know, build software for a living so maybe it's something they can build inside. And I think it was relatively drama-free at the time it happened. And I have had clients who built tools that just stripped the whole source code base for the word license. And that alone pulled out a non-trivial portion of the files that are necessary, you know, but, yeah. Yeah, or, like, a lot of them will adapt to Phosology is a scanning tool that's free and open-source tool. That's a great one. I mean, there are a lot, like I said, there's a lot of ways to scan it, right? It's just about finding the right one for your company. And there's probably someone within your organization who is pretty ideologically in line with wanting to be in compliance. Yep. And that person can probably write a script that does a lot of the work. And those are great people a lot of times for resources to get involved in the kind of your open-source compliance because they believe in it, right? They want it to happen. Because a lot of the people, this stuff is being applied to them, right? And they kind of don't want to do it. It's more work. It's resist, but if you find someone who kind of philosophically agrees with doing that, I find a lot of times those people are a great resource to help you kind of push the process internally. They become stronger. Yeah. And that opens up kind of the whole point of the panel and there's your partnership with the chair and that opens up a lot of other doors. And if it's not obvious, start with the product to go to the store. Yeah. Yeah. Yeah. Yeah. Don't worry about the, you know, whether or not they have, you know, an open-TV every year on there. They're using Mozilla. Yeah, exactly. Don't worry about that. Mozilla is fine with the, you know, and the desktop is fine. Totally fine. All right. I was wondering if any of you have personally experienced conflicts between individuals at companies that have different free and open-source goals than the company itself? Share some anonymized details. So, I will say that I worked at Red Hat. Yeah. No, but just in terms of, I mean, one of the things that I was fascinated about, to me, about working at Red Hat, it was you who just had this whole range of developers from very pragmatic to very ideological. And so trying to, you know, just, it was always fascinating to me. My most fascinating ones were the people who were just trying to figure out how they deserve proprietary copyright-like rights in order to make money for the company because they're a product manager, whatever, and their job was to monetize this thing that there were no proprietary rights for. And so they were just like, I was one memorable person who I just would spend hours in my office. So, I would not have put him on the ideological side of it, but then there were some who were just so highly ideological, was a very famous person who, you know, very famous in his disagreement with Stephen about the way that Red Hat does things. So, I mean, it was a fascinating, it was really fascinating because I had the whole, I had the whole range, the whole range, so it was just fun. I don't know if I had a solution to that, but it was a whole gamut. Yeah, again, it goes back to that earlier today. So, you know, we started as an open-source company and then built commercial offerings because there were a lot of developers who were, you know, shocked and appalled and a lot of members of our community who were shocked and appalled by that. So, you know, we really had balanced that, you know, and through that process, you know, to be respectful and, you know, understand the feedback of those people, you know, some didn't stay. Some, you know, chef was no longer in the right place for them to work, but they were building a commercial or a proprietary offering on, you know, but that said, we've come up with other ways to do it. We still have open-source projects where people who are, you know, find commercial proprietary to be most disgusting, you know, mostly work on the open-source project, but they understand that if we need them, that's kind of working as a company. Yeah, I definitely see it quite a bit. For some reason, embedded Linux seems to bring a lot of that with it. Yeah, the device companies that are shipping Linux, you'll get some internal kind of GPL Linux advocates who really will get upset by the fact that you're not able to come to replace the code or something and do stuff like that. I think what you hit the nail on the head, you have to listen to them and understand where they're coming from, acknowledge their feelings. And a lot of times it's explained, you know, I understand where you're coming from. This is kind of the policy we've adopted as a company, you know, that tries to factor in all these different people's opinions and this is kind of where we're at, so this is how we have to operate, but I think you need to hear them. It's always important to hear them. It's nothing else because if they feel blown off, they might become a whistleblower, which is a bigger headache, right? So, yeah. On the receiving contribution side, it's getting either CLA's or copyright assignments and you talked about that. So on behalf of a client receiving CLA's? We moved from CLA's to DCO's about a year and a half ago. So, everybody knows CLA, DCO? Correct. Okay, so CLA is just like, it's a standard license, a tribute license agreement on, I don't know if there's more than one, we use the one from the Apache Foundation, so I don't know if there's other ones out there. Okay, and we really had a challenge with that because even though, as a lawyer, I certainly felt like it was a very lightweight and non-Octoberational and inoffensive. A lot of people had a real hard time with this. Like, why are you making me do this? I don't want to tell you my name. I don't want to tell you who I am and we had a lot of pushback on that. It's just so corporate and big, bad company. And so in October 2015, we moved to the developer certificate of origin, which is just basically a way to make an ad to say it's at-temptation. That's the words you can't say. That's my answer. In the code saying, I'm either the copyright owner or I have the right to contribute this, it seems like it's a lot more lightweight and a lot more acceptable to developers. Again, so I've got to speak their language rather than forcing a legal process onto developers. That's exactly how plenty of people who are unhappy with that. But it's definitely been a lighter process and I think overall positive and as a company and in terms of compliance and security and all those things, we have a distinct, so I haven't seen any negative repercussions for making this decision. Great. I think like Pam was saying earlier, a lot of times we're here to inform and make sure that you're making an informed decision. So a lot of times we'll talk to a company about whether to adopt it. You go through that, well, okay, we're probably going to see fewer contributions if we go this route because some people are going to object to these sort of things. And here's the benefit, we see that happen very often, kind of walk them through all of that. Once they've decided they want to do a CLA, I've really tried to steer them to the Apache software Google because for the same reason we don't like license proliferation, right? If somebody's going to have to re-read or figure out your CLA as opposed to going, oh, yeah, this is the Apache Software Foundation CLA. I remember this, we've already approved this. It's going to throw a wrench in the process. At the point we decided to do. Great question. And that was part of the analysis, right? And, you know, in our blog post, we decided kind of what somebody mentioned the other day, if Twitter and Facebook do it and maybe that makes it more acceptable. And, you know, we listed a bunch of leading companies that had opted for this process and clarified it's not just for Linux. And, yeah, I don't know. So you just reminded me of something that's not at all on the panel that I've been struck by a couple of times at this conference, which is so much of what we bring to the table is analyzing these open source norms as if there's kind of that extrinsic stuff around the contract that is often used in contract groups negotiations or, you know, when you're trying to figure out that wasn't part of the actual words but everybody's doing this. And so, you know, it seems like this, I think, for the CDOs, for example, if you look at it, you know, it seems like it's a little bit more interesting for the CDOs, for example, you know, if you look at it and you try to apply a purely legal analysis to it, you're not getting any rights under any regimes that, like, we as lawyers understand. But once you have kind of critical math, it just becomes the standards and norms and it's like, you know, shipping law. Like, a lot of the papers used in shipping law don't have, like, actual legal meaning but everybody knows you need this bill and receipt over here to make things work. Yeah. So, I wish I could remember who counsels Linux Foundation was instrumental, I believe, in the DCO, talk about why it was adequate versus a CLA. And you kind of tore apart a CLA and every aspect of it and why it was just really not helpful anyway. So, why are we putting this unhelpful thing that varies? This thing that makes the lawyers feel okay but actually doesn't do anything. I wish I could remember everything that she said, but at one of the points is, are you really going to sue that developer anyway? They don't have the right, like, are you really going to, what are you going to do? You're not going to go after them. So, you know, the burden of doing that was so outweighed the true benefits that you were getting versus the one that we used to like to have paper or sign think we're getting just made it just not worth it. So, it was a really interesting concept. I bet it did. I'm thrilled and relieved to hear you both say that. Even though we did it, it's still nice to hear it. All right. So, we have exactly one minute left, and I think we can get through both your questions. Karen. Karen Kopenhaver. C-O-P-E-N-H-A-B-E-D-R. And then in the back. Now, it's going to be all right. There are some of these parents who are a lot of help out there. There are actually quite a few people who get laid out here. Yes. The one thing you used to have which you don't have anymore is that they allow you to be licensed and under other license. They don't go as far as copyrighted license. There's certainly more than just giving it to you. Unfortunately, those are ridiculous numbers. In fact, this is our panel. Thank you all very much for joining us. Thank you. It's great. It's hard. It's great. It's hard. It's great. The idea is that we can't throw ourselves inside the process, you know. So, as part of our effort, we're going to do it. And around legal interest, right? Right, right. A definition of research state is there in terms of any... Anything that students share for a hundred percent or two points. So, we've been issued a set of... Yeah, I am. ...or extrapolability. But now we're going to... Yeah, we really don't want you to talk where it's going to go. Oh, yeah. Because data... People are going to... We're a lot of them are. But what are you doing here? I've written so many of them. So I will be sharing some of my things. Well, I will. I will. Yeah, we'll be there. Yeah, we'll be there. We'll be there. Yeah, I will. There's a lot of new alternatives. I'll be right here. I'll be right at the top where it's hardly no standard idea. But I'll be right here. Yeah, yeah. I'll be right behind the leader. Oh, yeah. There's a good, good scenario there. Yeah, there's a good scenario there. I'm going to put it in the description. But what do you make of it? Yeah, yeah. Yeah, yeah. Yeah, yeah. We've got members. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. We have a good question. Yeah, yeah. All right, then. When I told them to start up what I told them, they needed a part, to really interact with people. Right, yeah. Yeah, yeah. Right, yeah. Yeah. I think that... It was a really nice... It was a beautiful class. It was a great day. And it's also the year of the college, 2, 3, 4. There's a lot of people coming to the class today. And the class is really hot. Yeah, it's just that there's a lot of people coming here. Yeah, that's it. It's just that there's a lot of people that just need to go. I think it's really nice to be here, and go to a place where they can actually interact with people. Yeah, I think that that's a lot of people coming here. Yeah. That's just a good opportunity to play. So, I think that's a great idea. And I think I've got a lot of influence on that as well as I I We couldn't tell if the title of this was compliance or enforcement. Yeah. So we just had an and in between and now you get both. Which I think does tell us something about sort of the state of like where things are, right? Like that compliance with licensing, unfortunately licensing, two sides of the same coin. And I think pendulum swing between years that we're talking a lot more about enforcement, years that we're talking a lot more about compliance, like proactive compliance. So hopefully we'll walk through that. I've heard for those of you who joined us after lunch. I'm Lois Via. I'm the general counsel of tidelift, which is a new VC backed startup where we're helping support developers by and support enterprise users of open source. The longer pitch is long. So I'll bore you with it previously. I've been in Missoula in Wikipedia and I'll let you each introduce yourself briefly for. Oh, and we have one speaker drop out. So Justin is a very last minute addition to the panel. Wow. I actually realized that we're, that we're all, we all had a comment late at one point. Oh, yeah. It's been a long time. You didn't. I never definitely did. There was a time in 2009 when we were all hanging out on the upper west side of New York City. Yeah. In 2006, we were sharing the same office at least like one or two days. Yeah. Yeah. Okay. We're just all insiders, baseball players, no one who knows us. So I'll tell you about that right now. My name is Karen Sandler. I'm the executive director of the Software Freedom Conservancy, which is an organization that does a good amount of the visible GPL compliance loss enforcement work. And I am also a lawyer and I do criminal legal work at some time for the FSS and PANOM. And before that, I was the executive director of PANOM. But before that, I was the general counsel of the Software Freedom Law Center, which was a context in which that previous, getting to know you, conversations happen. All right. So my name is, my name is Justin Colonino. I'm an attorney at Microsoft and the open source and standards group, the group. Previously, I've been in private practice as a patent litigator, but I started my career for the first year and a half at the Software Freedom Law Center, working with Karen right after Richard left. I got Richard's extension, so I used to get all these calls for Richard. And when I started out, I was doing GPL enforcement work, compliance enforcement work for client software freedom conservancy. And Eric Anderson represented them from the district of New York in the dindie box litigation. And I'm Richard Fontana. I'm a lawyer at Red Hat and I've been doing work around open source for probably over 10 years now.