[wp-hackers] meenews: obfuscated code

Chip Bennett chip at chipbennett.net
Thu Nov 25 14:40:11 UTC 2010 

On Thu, Nov 25, 2010 at 8:00 AM, Otto <otto at ottodestruct.com> wrote:

> On Thu, Nov 25, 2010 at 7:56 AM, Chip Bennett <chip at chipbennett.net>
> wrote:
> > That statement isn't legally binding.
>
> I'm sorry, but I disagree. Consult a quality copyright lawyer.
>

What matters here is not so much *copyright* law, as it is *contract* law,
as the transaction between WPORG and the Plugin developer (copyright holder)
is a *contractual* relationship. Thus, if there is no privity, there is no
contract. And with no contract, nothing that WPORG claims is legally
binding.

>
> > The most obvious reason is the utter lack of
> > privity<http://en.wikipedia.org/wiki/Privity>.
> > For example, that statement is found
> > here<http://wordpress.org/extend/plugins/about/>,
> > but the request for SVN access is on a completely different
> > page<http://wordpress.org/extend/plugins/add/>.
>
> Meaningless. Sites all over the web have their terms and conditions of
> use on separate pages.
>

Yes, and none of them is analogous to Plugin submission to WPORG.

>
> > I suppose there must be a legally binding way for WPORG to claim a
> > non-exclusive right to distribute all repository-hosted code under GPL
> > (which is essentially what they are attempting to claim with that
> > statement), but the current setup certainly doesn't suffice.
>
> Thank you for your opinion, however, I must point out that this is
> only your opinion. Until it's backed up by a legal authority, it's
> meaningless. Mine too, I will add. ;)
>

Of course, if you stepped back, and took the time to realize that our
objective here is the same (ensuring that WPORG has a legally enforceable
right to distribute repository-hosted code under a GPL-compatible license),
perhaps you would be less dismissive about my point.

At the most basic level, I've pointed out that a Plugin developer can get to
the Plugin upload page directly
<http://wordpress.org/extend/plugins/add/>(i.e. without ever
navigating to/through the page that includes the
"requirements" and the license claim). Once SVN-commit access is granted,
connecting to SVN does not include any statement or verification regarding
acceptance of any terms or conditions.

Thus, *WPORG cannot prove* that a Plugin developer has read, understood, or
agreed to the stated "requirements" or license claim. If that cannot be
proven, then privity has not been established. Without privity, the contract
is invalid. And without a valid contract, the "requirements" and license
claim are not legally binding.

Now, IANAL, so I couldn't say with any certainty what *would* meet the legal
standard. I'm pretty sure that what would qualify in the US very possibly
would *not* qualify in the EU (which, IIRC, does not look too kindly on
"click-through" license agreements).

But, at least add a "I have read and agreed to the Terms and Conditions"
checkbox to the Plugin add-request form. If SVN allows for a MOD, add a
message that says something like "by committing code to the WPORG SVN, you
indicate your acceptance of the Terms and Conditions here: [url]"

But just putting the statement "If you don’t specify a v2-compatible
license, what you check in is explicitly GPLv2." (which is semantically
incorrect to begin with; it should say "implicitly" rather than
"explicitly") on an arbitrary page on the WPORG site doesn't cut it.

Chip

More information about the wp-hackers mailing list