You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Jarek Potiuk (Jira)" <ji...@apache.org> on 2021/07/12 21:44:00 UTC
[jira] [Comment Edited] (LEGAL-580) Can projects accept code
written by GitHub Copilot?
[ https://issues.apache.org/jira/browse/LEGAL-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17379424#comment-17379424 ]
Jarek Potiuk edited comment on LEGAL-580 at 7/12/21, 9:43 PM:
--------------------------------------------------------------
Oh yeah. That is an interesting question. I've been following the discussion and it is a very interesting one that has a lot of consequences/might raise interesting questions. And it's mostly really about "copyleft" licensed code.
As I see it - currently we neither check nor care if a user-contributed code was (for example) copy-pasted from GPL code. At least we do not have some general rules and tools for that. One could copy a chunk of code from GPL project and submit it. And we would not notice most likely and we have neither tools, not expectations to validate if this is not copied code. Other than regular verification of code by the maintainers, that should likely screen out some really obvious cases, we do not do any checks with contributed code.
I am not sure what are the ramifications of ICLA signed with that (what are responsibilities of whom before and after the signing?), but I think the only real difference between those two cases (copied code vs. co-piloted code) is that in case of Copilot, the user might not know where the code came from. However in many cases if a code is copied from Stack Overflow and even from code found by Googling, the provenience of code might not be obvious for a user who contributes the code.
So I think it boils down to :
* when the chunk of code is "sizeable enough" to trigger some responsibilities/liabilities
* what are the responsibilities of the user contributing the code to check where it comes from if it is copied
* will it depend (and how) if the ICLA is signed or not
* how/if do the responsibilities pass on the ASF when the code is contributed
Most likely there are no 0/1 answers to those questions I believe.
BTW. I am not a lawyer, just an engineer but it's a fascinating question, I am looking forward to how it unfolds.
Side comment: One outcome of this discussion might be that we should develop an AI-powered checker that we should run on every piece of code and tell whether it is from a copyleft code or not :). Or maybe rather it should be enforced by the law, that anyone providing such tools as copilot also provide a free-to-use tool to verify it.
was (Author: higrys):
Oh yeah. That is an interesting question. I've been following the discussion and it is a very interesting one that has a lot of consequences/might raise interesting questions. And it's mostly really about "copyleft" licensed code.
As I see it - currently we neither check nor care if a user-contributed code was (for example) copy-pasted from GPL code. At least we do not have some general rules and tools for that. One could copy a chunk of code from GPL project and submit it. And we would not notice most likely and we have neither tools, not expectations to validate if this is not copied code. Other than regular verification of code by the maintainers, that should likely screen out some really obvious cases, we do not do any checks with contributed code.
I am not sure what are the ramifications of ICLA signed with that (what are responsibilities of whom before and after the signing?), but I think the only real difference between those two cases (copied code vs. co-piloted code) is that in case of Copilot, the user might not know where the code came from. However in many cases if a code is copied from Stack Overflow and even from code found by Googling, the provenience of code might not be obvious for a user who contributes the code.
So I think it boils down to :
* when the chunk of code is "sizeable enough" to trigger some responsibilities/liabilities
* what are the responsibilities of the user contributing the code to check where it comes from if it is copied
* will it depend (on how) if the ICLA is signed or not
* how/if do the responsibilities pass on the ASF when the code is contributed
Most likely there are no 0/1 answers to those questions I believe.
BTW. I am not a lawyer, just an engineer but it's a fascinating question, I am looking forward to how it unfolds.
Side comment: One outcome of this discussion might be that we should develop an AI-powered checker that we should run on every piece of code and tell whether it is from a copyleft code or not :). Or maybe rather it should be enforced by the law, that anyone providing such tools as copilot also provide a free-to-use tool to verify it.
> Can projects accept code written by GitHub Copilot?
> ---------------------------------------------------
>
> Key: LEGAL-580
> URL: https://issues.apache.org/jira/browse/LEGAL-580
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Mike Drob
> Priority: Major
>
> Github Copilot is the hot new AI-writing-code system.
>
> If we are presented with patches that have been "copiloted" are we safe to accept them? Or do we have to assume that they may be tainted by other license terms that are not apparent?
>
> Further, how do we know if something was created with the help of copilot? Do we need to add a checklist to the PR template where in addition to the contributor asserting that they have the right to contribute this code, they also affirm that it was not created by copilot?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org