Nat Goodspeed wrote:

My employer's legal department has just stated that we may not use Boost for product development because of a hypothetical lawsuit risk. The reasoning appears to be that some party might rise up and claim that parts of one or more Boost libraries actually belong to it: that an individual developer, perhaps unknowingly, submitted code that was not his to give away because it rightfully belongs to his employer. In this horrid fantasy, the employer would then sue many parties, including anyone who has ever incorporated the affected Boost library into their own products.

The SCO lawsuits make it tough to dismiss such arguments out of hand.

This is disturbing on a number of levels. I want to marshal whatever counterarguments I can quickly assemble. If it states anywhere on the Boost web site that the Boost organization certifies its implementation IP clean... sorry, I wasn't really expecting that. But anything whatever that would bolster the case against this paranoia would be extremely helpful.

How about: 1) Any third party library would likely suffer from the same issues: unless there is a vendor offing to indemnify you against *all* lawsuites, the same issue applies. 2) No one, including programmers writing in-house code are immune from patent enfringement claims. Ignorance is no defence: it just reduces the amount you have to pay. Come to that, even validity of the patent is no defense either (the blackburry case for example where they had to pay up even though the patent was later declared invalid). 3) There are some industry big names using Boost, those we know about include Adobe, SAP, McAfee and Real Networks. I'm certain there are others who prefer to remain anonymous. If their lawyers are happy, I'm sure yours should be :-) 4) Boost code is peer reviewed before acceptance, if someone was engaging in really gross plagerism I hope we would detect it. I'm certain we would take it very seriously if it was reported to us. 5) What does IP-clean mean? Free from patent claim? That's impossible to certify: there is even a school of thought that no programmer should ever attempt to determine if there is prior patent on their work: doing so only makes things worse for them ("mental contamination" for want of a better term). Whew, of course now I feel like no one should write code, and I should go look for another profession! But hopefully there is some amunition in there you can use. John.

Nat Goodspeed wrote:

My employer's legal department has just stated that we may not use Boost for product development because of a hypothetical lawsuit risk. The reasoning appears to be that some party might rise up and claim that parts of one or more Boost libraries actually belong to it: that an individual developer, perhaps unknowingly, submitted code that was not his to give away because it rightfully belongs to his employer. In this horrid fantasy, the employer would then sue many parties, including anyone who has ever incorporated the affected Boost library into their own products.

The SCO lawsuits make it tough to dismiss such arguments out of hand.

This is disturbing on a number of levels. I want to marshal whatever counterarguments I can quickly assemble. If it states anywhere on the Boost web site that the Boost organization certifies its implementation IP clean... sorry, I wasn't really expecting that. But anything whatever that would bolster the case against this paranoia would be extremely helpful.

Hmmm - wouldn't his same concern apply to any software you don't write yourself? Suppose you use VC 7.1. It comes with dinkumware libraries - does your legal dept require a release from dinkumware?. Assuming it does, how does assure itself that some dinkumware developer didn't use some code/knowledge from his previious job or was inspired by some snippet he found on the net. OK so you get releases and hold harmless clauses from all the past dinkumware developers. Now how about the windows API - after all that's just another library. Are you going to use calls from that? Does your legal department feel confident that no microsoft employee or manager has incorporated code from other sources? If it does, its pretty clear they've not aware of all the lawsuits microsoft has had in this regard. And the fact that none is of the lawsuits have resulted in damages to microsoft customers or users or developers' who have leveraged on such code. Of course anything could happen. I cut a tree on my property and my neighbor sued me. (he lost the case - mostly). Your legal department would suggest I never cut another tree on my property. And from their narrrow perspective they're right. But of course they don't see the whole picture. If your legal department runs your company, you're going to be out of a job in the not too distant future in any case, so you might as well start looking for another job now. Such a decision has technical and econonmic implications far, far beyond what your legal department (and probably management - if its gotten this far) are aware of. Maybe more practical advice would be to suggest to your boss that he get a second legal opinion. This is what I recommend on decisions with a potentially large impact that depend on arcane technical expertise (e.g., kidney transplant, etc.). This should be done more often with all "professional" services - including software developement. This is a much wider variety of opinion and options than one is going to appreciate from just consulting with one practitioner. Robert Ramey