What should I do when someone blatantly copy my open-source project on GitHub?
I created an open-source vector database a couple months back called OasysDB. It's not a popular project but it serve a specific use case and has a small community behind it.
So, recently, someone in the community sent a link to me about a repository that after digging deeper into it seems like a blatant copy of OasysDB v0.4 (It's now v0.7). They changed all of the initial branding and information to their own branding like name, author, email, etc.
This is their repository: https://github.com/Sahomey-Technologies/sahomedb
This is OasysDB v0.4: https://github.com/oasysai/oasysdb/tree/v0.4.0
I honestly don't know what to do. I know that OasysDB is open-source and thus, free to modify and redistribute. But, I feel like this is more like a plagiarism and a bit unethical to do.
If anyone got similar experience, I'd like to hear some advice.
Thank you in advance.
50 comments
[ 4.2 ms ] story [ 87.0 ms ] threadFor example, this is the PR in OasysDB by one of our contributors compared to theirs: https://github.com/oasysai/oasysdb/pull/43 https://github.com/Sahomey-Technologies/sahomedb/pull/9
People argue about licenses as if there are software license cops. There aren’t. Having money to pay lawyers to enforce your license is a reasonable reason to develop paid software.
I will definitely try to contact them either via the repo issue or their Discord.
And it looks like he's done the exact same with a pen-testing project called Kraken: https://github.com/myOmikron/kraken-project
Probably trying to pad out his Github for freelancing.
On a side note, this person has 132 repos on his profile. They're probably trying to game the whole thing to make it seem like they have an active Github profile.
The rabbit-hole deepens.
https://crates.io/crates/sahomedb/0.2.1
Also bragging about it on Medium: https://medium.com/@ellysam/introducing-sahomedb-a-high-perf...
Also another pseudonym or his "team": https://medium.com/@samowvance10/the-purpose-of-my-project-a...
At least searching for some of these entries links back to this HN post.
IANAL, but simplifying the [what-I-call] legal enumeration, it says: "You must retain, in the Source form of any Derivative Works that You distribute, all copyright notices from the Source form of the Work".
Did you put any copyright notices in your work? If not, it may be too late, because they can continue to distribute the old version that did not have copyright notices.
There's also some requirements that they clearly identify anything they have changed, but I'm guessing they haven't changed much. Maybe their sneaky way of changing the branding would violate this? I don't know, IANAL.
If you believe they have not complied with this part of the license, then what they are doing is no different than hosting your copyrighted movie or book on GitHub and you can send a takedown request, sue for damages, etc. It may not be worth the cost though.
This is not how copyright works. Without a license, default copyright law applies, and no one can make any copy of the code and profit from it, even if published on Github. Copyright protection is automatic under the Berne Convention, implemented by the US Copyright Act and EU Directive 2001/29/EC, meaning no registration or notice is required for protection.
I would not stress over it until that other person sets up a project webside and starts a marketing campaign. Most probably it is only about making a good looking GitHub profile.
Well, Edwinkys, it's your fault for not adding a copyright notice to each file. I recommend add one now at least, so future forks will have your name it it.
Something like this: https://github.com/aquarians/Public/blob/main/Aquarians/Back...
https://github.com/obaraelijah/redis-proto
From:
https://github.com/dpbriggs/redis-oxide
But Elijah Samson / obaraelijah / elly sam has started removing or making repositories private now that he has been found out.
Let them be, no point in wasting time worrying about small fraudsters. Cut them off and blacklist them so you will never have anything to do with them.
I recommend not to shame them publicly if you live in a country without freedom of speech (most of the world except from the USA) or they might have grounds for suing you for defamation (even if you are right and you can prove it).
Source: Someone scammed my landlord (and me) for tens of thousands and now he added me on LinkedIn. He's doing fine, probably doing some other real estate scams on top of some small BS companies that keep failing every 2-3 years (probably to avoid paying taxes). The police is not interested. The court case was dropped. Really tempted to out him online but lawyers don't recommend it. Justice is pretty weak in our times.
https://awstip.com/using-nginx-as-an-api-gateway-ce7781c712b...
Stolen from: https://marcospereirajr.com.br/using-nginx-as-api-gateway-7b...
Here's another one: https://medium.com/towardsdev/managing-complex-rust-workspac... Blatantly copied from: https://matklad.github.io/2021/08/22/large-rust-workspaces.h...
Another: https://towardsdev.com/understanding-and-implementing-enums-... Copied from: https://oliverjumpertz.com/blog/rusts-enums-explained/
And another: https://towardsdev.com/rust-what-inline-can-do-for-your-prog... Copied from: https://matklad.github.io/2021/07/09/inline-in-rust.html
More: https://towardsdev.com/idiomatic-caching-in-rust-133784ed114... Copied from: https://matklad.github.io/2022/06/11/caches-in-rust.html