Nat Goodspeed wrote:
My employer's legal department has just stated that we may not use Boost for product development because of a hypothetical lawsuit risk. The reasoning appears to be that some party might rise up and claim that parts of one or more Boost libraries actually belong to it: that an individual developer, perhaps unknowingly, submitted code that was not his to give away because it rightfully belongs to his employer. In this horrid fantasy, the employer would then sue many parties, including anyone who has ever incorporated the affected Boost library into their own products.
The SCO lawsuits make it tough to dismiss such arguments out of hand.
This is disturbing on a number of levels. I want to marshal whatever counterarguments I can quickly assemble. If it states anywhere on the Boost web site that the Boost organization certifies its implementation IP clean... sorry, I wasn't really expecting that. But anything whatever that would bolster the case against this paranoia would be extremely helpful.
How about: 1) Any third party library would likely suffer from the same issues: unless there is a vendor offing to indemnify you against *all* lawsuites, the same issue applies. 2) No one, including programmers writing in-house code are immune from patent enfringement claims. Ignorance is no defence: it just reduces the amount you have to pay. Come to that, even validity of the patent is no defense either (the blackburry case for example where they had to pay up even though the patent was later declared invalid). 3) There are some industry big names using Boost, those we know about include Adobe, SAP, McAfee and Real Networks. I'm certain there are others who prefer to remain anonymous. If their lawyers are happy, I'm sure yours should be :-) 4) Boost code is peer reviewed before acceptance, if someone was engaging in really gross plagerism I hope we would detect it. I'm certain we would take it very seriously if it was reported to us. 5) What does IP-clean mean? Free from patent claim? That's impossible to certify: there is even a school of thought that no programmer should ever attempt to determine if there is prior patent on their work: doing so only makes things worse for them ("mental contamination" for want of a better term). Whew, of course now I feel like no one should write code, and I should go look for another profession! But hopefully there is some amunition in there you can use. John.