(I'm not a lawyer.) This might be a small matter of a misunderstanding, straightened out easily, with everyone happy. Corporate lawyers and HR are just doing their job, which is protecting the company's interests, which includes not giving away anything, and trying to keep the upper hand. This posture might seem scary. You need to straighten this out, preferably in a collegial fashion, but don't panic.

Talk with your manager some more, see how much s/he can help you fix this with the company. This might be getting the OK for open source work (future, and retroactive), or it might be only getting you a pass for a past misunderstanding.

If manager decides to make a case for the company supporting/tolerating open source contributions, s/he might sell it as a way to improve employee morale, enhance the reputation of the company for recruiting, improve customer goodwill/reputation for open source savvy, get free open source labor from others on software the company can use internally, or something like that.

You might find it reassuring to consult your own lawyer. Your own lawyer might have a very different perspective on some key things (e.g., reasonable personal accommodations while traveling on business), but hopefully it won't be necessary to debate the matters. If someone asks you to sign something, or your gut says you've been targeted for termination and/or legal action, consult your own lawyer.

Regardless of how that turns out, you might also need to give the leadership of the open source project(s) a heads-up on the status of your contributions, in a timely manner. They might need consider when they need to do anything now, to minimize headaches for anyone.

Not a lawyer but if you have signed a contract that clearly binds any development you do in your work laptop to your company you work for.

It is not a breach of contract but you have given intelectual property of any software you coded in your laptop.

I suppose you can speak with your manager and the legal team and ask them to release the code you coded with a license compatible with the project you collaborated. If the focus of that project is different from the focus/market of the company you can talk them into this and make them accept a once-in-a-lifetime exception.

Good luck!

If you have signed a contract saying that anything you do on their laptop is their property and then you go and distribute that publicly then you are probably violating the confidentiality parts of your contract.

Personally, I would never do "personal" projects (i.e. where I expect to own the IP) on a work machine - it's not worth the risk.

I tend to agree, and I think technically I am liable to get fired. What I would like to understand is the kind of problem this could cause for the open source project I hypothetically contributed to this way.

Can they claim ownership of my code, request it removed, cause any kind of problem or nuisance to the maintainers?

I would think "yes", "yes" and "yes" to all three of those questions.

You don't want to give anyone an excuse to start invoking lawyers.

You could ask for explicit permission - but there is a good chance (based on my own corporate experiences) that even asking would cause a lot of grief.

I agree. In general the risk of enterprise code and/or informations leaking out would be high when using a single device for both. And even if you're doing everything perfectly and implement an algorithm for the external project and then anytime later you end up reusing it for some internal enterprise project you and the external project might end up having a lot of problems when trying to demonstrate the timeline (best case scenario assuming that hte external project is ok sharing its code with the company you're working for).

All in all too much potential trouble, I would definitely not recommend sharing a single device.

The lawyers think differently than engineers. Get yourself a lawyer and try to sort things out. Your further contribution does more damage to the open source project than good.

I would ask your manager, and have it run by legal.

I did.

My manager had no issue with it, but legal has been nothing other than ambiguous regarding the consequences faced by the open source project and its maintainers.

They are very clear about how I should not be doing it in the first place (of which I am very aware of, and which is not what I am asking).

They probably have to be ambiguous. We're talking about civil law here, not criminal, so there are no black and white statutes to say what would happen. If it went to court, the actual lawyers would look into legal precedence, argue over what is reasonable, and other lawyerly things. So the attorneys probably don't know the answer either. All they can do is CYA and say don't do it... which is exactly what they did.

Manager, yes.

Legal, no way. Never talk to legal or HR about these sort of stuff.

Get approval from legal, they probably don't care, they just want to make sure everything is square.

Assuming you have a reasonable company and you aren't infringing on any IP or trade secrets, you're probably fine and will get approval. The main thing here is that they don't want an employee releasing something that conflicts with the interests of the business.

People tend to over-inflate these myths and have never actually spoken with company council on the matter.

Some companies even consider all work you do during working hours (regardless of the device you use) as their IP and I've even had a contract that stated that any work I do inside or outside office ours is considered IP of the company unless I have explicit approval of my manager (an email saying it's OK I work on my own open-source projects).

So just check with your manager/HR what the rules are.

I nearly didn't take a job because of that "everything you do is ours clause" fortunately they accepted striking it out.

Often it's not bad intent but just defaulting in their favor because of previous experiences or precaution. Never hurts to ask them to change it indeed.

Yep and their willingness to let me strike it out was a good indicator that'd we'd likely get along.

Would it help if you used your own VPN account to remote via SSH in to a server you personally pay for and control (Linode, DigitalOcean, whatever) to do the work on the server directly, whether in terminal or tunneled through SSH via Remote Desktop? Technically, you are not local on your work laptop. This might just make it worse?

Don't do this.

Would using somerhing like VNC (to a computer or server that you own) be considered a loophole ?

You're still using the company laptop. Typing on it, using its CPU (even if just to sustain the VNC connection and process user input).

Taken to the extreme, he might do that in a hotel room, which is paid for by his employer.

In the case SHTF event, the lawyers can go as deep as they need, and how deep then need to go is directly related to the importance of the issue.

Don't even suggest that anything non-work related could be made on anything even remotely paid by the company. Always with your property, on your dime.

Nope, don't do it without reading your contract.

Your company may own any intellectual property you create on company time, whether it's done on a company laptop or not...other companies claim ownership of anything created while you're employed by the company.

TL:DR Release your code under a pseudonym, and don't use your company laptop.

I'd say, Don't do.

Don't ask, Don't tell; only works if they don't monitor your environment. Even then, they might ask you and then you have to lie.