... it's way beyond time to worry about your performance review. If the PHB would really retaliate for your contributions to OSS, he would do it regardless of the legality of it. So the only possible option is for him to not know about it.

If you're writing something that is for both personal and work use, then you probably shouldn't be GPL-ing it anyway; BSD seems more appropriate. But even then, you would clearly be into the realm of things your employment contract rightly should cover.

So it seems to me the best course[1] would be to assign license in the work to the EFF[2] on its first release, with yourself listed as project maintainer. You would receive just as much of the credit as if were licensed to you.

The potential downside to this is that the exposure would not be to the code but to yourself personally. While the code would be protected, you would not be. Of course, you would then be facing the same situation as if you contributed to someone else's project, so I suspect it would be a much harder case for them to make.

[1] Not that it helps Ben at this point.

[2] Or other orgainization you trust.