This reads like an old lady harping over nothing consequence. Did the author of TFA try to contact the Gentoo folks about this discrepancy before writing this incendiary blog post assuming negative/incompetent/ignorant intent? People are doing their level best to be respectful of other's wishes, but it's tough to account for every edge case.
Is the author of the unlicensed code upset? It doesn't seem so.
Why not be part of the solution?
Oh wait, being part of the solution doesn't generate attention.
How I read it: The author is surprised that when packaging their program for Gentoo; they discovered (while following the licensing guidelines) that there was a dependency in their chain that had no license, which makes the result not open source.
Gentoos packaging guidelines aren't arbitrary when it comes to licensing, they're precisely right that statically linked binaries are licensed with _all_ dependencies, so any distro shipping his program is doing so illegally. Technically.
I read it the same way as dijit. I would also add that it’s an interesting view into how licensing is supposed to be declared in modern Linux distributions and what happens when that breaks a little bit. I‘be only lightly used Linux since somewhere around 2002, mostly Raspbian, so it may not be as interesting to others?
To add, as the article says, the GH issue[0] was posted on Dec 18, 2020 by Norwin @noerw who is a member of the Gitea GitHub organization[1], so Gitea is definitely well-intentioned on clarifying the license of code it uses.
RE: the N/A in ripgrep dependencies specifically, it's a little clearer on my machine (newer version of cargo-license maybe?). Slightly complicated but still above board https://github.com/hsivonen/encoding_rs#licensing
While there is legitimate variation in how jurisdictions will treat a public domain dedication (e.g. wrt rights which can be relinquished vs can't be relinquished vs must be explicitly forgone, which a public domain dedication doesn't necessarily achieve), realistically (a) you're pretty unlikely to get sued by someone who tried to dedicate their thing to the public domain (b) the intersection of "jurisdictions that will read a foreign litigant's public domain dedication as All rights reserved" and "jurisdictions whose opinions anyone particularly cares about" is approximately empty.
While the OSI doesn't particularly like the Unlicense, they say
> There was some discussion about the legal effectiveness of the document, in particular how it would operate in a jurisdiction where one cannot dedicate a work to the public domain. The lawyers who opined on the issue, both US and non-US, agreed that the document would most likely be interpreted as a license and that the license met the OSD.
And for that reason, the Unlicense is an approved open source license.
Do you have any references? That doesn’t sound true.
From dictionary.law.com:
illegal
adj. in violation of statute, regulation or ordinance, which may be criminal or merely not in conformity. Thus, an armed robbery is illegal, and so is an access road which is narrower than the county allows, but the violation is not criminal.
unlawful
adj. referring to any action which is in violation of a statute, federal or state constitution, or established legal precedents
I believe speeding tickets are generally civil summary offenses. Criminal summary offenses are apparently even called "non-traffic summary offenses" in some places to distinguish them. Every speeding ticket I've ever gotten specifically noted that it was a civil infraction. When a police error resulted a summons for attaching license plates to a car they weren't registered to, the ticket in the mail specifically said it was a criminal infraction.
In Texas traffic tickets are criminal offenses, generally class C misdemeanors. I don't think we're unique in that, either. For this reason many questions baout crimes you may have committed will ask "other than misdemeanor traffic offenses" or such...
I'm not sure if you mean in this specific case or in general, but in general, copyright infringement certainly can be criminal. Willful infringement for purposes of commercial advantage or private financial gain, for example, is a criminal offense in the United States (17 USC 506).
You make it sound like copyright infringement is never a crime, when that isn't true at all. 18 U.S.C. § 2319.
Now, the commercial use or intent of the software in question isn't analyzed in the OP (or in your comment) and I haven't dug into it. In this particular case it may or may not meet the elements of the five-year federal felony. But your comment is far too quick to dismiss the possibility.
(Additionally, as a sibling comment pointed out, the word "illegal" doesn't always necessarily mean "criminal.")
I can think of at least a few individuals who might support the idea that US jurisdiction is either the only jurisdiction that matters, or at least covers the 90% of the Earth at minimum.
Let's see:
1. Kim DotCom
2. Julian Assange
3. Edward Snowden
4. Henry Kissinger
5. Meng Wanzhou
The list goes on I imagine, those are just the notable ones from my lifetime.
It's still early to tell but we may have to add Aleksey Pertsev to this list :/
> 3. Edward Snowden
U.S. citizen being hunted for acts committed on US soil so as terrible as prosecuting them is, I don't see how it's relevant here.
Other than that, yes, my point is we should not be normalizing and shrugging this off as "the way things are". Individuals and businesses are doing right in taking this into their risk-calculations but that does not make it lawful or constitutional even when local governments or LE are complicit.
Not everyone are as aware of this as you and I and comments like GP frame this in a deceptive way for those who aren't. If done deliberately and under certain other circumstances I'd even call it propaganda (not saying that's what GP is intending to do but one can both speak truth and have good intentions while still spreading propaganda).
Giving one counterexample is sufficient to refute a categorical rule.
Additionally, the fact that the code in question is hosted on GitHub (U.S.), a site owned by Microsoft (U.S.), and specifically how it came to be in Debian (U.S.) (started by Ian Murdock (U.S.) and assets held by Software in the Public Interest, Inc. (U.S.)) makes the U.S. an appropriate counterexample.
Russia (home of the author of the software in question, Stanislav Seletskiy) would also be an appropriate counterexample. Russia also criminalizes copyright infringement under some circumstances.
Both the U.S. and Russia serve as counterexamples to the idea that an action that "violates the rights of the copyright holder" is therefore "not a crime."
I was neither "deceptive" nor pushing "propaganda." Your anti-U.S. tirade and personal attacks on me are entirely off-topic.
> Additionally, the fact that the code in question is hosted on GitHub (U.S.), a site owned by Microsoft (U.S.), and specifically how it came to be in Debian (U.S.) (started by Ian Murdock (U.S.) and assets held by Software in the Public Interest, Inc. (U.S.)) makes the U.S. an appropriate counterexample.
That is indeed useful context and answers my question. My snark in the original still stands as it happens elsewhere on HN regularly. In some cases it may be an assumption on the commenter that anyone English-speaking is American, everything else is an exception and should be stated as such. It's obvious to see how that occurs spontaneously but it's not healthy or inclusive. Much like heteronormativity.
Personal attacks? Tirade? Come on, I already explicitly mentioned I am not implying bad faith on your part. Neither am I saying you are deceptive, just that your original comment had a deceptive framing, intentional or not. Frankly I'm not sure "deceptive" is really the best word here but nothing better really comes up without starting to write paragraphs. But here we are.
I don't have any beef with you or the US per se. I just want some autonomy and human rights for myself and others. Maybe even a fair and equal society. I am a firm believer that language plays a big part in shaping our view of reality, not only vice versa. I appreciate when others call me out in a similar way - we all have our blind spots.
You're talking to Americans on an American website about how bad you think America is, and nobody is threatening to send your relatives to Xinjiang for it, so I feel pretty confident your human rights aren't being violated.
Yes, because there is an extradition treaty with Canada. The problem seems to me the unequal application of the law, since there are many companies that did the same and were not prosecuted.
I feel as though you are proving my point: US jurisdiction covers most of the world. I'll grant you China isn't going to extradite one of their own citizens to the US, but they'd probably extradite a European without hesitation.
Just because statute says something is wrong doesn’t make the act criminal automatically.
For anything to be criminal there either has to be intent or the crime should be strict liability tort where intent does not matter.
It is arguable whether copyright infringement is strict liability tort in practice or not - there are arguments on both sides, so context of the particular case or similar cases that can set precedence matters .
So I wouldn’t be quick to just to say even say illegal let alone criminal.
Maybe, umm, don't depend on auto-detection tools as the ultimate source of whether something is appropriately licensed or not? encoding_rs is clearly licensed, otherwise I wouldn't have used it in ripgrep: https://github.com/hsivonen/encoding_rs
Take it up with the auto-detection tools. Or at least do your due diligence before claiming ripgrep is using "unlicensed" code.
The Debian copyright notice is correct for ripgrep.
The encoding part is one concern, but what about ryu? Is “Apache-2.0 OR BSL-1.0” not accurate? Neither of those showed up in the grep for license lines?
Sure, BSL is an obviously free license that is basically just a wording variant of MIT, but it is not showing up in that grep. Note: I’ve not actually read the copyright file, So perhaps It is clearly accounted for there, but is just not formatted in a way that the grep query used can find it.
I have verified that ryu is a dependency of json_serde, which is a dependency of ripgrep. Apache-2.0 OR BSL-1.0 is indeed the correct license for ryu.
It is not included in the Debian copyright file. I suppose this is because the library is not included in the source package, and the BSL does not mandate notice preservation for a binary output. And Debian policy for the copyright file is that only notices or info that must be preserved are required to be present in the file.
Funny, I initially thought that BSL was the infamous Business Source License, a proprietary source-available license with an automatic switch to (usually) Apache 2.0 four years after each release. But no, it was the Boost Software License.
This makes me wonder: has any judge ruled in favor of a plaintiff seeking compensation from people that used or redistributed software that he published on the internet for free without any copyright notice or disclaimer?
I was thinking the same. It being published on GitHub makes it especially difficult to claim damages for reuse, as I think it’s fair to say the very act of publishing to GitHub implies a desire to share the code.
The real issue would be if the author decides they want to close source it later, updates the license, and then demands everyone stop using it.
> the very act of publishing to GitHub implies a desire to share the code.
No. Thats like saying the very act of sharing pictures online implies you want someone else to use them, or that printing your book and selling it somehow implies you want the world to copy it.
You share on GitHub because its a source control platform, and your code may be interesting to others. This does NOT mean that you are okay with someone taking the code and using it in their (potentially commercial) program.
That is NOT implied, and thats why licenses exist. You could even argue that, as GitHub has license detection etc. built in, sharing and reading code there should mean you are aware of licensing.
> No. Thats like saying the very act of sharing pictures online implies you want someone else to use them, or that printing your book and selling it somehow implies you want the world to copy it.
Please explain how you are viewing this unlicensed reply without downloading it.
> You share on GitHub because its a source control platform, and your code may be interesting to others. This does NOT mean that you are okay with someone taking the code and using it in their (potentially commercial) program.
Please explain how HN is not taking my unlicensed reply and using it in their commercial HTML code sent to your web browser.
> Please explain how HN is not taking my unlicensed reply and using it in their commercial HTML code sent to your web browser
Nothing unlicensed about your reply. From HN's Terms of Use:
> By uploading any User Content you hereby grant and will grant Y Combinator and its affiliated companies a nonexclusive, worldwide, royalty free, fully paid up, transferable, sublicensable, perpetual, irrevocable license to copy, display, upload, perform, distribute, store, modify and otherwise use your User Content for any Y Combinator-related purpose in any form, medium or technology now known or later developed
Yes a standard agreement such as that is expected and customary, and they have it for good reasons. However it is not strictly required in order to make use of user-submitted content.
Also as I have pointed out in other comments, this is a contract, and as such there are quite a few reasons that a contract like this might not be binding. One major weakness is its semblance to a "click through agreement". An agreement hidden in the footer of a website or in the fine print on a registration page is even more subtle than that and it's entirely possible build a case against implicit agreements that automatically kick in through mere use of a web service. There is considerable case law devoted to this and it's gone both ways - depending on the specific facts of the case, who makes the better argument, and the disposition of the judge.
By uploading code to GitHub, you actually agree to certain terms which imply some level of sharing. You allow forking, and you allow any GitHub user to fork, reproduce and modify your code on GitHub.
Now, obviously, that doesn't necessarily imply that you grant the user the right to do the same outside of GitHub.
Uh, what. Just because something is available for public viewing does NOT mean you have an unlimited right to reproduce and/or modify that work in any way. In fact, in much of the Western world, the creator of anything and everything is automatically granted complete ownership and control over their work, and publishing it does NOT grant any rights to that work beyond viewing it. This applies to code, pictures, books/stories, videos, etc.
The Amazon package was on the front porch for like two hours... There was nothing that said it wasn't available to anyone outside the house. It's like they wanted us to take it.
A work with no license file is private by default, even if you can see it.
They’re not wrong. In countries with implicit copyright (those following TRIPS[0]), barring any license to the contrary, you have no right to the copyrighted work published online. In other words, unlicensed code is “all rights reserved, no exceptions.”
There are numerous rights and exceptions. Which exceptions apply vary by country and I can't speak for all countries, but virtually nothing in copyright law is strictly without exception. Unsurprisingly there's no shortage of people eager to convince you otherwise.
As an aside it is very strange that so many people derive their understanding of copyright law from various international treaties. These very rarely come into play in actual U.S. copyright cases and have little influence over the way courts interpret the law.
More like the Amazon package was left, opened, near the neighborhood book sharing drop where people customarily leave things to be taken for free.
A person should be able to recover that package, law enforcement might help recover the package, but it is unlikely a DA would prosecute for theft, and it would be very difficult to win damages if recovered.
The title feels very cheesy and reeks of clickbait. The fact that it claims the distribution of the program is illegal, and then rushes in with "I am not a lawyer." to signal uncertainty, does not leave a very good taste in my mouth.
This saying is generally best-practice to CYA in case anyone reading the statement thinks you might be giving them actual legal advice [0] - although for something as benign as this, it might be overkill.
> Can someone please tell me what the fuck is going on with licensing because I am losing my goddamn mind.
This seems like a storm in a tea cup to me. Distros are made of thousands of packages. The maintainers are supposed to get the license details correct but sometimes humans error. When these errors get buried deep into things and no one is auditing them, they go unnoticed. No need for anyone to lose their mind over that. It's life.
A lot of people had relaxed attitude towards licensing text. Then SCO came a long, partially funded by Microsoft and threatened everyone using Linux due to alleged licensing issues. This was a major issue.
Just as described, the problem was raised and then fixed.
Now let's assume someone like Oracle goes and acquires 1000 unlicensed tiny open source projects, just to be a dick, and closes their source and begins copyright trolling. Here's what happens: people switch off of those projects. I'm not trying to diminish the usefulness of godiff; it is useful! But it's not literally irreplaceable; there may even already be other options in the ecosystem, and if there's not, it's not something that can't be removed temporarily, and replaced long-term.
This blog post is a little alarmist IMO, but people who do this kind of sleuthing are doing a service to the open source community, because yes, issues like this can just be mitigated.
Where and how would this be illegal? Besides "it seems like it should be". I'm not aware of any precedence or regulation here and would appreciate links if anyone else is.
> So, to recap, we’ve got distributions of a go package that includes entirely unlicensed code, which I will remind you does NOT mean you get to just use it because you feel like it.
It also does not automatically mean you do not get to use it. It may be illegal and it may not be, depending on multiple factors. It's prudent to be conservative and require proper licenses like the policies of the distributions state but that does not make it illegal. What's considered "fair use" and what that entails differs a lot from place to place.
I'm fairly certain that even in jurisdictions where stuff like this would be problematic, a judge or jury would not rule guilty. Intent matters. Now, if the copyright holder contacted the distributions, made them aware of the situation, and asked them to stop distributing it or amend the license situation, and the distributions don't comply in a timely manner, that would be a completely different story.
IANAL anyway and I fully agree slip-ups like these are not a good look and should all be addressed but I have a strong hunch that the main claim in OP is false.
Some distributions take this more seriously than others. Debian, historically, is the largest stickler about this. I've had to delay packaging things for licensing problems[1], written 1000+ line d/copyright files[2], etc. Not all distributions will take the investigations that seriously.
I'm not saying that Debian always gets it right either! Just, there's an emphasis on doing so.
On the other hand, once Debian does due diligence, people can link up the findings on discussions of other distros. Most distros don't care about investigating those issues, but most distros also don't want to distribute code with clear legal issues.
Also it's usually pretty straightforward to solve most of those problems. Cease distribution and contact the authors, and if they are unresponsive either replace the troublesome code (if it's trivial), or patch the program to not use the code (if it's not the main thing the program is about), or give up packaging the program in the official repositories.
Anything unlicensed should be treated as coming with a permissive license. If you care so much about protecting your IP, take the effort to write up a license or make it proprietary.
I am aware that is not how it is now, but in my opinion that is how it should be.
While I might agree that it would be nice that code without a license was public domain, that's most certainly not the legal situation we have right now. If there's no license, you can't redistribute it at all.
You almost certainly do not want to have this, because countries like Germany have very strict copyright law. Youd end up having to check which law applies, from which country, etc.
Funny they specifically point to Gentoo. Gentoo, organizations hosting mirrors, and users are probably least likely of all to be affected by such a situation (binhosts aside) as gentoo only distributes the verbatim source for which the uploader (assuming same as copyright holder) has granted an implied license by way of publishing their work to github. It would be very difficult to claw back their intent to offer the code for public use given the context of a forum principally devoted to collaborative development of open-source works.
Also no clue why the author believes static linking or any technical means of linkage of the compiled binaries would be in any way relevant to distribution of the unlicensed source code. No doubt all of this work is unregistered too. Have fun arguing for actual damages caused by a clearly deliberate publishing and distribution of an unregistered work.
> We need the legal right to do things like host Your Content, publish it, and share it. You grant us and our legal successors the right to store, archive, parse, and display Your Content, and make incidental copies, as necessary to provide the Service, including improving the Service over time. This license includes the right to do things like copy it to our database and make backups; show it to you and other users; parse it into a search index or otherwise analyze it on our servers; share it with other users; and perform it, in case Your Content is something like music or video.
> This license does not grant GitHub the right to sell Your Content. It also does not grant GitHub the right to otherwise distribute or use Your Content outside of our provision of the Service, except that as part of the right to archive Your Content, GitHub may permit our partners to store and archive Your Content in public repositories in connection with the GitHub Arctic Code Vault and GitHub Archive Program.
Unfortunately this implied license is only granted to Github itself. Maybe this could work if Github created their own version of Gentoo though.
That is a contract, not a license. Or more accurately it's a contract with a copyright license embedded within its terms. This is an agreement with github to grant it an explicit license. Implied license is an implicit license. It may exist irrespective to any such agreements. Its implicit creation is an affirmative defense determined entirely by other factors and context.
The bar for this as a defense can be quite high, as it requires a clear intention to license the work as determined by a judge or jury.
Independent to the implied license doctrine there exists doctrine which governs mirroring, caching, and transferring of that content by 3rd parties and intermediaries. The combination of these is largely what makes sharing anything on the internet in lieu of licenses possible.
"user agreements" or "terms of use" are contracts that are essentially a redundant measure that gives parties like github much stronger protection, so that it doesn't have to rely upon any risky affirmative defense tactics that require meeting high legal thresholds.
Not in legal terms it doesn't. In the absence of a licence, a copyrighted work may not be distributed in any way. So you could theoretically sue those hobbyists.
Just bite the bullet and pick any of the common licenses. Sounds like you'd want one of CC-*-NC or perhaps AGPL.
Except no hobbyist seems to worry about such things.
Occasionally I get messages asking me about the license, and I usually reply to them asking what they want to do/build and then I give them permission for whatever it is they want to make (for free).
> Except no hobbyist seems to worry about such things.
The hobbyists that you know or have contacted you don't seem to worry about these things. I can assure you this hobbyist takes licensing very seriously, and I'm not the only one. I may at some point want to distribute my work, and having a dependency without a license makes that pretty much impossible.
I don't think that's helpful, because that's just not how licenses work. Please at least add that sentence to the repo then.
Unless your definition of "hobbyist playing around with it" also includes "oh, I accidentally made something useful which uses your code, but now I have to rewrite it because I can't in turn use a useful license".
It's the ultimate "contagious" license, and it doesn't waste the petabytes of disk space that are by now certainly taken up by copies of GPL-version-whatever!
To really make a point, one could include an empty file for the license (and code of conduct as well).
I'm a big fan of being overcommunicative in this regard. I'd hazard a guess that 9 out of 10 people with small code repos without a license have not bothered, or forgot, or didn't know and 1 or less out of 10 want to convey an active non-license (All rights reserved?) as the parent commenter, that's why I am in favor of spelling that out explicitly.
Personal opinion of how useful toy code that you can look at but not use or even let you be inspired from is notwithstanding, but I'm not trying to argue here.
The legal rules of licensing and copyright are basically a pita for everyone and nearly impossible to apply them at scale.
So everyone in this field, IP holders and users have all tacitly agreed on a social contract that is quite different from the reality of the law.
This small niche of society is small enough and poor enough that the law have not had to catch up to it yet.
This is a ... typical thing to happen. If it grows big enough, the law may catch up. Or the social contract may have to catch up. Or more probably a mix. This is usually painful.
Consider that Free and Open Source Licences are kind of a hack to paper over that gap. It has been enough so far to keep the two worlds from colliding too hard. But it is a fundamentally limited way to bridge it.
In my judgment, the problem has been overstated.
At the very least, with the 'tea,' it could be easily resolved by contacting me directly via e-mail, as mentioned in my GitHub profile.
I never intended for this code to be used by anyone else (there is no even a README file).
But I'm delighted it helped someone attain their goals.
109 comments
[ 4.3 ms ] story [ 98.5 ms ] threadIn all seriousness, Comic Sans is actually a great font for people with dyslexia, because the unique shapes make it easier to distinguish letters.
http://omgfacts.com/comic-sans-helps-people-with-dyslexia/
(a font like Open Dyslexic is probably even better https://opendyslexic.org/ but I guess it's a matter of taste and familiarity)
Is the author of the unlicensed code upset? It doesn't seem so. Why not be part of the solution? Oh wait, being part of the solution doesn't generate attention.
Thanks for posting this, xena.
How I read it: The author is surprised that when packaging their program for Gentoo; they discovered (while following the licensing guidelines) that there was a dependency in their chain that had no license, which makes the result not open source.
Gentoos packaging guidelines aren't arbitrary when it comes to licensing, they're precisely right that statically linked binaries are licensed with _all_ dependencies, so any distro shipping his program is doing so illegally. Technically.
I read it more of a "oh shit, I just discovered this issue in code I was packaging; maybe you, reader, have the same issue in your code!"
0: https://github.com/seletskiy/godiff/issues/4
1: https://github.com/orgs/go-gitea/people?query=noerw
[1] http://www.paulgraham.com/disagree.html
> Custom License File (1): encoding_rs
It's much easier to just use MIT, which is functionally the same, but in legal terms you are granting a perpetual license that can't be revoked.
> There was some discussion about the legal effectiveness of the document, in particular how it would operate in a jurisdiction where one cannot dedicate a work to the public domain. The lawyers who opined on the issue, both US and non-US, agreed that the document would most likely be interpreted as a license and that the license met the OSD.
And for that reason, the Unlicense is an approved open source license.
https://lists.opensource.org/pipermail/license-review_lists....
From dictionary.law.com:
illegal
adj. in violation of statute, regulation or ordinance, which may be criminal or merely not in conformity. Thus, an armed robbery is illegal, and so is an access road which is narrower than the county allows, but the violation is not criminal.
unlawful
adj. referring to any action which is in violation of a statute, federal or state constitution, or established legal precedents
Now, the commercial use or intent of the software in question isn't analyzed in the OP (or in your comment) and I haven't dug into it. In this particular case it may or may not meet the elements of the five-year federal felony. But your comment is far too quick to dismiss the possibility.
(Additionally, as a sibling comment pointed out, the word "illegal" doesn't always necessarily mean "criminal.")
I know the US is trying (and often getting away with) unilaterally setting rules on the global stage but let's try to not play along.
Let's see:
1. Kim DotCom 2. Julian Assange 3. Edward Snowden 4. Henry Kissinger 5. Meng Wanzhou
The list goes on I imagine, those are just the notable ones from my lifetime.
It's still early to tell but we may have to add Aleksey Pertsev to this list :/
> 3. Edward Snowden
U.S. citizen being hunted for acts committed on US soil so as terrible as prosecuting them is, I don't see how it's relevant here.
Other than that, yes, my point is we should not be normalizing and shrugging this off as "the way things are". Individuals and businesses are doing right in taking this into their risk-calculations but that does not make it lawful or constitutional even when local governments or LE are complicit.
Not everyone are as aware of this as you and I and comments like GP frame this in a deceptive way for those who aren't. If done deliberately and under certain other circumstances I'd even call it propaganda (not saying that's what GP is intending to do but one can both speak truth and have good intentions while still spreading propaganda).
Additionally, the fact that the code in question is hosted on GitHub (U.S.), a site owned by Microsoft (U.S.), and specifically how it came to be in Debian (U.S.) (started by Ian Murdock (U.S.) and assets held by Software in the Public Interest, Inc. (U.S.)) makes the U.S. an appropriate counterexample.
Russia (home of the author of the software in question, Stanislav Seletskiy) would also be an appropriate counterexample. Russia also criminalizes copyright infringement under some circumstances.
Both the U.S. and Russia serve as counterexamples to the idea that an action that "violates the rights of the copyright holder" is therefore "not a crime."
I was neither "deceptive" nor pushing "propaganda." Your anti-U.S. tirade and personal attacks on me are entirely off-topic.
That is indeed useful context and answers my question. My snark in the original still stands as it happens elsewhere on HN regularly. In some cases it may be an assumption on the commenter that anyone English-speaking is American, everything else is an exception and should be stated as such. It's obvious to see how that occurs spontaneously but it's not healthy or inclusive. Much like heteronormativity.
Personal attacks? Tirade? Come on, I already explicitly mentioned I am not implying bad faith on your part. Neither am I saying you are deceptive, just that your original comment had a deceptive framing, intentional or not. Frankly I'm not sure "deceptive" is really the best word here but nothing better really comes up without starting to write paragraphs. But here we are.
I don't have any beef with you or the US per se. I just want some autonomy and human rights for myself and others. Maybe even a fair and equal society. I am a firm believer that language plays a big part in shaping our view of reality, not only vice versa. I appreciate when others call me out in a similar way - we all have our blind spots.
You're talking to Americans on an American website about how bad you think America is, and nobody is threatening to send your relatives to Xinjiang for it, so I feel pretty confident your human rights aren't being violated.
https://en.wikipedia.org/wiki/Evo_Morales_grounding_incident
But many other did the same without any consequences so this might be a selective application of the law.
But the case itself seems pretty open and shut.
For anything to be criminal there either has to be intent or the crime should be strict liability tort where intent does not matter.
It is arguable whether copyright infringement is strict liability tort in practice or not - there are arguments on both sides, so context of the particular case or similar cases that can set precedence matters .
So I wouldn’t be quick to just to say even say illegal let alone criminal.
Modern copyright infringement has both civil and criminal components[2]
So yes an action can be both a tort and crime under the same law even.
[1] https://www.law.cornell.edu/wex/strict_liability
[2] https://en.m.wikipedia.org/wiki/Criminal_copyright_law_in_th...
Yes, it's a joke and it's funny when several companies, including Google [1] are very scared of that license.
[1] https://opensource.google/documentation/reference/using/agpl...
Maybe, umm, don't depend on auto-detection tools as the ultimate source of whether something is appropriately licensed or not? encoding_rs is clearly licensed, otherwise I wouldn't have used it in ripgrep: https://github.com/hsivonen/encoding_rs
Take it up with the auto-detection tools. Or at least do your due diligence before claiming ripgrep is using "unlicensed" code.
The Debian copyright notice is correct for ripgrep.
Sure, BSL is an obviously free license that is basically just a wording variant of MIT, but it is not showing up in that grep. Note: I’ve not actually read the copyright file, So perhaps It is clearly accounted for there, but is just not formatted in a way that the grep query used can find it.
It is not included in the Debian copyright file. I suppose this is because the library is not included in the source package, and the BSL does not mandate notice preservation for a binary output. And Debian policy for the copyright file is that only notices or info that must be preserved are required to be present in the file.
https://spdx.org/licenses/BSL-1.0.html
https://spdx.org/licenses/BUSL-1.1.html
The real issue would be if the author decides they want to close source it later, updates the license, and then demands everyone stop using it.
No. Thats like saying the very act of sharing pictures online implies you want someone else to use them, or that printing your book and selling it somehow implies you want the world to copy it.
You share on GitHub because its a source control platform, and your code may be interesting to others. This does NOT mean that you are okay with someone taking the code and using it in their (potentially commercial) program.
That is NOT implied, and thats why licenses exist. You could even argue that, as GitHub has license detection etc. built in, sharing and reading code there should mean you are aware of licensing.
Please explain how you are viewing this unlicensed reply without downloading it.
> You share on GitHub because its a source control platform, and your code may be interesting to others. This does NOT mean that you are okay with someone taking the code and using it in their (potentially commercial) program.
Please explain how HN is not taking my unlicensed reply and using it in their commercial HTML code sent to your web browser.
Nothing unlicensed about your reply. From HN's Terms of Use:
> By uploading any User Content you hereby grant and will grant Y Combinator and its affiliated companies a nonexclusive, worldwide, royalty free, fully paid up, transferable, sublicensable, perpetual, irrevocable license to copy, display, upload, perform, distribute, store, modify and otherwise use your User Content for any Y Combinator-related purpose in any form, medium or technology now known or later developed
Also as I have pointed out in other comments, this is a contract, and as such there are quite a few reasons that a contract like this might not be binding. One major weakness is its semblance to a "click through agreement". An agreement hidden in the footer of a website or in the fine print on a registration page is even more subtle than that and it's entirely possible build a case against implicit agreements that automatically kick in through mere use of a web service. There is considerable case law devoted to this and it's gone both ways - depending on the specific facts of the case, who makes the better argument, and the disposition of the judge.
Now, obviously, that doesn't necessarily imply that you grant the user the right to do the same outside of GitHub.
A work with no license file is private by default, even if you can see it.
[0]: TRIPS Article 9 Section 1: https://en.wikisource.org/wiki/Agreement_on_Trade-Related_As...
As an aside it is very strange that so many people derive their understanding of copyright law from various international treaties. These very rarely come into play in actual U.S. copyright cases and have little influence over the way courts interpret the law.
A person should be able to recover that package, law enforcement might help recover the package, but it is unlikely a DA would prosecute for theft, and it would be very difficult to win damages if recovered.
better license too!
0: https://en.wikipedia.org/wiki/IANAL
This seems like a storm in a tea cup to me. Distros are made of thousands of packages. The maintainers are supposed to get the license details correct but sometimes humans error. When these errors get buried deep into things and no one is auditing them, they go unnoticed. No need for anyone to lose their mind over that. It's life.
A lot of people had relaxed attitude towards licensing text. Then SCO came a long, partially funded by Microsoft and threatened everyone using Linux due to alleged licensing issues. This was a major issue.
https://en.m.wikipedia.org/wiki/SCO%E2%80%93Linux_disputes
There is absolutely no reason to take that lightly. Yes it might turn into absolutely nothing.
What happens if years down the line someone like Oracle acquires code that 1000s of projects depend on?
https://github.com/seletskiy/godiff/commit/865648740d705a24a...
Just as described, the problem was raised and then fixed.
Now let's assume someone like Oracle goes and acquires 1000 unlicensed tiny open source projects, just to be a dick, and closes their source and begins copyright trolling. Here's what happens: people switch off of those projects. I'm not trying to diminish the usefulness of godiff; it is useful! But it's not literally irreplaceable; there may even already be other options in the ecosystem, and if there's not, it's not something that can't be removed temporarily, and replaced long-term.
This blog post is a little alarmist IMO, but people who do this kind of sleuthing are doing a service to the open source community, because yes, issues like this can just be mitigated.
> So, to recap, we’ve got distributions of a go package that includes entirely unlicensed code, which I will remind you does NOT mean you get to just use it because you feel like it.
It also does not automatically mean you do not get to use it. It may be illegal and it may not be, depending on multiple factors. It's prudent to be conservative and require proper licenses like the policies of the distributions state but that does not make it illegal. What's considered "fair use" and what that entails differs a lot from place to place.
I'm fairly certain that even in jurisdictions where stuff like this would be problematic, a judge or jury would not rule guilty. Intent matters. Now, if the copyright holder contacted the distributions, made them aware of the situation, and asked them to stop distributing it or amend the license situation, and the distributions don't comply in a timely manner, that would be a completely different story.
IANAL anyway and I fully agree slip-ups like these are not a good look and should all be addressed but I have a strong hunch that the main claim in OP is false.
I'm not saying that Debian always gets it right either! Just, there's an emphasis on doing so.
[1]: https://github.com/openstenoproject/plover/issues/560 [2]: https://metadata.ftp-master.debian.org/changelogs//main/a/an...
Also it's usually pretty straightforward to solve most of those problems. Cease distribution and contact the authors, and if they are unresponsive either replace the troublesome code (if it's trivial), or patch the program to not use the code (if it's not the main thing the program is about), or give up packaging the program in the official repositories.
I am aware that is not how it is now, but in my opinion that is how it should be.
But then many packages are so trivial that they shouldn't even require a license.
Same goes for abandoned projects.
Also no clue why the author believes static linking or any technical means of linkage of the compiled binaries would be in any way relevant to distribution of the unlicensed source code. No doubt all of this work is unregistered too. Have fun arguing for actual damages caused by a clearly deliberate publishing and distribution of an unregistered work.
> 4. License Grant to Us
> We need the legal right to do things like host Your Content, publish it, and share it. You grant us and our legal successors the right to store, archive, parse, and display Your Content, and make incidental copies, as necessary to provide the Service, including improving the Service over time. This license includes the right to do things like copy it to our database and make backups; show it to you and other users; parse it into a search index or otherwise analyze it on our servers; share it with other users; and perform it, in case Your Content is something like music or video.
> This license does not grant GitHub the right to sell Your Content. It also does not grant GitHub the right to otherwise distribute or use Your Content outside of our provision of the Service, except that as part of the right to archive Your Content, GitHub may permit our partners to store and archive Your Content in public repositories in connection with the GitHub Arctic Code Vault and GitHub Archive Program.
Unfortunately this implied license is only granted to Github itself. Maybe this could work if Github created their own version of Gentoo though.
The bar for this as a defense can be quite high, as it requires a clear intention to license the work as determined by a judge or jury.
Independent to the implied license doctrine there exists doctrine which governs mirroring, caching, and transferring of that content by 3rd parties and intermediaries. The combination of these is largely what makes sharing anything on the internet in lieu of licenses possible.
"user agreements" or "terms of use" are contracts that are essentially a redundant measure that gives parties like github much stronger protection, so that it doesn't have to rely upon any risky affirmative defense tactics that require meeting high legal thresholds.
It means any hobbyist can play around with it, but no company with a legal team will touch it.
It appears as an oversight rather than a deliberate decision to restrict who can do what.
And often that's exactly what I want.
Not in legal terms it doesn't. In the absence of a licence, a copyrighted work may not be distributed in any way. So you could theoretically sue those hobbyists.
Just bite the bullet and pick any of the common licenses. Sounds like you'd want one of CC-*-NC or perhaps AGPL.
Occasionally I get messages asking me about the license, and I usually reply to them asking what they want to do/build and then I give them permission for whatever it is they want to make (for free).
The hobbyists that you know or have contacted you don't seem to worry about these things. I can assure you this hobbyist takes licensing very seriously, and I'm not the only one. I may at some point want to distribute my work, and having a dependency without a license makes that pretty much impossible.
Unless your definition of "hobbyist playing around with it" also includes "oh, I accidentally made something useful which uses your code, but now I have to rewrite it because I can't in turn use a useful license".
To really make a point, one could include an empty file for the license (and code of conduct as well).
Personal opinion of how useful toy code that you can look at but not use or even let you be inspired from is notwithstanding, but I'm not trying to argue here.
That is what *non-commercial* software should be about.
The legal rules of licensing and copyright are basically a pita for everyone and nearly impossible to apply them at scale.
So everyone in this field, IP holders and users have all tacitly agreed on a social contract that is quite different from the reality of the law.
This small niche of society is small enough and poor enough that the law have not had to catch up to it yet.
This is a ... typical thing to happen. If it grows big enough, the law may catch up. Or the social contract may have to catch up. Or more probably a mix. This is usually painful.
Consider that Free and Open Source Licences are kind of a hack to paper over that gap. It has been enough so far to keep the two worlds from colliding too hard. But it is a fundamentally limited way to bridge it.
In my judgment, the problem has been overstated. At the very least, with the 'tea,' it could be easily resolved by contacting me directly via e-mail, as mentioned in my GitHub profile.
I never intended for this code to be used by anyone else (there is no even a README file). But I'm delighted it helped someone attain their goals.
Anyway, I've stated that my code is MIT licensed.