They say:

> We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community. Thanks again for bringing this to our attention. We will improve the way we work and collaborate in open source and are always open to feedback.

…which is a lot of nice words with absolutely NO accountability. They could write a sticky note “do better” and technically that’s all that’s required from their side. Is that okay with you?

Nobody is expecting this one incident to make Microsoft change. It’s about reputation, which can take a long time to shift, but can be important in the long term.

We don’t have to just accept it when a company issues a statement apologizing for their screwup. It’s perfectly acceptable to say “this apology means little to me, and if you want your reputation to change you need to do more”.

Pretty sure their legal department would have my fork obliterated from the face of the earth and I would be crossing my fingers that all I got was a cease and desist letter instead of a lawsuit in Texas.

I have no hope that the courts currently (!) agree with this. But let us spread the gospel so that as many people as possible know how Microsoft's "real" stance on copyright is. If a lot of people become aware of this and this truth stays in lots of people's heads for a sufficiently long time, the public opinion might change so that juries (representing the public opinion in courts) will indeed begin to judge against Microsoft in the way that I described.

This, of course, is incorrect, and a cursory read of the very short licence text would show it to be incorrect.

But I, too, am strongly favouring Hanlon's razor.

Hell, I have been reading a lot about them (including the licences themselves and stuff like the GPL FAQ) many times, and in situations like this it's still not entirely clear to me what Microsoft should do (surely there are different valid ways to handle this).

Would you consider yourself competent as a lawyer regarding open source licences? If not, can I say that "you apparently never learned it" and aren't better than the rest of us?

Maybe they should have 3-5 meetings before forking OSS projects though :)

> We absolutely should have done better here: our company policy is to maintain copyright headers in files – we have added headers to the files to attribute your work.

This is a more than clear corporate statement from Microsoft's side that Microsoft is perfectly fine if copyrights are violated (implicitly including Microsoft's), as long as, if they get caught, people start giving proper credits. This implicitly implies that Microsoft promises that from now on they will only sue for getting proper attribution in case of copyright violations, and not for monetary compensation for damages.

I find this implicit statement really nice from Microsoft's side - actually more than what I could ever have wished for. :-)

Like this isn't some tragedy of the commons situation. This isn't some situation where the company is a cooperative confederation of equal partners. Either shit rolls uphill, or you don't have leadership at all. You don't get to pass the buck on criticism because you made a decision out of self interest, either.

"It's not technically illegal," is the most blasé, low-effort rule for behavior. It's why only twelve-year-olds and lawyers use it as a defense for poor behaviors and poor ethics.

Being a POS earns you a reputation for being a POS, and that includes people publicly pointing you out as a POS in public forums.

The forgiveness clause in GPL 3 is as much an acknowledgement of actual reality than anything else.

Only because they removed the license and copyright. If they were willing to do that in 1 file, they are willing to do it in many. It's not the authors mistake in any way shape or form.

No: the original author could have made it easier to comply, and you could argue that he acted foolishly in not doing so, but that doesn't make it his fault.

Absolutely not! This is completely and only M$'s fault, whichever way you look at it. Copying a file and slapping your own license on it, without consideration of the original one, is never acceptable. Don't blaim the victim please.

As for incompetence - well maybe they (M$) need to get better at managing licenses? Accusing others of stealing when the reverse is true only makes everything worse. Let's not try to change the standard way of licensing because some developers can't be bothered to check the license (and even fix typos in comments, apparently).

As an aside, there is no need to add copyright / license to every file. I would even consider it an anti-pattern, because it pollutes the code with noise.

So if the author instead used GPL, this wouldn't have been a problem? Call me pessimist, but I don't think Microsoft would have cared if it was MIT, GPL or even missing a license (so copyrighted by the author), they would have made the same choice as they just now did.

I'm sorry, but it's really hard to understand what you mean here, how choosing GPL would have somehow lead to a different outcome.

https://sfconservancy.org/copyleft-compliance/help.html

> I'm confused how you and others reach this conclusion. No, it doesn't.

| Copyright (c) <year> <copyright holders> | | ... | | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

The copyright notice that must be preserved includes the copyright holders' names, and that is a form of attribution.

Source: the MIT license.

https://choosealicense.com/licenses/mit/

You’d need to patent your idea to stop that.

I beg to differ here. OSS and Free Software movement was conceived for the freedom to change the software to the user's needs. The entire meaning of free as is freedom means as long as I abide by the license properly, I can do whatever I want with it. Whether you like it or not, this means Microsoft can make money out of curl project if they want to. This is the same way we used to burn Ubuntu cd's and resell it back in the early 2000s. It's allowed and IIRC Ubuntu cd cover used to proudly advocate burning, sharing those cds.

This big tech and money in OSS is a new phenomenon. I am neither against them or with them. But just that it is not the reason why OSS or Free Software movement happened.

Citation needed here, if you're going to make such a bold claim.

The open source movement began as a counter to proprietary closed-source software, and nothing more. It has never been about "fairness" (however you define that) or about preventing anyone from profiting from OSS.

Now that said, fairness matters and I agree that some of what transpires today in the open source world doesn't feel fair.

But that's what new or difference licenses can accomplish, depending on the wants of the authors.

And that's different from the philosophy behind Open Source Software. We should be clear about that.

If you stop people from using your software while they are at work, you stop people from using the software and it is no longer open.

When a megacorp forks an OSS project, the maintainer should know that it is allowed. If you are MIT licensed, that megacorp can resell your software, create a business around it and make billions in revenue. That is allowed. If they are bothered by it, they either should use a different license or take the software proprietary. To me, the problem here is that Microsoft hasn't properly followed OSS license here. My qtile window manager config file has copyright notice of all the authors. That is how you follow MIT license. Another problem I see here is not knowing how to do license compliance. Also, why should it matter if the one who forks it is an individual or a mega corp. As far as OSS is concerned, it's irrelevant.

> And for that matter, perhaps less ideological but practical, how does that encourage small startups who want to be as open as possible while wanting to be able to scratch out a living working on something they care about?

I have been an OSS guy for a long time. And think OSS in business is a very tricky and hard problem. If you don't have the reason to be OSS, it's better to be honest about it. There are other ways to support OSS. Just support like 10% or even 5% of the dependencies you use as a business and that will make wonders. And be honest about things. Obviously, there are success stories. But if you have seen the recent trend, people are in the mindset that someone forking your OSS is ripping off of them. Not stopping to think that it was allowed all along.

> You suggest staying closed source, rather than tweaking an open-source license to limit corporate forks, for the purpose of protecting OSS philosophy. It strikes me as odd.

Because the moment you "tweak" the OSS license the way you are talking, it stops being OSS. Also, your proprietary software still needs to abide by the OSS licenses it uses. If I use a OSS software, it should abide by the OSS license somewhere in the output.

I think it's better to be honest about OSS than being like... we love OSS (Just like Microsoft <3 Open SOurce) and saying.. you know what? Don't use this software in this industry because that where my business happens. Oh and since you don't agree with my politics, you can't use it. I am not gonna list them, but there are licenses which does these and they are exclusionary. Free as in Freedom is what brings in people to OSS. The moment you start excluding people, it's a slippery slope. It's already happening in politics and else where. Let's just keep software away from it all please.

That violates the first clause of the open source definition:

https://opensource.org/osd

It probably violates 5 and 6 too.

> But if Microsoft wants to fork things, to me that is predatory. If I can't fork windows, why should they be able to fork community software? If they argue that people should pay for their products, it just seems fair to me that they should not get community products for free.

Windows is not open source software.

I simply do not get this corporate hate. Corporations and individuals can both use it for good and bad. A company might use open source to make a pacemaker to save lives or world improving research, or it might be Facebook and sell personal data.

There is nothing preventing the project owner from also granting individual paid commercial licenses. There are a number of GPLv3 (or other restrictive license) projects with a note like "contact us for commercial licenses" in the README.

Licenses aren't exclusive by default. If a company doesn't like the existing license, they are always free to contact the project owner(s) to request a custom license.

As you say, their job is to protect the company, not actually understand how IP works. But it's pretty silly when some stupid dev like me knows their supposed area of expertise better than they do.

The flake8 (MIT license) maintainer is upset that ruff is copying his lints, for example.

I find the whole thing bizarre.

If this is what happened, I suspect Microsoft will drop this person even quicker than a hot potato, and even quicker than if they told them to rewrite it from scratch but the person took a few shortcuts too many (which would be my guess).

If they wanted to fork it, they could - just keep the attribution and be done with it. The fact that they tried to rewrite it suggests that someone wanted it to be legally not a copy.

Whether this would be considered non-free is up for debate IMO. Why would a license like this be considered non-free when the GPL is free? Is it the scope of it? The OSI would hate it because they represent the organizations this is meant to curtail.

Though most of this is moot if you can just launder code through a LLM and magically remove any licensing for it.

In a CLA-restricted project, there's only one entitity that can contribute copyleft code. Everyone else must donate the code to them, and they forbid themselves from using other people's copyleft code, because they can't relicense it.

There's a famous talk about this, which resulted in many us referring to Oracle and its billionaire CEO as the "lawn mower."

https://www.youtube.com/watch?v=-zRN7XLCRhc&t=2482s

In many cases, project maintainers would not want the changed code anyway because it does not align with their vision for how things should be done. Linus Torvalds and his subsystem maintainers, for example, do not want people to send them code dumps containing the hacks people have done to private Linux source trees. They want proper commits that are done well and have been modified to comply with any feedback that they provide.

What the project maintainer here wanted were collaborators who would work with him as a team (which is not much different than what most OSS developers what), but no license requires that and it is rare to get that.

I think this isn’t a problem — not everyone has to contribute to any project! People sometimes struggle with the choice between GPL and MIT for similar reasons of popularity.

People who want the widest possible usage/corporate adoption can pick licenses that reflect that and embrace the tradeoff

It was particularly problematic for the FOSS companies because each of these players' plans was to resell the Big Three clouds and live off of the margin, so the instant that the cloud providers decided to just directly compete in the hosting space the original company physically couldn't compete on price.

The moral of the story is that if you're releasing cloud software as FOSS you can't plan your business around the idea that you'll be the only hoster.

There’s no reason to worry about the AGPL unless you plan to conceal code from its users. Most software businesses take this approach because it’s hard to sell information that is publicly available, and code is just information. Some businesses make money operating software for others. AWS pays on-call engineers to keep RabbitMQ highly available.

Free Software protects the user from the developer. Permissive licenses protect the developer from the author.

A lot of professional software engineers get confused and think of themselves as the “user” when they’re actually more of a middle man.

I grew up thinking that people would follow the spirit of open source rather than the specific letter of the law. This is obviously not true, and probably never has been.

Large corporations should and can be extremely clear about their intention, which is clear to them before they reach out.

In my opinion, it's the Spegel author's fault: they should have added a notice in every single file!

If you pick a corporate charity license, don't act surprise when corporations take the charity!

Also as polyglot developer, while I happen to have my preferences in regards to technology, I am not married with any of them.

Being MVP, Champion, or whatever program each megacorp happens to have, was never something I saw value in.

Never make a specific technology, or company, part of your identity as person.

> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

Simply removing the copyright is a violation of the MIT license.

It's not the money, it's the red tape. Setting up a new vendor, finding the right account, getting the PO approved. Even in a company where that stuff is relatively easy, it's way more friction than a simple meeting where you don't have to ask anyone for permission for anything.

This is not that though. Seems to be exactly what the maintainer is asserting and that's not OK. :/

Oh I do.

The person that wanted to setup the meeting likely has no budget control. Big corps like to keep the ability to pay for stuff out of the hands of individuals and isolated in bureaucratic nightmares.

You'd be more than reasonable to demand "$1000/hr with 1 hour minimum" for such a consulting and I'd see HR in MS doing an immediate "hell no" to that.

I have seen plenty of dev managers refuse to pay for something if they didn't have to.

If they contributed it upstream, would we be discussing a blog post "how dare evil megacorp submit a PR that only implements their API! embrace extend extinguish!"? Probably.

It's time we switch to "fair source" or "equitable source".

Put MAU/DAU/ARR/market cap limits in your license. Open to everyone with a market cap under $1B or revenues under $100M. All others, please see our "business@" email.

Place viral terms like the AGPL that requires that all other systems touched by your code to be open - especially the backend/server components that typically remain hidden.

We're giving away power to these companies for free, and they use their scale and reach to turn our software into a larger moat that ensnares us and taxes us in everything else we do.

Your contribution of open source in one area might bubble up as Microsoft or Google's ability to control what you see or how you distribute software to customers. It's intangible and hard to describe these insane advantages and network effects big players like this have to lay people, but I know we as software engineers understand this.

Open source has been weaponized against us. They get free labor and use our work to tax us, pin us down, out compete us, and control us. We need to fight back.

What’s the scenario here where they could take you to court for refusing to (in GP’s words) doing charity for them?

Scenario 1: Microsoft contacts you and says they want to talk about your open-source project. You never reply.

Scenario 2: Microsoft contacts you (…). You reply “thank you, but I’m not interested. You are of course free to contribute or fork within the constraints of the license.”

Scenario 3: Microsoft contacts (…). You reply “sure! I charge $X/hour or I could do a flat rate of $Y for the meeting. Is that acceptable to you?”

What basis would they have for taking you to court in any situation? As soon as you got a legal letter for any of them, your first step should be to send it to as many news outlets you could think of.

I agree with you, if we're talking about people acting as individual humans collaborating together on FOSS.

But this is really about a for-profit corporation acting in its own interests, using people to do its "deeds". Then I think it makes a lot of sense to treat any "Hey, could we chat to you about your project?" with a great deal of skepticism, because they have a goal with that conversation, it it's unlikely to align with your own goals, in most cases.

Ultimately, people from that corporation is reaching out to you because there is a potential/perceived benefit coming out of that conversation that they want to have with you. If it isn't extremely clear to you what that exact benefit is, I'd say the smart thing to do is being cautious, to avoid situations like this which happen from time to time it seems.

like what? continue to use (pay) for their products and wait for regulations coming from lobbyist countries? /s

To me it's the Spegel author's fault: there should be a copyright header in every single file, such that Microsoft would have to keep it.

To me, licenses like MIT or BSD pretty much imply "do whatever you want with this" I know it's not exactly that but if you really care to keep some control over what others do with the code, you need a more restrictive license (and even then people are still going to copy it, especially in the LLM era).

I have the same reasoning as to why I pick the AGPLv3 license as the default for my new projects. I want any benefits from my code to continue to benefit everyone, even if someone is profiting off of it.

Make sure you pick a license that reflects what you want, then.