Who has the first right to publish binary package using the company's name?

I have a general question about publishing a binary package, this is mostly concerning releasing a package to a new ros2 distro or under ros-rolling

If a company A builds a device and initially didn’t provide a ROS driver for this device, then an external developer provides an implementation and registers it in the ROS index and uses the company’s name when registering the package such that the driver package is list as “A_driver”, can the company reclaim this package given its name was used in this package name? Is there any guide on how to resolve such conflict? Does the company has any rights when others use their name to register the package under ROS index?


According to the current wording of REP-144, no, it has no rights:

  • Do not use a name that’s already been taken. To check whether a name is taken, consult [2]. If you’d like your repository included in that list, see the tutorial at [3]

Although, it is possible the community driver would not be accepted with a name that is not prefixed by the 3rd-party organization developing the driver:

if a package is specialized by an entity (…), prepend the name of the entity. The preference is for packages to start namespaced and then once the package is commonly used, owned and maintained, that name can be dropped as the package becomes the reference. Exceptions for special situations where multiple organizations are collaborating on a package, or core packages, or official driver packages for hardware, and other special cases can be made.

However, application of this rule is very much feeling-based. So it can happen that a community package <device>_driver would be accepted prior to the manufacturer’s one.

It is even possible that the manufacturer has a ROS driver on github, but did not release the package to ROS index. Theoretically, everyone has the posibility of sending the rosdistro PR and becoming the maintainer of the binaries. However, without write access to the upstream repo, this is very difficult to do. And although I’m not aware of any thorough checks, I think rosdistro maintainers at least try to spot such situations and convince the community member to negotiate with the manufacturer. I was always wondering whether there should be a REP forbidding name hijacking (or whether REP-144 should be extended). Imagine I write a trivial quadruped controller and want to draw attention to it, so I name it anymal_control. There is (AFAIK) no technical obstacle for me doing so. But I think this would not go through the rosdistro PR part.

1 Like

Apart from ROS Enhancement Proposals the company may also hold a trademark on their name (most do), which may allow them to bar you from certain usages of their name if they care to do so.

1 Like

In the spirit of open-source, collaborating with the 3rd party developer(s) might be the smoothest experience for everyone.

I’d personally be absolutely thrilled if the manufacturer of whatever device I’d made a community supported driver for reached out to me and suggested to take over maintenance and/or setup a collaboration. Shows recognition of the effort and might even provide a smooth migration/upgrade path for company’s users.

There are a few successful examples of this in the ROS community.

(Edit: but I guess such a smooth/low effort merge/continuation isn’t going to happen in your case: ros/rosdistro#38415).

certain uses, yes.

But seeing as there’s virtually no other way than to use A’s name in these cases (ie: naming a package / software artefact with the purpose of indicating its compatibility with a device/product of A), I’d suspect use of a name for identification purposes only would not be problematic and fall under fair use – provided of course the 3rd party driver/package does not claim to be an official product or maintained/created by A itself.

IANAL of course.

1 Like