> it's up to Goldman (and the terms of the license).
It is really up to the license, Goldman either selected licenses where they could legally avoid sending upstream changes or planned to violate the law in secrecy. If they did the latter on just one license, then he should qualify as a whistle blower.
what common open source licenses would require them to send changes upstream? Or really, what licenses would require them to release the modified code to the public?
GPL requires you to make source code available to anyone who you distribute the program to. If you're just putting code on servers, there's no obligation. Even if you distribute internally, you usually are technically distributing to the company for installation on their computers.
Even the AGPL, designed to be viral for web applications, requires the operator of the server to make the code available to users of the server. Assuming all users were Goldman Sachs employees, I don't see any legal obligation for them to contribute back to the community.
Pretty much all other licenses are less copyleft than GPL and AGPL and would be even less likely to trigger source code distribution requirements.
> Even the AGPL, designed to be viral for web applications, requires the operator of the server to make the code available to users of the server. Assuming all users were Goldman Sachs employees, I don't see any legal obligation for them to contribute back to the community.
Given that GS is a multi-billion global behemoth which runs a bewildering array of computerized services with an even larger array of customers, I'd be pretty shocked if they didn't have some API or client functionality which would trigger the AGPL if they included AGPL'd code in it.
Sorry to spread FUD, I was under the impression that non-OSI compliant licenses sometimes made this requirement, but I can't find any actual examples so maybe it was an overly cautious question I was always answering 'no' to to get import approval.
Even if such a license existed, it's still the responsibility of the derivative code's owner to comply. If they refuse, then they can be sued, but their code can only be released under the license by their deliberate action.
The Netscape Public License is the only one I'm aware of. But it's not OSI-compliant (and thus, to most people, not open source) and I'm not aware of anyone still using it.
It is really up to the license, Goldman either selected licenses where they could legally avoid sending upstream changes or planned to violate the law in secrecy. If they did the latter on just one license, then he should qualify as a whistle blower.