96 comments

[ 2.9 ms ] story [ 159 ms ] thread
I'm not a lawyer, but the legal claim made appears to me to be on shaky ground. In my understanding, there has to be actual damages arising out of an action. "I could have been hacked, so I had to spend time/money on it" isn't actual damages unless they were _actually_ hacked.
I imagine it would be sufficient to show that he had to spend time or money analyzing the security impact of the event.
Why aren't costs involved with a mitigation actual damages?

I'n not sure this is the correct lawsuit to demonstrate this.

So hypothetically, if say you lent a key to a handyman and then they posted a photo on it to twitter it seems pretty reasonable for them to cover the costs of replacing the locks. As opposed to having to wait for somebody to rob you and then trying to show that the robber did so from the photo.

> Why aren't costs involved with a mitigation actual damages?

They are. If you ever look at the damage caused by a hack it's in the millions and that's because they're including the time used to investigate and repair and mitigate further attacks is included.

(comment deleted)
I have received class action settlement payments from Verizon, Apple, and others for things I hardly noticed at the time. So maybe your idea of what precedent considers “damages” here is incomplete.
Realistically, this is just going to piggy back on WPEngine's lawsuit.

However, there were customers who migrated to other hosts because of the potential security risk. That is an actual damage. There are people who lost contracts because their potential client chose software other than WordPress. That is an actual damage. There are lots of actual damages that occurred.

>"I could have been hacked, so I had to spend time/money on it" isn't actual damages

Sure it is. Money was spent that wouldn't have been if the situation didn't happen.

> Sure it is. Money was spent that wouldn't have been if the situation didn't happen.

There are two problems with this.

First, for normal damages, there is some limitation on the costs. If someone breaks the lock on your door and does nothing else, you replace the lock, damages of maybe $40. If someone gets into your servers, you what? Spend ten minutes to check the logs and rotate keys? Wipe and rebuild all the servers? Does the reasonableness of that depend on whether that's an automated process or a manual one? Maybe you should delete your entire code repository and have it rewritten from scratch, in case knowledge of the code could have helped some attacker? There is no upper limit to the amount of resources you could spend investigating something, and then companies with unlimited resources would effectively get to use it as a cudgel against someone who embarrassed them, because $10M is nothing to them but is a life-destroying amount of damages to some kid who made a mistake.

It's like claiming that someone broke the lock on your door so now you're not sure if someone might have been inside and you have to strip the whole building to the rafters to check if someone has planted a listening device or hidden some crypto mining hardware inside the walls, even though you're a company that sells tile and carpets.

Second, if doing the latter was in some way actually justifiable then the company should be periodically doing it anyway, because if a vulnerability existed then it could have been exploited whether anyone was detected or not, so if spending that level of resources could be justified "just in case" then it isn't money that was spent that wouldn't have been if the situation didn't happen. Unless they're full of crap that all of it was actually necessary.

>There is no upper limit to the amount of resources you could spend investigating something

The upper limit is what the courts decide is reasonable, based on the factors of the case, your justification of the requested damages, precedent of similar cases, etc.

>$10M is nothing to them but is a life-destroying amount of damages to some kid who made a mistake.

Again, the courts make these determinations literally all the time. We don't need to figure out what "reasonable" and "damages" mean from first principles.

>It's like claiming that someone broke the lock on your door so now you're not sure if someone might have been inside and you have to strip the whole building to the rafters to check if someone has planted a listening device or hidden some crypto mining hardware inside the walls, even though you're a company that sells tile and carpets.

This type of claim is not approved by the courts, because it is clearly unreasonable.

> The upper limit is what the courts decide is reasonable, based on the factors of the case, your justification of the requested damages, precedent of similar cases, etc.

"The judge will render a decision" still requires you to have some rule for the judge to apply or the result is entirely subjective. You don't want the winner of every case to be the one who can afford to spend the most on lawyers.

> This type of claim is not approved by the courts, because it is clearly unreasonable.

I feel like you're only making my point. It isn't reasonable in the physical case, so why should it be reasonable in the digital case?

>still requires you to have some rule for the judge to apply

Good thing they can examine a century or two of case law, including lengthy debates on what constitutes “reasonable” and “damages”, to help make their decision.

>You don’t want the winner of every case to be the one who can afford to spend the most on lawyers.

That is pretty much how it works already. Better lawyers typically make better arguments and, on average, get better results. They also want more money because they are better.

You don’t want the winner of the case to be the one who made a worse argument just because they have less money.

>It isn’t reasonable in the physical case, so why should it be reasonable in the digital case?

Your extremely stretched example is not analogous to the situation.

> Good thing they can examine a century or two of case law, including lengthy debates on what constitutes “reasonable” and “damages”, to help make their decision.

"A status quo exists" is not an argument for what rule the law should use unless your argument is that status quo bias is the only acceptable mechanism for choosing policy.

> That is pretty much how it works already.

Is/ought dichotomy.

> You don’t want the winner of the case to be the one who made a worse argument just because they have less money.

No, what you want is for the law to be clear and reasonable so that spending millions on lawyers to argue over excessive ambiguities is not a prerequisite to attaining a just outcome.

> Your extremely stretched example is not analogous to the situation.

In what way is it not analogous?

>an argument for what rule the law should use

>Is/ought dichotomy.

For some reason, you've started talking about what the law hypothetically should be and how court cases should be handled. I wish we had a perfect court system, too. But can we shift back to reality?

>In what way is it not analogous?

The first hint is that it's purposefully formulated to come across as absurd (crypto as an appeal to emotion? really?). It's unnecessarily exaggerated and lacks any context. This Automattic stuff has months of history that will be considered. It fails to map just about anything to the digital equivalent, represented in the lawsuit.

Analogies typically suck anyways, so why don't we just discuss what's actually happening? Some companies were obligated to implement manual security controls during the period where Automattic disabled their automated ones. In some cases they had to conduct additional (unscheduled, previously unnecessary) security assessments solely due to the actions of Automattic during their fued with another company about trademarks. Companies had to take time to assess if, how, and when they would move their websites. All of this costs money.

If you are an unrelated third-party caught in the crossfire of a frivolous dispute between two companies, seeking reimbursement for that money is reasonable.

> For some reason, you've started talking about what the law hypothetically should be and how court cases should be handled. I wish we had a perfect court system, too. But can we shift back to reality?

All of these discussions are always about what should happen, because it hasn't happened yet, which means people can still affect the outcome, e.g. by changing the law or convincing a judge to do something different.

What would be the point of talking about something if there is nothing anybody can do about it?

> The first hint is that it's purposefully formulated to come across as absurd (crypto as an appeal to emotion? really?).

This is a thing that commonly happens in the actually analogous situation, i.e. someone who breaks into your servers installs crypto miners on them if they get in. And that was your objection? The point of that example was to provide something that could incur real measurable costs if it actually happened, i.e. giving the other side the benefit of the doubt that a genuine harm is hypothetically possible. The issue is that even assuming that, it's still purely speculative that it would have actually happened.

Moreover, you don't seem to like hypotheticals, but the hypothetical is the basis of the claim. "We had to spend money on this mitigation or otherwise hypothetical bad things could have happened." If they spent money in order to prevent nothing then it was wasted money and they were the ones who decided to waste it.

> Analogies typically suck anyways, so why don't we just discuss what's actually happening?

Analogies are fairly important because the law operates on the basis of analogies, and in particular, cases like this can set precedents that will be used in analogous cases.

Which means we might want to consider what happens if the defendant is a kid instead of a large business and whether you really want to level that amount of damages on them.

> All of this costs money.

All of everything costs money. If you're using some Google service as an important part of your business and then they discontinue it as is their custom, it could cause you a lot of trouble. Does that mean you should be able to sue them when they do that?

People are allowed to be petulant and your main recourse is to stop doing business with them. You can also get companies to promise in writing not to be petulant, but in general getting them to guarantee that requires paying them a buttload of money and people are often more inclined to risk the consequences than buy the insurance.

This "where do we draw the line" talk is always so exhausting to he for me. The suggested answer inevitably boils down to "let's not have a line at all", instead of trying to draw a reasonable line and deciding on a case-by-case basis what is and isn't reasonable.

While trying to be reasonable might have unexpected outcomes for either side sometimes, not having a line at all always unfairly skews the damages to one side.

Suppose you've designed your systems according to sound and efficient practices. You have offsite and offline backups, monitoring systems, zero trust architecture, well-documented systems that can be rebuilt from scratch using automated processes, etc. If some compromise happens the scope is extremely limited and well-defined and the mitigation is swift and inexpensive. Also, there probably wouldn't have been one to begin with.

Now suppose you're a disaster. There is a combination lock on the front door with the combination already punched into it and if anyone walks through the door they have full access to everything from your employees' bank routing numbers to the VPN credentials providing access to your suppliers' networks, with no logs of any kind. If someone gets inside and you want to know what they did you'll have to shutter the company for a year while a team of full-time engineers and forensic accountants tries to reconcile the numbers in each set of systems with the others and resolve any inconsistencies through some combination of vibes and whimsy.

Your costs in the second case are going to be dramatically higher, but that isn't a consequence of anything the person who walked through the door did. That's something you did to yourself.

Failure to mitigate is a thing. The damages in the first case would be zero or close to zero, which implies the damages in the second case should be the same because the party claiming the damages is the one responsible for the difference.

Moreover, this is the incentive we want, because we want organizations to minimize damages and suffer consequences if they don't.

“I want to drive my car without airbags, but I have all these other stupid people on the road who might hit me, so I have to invest in airbags. Maybe I should just preemptively sue them for forcing me to invest in my safety.”
This is one of the most stretched examples yet. It’s as if nuance, context, and the concept of “reasonable” have completely left the room.
There is actually an important legal distinction between could and would. He just undermined his own case.
Sounds like actual damages to me.

If you break my door lock I'm pretty sure I can't just leave my door wide open for months and then sue you for all of my stuff that got stolen. I need to fix the lock. And ask you to pay for that. Also not a lawyer, but pretty sure you've got to proactively mitigate your damages.

Physical metaphors rarely work for software.

In your scenario, someone _could've_ broken the lock because you're renting a lock from a locking agency Lock Engine, who copied a lock design from LockPress, and LockPress decided not to mail them design flaws anymore.

In the real world, vulnerable locks don't ever get fixed. At worst, locks get recalled, and you get your money back. Lock designs don't get shared freely, and if they do, there is no expectation of informing people that may have copied designs of potential flaws.

If your house got broken into, you should sue Lock Engine, because they're not providing the service you're paying for. Suing LockPress for the lock design Lock Engine decided to copy wholesale is pure nonsense.

Imagine you open Spotify on your phone, only to (maybe?) realize it's streaming from Apple Music.

Is that ok for you that Apple appropriated the app? They offered the platform, the ecosystem and the store. Is it within their right?

That's what happened here.

> In my understanding, there has to be actual damages arising out of an action.

Depends on the specific tort, but actual damages aren't the only thing for which there can be liability. Statutory damages, punitive damages, and non-damages based liability (unjust enrichment, disgorgement of profits, etc.) are all things that exist for various torts.

> "I could have been hacked, so I had to spend time/money on it" isn't actual damages unless they were _actually_ hacked.

Why wouldn't reasonable costs incurred to determine or rule out adverse effects of a wrongful act be considered actual damages of that act?

> The lawsuit describes Automattic and Mullenweg’s conduct as an abuse of the open-source internet architecture, alleging that “a single individual (Matt Mullenweg) exercises apparent singular control over what they claim to be more than 40% of all websites in the world through his personal website (WordPress.org).” It calls this level of control “an appalling deception” that is “contrary to every conceivable public policy.”

That seems like a specious argument to me. There's no deception involved as far as I can tell, and I can't see how public policy has anything to do with this. It sucks for many reasons that Wordpress powers so much of the web, but it's pretty rich for someone whose business is built on Wordpress to claim its success is an existential threat. I will not comment on what I think about a cybersecurity business that is built on a Wordpress site, as it's simply not relevant.

When you file a lawsuit you initially make every argument you might possibly want to use in your initial filing, knowing some of them will be whittled down. Pretty much every lawsuit ever includes some claims that are a bit of a stretch, because the lawyers need to CYA. If you fail to make the argument you may be precluded from introducing it later, so it's just safer to include it now.
(comment deleted)
I think it's more about running up the legal bill of the defendant. It costs virtually nothing to include a spurious claim in a complaint (it can literally be a sentence or two). The defense has the burden of getting the weak claim dismissed with pages and pages of arguments (because they don't want any chance of it slipping through).

The bar for a "shotgun" complaint is way too high in the legal system.

(comment deleted)
I sort of suspect it's also a case of bluffing. You can't know for sure which aspect of a complaint is the one that makes the defendants soil themselves, and you might trigger a settlement or make them behave strangely in ways that give you clues about where exactly it is they're ticklish.

I've been told before that some people will settle a case to avoid setting a legal precedent, which might trigger giant class action suits.

> There's no deception involved as far as I can tell

Whether it is germane to the case or not, there was plenty of deception:

When the rights were transferred to the WPF, Matt didn't disclose that the Foundation was essentially just him, and the two other nominal members were effectively absent.

When the rights were transferred, and a big deal was made of this, "It now belongs to the WPF, which ensures that no commercial entity or interest can affect what should be a community project", there was no mention of how, on that same day the WPF silently granted a "irrevocable, non-expiring, exclusive universal commercial licence" to Automattic.

Matt repeatedly would refer to wp.org as a community resource and not his, until push came to shove, and "no, actually, it's exclusively mine and has nothing to do with Automattic or the WPF".

And several other examples. Apropos of anything else, there has been deception.

Matt didn't attest under oath that he was transferring the rights to an arms-length organization; others might have assumed that, but I'm not sure why they would. Isn't the WPF-Automattic relationship more or less the norm with companies that have 'open-source business models'?
>Isn't the WPF-Automattic relationship more or less the norm with companies that have 'open-source business models'?

No, it's not, and I think that's the crux of most of the controversy. One quick comparison would be Drupal: https://dri.es/solving-the-maker-taker-problem

I suggested that the WPF-Automattic relationship was “the norm”, and you countered with a post where Drupal describes itself as “unique and groundbreaking within the Open Source community”. While Drupal might be better (or worse), this post doesn’t disagree with my message.
It is not the norm. Open source projects sponsored by a commercial organization tied to that project might be nominally controlled by a foundation, but that foundation isn’t effectively controlled by a single person in their private capacity, who has secretly granted the commercial entity an exclusive, irrevocable commercial license.

I don’t know if there is past precedent, but it’s certainly not the norm.

What would be more normal is a company more or less owning the open source software and simply licensing it under a permissive license and then having a closed source or open core fork. An example there would be any number of Red Hat projects.

That quote is referring to the credit system, not the relationship between Acquia and the Drupal Association.
It actually does, but in a bit non-obvious way if you have been tricked by Matt's/Automattic's wording.

The very core of free software (as in beer, not the fsf definition) is, well, dramatic reduction of cost for customers. Opening the source for modification is merely in expectation that some of the customers would contribute something back. The relationship is highly asymmetrical. Therefore, Takers in Drupal lingo are inherent, consequential part of the deal.

Drupal's system just goes one step above in recognizing those who contribute back in a mostly good faith, unbiased effort.

The typical business models behind FOSS are professional services (support and training) and commercial extensions (open-core model). In the latter model (or both), the governing body makes the majority of contributions and consequentially (key word) steers the project. For example chromium is the way it is not because Google said it should be that way, but rather they put the effort to implement their wishes.

Some FOSS-on-the-surface projects reject contributions that do not align with their commercial vision and even go as far as to chase legal action against forks. Both examples have been discussed in this very forum quite thoroughly.

This brings us to the problem with wordpress, wordpress foundation and Matt/Automattic. The governing foundation is generally established so that the major Makers and Takers (remember, entities can exist in Maker-Taker duality) do not go into open warfare and in turn sabotage the whole FOSS project. Wordpress itself is a FOSS project, directly enabling both Automattic and WPE. WPE is a clear Taker here, no objections to this judgement. However, Foundation is for all intents and purposes Matt/Automattic. When Matt and WPE did go into open warfare, this lack of separation between commercial and charitable operations meant that Matt abused his powers over WPF, weaponized it and used it against WPE in Automattic's fight against WPE.

This is where WPF-Automattic relationship is totally out of the norm in open-source/open-core business models.

> but I'm not sure why they would

Because that's the expectation that was set by Mullenwegs words and actions. Who ever said you need to be under oath for deception to take place?

Apparently libel laws aren't a thing because you're not under oath now or something along those lines.
Per my comment on another message, it seems like Matt was telling the truth, but not the whole truth, which is probably more than he was legally required to do.
At times, it can be. But the transfer of rights to the WFP was made as being about the community, and not allowing any commercial organization to have rights to that app ecosystem.

That press release was made the very same day as the WFP then silently granting back exclusive rights to Automattic.

The WFP has never, until this court case, acknowledged that any org has such commercial rights, let alone "irrevocable, exclusive and universal" rights. For the best part of a decade.

Matt may not have been under oath but the announcement on behalf of WPF was entirely factually inaccurate, because a commercial organization absolutely did and would have those rights over "WordPress". And he can't even claim ignorance, because he was the one granting those rights, that same day.

It seems like Matt was telling the truth, but not the whole truth, which is probably more than he was legally required to do.
Deception doesn’t require a misrepresentation is made under oath. Especially when dealing in the world of business or nonprofits.

Now if someone made the claim that he perjured himself that would be different.

> There's no deception involved as far as I can tell

155 pages of deception here: https://wpengine.com/wp-content/uploads/2024/11/51-2.pdf Page 32 "Defendants Conceal the Truth Regarding the WordPress Directory" and page 73 "Wrongfully Expropriate WPE’s Most Popular Plugin" are particularly related. (The part where Matt decides to take over WP Engine's popular plugin and rename it, taking all their customers and reviews is particularly egregious)

Deception with respect to him having full control of Wordpress, which is what the quote was about.
I'm not an expert or part of the community and haven't been following too closely.

But I vaguely remember there was a story where he said he transferred control of some aspect of WP to a non-profit organization not controlled by him, with a press release and everything, but then later that day control was transferred back to him without telling anyone.

In any case, I believe it's pretty clear that most people who rely on WordPress had no idea that it is almost singularly controlled by him. Whether this was done via deception or not is indeed a good question.

I love how the top comment on every single HN post is some contrarian "nuh uh!" take from someone who is lightyears away from being an expert in that thing.
[flagged]
Not the only WordPress host and they have no obligation to anything for an open source project.

This story isn't about them it's about their customers who chose to use their service and how Matt chose to make them collateral damage. That choice has consequences which is what this is.

Disclosure: I've worked at WPE.

Consider that WP Engine's business model revolves around WordPress being a problematic platform for their customers in one way or another. They support sites that would otherwise need to be replaced if it were to continue being scaled. This keeps those customers, the whales, in the WordPress ecosystem.

Plugin and theme developers, digital marketing agencies, and independent web developers continue to put food on the table because of a market that otherwise wouldn't exist. This is healthy for the ecosystem.

Conversely, Matt used that market, the users, as leverage against WP Engine. He caused a deep loss of trust in WordPress as a platform for any serious business. He acted in spite of the community.

I don't think WP Engine is particularly "good", but they don't weaponize users for business goals under the guise of altruism.

[flagged]
WordPress is copyleft (GPL), and copyleft is open source.

And these are the consequences and indeed the intentions of open source. There's no "ripping off", this is what Open Source licenses permit. If contributors didn't want this to be possible, they shouldn't have licensed their software this way.

(Of course, WordPress itself is a fork of a GPL project, so didn't have the option, and you could equally say it's "ripping off" that project. But we don't. Because it's open source. And that's how it works.)

[flagged]
Honest question because I don't have the answer,

Besides Matt and maybe those who work for him, what other contributors are complaining?

This argument is highly strained. Yes, it is nice of people to support the OSS projects they use.

But you’re essentially claiming that no one can offer any kind of managed platform built on open source tools without contributing to them. No one should profit off of, say, Linux, by selling you access to a Linux VM. No one should profit off of git by providing a managed git repository. No one should profit off of react by using it for their money-making website.

That would be absurd. WP Engine is by no means close to the equivalent of an AWS in the WordPress world. There are thousands of WP hosts, few of which actively contribute much back to WP. But that’s frankly just how OSS works, and everyone knows that’s the case. No one is starting OSS projects expecting ever user to contribute back.

And by the way, I’m a developer who contributed to WordPress quite a bit. Automattic is not being “left out to dry” by companies selling WordPress hosting without contributing back. In fact, it (used to be) one of the most valuable companies in the space, precisely because it has influence over 40% of websites in a way WP Engine doesn’t.

All Matt did was poison the ecosystem with a rug pull. The best you can do as an OSS leader is encourage other companies to contribute with things like Five for the Future. Beyond that, you don’t have recourse.

WP Engine would only be a truly toxic player if they had high or undue expectations from the OSS project in the form of large numbers of bug reports, feature requests, or complaints. As a WordPress contributor, I never saw that to be the case. All they did was sell web hosting the same way thousands of other companies do in the ecosystem.

> Matt used that market, the users, as leverage against WP Engine.

Matt has no obligation to make some other company's customers happy. Even less so when that company has refused to work with WordPress despite basing their entire business around its success.

WP Engine has always been a bit scummy. Their name does attempt to make them sound like they are the official WordPress hosting service. This all could have been avoided if they agreed to WordPress' licensing agreement, but now they've both gone into scorched-Earth mode and will both decline.

WP Engine is acting scummy and all, but this is the shadow side of releasing projects as open source. You can't force the people using the freedoms you're granting them to pay you or support you. If you don't like it when people take your code and build a competing business with it, pick a license that (effectively) prevents doing that. With some licenses you can at least get the additions they make out of them under the same license (AGPL and such).

WP Engine is ungrateful and generally kind of shit, but they did nothing that WordPress didn't allow. WordPress acted needlessly aggressive and conflated the business side of their operation with the non-profit side of their operation, which is why WP Engine has a legal basis to sue them over in the first place. WordPress has gathered a lot of good will for being open source and having a non-profit that maintains tooling, but if they don't respect the freedoms that made them popular, they're going to lose out in the end.

I don't have a horse in this race and I'd have to back WordPress if I had to make a decision, but neither party in this conflict is the good guy here.

All of that said, the true vultures here are the lawyers and companies organising the class action lawsuit. All of the customers they "represent" are doing it for a quick buck, and the lawyers are more than willing to blow up Automaticc and WordPress to get their pay day even if it means WordPress will no longer be maintained by anyone. Whatever side you're on, winning this class action lawsuit means everybody but the lawyers lose.

Was WordPress not a fork of someone else's work? Why the double standard?
WPE could have forked if they wanted to as I mentioned in my comment, that'd be fine.

But they didn't. And then they sued to try and tell WordPress what they could and couldn't do with their own project.

> try and tell WordPress what they could and couldn't do with their own project.

No, that's completely backwards.

It's literally in their lawsuit - they are upset about changes made to WordPress and to WordPress.com - two projects they have no rights to.
There are several other issues with this, but "1. entered into a formal agreement with the project’s maintainers"

You are aware (well, maybe you're not, because the WPF certainly has never announced it) that this would be ... difficult, because the same day the WPF was granted ownership over the WP "entity", it granted an exclusive, irrevocable, universal sole commercial license to Automattic.

Thank you, I didn't know that and it does complicate things dramatically.
I appreciate your honesty here, but you really should probably read into this a little more before coming in this hot about how justified Matt is. Maybe in principle, what WPE is doing is questionable, but it's certainly looking like Matt has been as much if not more abusive and shady in his pursuit of profiting off of the work of all the other Wordpress contributors, including doing things that are deeply unethical, if not illegal.
I have to assume there is bright-line "swim at your own risk" language that protects Automattic from claims like this.
> This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

https://github.com/WordPress/WordPress/blob/master/license.t...

(comment deleted)
Warranty disclaimers may (or may not, depending on the law of the effected jurisdiction) limit liability for claims on an implied warranty theory, but they certainly don't apply to tortious interference or unfair competition claims.

I’m not saying the claims here are valid, but the warranty disclaimers don't seem at all relevant to the bases of liability asserted.

thank you, now I'm learning the things I wanted to learn when I made my comment
I haven’t bothered to look at the actual filing, but none of the causes of action mentioned in the article were about warranty, merchantability, or fitness for purpose.
yeah, this part is where I am confused - the dispute itself is about bad business to business behavior, but the class status of this lawsuit drills down to harm caused to end users. I'm trying to figure out what expectations end users are entitled to since it's obviously not the case that WP users can hold Automattic directly liable when they are hacked.

I _think_ the argument is that WPE gave them the (at the time reasonable) expectation that risk mitigation was handled by them, and Automattic made that expectation impossible to meet retroactively hence tortious interference, but is there language that passes the liability up the chain from the end users? To me it seems like WPE has a case but the end users as a class might face headwinds.

And for everybody angrily downvoting me I agree with you that Matt is an asshole but that doesn't mean I don't want to understand the nuance of a class claim in a case like this.

IANAL. The chain of argument is roughly: WP was transferred to WPorg -> WPorg promised open access to WP ecosystem (including plugins) -> Matt/Automattic retained effective control over WPorg -> Matt/Automattic abused their control over WPorg to sabotage WPE's ability to provide contractual services -> WPE's customers suffered.

EDIT: I think the part causing most confusion is relying on customer's expectation that they are NOT using WPE's product, but rather using WP plus WPE's services. I.e. If X contractor installs a thing to your house/car/whatever and then manufacturer of that thing then uses it to sabotage your business, you get a claim against manufacturer, not you against contractor.

But in this case the manufacturer does not offer any warranty at all to anybody.
This is not about any warranties at all. The warranty and liability disclaimer applies strictly to those parts and is used to establish

This suit is about unfair business practices: tort and ratchet. The suit raises a claim that Matt publicly boasted of harming WPE through his actions, which should establish intent. The core claim is that Matt/Automattic/WPF acting as a unit intentionally abused their collective power and relationship with WPE to cause harm on WPE and their customers, demanded payment to stop causing harm and on top of that attempted to pull said customers away to their for-profit alternatives.

Before you go and claim "but there are no warranties and SLAs on plugin repository", a supporting claim in the suit is that WPF plugin repository is hard-coded into WP software, therefore part of the overall service (volunteer effort maintaining the WP package) and selectively targeting users of WPF repository constitutes unfair business practice.

A distant analogy could be a tourist spot scam where nefarious party sees a family, offers their child a candy and then harasses parents to pay up. Or similarly with flowers for couples.

(comment deleted)
[flagged]
What you are missing is that this whole drama is costing peoples whose business model is to help companies adopt and maintain wordpress. I have friends who lost their leads and existing clients over this drama. So no, its not as easy as this.
[flagged]
Its not a good thing for businesses with no better alternative really. You can give anyone wordpress and host it on any hosting provider on the planet. Cant say that about most alternatives, not really.

Mind you I personally prefer to use all the alternatives, since I am more technically capable than most of the target customers.

Cheering for the developers just means only wordpress gets to sell hosting for it, they arent starving developers.

Can I ask based on what?

Just previous knowledge or by reading the claims here?

[flagged]
then he basically successfully fooled you and rewrote history, mission accomplished. more like the director has beef with theater and attempts to burn the entire thing down while gaslighting the cast and crew. you may have no time for internet drama, but comments like this perpetuate the bad actors.
> 1) I have little time for internet drama

Yet create an account and join in you did.

Not everyone must pick side. You don't even know what Wordpress is, it's best to stay out and save yourself from embarrassment.
What about the part where Matt runs WordPress.COM, a competing hosting service, which confuses people who are looking for the WordPress.ORG free software (which sounds like it is ran by the foundation, but now turns out to be just Matt). WordPress's own guidelines also said companies were free to use "WP" in their name, but then Matt changed the guidelines right when all this drama started.

Before: "The abbreviation “WP” is not covered by the WordPress trademarks and you are free to use it in any way you see fit."

After: "The abbreviation “WP” is not covered by the WordPress trademarks, but please don’t use it in a way that confuses people. For example, many people think WP Engine is “WordPress Engine” and officially associated with WordPress, which it’s not. They have never once even donated to the WordPress Foundation, despite making billions of revenue on top of WordPress."

I think the naming issue is only a small part of the problem anyways, essentially stealing WP Engine's ACF plugin until the judge told Matt to stop might be the worst part.

Wordpress allowed those in the community to use WP. It's an incredibly common naming feature in the ecosystem.

They also said Wordpress Hosting and Managed Wordpress. Automattic filed for trademarks for those but lost, so those also weren't violations.

It seems pretty hard to mix up open source software and a managed hosting platform.

Just because you assumed things you didn't know about without even opening one of the website to know how they're related, it doesn't mean you should have an opinion about it.

The guy here had a meltdown and tried to sink a third party business. This alone is ground for direct litigation.

If that's the extent of your knowledge, you probably haven't understood enough of the issue, and why so many people are freaking about it.

The deeper issue is that people thought it was (Matt Mullenweg is to WordPress) as (Linus is to Linux). But Matt is going around screaming that it's actually (Matt Mullenweg is to WordPress) as (Oracle is to Java). That is to say, he considers everything remotely related to WordPress to be his personal property and he has full authority to prevent anybody from doing anything related to WordPress that he doesn't like. Despite WordPress being open-source software.

Why do journalists so rarely link to the actual court documents when talking about a complaint?

Anyways, here it is: https://storage.courtlistener.com/recap/gov.uscourts.cand.44...

Because it'd reveal they usually aren't much more than a summarizer run on the court doc.

Middlemen hate to show you what they actually do.

Many journalists do upload/link to documents, and add quite a bit of context to the documents. OC appears to confuse bloggers with journalists.

Speaking from personal experience, the number of people who click on links for raw documents is an _extremely_ small subset.

Most people don't even read past the headline let alone the lede.

Often because they have paid for it via pacer so don’t want to give it away to competitors for free.

Or because they’ve got it via a back door and don’t want to link to it and reveal that.

Because it links away from their site. They want to keep you on the site, clicking more links that can generate revenue for them.