Does Node.js need to be governed by an independent foundation? Or are we safe with Joyents overlordship?

Date: Sat Apr 26 2014 Vert.x »»»» Open Source Licenses
The Vert.x project, a Java based event-oriented system inspired by Node.js, has run into a spot of legal trouble that should serve as a reminder to open source developers who work for companies.  Tim Fox, the developer of Vert.x, had worked for VMware until December 2012 and joined Redhat.  He had assumed that he'd be able to continue working on Vert.x after transitioning from one company to another, but instead was hand-delivered a letter from VMware's lawyers demanding that he hand over the keys to the Vert.x project.

With every job I've had working for a company, I signed a legal something insisting the company had ownership over any code I wrote whether or not it was on the job or not.

I'm simply reading from a piece on The Register penned by Matt Asay, a rather outspoken open source thought leader, discussing the troubles going on.  I don't know various details and the actual situation may be different from what Asay suggests.   Reading his piece I am under the impression that Tim Fox is a complete victim in this, that perhaps he developed Vert.x on his own time and that VMware had no corporate role in Vert.x's development, and that therefore it's an "of course" that VMware shouldn't be asserting ownership over the project.

However, Asay's piece does have this admission buried way down in the article and took me three readings to find it:
To be clear, VMware funded the creation and development of Vert.x. As such, it's reasonable that it assumes a measure of involvement and even control over Vert.x. But not like this. ... The project started after he began at VMware, and VMware funded his development of Vert.x.
I'm sorry Matt Asay, but when a company funds something they own it.  They can choose to treat the project in one way or another, but they do own it.

Fox sent a letter to the Vert.x community that said, in part, "In the spirit of open source and as a commitment to the Vert.x community I had expected (perhaps naively) that VMware would continue to let me continue to administer the Vert.x project after I had left their employment."  That phrasing is one of a person who clearly knew that he was administering the project under the permission of his Management, rather than having started the project on his own spare time and having a reasonable expectation of control over the project.

Asay goes on to describe what "should" happen in such a situation, essentially saying that the company (VMware in this case) "should" give up control over the project to the lead developer.  He points to several such cases, primarily the Netty project that had been started by Redhat employees and was now its own self-standing project.  Should an employer always do that, however?  Really?

For example, if Mark Reinhold were to leave Sun to join IBM would he be able to bring ownership over the OpenJDK project with him?  No.  Let me explain that I was involved with the launching of the OpenJDK project and know quite a bit about it.  That project was built out of Sun's Java implementation and was the result of a zillion contributions by Sun employees and employees of other corporations.  Sun, and now Oracle, fund the OpenJDK project, host the project repositories, pay the salary of the dozens of Oracle employees working on it, own the trademarks and domain names, etc.  Mark Reinhold is the project leader and did a heck of a lot to push Sun's management into starting the project and while his fingerprints are all over the project it was a team effort by a large staff of people, including myself.

Another example from that era is the Hudson project launched by another Sun employee.  This is a widely used build tool.  He wrote that while a Sun employee in the Glassfish team, and wrote it specifically to solve problems he and his team faced in doing their jobs.  That is, it supports continuous integration practices, automated test management, etc.  When he left Sun he wanted to take control of the Hudson project along with him, but Sun (or was it Oracle by that time) didn't want to give up ownership.  That meant he had to rename the project to Jenkins because Sun/Oracle owned the domains and trademarks etc.

The Hudson/Jenkins project is a closer example to Vert.x than the OpenJDK project which I threw in as an absurd example.  Koshuke did the lions share of the work on Hudson and was widely identified as the main person behind the project.  However, I know for certain that Sun put a fair amount of resources into supporting his work on the project, and for example paid his way to Belgium to attend the FOSDEM conference to present Hudson to European open source developers.  It was at that FOSDEM where I met Koshuke, FWIW, when management paid for my trip to help present the OpenJDK project to European open source developers.

What is the correct response by a corporation when one of the employees leaves, and wants to keep ownership over a project the company had funded?

The actual response will vary all over the map because each corporation runs under its own set of ideas and principles.  Some corporations obviously want to assert lots of control such as in the Sun/Oracle/Hudson/Jenkins example I gave.  Others are very permissive.

The correct response must vary based on the depth of support the company gave.  For example, a project that was the sole work of a specific person, where the project played no role in the corporate strategy, but the company did fund the development e.g. by allowing 10% of employee time to work on the project ... that sounds like an ideal time for the corporation to allow the former employee to take the project with them.  But if the project was critical to that corporations plans, the employee had worked full time on the project, and it was the work of several employees, that's an ideal time for the corporation to insist on ownership.

As I said earlier, I don't know where the Vert.x project fits within that continuum.

An additional thought to ponder because this blog is about Node.js is - what is the long-term fate of Node.js?  Its development is heavily funded by Joyent.  What if Joyent were to have a change of heart about Node.js and decide to pull their support of the project?  Will the community continue to have control over the project?

I rather doubt that would even happen because a) Joyent's management knows open source community practices very well .. b) Joyent uses Node.js as a core part of their technology stack ..

But we in the Node.js community would be in a clearer position if there were an independent foundation having ownership over Node.js.  However going by the outline I gave above, Node.js development was and continues to be funded by Joyent, Joyent is clearly in ownership of everything, etc.  Meaning that we're unlikely to ever see Node.js being handed to an independent foundation.