• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    58
    arrow-down
    2
    ·
    edit-2
    2 months ago

    This is probably illegal. I am not a lawyer, but when you have 114 contributors who provided their code under the terms of the GPL, you can’t just change your mind later. The GPL doesn’t work like that. You have to actually own the code as its copyright holder if you want to license it under a new license. Generally speaking, those other contributors retain copyright to their work, so unless you release your project under the GPL in perpetuity you would need to get the consent of all those contributors first. It’s not your code to license. You must obey the GPL that you agreed to when you included their work.

    […] the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program–to make sure it remains free software for all its users. […]

    When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.

    Any of your contributors can now turn around and assert that you are now distributing their GPL code in violation of the license. The GPL is quite clear that you need to respect the rights of the users to freely modify and redistribute derivative works. Because the GPL is viral, all you need to do is find the tiniest contribution that was made when the project was GPL to assert that all of the code must comply with the terms of the GPL and you can produce your derivative works as permitted by such a license. The legal risk of GPL contamination is very real and makes a more restrictive license practically unenforceable without a cleanroom rewriting of the project from scratch.

    Also, Creative Commons licenses should never be applied to software as done here. These legal tools are designed for media, and the website itself indicates that the licenses are inappropriate because they don’t address software specific concerns like patents and development by multiple contributors.

    Unlike software-specific licenses, CC licenses do not contain specific terms about the distribution of source code, which is often important to ensuring the free reuse and modifiability of software. Many software licenses also address patent rights, which are important to software but may not be applicable to other copyrightable works. Additionally, our licenses are currently not compatible with the major software licenses, so it would be difficult to integrate CC-licensed work with other free software. Existing software licenses were designed specifically for use with software and offer a similar set of rights to the Creative Commons licenses.

    Overall, this looks like a naïve attempt to prevent derivative works, but escaping the GPL is not so easy. The GPL was written to prevent you from doing this sort of thing.

    ADDENDUM: Just in case the developer ever happens to find this comment, I want to say that I have a lot of compassion for the problems he is facing. I have maintained open source projects before, and watching your community get fragmented, your work disrespected, and failure to acknowledge that this is a hobby you’re doing in your free time weighs heavily upon you. I think this move is incorrect, but I acknowledge I’m not providing a viable alternative. I don’t know what the correct response should be.

    • Pika@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      27
      ·
      2 months ago

      according to the maintainer he got permission from everyone, and those who didn’t give the permission for he rewrote the code for. Least that’s how it seems to be here

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        2 months ago

        Thanks for the additional info! I don’t think this is good enough. The project is still under the GPL because it made use of GPL-licensed code.

        Generally such an approach still has problems because you have to be sure you’ve replaced every single piece of GPL and that the new code wasn’t written simply re-implementing knowledge of the old code else there may still be an argument that the current iteration must comply with the GPL. He isn’t publicly providing evidence that he has permission from every contributor, so we can’t validate he isn’t misusing GPL code. However, this isn’t my main concern.

        If you have anyone who has seen the GPL code write new code, that code is arguably also under the GPL. This has caused problems for other projects. If you really want to replace the GPL code, you have to bring new people in and write all the missing pieces. He is not free to implement this code himself because he has been tainted by knowledge of the viral code that was tightly integrated to the project in the past.

        Again I am not a lawyer but this seems to be the general consensus on what you must do to implement this change properly. How I read this, the project is still under the GPL.

        • Pika@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          2 months ago

          Sending as a second comment cuz I just now read your source, but it’s different than what my original comment was.

          I didn’t realize the density that GPL code puts into your project, it does seem upon looking into it that that is correct that he cannot under GPL terms redistribute that software under the license that he’s chosen. He is violating the GPL by doing so, because even with permission of the contributors, GPL code cannot be converted over to a lesser freedom code without a full rewrite, because code that was generated while under the GPL can’t be locked down at a future date via a license that that is stricter than the existing one. The only thing you can do is make it less restrictive than GPL.

          That being said, the only people who can report violations of code that is not following the GPL, are going to be copyright holders so if everyone was indeed okay with it there’s no one who would be able to pursue the violation anyway

          • Skydancer@pawb.social
            link
            fedilink
            English
            arrow-up
            8
            ·
            edit-2
            2 months ago

            Not true.

            He can’t prevent anyone that received the code under the GPL from using (and distributing it) under the old license. He also can’t relicense code that he received under the GPL only under the new license.

            If he receives a new license from the other contributors to distribute under a more restrictive license, he can do that because he has a dual license to the code and is not relying on the GPL for his right to distribute.

        • Pika@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          2 months ago

          My main concern is that he states that he has permission from every contributor so he isn’t misusing it, then immediately locks the repository to only people who had contributed before.

          I understand it’s probably just a tactic to lower the amount of useless information from people wanting to comment from posts like this, but it doesn’t look good from a point of view of declaring Victory and then retreating immediately.

    • fartsparkles@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      2 months ago

      Not to excuse the developer but I empathise with why they might have felt compelled to change the license.

      One of the biggest pains for any open source project is distributions and packagers who package the software themselves yet make changes or configure in non-standard ways which leads to major overheads for upstream as everyone submits bug reports for bugs introduced down stream and have nothing to do with them.

      I feel we, as a community, need to be more vocal about when a project has been modified from the original source for packaging or distribution (where those changes weren’t pushed upstream) to demand the project be renamed in that instance.

      I feel for these small developers who do this in their spare time and find the community forcing more work on them and damaging their reputation without any fault of the developer but someone downstream who doesn’t care not want to support what they’ve packaged.

      Perhaps there are other solutions? Before other projects decide to use awful licenses and infringe on rights just to try and tackle the problems created by downstream.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        2 months ago

        This developer offers flatpak and AppImage builds, both of which try to solve the problem of distributions making their own distribution-specific changes.

        It’s not a perfect solution, but there are some packaging systems trying to move in the right direction.