Tech lead copying code from open source GitHub repo

Question

Hi, I have been working at my tech company for last 3 years as Senior engineer (6 years experience in total). Four months back we hired a new tech lead for our team, who happens to be my manager as well. I didn't interviewed her.At first things looked normal and she seemed to be a great person/engineer. However, last week I was doing a code review of a PR raised by her and noticed a code which looked very familiar, something I have seen in an open source project (that I closely follow). On a deeper look I found that multiple files have been copied from the open source project (with an MIT license) and have been added in our proprietary code.I'm not sure how to handle this situation, it seems illegal (definitely not ethical).Can someone please let me know what to do here?Edit: The MIT license is not mentioned in our proprietary code

drakonka · Accepted Answer

I'd just flag that you may want to confirm license requirements in the PR review. It doesn't seem like a rare oversight to make and code reuse is so common in general.I remember reviewing someone's PR and realizing I recognized some of the code from a previous company (that was open source, but there was no attribution). I just pointed it out in my review and we decided to remove that code, no big deal.

amacalac · Answer

&ldquo;the MIT License also permits reuse within proprietary software, provided that all copies of the software or its substantial portions include a copy of the terms of the MIT License and also a copyright notice&rdquo; from Wiki - https://en.m.wikipedia.org/wiki/MIT_LicenseSo maybe illegal if the license isn&rsquo;t in the repo?

htgb · Answer

It's legally and ethically fine as long as the copyright notice remains, right? I'd simply make a PR comment noting that the copyright notice should be included. They might not know it's needed, and either way lets them save their face. No need for drama unless they make it.

throwaway4good · Answer

Probably fine - even if it was in breach of some os license - how would they (the original author of the code) know and lift a burden of proof in a civil court?
Besides that it is good practice if you copy something from somewhere to put that fact in a comment or commit message.
Makes it easier to maintain.