1. This issue will get traction on HN and maybe Twitter
2. Facebook engineers responsible will apologize, tell us they meant no harm
3. Facebook will change the name of the project and give it back to it's rightful owner, maybe even reinstate their Facebook account (although unlikely)
4. In 3-6 months the very same thing will happen and we'll go back to step 1
Hopefully at one point the engineers at Facebook (at least the ones that hang around HN) will realize what their employer does to the open source ecosystem and finally leave the company. This is not the first case, and will not be the last case of similar things happening. But when you're getting a large salary that is hard to get elsewhere, I guess it's really hard to leave.
Edit: HNers please! Don't fill the issue with any more comments as it's likely to be locked and not really achieve anything more than that (specifically looking at you " dsignr")
> HNers please! Don't fill the issue with any more comments as it's likely to be locked and not really achieve anything more than that (specifically looking at you " dsignr")
I don't think that's fair. If you didn't want to stoke internet drama, the thing to do would have been not to submit it to HN in the first place. Having submitted it, it's unsporting to put the onus on others to de-escalate, and singling out a particular user feels particularly distasteful.
Edit: also, comments like these stoke further escalation:
> If you didn't want to stoke internet drama, the thing to do would have been not to submit it to HN in the first place
One of the most important phenomena in tech, especially at the large-scale system (technical) & open source (social) levels, is emergent behavior: your complex system will likely react in ways you'd never expect. The HN guidelines keep this in mind and are designed to inspire curiosity and humility.
However, the quoted moderator narrative appears to pin the blame on the OP; there's a non-zero affect of "you should have know better."
Should he? A ton of posts like these get squashed or ignored, some much less thoughtful ones get celebrated, and the attitude towards big companies like Facebook or Google has changed over the years. COVID has additionally made people behave in unexpected ways. It's really hard to predict the reaction of the crowd these days.
I have been deeply disappointed with the HN moderation in the past few months. At the very least, a "you should have known better" message should be delivered in private and not posted as conspicuously as this one.
I'm afraid I'm not really following most of your points here, but you may be right that my GP comment was excessive. It's always best to avoid shaming and easy to go too far.
"label-actions" is a name straight from the github nomenclature, and a (very) quick look at the code and syntax suggests this isn't a fork.
I could totally believe the inspiration came from the older project, but I could also believe it didn't, and I'm not so sure the OP should own the name.
This seems to be just a configuration file in React Native, not really a "copy" of the project in question.
Apparently one of the Facebook developers reimplemented everything from scratch in his own account and then changed config files in the React Native repo to use his own implementation.
If it was a clean-room implementation then there's nothing wrong with that. Apart from reusing the name, but that's another discussion.
> If it was a clean-room implementation then there's nothing wrong with that.
Except potentially trademark infringement (common law tradmark rights are acquired automatically - but the name is pretty generic), and potentially still copyright infringement if Oracle wins Oracle v. Google and there is enough creativity in the sequence structure and organization of the api for it to be subject to copyright/not fair use...
> common law tradmark rights are acquired automatically - but the name is pretty generic
I was wondering about that, because there are obviously many open source projects out there who share a name, some owned by companies, some by individuals. Here's a Google GitHub Page that talks about OSS trademarking in general: https://google.github.io/opencasebook/trademarks/#common-law...
> Primarily, an unregistered mark must be: (1) used in commerce, and (2) used prior to the alleged trademark infringement.
It may be counterintuitive that the “use in commerce” requirement does not necessarily mean a profitable or profit-seeking use. In fact, as the following case clarifies, the term “use in commerce” is used as a reference to Congress’s authority to regulate trademarks under the U.S. Constitution’s Commerce Clause rather than an intent to limit trademarks to profit-making activity. Where a developer released open source software under the name Coolmail, the court rejected the argument that the lack of direct profit from releasing software under the GNU General Public License rendered the original Coolmail name unenforceable as a trademark, holding that distributing software for end-users over the Internet satisfies the “use in commerce” requirement.
Open source advocate here: find a different name when you use and then reimplement a project, so that you don't cause unnecessary harm for the original project. That is all.
I agree and I am also reasonably sure it will go down as you said it will ... the problem is there is no fix. These corporate behemoths will always intentionally, or unintentionally step on people - and I say this with no animosity towards them. It is what it is. They are huge organizations with tens of thousands or hundreds of thousands of employees. An elephant will not try to hurt an ant, but may step on one.
At least with videos there's a problem with videos copied from other places and monetized on Facebook, especially because they boost the FB-hosted videos over external videos and do fuck-all about it.
Github issues is itself a forum and cross-linking forums like this, especially with the explicit goal of mutual pile-on amplification causes problems. The solution is to not make such submissions to HN (and to flag the ones that appear).
Nobody's forcing you to read or comment on something you don't like. If you don't think it should be here, flag it and hide it and move on. If it gets removed it gets removed, if it doesn't, well you've hidden it so it doesn't matter anyway. It wouldn't have made the front page if people hadn't been interested in it and upvoted it.
The story isn't really politics or crime, it's a company forking an open source project and taking over the name.
I personally find these kinds of stories interesting. Especially this, I've seen some underhanded attacks on open source before, but this one's one I haven't really seen and it seems pretty insidious to me.
> It wouldn't have made the front page if people hadn't been interested in it and upvoted it.
u/dang has stepped in before and quoted the rules when things go off the rails. Clearly, the esprit de corps is not the best measure for what is best for HN. I don't think it's right to handwave the rules just because the majority vote to ignore them.
But,
> The story isn't really politics or crime
Mostly agree. It's in that niche category "publicizing my issue w/ Megacorp for traction" and HN has been used/abused as a vehicle for it often. Mods haven't stepped in, so I guess it's ok? And as a programmer, I would sympathize with the underdog as well, even it were against my own employer.
I would sympathize with the underdog too. Thats not the problem. The problem is that we collectively support "the wrong" way to resolve such problems. Wrong as in it doesn't solve anything but a specific incident. We know nothing really changes and next week we have another similar incident. And we also know that 99+% of similar incidents never get resolved because they could not reach the virality needed. This is some kind of mob internet justice that just doesn't work at scale and we should not be participating here this platform is for news.
It's a dim view of hackers I think, that sees them as not interested in anything outside a very narrow intellectual range, as this would render them not someone to emulate but someone to pity.
> that people abuse HN for their own personal problems
Just the record, the person who wrote the issue (and is affected by the problem) and the person submitting to HN is not the same person. So I'm unsure how I could be claimed to use HN for my own personal problems, when I'm not the one with the issue here.
Not that you did, but it could be argued that because it’s Facebook (and we’re on HN), you were looking for something to post that’s negative about them because “fsck FB.”
Doesn't really matter and there is no way to know if the HN poster is the affected person or not.
What we know is that it creates an incentive for affected people to post future problems like that here if we keep giving these posts attention until they are resolved.
Well I'd rather it be like this than the opposite extreme where companies take any (MIT licensed) software they want but never give back or publish FOSS of their own
Perhaps someone with some experience dealing with violations of MIT licenses can chime in on this.
How different does one project's code have to be from another similar project before you can claim copyright and slap your own license on it?
If a dev simply copied the entirety of someone's code and simply renamed some variables, could they claim it's their own original work (without worry of legal recourse)? I'd figure not, in which case, how much of a difference is different enough?
AFAIK there is no amount of changes you can make to a work that will make it stop being a derivative work.
That's why reimplementations of license-encumbered software have to be careful to have one team study the software that is to be reimplemented and describe what it does and another teams reads this specification and implements the substitute without ever looking at the original software.
> if a dev simply copied the entirety of someone's code and simply renamed some variables, could they claim it's their own original work (without worry of legal recourse)? I'd figure not, in which case, how much of a difference is different enough?
This would most definitely not be enough. That would basically make all licenses useless - commercial and noncommercial alike. The MIT license is no different than any other license in that regard.
In case of the MIT license, whenever I copy any code (files or parts), I always place a comment right next to the section, pointing to the source of the copy and containing the license of the code/copyright marker. Honestly, what’s the cost? My ego doesn’t take a hit from admitting that I found and adapted something useful. The possible uses of the code are unaffected. License situation is clarified for audits. The original author gets credit for their work. There’s only upsides.
More importantly, if you don't intend to follow the MIT license, don't fork or clone the project then change details of it. Specifically the "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software" clause, which seems to have been the one ignored by Facebook here.
That's not what I meant. And clearly Facebook isn't currently at the extreme yet. Facebook doesn't just steal - it seems like it happens every once in a while, but they have given lots of FOSS gifts to the world that have genuinely improved web development.
This comment is the one that seems to be two extremes with no balance. Those companies make absurd amounts of money and would not be able to be nearly as profitable (or maybe even exist at all!) without FOSS scaffolding to build on. It's a power imbalance. Any giving back they do in terms of money or manpower is peanuts compared to what their top-earners are pocketing.
Dear downvoters: I have worked at these companies too. I've been the one doing the pocketing. Is my experience not valid enough to speak?
> This comment is the one that seems to be two extremes with no balance
Indeed. Frustrated with the black & white view from umvi I responded with my extreme view. I'm sorry about that.
I agree with you that companies should, if they can, contribute back to open source, either with funds or time spent contributing to the project.
I only responded like that because I don't think it's either "companies take open source and never contribute" OR "companies take open source, overwrite the license holder and doesn't credit the author". I think the issue is much more nuanced than that, but I let my feelings write my previous comment.
Regardless of the validity of this claim, the past decade of watching Big Tech Companies make tons of money on the back of Free Software has pushed me away from the X/MIT-style licenses and back to the (A)GPLv3. For a while I was swayed by the arguments that they're "more free" due to fewer individual restrictions, but I've since realized how many definitions of the word "free" we're operating under and that I have a different one than many of the MIT License advocates. I would prefer a smaller user base comprised of people each willing to make a small sacrifice (GPL requirements) for the overall benefit of collectively-singular Humanity.
I remember seeing similar post about amazon and Microsoft taking over names of projects and publishing as their projects. I remember the MS one was worse as they forked the repo, didn't credit original author and when confronted, people working in MS, tried to cover it up by reformatting code, changing var and function names.
In the BSD licenses, the trend has been toward the ‘simplified’ versions without the advertising clause, which are very similar to the MIT license. But it was the advertising clause that broke AT&T in their lawsuit against BSD, because AT&T had violated the advertising clause by promoting the inclusion of vi in System V without credit.
Or make money by selling a service around this (A)GPL code, but provide the modified code to your users if you modified it (even better, publish the code for everyone, but that's not required by the GPL, otherwise it would not be a free software license anymore).
This is important: one can build a service around an open source project and make money without paying or asking for a specific license. People doing this still need to give the code to their users if they request it with the same rights, and will be incentivized to contribute back upstream if they need to adapt the code to provide their service because it is less costly than maintaining an ever diverging fork, which is great! Do sell commercial services around my GPL code!
A commercial license is only needed to allow building proprietary software based on the GPL code, but it is only possible to provide one if the project has no other contributors than the one selling the commercial license, or those contributors sign a CLA.
While this sounds logical and reasonable, the FOSS community doesn't consider it acceptable since it's not considered totally free.
MongoDB got raked through the coals when they tried making a license with this purpose. They ended up having to backtrack [1]. I don't understand people's desire to give these billion-dollar corporations everything for free.
The point of the AGPL is to prevent certain usage. If you want companies to consider paying you for an alternative license, the first step is choosing an Open Source license that they're not thrilled with.
Why are you asking it hypothetically? We have many examples of that. For example, Overleaf (the online LaTeX editor) is a service based on AGPL code for which my lab pays a significant amount of money each month.
Because I'm curious what the mindset behind "AGPL doesn't work for commercial environments" is.
It's a common, recurring statement and I'm sure people have good reasons to believe it. I can guess what that thinking might be, but there's no substitute for asking.
The list is not at all up to date, and very incomplete, but it's better than nothing. You can see that there's quite a few well-known infrastructure projects there.
You don't have to search for very long before you realize how much government-funded research and code has improved our life. Department of Energy labs, National Science Foundation, DARPA, Apollo Space Program, Human Genome Project and more are all publicly funded and responsible for some of the biggest "real breakthroughs" in human history, and that's just projects from the US.
Actually, it's 97% - I think you're confusing it with the similar but unrelated quote by Abraham Lincoln: "85% of quotes on the internet are made up.".
I suspect there's not always a complete separation of "government-funded" vs "commercial" labels, especially in the case of things like Apollo and DARPA, where defence contractors essentially work as commercial companies on contracts for the US government / NASA, so it's not completely black and white in that area.
I don’t mean that kind of humanity-defining breakthroughs, but the kind that depend on OSS libraries - new social, entertainment, commerce and productivity tools that change our lives incrementally.
Yes, that's exactly the point. I don't want those people around my codebase. Nobody on a Crusade to get you to adopt ProtoBuffers or Thrift. No codes of conduct. No risk of getting abandoned when priorities shift (like HHVM dropping support for PHP code). Heaven! I love software again :D
(IAAL but this is not legal advice. Consult a licensed attorney in your jurisdiction if you need legal advice.)
This is interesting. GitHub has an Actions marketplace but it doesn't seem to be namespaced like the rest of GH is. This sets up a potential for a naming conflict where first-to-register wins, much like Internet domain name capture in the early days before registrations could be challenged by trademark holders.
For the time being, it looks like developers should come up with creative names for their Marketplace add-ons to help avoid conflicts. With sufficient creativity, these may be subject to trademark protection; and creators might be able to leverage laws including DMCA to prevent such squatting.
OTOH, "label-actions" is pretty generic and IMO it was only a matter of time before someone registered it in the Marketplace -- if not by Facebook, then by someone else.
regarding jurisdiction - would it be where OP is (which could be anywhere in the world) or where FB is (Menlo Park or Delaware)? because if the former... that seems like FB is liable to being sued in every jurisdiction on earth
Not to be rude (not a fan of Facebook), but what exactly are you alleging by them drawing strong inspiration from your code? You repository does not seem that popular and I see little actual code overlap between the two.
I would assume that the dev simply had a similar idea and put it on GitHub actions before you did?
Edit: Actually looking at your repo it hasn't seen any update since 2019, GitHub actions were released about a month later. Why did you expect this developer to hold off from publishing if you hadn't done it already?
Look we can argue about it all we want, but this is a 3-files <1000 LOC project which they seem to have rewritten internally. I am not saying that this is a nice move but I fail to see what FB should have done differently here? Register their new actions under a new name even though the original project maintainer was not actually using the name on the marketplace?
I am the maintainer of a library called "pdf2image" on GitHub, I've been maintaining it for well over 3 years now. At some point in the past a few other projects with the same name appeared for different languages. I didn't go on a long rant on HN about how other people where taking my "IP" because it's a generic name.
On top of that, GitHub Actions have been up since November 2019 and as such, OP had around 11 months to register his project. The name being generic it's only expected that someone ended up taking it.
Now the only thing that makes people all up in arms is that FB is the employer of the dev that did this. Since we all hate Facebook, we support the underdog in this. Repost the exact same post while removing the name of the company and it would not even be close to trending.
Good for you then. Perhaps original author was using it as their portfolio project and now has to explain that no he didn’t steal it from fb - they did. Don’t assume what works for you is acceptable to everyone.
Except the FB project is a complete rewrite, done by one of their employee. There is no "stealing" here. You wouldn't tell someone who wrote a link bit.ly clone that he "stole" the idea from the original website. Even if they had copy and pasted OP's code (which they didn't), it's MIT-licensed and only minimal restrictions apply.
There are things that are wrong with how these big corporation operate, but this is not one of them. This is more akin to a small shop called "Play Store" not registering a domain name and then making a post on HN when Google registers it for Android.
You have to differentiate between a rewrite with vs without looking at the original. A clean room rewrite is generally accepted (i.e. derive spec from original, then have the spec implemented by someone who does not know the original). Looking at the source while writing some kind of copy of it is a violation (legal and ethical). As per the thread there, the FB person did indeed see the original.
In this case the code is licensed under MIT so I really fail to see what you mean by a legal or moral violation.
There is a subset of the open source community that seems to default to the MIT license and then act surprised when their project is used in a way that is not what they had in mind.
Any large company is going to frown heavily on using references to some sketchy third party dev's repo. Large companies don't like that and it rightfully raises all kinds of appsec concerns because @dessant could easily change their Github Action to do something malicious.
Here's how I'd guess this entire process went:
1. FB appsec: "wtf are you doing referencing this guy's Github Action in our codebase? We don't own that and if he chooses to change something we get hacked"
2. FB employee: "okay fine I'll fix it"
3. FB employee: creates official version for FB to use, that can't be mutated outside of FB oversight
If this was how things went down, it was a terrible implementation of a fix - you'd expect it to be under a Facebook namespace rather than the employee's personal account - if the employee leaves, they instantly become a "sketchy third party dev".
Agreed. What FB did here is really scummy, they are clearly violating your license, so stick it to them on that issue. By bringing up unrelated issues one muddies the original intent.
If they didn't take any code they probably didn't violate a license. Copyright protects the actual work, not an idea. Ideas are protected with patents or similar legal mechanisms. The name is protected by trademark law.
(And to be clear: I agree that FB at least socially behaves wrong, if there is a legal mechanisms however is questionable)
I didn't look too much at the code, but at first glance it doesn't seem copied. The API might be the same or similar, but that's a different discussion, as is for taking the same name.
Yeah that part felt like the listing of grievances and it won't help. It's probably a completely different team that should be contacted by other means. At least the label-actions author is probably on whatever #github channel facebook has internally and as such can be somewhat easliy contacted by the react-native repo maintainers.
Yeah, came here to say that. Wit.ai looks interesting but I won't touch it with a 100ft pole as long as they require Facebook login. Unfortunate they have to promote the walled garden.
But also agree it was offtopic for the Github issue. Keep that focused on the naming and IP issue.
> The action has been published on the GitHub Marketplace using the same name as my open source project, preventing me from publishing my project as a GitHub action using the project name.
Aside from just criticizing the actions of Facebook here it seems strange to me that GitHub so famously (due to its 'Fork' button imo) has a "user/repository"-style namespace for code but that their "Marketplace" has a flat namespace of only your app[0] name. According to its front page they are "tools to improve your workflow", but I just feel out of the loop and honestly slightly confused about what this is or why I would want to use it. I guess I'm officially old now. Oh well, back to neovim :)
Is this really Facebook taking that name, or just an engineer working at Facebook who did an open source project in his free time? The hramos/label-actions repo doesn't seem to mention Facebook at all?
It's kind of a weird move to open the issue at facebook/react-native rather than hramos/label-actions.
Surely the complaint isn't that facebook/react-native switched out which action they're using though, but that the author of hramos/label-actions (presumably hramos) published his action to the marketplace, specifically under the name label-actions?
It seems to me that the connection to facebook/react-native is tenous at best. Even the connection to Facebook at all seems pretty weak; yes the engineer works at Facebook, but if this had been an official Facebook OSS project that they wanted to publish themselves, surely they would have done so under the facebook org?
It looks to me like this is just something an engineer at Facebook did as a side project.
> It looks to me like this is just something an engineer at Facebook did as a side project.
Facebook Engineer works on something and then uses it on a Facebook project. To me I would take that as something that came up during Facebook meetings and that Engineer actioned it. If they talked and planned a robbery during work time and did the robbery on a weekend and Facebook got all the goodies from the robbery. Would that not implicate Facebook in the robbery?
That's quite a comparison for someone working at Facebook naming a small open source project the same generic name and then publishing it to Github Marketplace for free without mentioning Facebook at all, but I'll play along:
Yes, they would be implicated to a degree, but it would be a stretch to say that Facebook robbed something, rather than saying that a few Facebook engineers robbed something. Also, in what sense did Facebook "[get] all the goodies from the robbery"? The action on Marketplace doesn't mention Facebook at all, so other than using the action (which doesn't require anyone to publish it to Marketplace), which goodies exactly did Facebook get?
> That's quite a comparison for someone working at Facebook naming a small open source project the same generic name and then publishing it to Github Marketplace for free without mentioning Facebook at all, but I'll play along:
Different degrees, same principle as you know.
> Yes, they would be implicated to a degree, but it would be a stretch to say that Facebook robbed something, rather than saying that a few Facebook engineers robbed something.
If that happened. Facebook as an entity would be investigated.
> The action on Marketplace doesn't mention Facebook at all, so other than using the action (which doesn't require anyone to publish it to Marketplace), which goodies exactly did Facebook get?
That would be having it work they wanted it to work.
I thought that when you work at FB/GOOG, etc. you don't have free time. Or am I wrong? Everything you do is owned by the employer or approved by employer to be owned by the employee.
Facebook did or a developer at Facebook did? These are very obviously different concepts. Given that the aforementioned repo sits clearly under that developer’s Github Account and NOT Facebook’s, it seems fairly likely that this is a developer doing this in his own time.
This. I see that the repo is under the developer’s account so clearly this is not Facebook’s actions.
If the developer worked at a random unknown company nobody would be paying attention to this. Perhaps the original author wouldn’t have posted his (rightful) claim.
Swapped by the author himself. This is definitely a gray area.
How much does a reviewer need to dig into the license implications of swapping a dependency?
You’re totally in your right to demand license compliance of course. I’m just saying that is hard to blame it as a concerted effort by several individuals. Doesn’t seem to be the case here.
This is simply not true. Companies reserve the right to own any IP you create when you’re in contract, but that doesn’t mean they automatically own/are responsible for everything you do.
Those clauses exist to give the upper hand to companies when it comes to claiming rights over the creation of potentially competing IP. Not to become liable of everything an individual does. That would be nuts.
As I understand it, large tech companies explicitly require corporate approval for any open source projects you release on your own time or their time.
> This is simply not true. Companies reserve the right to own any IP you create when you’re in contract, but that doesn’t mean they automatically own/are responsible for everything you do.
Depends on a contract. I worked in once place that specifically said every line of code you write during employment belongs to the company. Even on own PC, during non-working hours on bank holiday during personal holiday. One guy ended up in troubles after the contributed a bug fix to Eclipse STS, which we were using at work.
Based on my experience (not a lawyer) this depends very much on what company and (in the US) what state you are in. Google had a very broadly scoped right to your work in the paperwork signed when you got on board. Barring those agreements states, like California and Washington, explicitly have laws giving workers rights to their work done without using company resources.
>Barring those agreements states, like California and Washington, explicitly have laws giving workers rights to their work done without using company resources.
California's law only covers things which are not related to the company's current or future anticipated business. For a company like Facebook or Google that covers so much ground that the law may as well not exist.
That's not true. California law covers everything you do outside of the work hours without employer-provided equipment, including things in the employer's areas of business. What California does allow the employer to do is to have a conflict of interest provision that will allow it to discipline or sue you if you do something outside of work hours that could cause conflict with the employer's business. They won't own your IP though.
Can you cite a source for this. Reading the relevant law it says that the IP clause is valid in cases of conflict with the employer's business. If the IP clause is valid then, as I read it, they legally own your IP as you assigned it to them in a valid contract. They may need to sue you to exercise their right but if they win they gain your IP.
>(a) Any provision in an employment agreement which provides that an employee shall assign, or offer to assign, any of his or her rights in an invention to his or her employer shall not apply to an invention that the employee developed entirely on his or her own time without using the employer s equipment, supplies, facilities, or trade secret information except for those inventions that either:
> (1) Relate at the time of conception or reduction to practice of the invention to the employer s business, or actual or demonstrably anticipated research or development of the employer; or
I think this is just engineer that works at Facebook created project with same name in their free time, not Facebook the company made such a naming decision.
Here's why I think so: commits coming from Facebook in facebook and facebook-experimental github orgs have additional metadata fields like "Reviewed By:", "Differential Revision:", "fbshipit-source-id:": https://github.com/facebook/react-native/commit/864cdf338369...
I would typically down-vote this kind of statement for being snarky and without much substance; however, in this case, I feel like it really fits the situation.
There is a clear need for regulatory action to prevent further abuse from market leaders.
What kind of regulatory action in this context exactly? We have patent law, copyright law, and trademark law. We also have contract law, licensing, etc. What is a specific regulatory remedy that would solve the situation under discussion? Generic “more regulation” is not helpful. Do we actually want more regulation around open source? Because I don’t see that ending well.
“Engineer who works at Facebook has taken the name of my open source project”, corrected that for you.
This feels like using HN to brigade an individual at best, and people might accept it because they opened the issue against Facebook and not the individual.
There's a commit in the React Native project where they switch from the OP's tool to their own, which has the same name. I'm not sure there's any other way to see it.
Does wilfully omitting the original copyright statement (as required by MIT license) and removing any reference to the original author count as someone 'just trying to get work done'? However trivial the code may be, denying credit is as bad as stealing.
You can't see it as this person from Facebook being unaware of the OP's tool and, just by coincidence, implementing a tool with the same name. They knew of the tool and actively used it.
I think it's clear their intent was to reproduce the tool at Facebook and then cast a shadow over the old tool, discouraging its use.
GitHub has a number of features. One of them is called Labels. One of them is called Actions. Of the matrix of possible two-feature combinations, the first person to happen to combine the two doesn't get an automatic moral right to the name.
This other project doesn't even seem to be registered as a GitHub App. I think we must have extremely different definitions of the word "malice".
Jesus I'm going to be afraid to call anything straightforward from now on in fear of invoking the wrath of "the community".
There is an actual MIT license violation in there. MIT is an attribution license that requires preservation of original copyright statement in derivatives. One commit also shows clearly that this code is indeed a derivative.
Dual license means that you are offering two separate licenses to the code, and that people can use the code under either license.
So if you wanted "MIT unless you're FANG, in which case you get an even more liberal license", you could do that with dual licensing. On the other hand if you want "MIT unless you're FANG, in which case all rights reserved" you're going to have to come up with some custom license.
I don’t get it. The original label-actions is <500 LoC, and that code hasn’t been touched for a year. Why does this person expect to make money from this tiny project? Open source can be weird sometimes.
Facebook would file a counter-claim, project would be reinstated by GitHub (in 10-14 days as required by law) and OP would have to sue Facebook to escalate. DMCA is of little use to smaller entities without money for litigation.
How much does it matter that any of this stuff is open source when it’s just designed to a) interact with a closed source, proprietary platform (GitHub API/GitHub Issues) by b) running within that closed source, proprietary platform (GitHub Actions)?
It’s not like this is some widely useful tool, it’s just donated additional GitHub sharecropper functionality. Why is it that important that he receive credit for doing free work for Microsoft to improve their bug tracker SaaS?
I think this author is trying to make the MIT license do something it was not designed to do and is not generally understood to do. I think he chose the wrong license if he wanted his work to legally require his permission to be copied.
I'm not even sure what parts of the license he thinks have been broken. (The idea that it's even possible to violate terms of the MIT license is I admit somewhat new to me).
Elsewhere in the thread, commenters suggest the violated clause is: "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software."
But I have never before seen it suggested that the MIT License is in fact "viral" like the GPL, that it requires derivative works to also be licensed MIT. The license is usually understood as quite the opposite, and often used intentionally because of that. If that's what you wanted, you chose wrong with MIT license.
Generally when I personally see code with an MIT License, I understand that I am able to copy whatever I want from that project to my own projects, I thought that was the point of it. Do y'all not do the same?
Copying ideas or a name does not seem to me to be "a copy or substantial portion of the Software"; but even aside from the particular license terms, the worse part for this argument is they are generally not protected by copyright at all.
> has reimplemented the app with almost the same features and configuration syntax using GitHub actions
Reimplementation? So nobody is alleging actual code got copied? "Features" are not generally even copyrightable at all, it doesn't matter what license you use.
Whether "configuration syntax" is copyrightable or not... I guess the author is taking the Oracle side in Google v. Oracle, on copyright protection of APIs. But if you believed your "configuration syntax" was copyrightable and you wanted to require people to ask your permission before copying it -- you really ought not to release it under an MIT License.
Even apart from licensing, in general I don't think "features" or "configuration syntax" are or ought to be protected by copyright at all. I'm sorry, yes, people can copy them from you.
If the David and Goliath roles were reversed, I have a hard time believing a large corporation alleging someone had violated copyright for cloning "features and configuration syntax" -- for something released under the MIT license in the first place -- would get any sympathy at all. We (software devs) have generally supported the right to clone software, for good reason.
Re-using the name is certainly rude. I am not sure if it is actionable. The rest of it... it's not even about open source, its about that cloning software has always been allowed (although Oracle v. Google may be about to change that, which will be a disaster).
> Generally when I personally see code with an MIT License, I understand that I am able to copy whatever I want from that project to my own projects, I thought that was the point of it. Do y'all not do the same?
You are allowed to take and copy it to your project. You just need to retain the notice along with it - IANAL but I usually just copy the licence in a code comment along with the copied section (or file). I usually include a pointer to the original source for audit purposes. That doesn't make my project MIT licensed, but that part of the code that I lifted without substantial modification remains MIT licensed, even if I make my project closed source commercial. There's no way around that - I cannot claim it as my own since I have not written it. Same for public domain code.
Can someone enlighten me to the possible motivations behind a facebook employee doing such a thing. Since I don't much experience in open source, from my humble understanding it could be to hijack the project and nudge or explicitly steer the project and open source contributions in the more favorable direction.(?)
Usually these kind of scenarios boil down to the fact that a lot of corporate devs (even ones that participate in open source) do not really understand open source from a community perspective. They understand it from a corporate perspective and it's this that causes some rub. Where big, multi-million dollar companies think, "A fork is a fork and that's part of open source ethos!" they lack the relative introspection to see how Amazon's fork is relatively different from kodah's, especially if you put a business case behind it. This lack of mindfulness largely gets perceived as an affront on the open source community and it's values.
This was a GitHub issue bot, I doubt this is an instance of Facebook trying to strong-arm competition. It's more likely that Facebook had a need for this, this engineer wanted the code in GitHub actions for some reason and quickly wrote it. Seems reasonable and fully within his rights working in FOSS. What was missed by corporate governance is attribution for where the code was inspired by. Sure, you likely can't get in legal trouble here, but ethics say you should document where your inspiration came from.
My guess is that the Facebook employee thought it was simply not worth using an untrusted (22 stars) library like this for the project. Maybe there was some additional feature where they just didn't want to deal with asking the original author of the idea and wanted to build themselves, but I'm guessing because the project is going to have significant usage of this (and probably growing as more complicated use cases come up), in house control is easier to manage (eg. imagine the case where the repo goes offline or something). Also, it doesn't look like this was 'Facebook inspired', but done on the developer's own time. Likely some weekend project because they were bored. I really don't think this is done in malice like some other comments hint at.
Take a look at the project in question. It's a fairly straightforward github action. I imagine facebook has some (probably quite sensible) policy that they shouldn't rely on random third-party actions, and rather than just forking it they thought they'd build it to better suit their needs. Life is stressful enough working at a large org trying to get real work done without worrying that some author has decided to claim the rights over an extremely generic and obvious name.
Launching a new product using the extremely unique name of an existing open source project this is not.
In my experience working with Facebook developers has been a total pain in the ass when it comes to open source. They request all kinds of features with no intention of helping and are quite aggressive about it. That kind of behavior puts a serious burden on open source maintainers. Facebook employees should be ashamed of the way they treat other developers.
Open source != unpaid, uncredited work. That is just what corporations want it to be. In this case, it's a violation of the open source MIT license to remove the original copyright statement.
Let me guess how this will go
1. This issue will get traction on HN and maybe Twitter
2. Facebook engineers responsible will apologize, tell us they meant no harm
3. Facebook will change the name of the project and give it back to it's rightful owner, maybe even reinstate their Facebook account (although unlikely)
4. In 3-6 months the very same thing will happen and we'll go back to step 1
Hopefully at one point the engineers at Facebook (at least the ones that hang around HN) will realize what their employer does to the open source ecosystem and finally leave the company. This is not the first case, and will not be the last case of similar things happening. But when you're getting a large salary that is hard to get elsewhere, I guess it's really hard to leave.
Edit: HNers please! Don't fill the issue with any more comments as it's likely to be locked and not really achieve anything more than that (specifically looking at you " dsignr")