TransWikia.com

Someone open-sourced an un-open-source project

Open Source Asked on August 28, 2021

Someone (Person_A) is sharing an open source project (Project_A) on GitHub. The Project_A is a decompiled version of another project (Project_B). But the original Project_B is not open source, and Project_B never granted Person_A permission to open source the project. Clearly, the GitHub sharer A violated the software license of the original Project_B.

Now my question is: if another person followed the open source license of Project_A, will that be a violation?

I’m asking because it’s hard to verify the validity of the open source license on GitHub.

4 Answers

Person A has no right to distribute that software, and is committing a copyright violation. Since they hold no rights in the software, they cannot grant a license to others. Any license they purport to offer is void.

Third parties that are relying on A's license are probably acting in good faith, but they didn't actually receive a license. When they become aware of the infringement, they would have to stop using the software.

Not every license is valid, and that is a problem when managing open source supply chains. Some projects make such issues less likely by asking all contributors for a Developer Certificate of Origin (DCO), where the contributor affirms that they either made the contribution themselves, or know for sure that it is covered by a compatible open source license. Corollary: don't use niche projects that were uploaded by a single contributor, unless its clear (e.g. from the commit history) that they created it themselves.

Correct answer by amon on August 28, 2021

Ditto what Basile Starynkevitch posted, I believe that there are some cases where reverse engineering or de-compiling are legit for research and education. The DMCA is the document that you probably would want to look at for more details on what is and isn't allowed. I suspect the legality of this is largely going to depend on what the copier is doing with it.

Now, your question relates to someone using the possibly illicit copy. US law holds that you are still guilty of breaking the law, even if you are unaware of the law for criminal law (ex: I cannot murder someone and claim I don't know it was wrong), I suspect that the same holds true for civil law.

If you use were to sell a product using code that was infringing on a copyright, you would likely still be liable for damages should the copyright holder decide to sue. It's a minor consolation, but this would create solid grounds for you then suing the person or company that committed the copyright violation in the first place.

But IANAL, so take all of this post with a grain of salt. Consult a real lawyer if this is important to your or your company. Do not assume that my speculation is good advice, or even correct.

Answered by Roger Hill on August 28, 2021

It is receiving stolen property.

Clearly the person that is releasing the code is wrong, but so is anyone taking the new code.

If you accept something that you know or should suspect is stolen then you are committing a crime in most areas.

Answered by user906752 on August 28, 2021

The Project_A is a decompiled version of another project (Project_B). But the original Project_B is not open source, AND Project_B never granted Person_A permission to open source the project.

You are asking a legal question (so consult your lawyer).

I am not a lawyer, but I am understanding that in the European Union, decompilation or reverse engineering of a binary software may sometimes be legal (e.g., for purpose of interoperability).

Clearly, the GitHub sharer A violated the software license of the original Project_B.

That is your opinion, but what matters is what a court would decide.

(I am not a lawyer, and my understanding is that there are legal systems where this won't be a license violation; as an example, hash tables algorithms in Ocaml and in Rust are probably very close. See however in the USA the Google vs Oracle case, rumored to deal with 7 lines of source code.)

A known precedent is Nouveau, obtained by reverse engineering of Nvidia binary drivers.

You may need to go to court. This is quite costly (possibly more than the value of Project_B) and may take years.

A related question is software patents. Legal framework is different in the USA and in Europe. On the economical side, read The Simple Economics of Open Source (and see also references in this draft report), and Steven Weber's The Success of Open Source book.

It could be more rational and beneficial (for both parties) to cooperate with Project_A.

According to rumors, some Nvidia engineers are legally cooperating with Nouveau.

David A. Wheeler's sloccount utility might be used to estimate the economical value of Project_B, based on which you could make a rational decision (cooperation vs. legal fight). Be aware that open source does not mean "no economical value": a lot of corporations are involved in GCC or in the Linux kernel and are making money by developing open source software. Be also aware that Debian or FreeBSD or Xorg are not made by unpaid amateurs, but essentially by a community of cooperating professional software developers. See Phoronix and LWN.

PS. In France, see APRIL and AFUL. I am member of both. Contact perhaps the FSF and the EFF and GPL-violations.

PPS. The important question is do you prefer to feed (that is spend your money on) lawyers or software developers.....

Answered by Basile Starynkevitch on August 28, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP