New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Notice of copyright infrigement #85

Closed
gmaxwell opened this Issue Sep 10, 2017 · 72 comments

Comments

@gmaxwell
Contributor

gmaxwell commented Sep 10, 2017

It came to my attention today that bcash developer Amaury SECHET (deadalnix) wholesale copied the migration to the per-txout UTXO database from the Bitcoin Core project ( 611284f ) while affixing his name and stripping off the name of the change's author. This commit is more or less a 1:1 copy from Bitcoin Core, down to copying grammatical oddities in comments.

Beyond being fraudulent and sleazy behavior, this action is a violation of the very minimal requirements of the MIT license.

And not only does it not provide the required attribution information, Amaury is running around in public claiming to have fixed the issue faster than Bitcoin Core when his fix was copied from our project (which is what brought my attention to this issue in the first place). [E.g. his interview with "trustnodes" states: The vulnerability has not been patched in Bitcoin Core. The reason for their failure to do so remains unclear. [...] Sachets took two days to implement the patch, he says, while Bitcoin Core still hasn’t at the time of writing.]

Amaury SECHET has a well known history of these copyright violating false attribution events: e.g. https://twitter.com/murchandamus/status/890627104148148224 and http://archive.is/k7wBK to give a few other examples. I also understand that he is advocating in your private issue tracker to remove all attribution to Bitcoin Core in the codebase from your repository.

Please discontinue the copyright infringement, correct your repository to credit the actual authors of the changes, and avoid similar unprofessional conduct in the future.

@deadalnix

This comment has been minimized.

Show comment
Hide comment
@deadalnix

deadalnix Sep 10, 2017

Contributor

The schnorr code is backported from https://github.com/deadalnix/schnorr/blob/master/schnorr.d
The per txout db is backported from core and it is mentioned in the series of commits.

Contributor

deadalnix commented Sep 10, 2017

The schnorr code is backported from https://github.com/deadalnix/schnorr/blob/master/schnorr.d
The per txout db is backported from core and it is mentioned in the series of commits.

@deadalnix deadalnix closed this Sep 10, 2017

@gmaxwell

This comment has been minimized.

Show comment
Hide comment
@gmaxwell

gmaxwell Sep 10, 2017

Contributor

The schnorr code copies libsecp256k1 verbatim, down to grammatical errors in comments. Misleading people about it is not helping your case. Are you really going to force us to use stronger means to get you to stop this infringement and further instances of it? :(

Contributor

gmaxwell commented Sep 10, 2017

The schnorr code copies libsecp256k1 verbatim, down to grammatical errors in comments. Misleading people about it is not helping your case. Are you really going to force us to use stronger means to get you to stop this infringement and further instances of it? :(

@TheBlueMatt

This comment has been minimized.

Show comment
Hide comment
@TheBlueMatt

TheBlueMatt Sep 10, 2017

Contributor

Can you point to where in the per txout db change in abc it is mentioned that this is someone elses' work? I cant seem to find it anywhere.

Contributor

TheBlueMatt commented Sep 10, 2017

Can you point to where in the per txout db change in abc it is mentioned that this is someone elses' work? I cant seem to find it anywhere.

@gmaxwell

This comment has been minimized.

Show comment
Hide comment
@gmaxwell

gmaxwell Sep 10, 2017

Contributor

@TheBlueMatt he credited a couple of the minor refactors he previously merged. It's missing on the substantive change that I linked. This is unsurprising considering he recently proposed in their private tracker to remove all attribution to Bitcoin Core everwhere in the repository.

Contributor

gmaxwell commented Sep 10, 2017

@TheBlueMatt he credited a couple of the minor refactors he previously merged. It's missing on the substantive change that I linked. This is unsurprising considering he recently proposed in their private tracker to remove all attribution to Bitcoin Core everwhere in the repository.

@sandakersmann

This comment has been minimized.

Show comment
Hide comment
@sandakersmann

sandakersmann Sep 10, 2017

Contributor

So you guys are prioritizing this instead of releasing a new version of Bitcoin Core that is not vulnerable? Fits the pattern of backward priorities from you blockstreamers.

Contributor

sandakersmann commented Sep 10, 2017

So you guys are prioritizing this instead of releasing a new version of Bitcoin Core that is not vulnerable? Fits the pattern of backward priorities from you blockstreamers.

@chrisrico

This comment has been minimized.

Show comment
Hide comment
@chrisrico

chrisrico Sep 10, 2017

@sandakersmann Bitcoin Core 0.15 is not vulnerable to the attack. It was fixed back in April.

chrisrico commented Sep 10, 2017

@sandakersmann Bitcoin Core 0.15 is not vulnerable to the attack. It was fixed back in April.

@sandakersmann

This comment has been minimized.

Show comment
Hide comment
@sandakersmann

sandakersmann Sep 10, 2017

Contributor

Bitcoin Core 0.15 is not released yet...

Contributor

sandakersmann commented Sep 10, 2017

Bitcoin Core 0.15 is not released yet...

@chrisrico

This comment has been minimized.

Show comment
Hide comment
@chrisrico

chrisrico commented Sep 10, 2017

@sandakersmann

This comment has been minimized.

Show comment
Hide comment
@sandakersmann

sandakersmann Sep 10, 2017

Contributor

That means it's cut 1 hour ago. Still not released:

https://bitcoin.org/en/download

Contributor

sandakersmann commented Sep 10, 2017

That means it's cut 1 hour ago. Still not released:

https://bitcoin.org/en/download

@chrisrico

This comment has been minimized.

Show comment
Hide comment
@chrisrico

chrisrico Sep 10, 2017

No, that's a release. Anyone can build their own binaries of the final version of 0.15. You're just shifting goalposts.

It's also a stupid argument since there's more than one person on the Bitcoin Core team and not all of them are involved in the release process.

chrisrico commented Sep 10, 2017

No, that's a release. Anyone can build their own binaries of the final version of 0.15. You're just shifting goalposts.

It's also a stupid argument since there's more than one person on the Bitcoin Core team and not all of them are involved in the release process.

@hedgepigdaniel

This comment has been minimized.

Show comment
Hide comment
@hedgepigdaniel

hedgepigdaniel Sep 10, 2017

Please...

For the 99% of users that don't compile their own node, the vulnerability is effectively not fixed until the binaries are released and easily available to them.

Anyone is also free to fork the project and fix a vulnerability, this does not mean that it is fixed.

hedgepigdaniel commented Sep 10, 2017

Please...

For the 99% of users that don't compile their own node, the vulnerability is effectively not fixed until the binaries are released and easily available to them.

Anyone is also free to fork the project and fix a vulnerability, this does not mean that it is fixed.

@chrisrico

This comment has been minimized.

Show comment
Hide comment
@chrisrico

chrisrico Sep 10, 2017

For the 99% of users that don't upgrade their nodes immediately upon posting of binaries on bitcoin.org, does that mean that Core hasn't released a fixed until they upgrade their nodes? I await the shifting of goalposts.

No response to the copyright infringement happening in this repository then? Or do you think it's acceptable to break open source licenses? I expect more deflection to follow.

chrisrico commented Sep 10, 2017

For the 99% of users that don't upgrade their nodes immediately upon posting of binaries on bitcoin.org, does that mean that Core hasn't released a fixed until they upgrade their nodes? I await the shifting of goalposts.

No response to the copyright infringement happening in this repository then? Or do you think it's acceptable to break open source licenses? I expect more deflection to follow.

@sandakersmann

This comment has been minimized.

Show comment
Hide comment
Contributor

sandakersmann commented Sep 10, 2017

@hedgepigdaniel

This comment has been minimized.

Show comment
Hide comment
@hedgepigdaniel

hedgepigdaniel Sep 10, 2017

@chrisrico If there is a vulnerability in two consecutive releases, and you just casually tag a commit halfway in between that happens to not have the vulnerability, and don't publicly announce that users need to compile and run that commit, would you say that even though the latest and all the other releases on the downloads page are still vulnerable, that somehow the vulnerability is "fixed"?

I await the shifting of the goalposts...

There seems to be some serious delusion going on here - do you really disagree that in software which is widely used by non developers, a release needs to be compiled and available for download before it is "released"? Do you think the typical Windows/OSX user of bitcoin even knows what compiling is?

If there is a potentially serious vulnerability, anybody who knows about it should take responsibility for making sure that the code is fixed, released, and announced asap so that the problem is actually solved, not hidden somewhere where no one will hear about it merely to be used as a personal defence for when the truth eventually leaks out.

hedgepigdaniel commented Sep 10, 2017

@chrisrico If there is a vulnerability in two consecutive releases, and you just casually tag a commit halfway in between that happens to not have the vulnerability, and don't publicly announce that users need to compile and run that commit, would you say that even though the latest and all the other releases on the downloads page are still vulnerable, that somehow the vulnerability is "fixed"?

I await the shifting of the goalposts...

There seems to be some serious delusion going on here - do you really disagree that in software which is widely used by non developers, a release needs to be compiled and available for download before it is "released"? Do you think the typical Windows/OSX user of bitcoin even knows what compiling is?

If there is a potentially serious vulnerability, anybody who knows about it should take responsibility for making sure that the code is fixed, released, and announced asap so that the problem is actually solved, not hidden somewhere where no one will hear about it merely to be used as a personal defence for when the truth eventually leaks out.

@chrisrico

This comment has been minimized.

Show comment
Hide comment
@chrisrico

chrisrico Sep 10, 2017

Unlike in the Bitcoin Cash world, rushing releases to critical pieces of code is not an option.

Would you care to comment on the actual topic at hand, which is widespread copyright infringement by the primary Bitcoin ABC developer?

chrisrico commented Sep 10, 2017

Unlike in the Bitcoin Cash world, rushing releases to critical pieces of code is not an option.

Would you care to comment on the actual topic at hand, which is widespread copyright infringement by the primary Bitcoin ABC developer?

@gmaxwell

This comment has been minimized.

Show comment
Hide comment
@gmaxwell

gmaxwell Sep 11, 2017

Contributor

We just pushed the release ~4 days ahead of schedule due to an unethical breach of confidentiality by chjj whom stated that it shouldn't be disclosed until the fixes were widely deployed and then broke his word without warning (and apparently after telling conference organizers he would not do so https://twitter.com/BashCo_/status/906866338563588097 ). Fortunately we were able to do this because we've already had a reasonable release candidate cycle spanning back the last month, but even with that it still takes time to perform multiparty deterministic builds and can't be sped up: review takes time and if a release can be pushed without review it would be an immediate vulnerablity. But all this is completely offtopic for the habitual dishonest and license violating misattribution by this project's contributor.

We kindly permit bcash to just outright copy our fixes but they're required to preserve the attribution. Going on and fraudulently claiming to have fixed it faster while misattributing our own fixes is just over the top; it isn't just unprofessional but it also risks harming the users of this software. I think we're being more than tolerant here and if reasonable requests to both behave with the minimum amount of professionalism and comply with the law are responded to evasion and insults any user of this software should really be questioning the safety of running it in the future.

Contributor

gmaxwell commented Sep 11, 2017

We just pushed the release ~4 days ahead of schedule due to an unethical breach of confidentiality by chjj whom stated that it shouldn't be disclosed until the fixes were widely deployed and then broke his word without warning (and apparently after telling conference organizers he would not do so https://twitter.com/BashCo_/status/906866338563588097 ). Fortunately we were able to do this because we've already had a reasonable release candidate cycle spanning back the last month, but even with that it still takes time to perform multiparty deterministic builds and can't be sped up: review takes time and if a release can be pushed without review it would be an immediate vulnerablity. But all this is completely offtopic for the habitual dishonest and license violating misattribution by this project's contributor.

We kindly permit bcash to just outright copy our fixes but they're required to preserve the attribution. Going on and fraudulently claiming to have fixed it faster while misattributing our own fixes is just over the top; it isn't just unprofessional but it also risks harming the users of this software. I think we're being more than tolerant here and if reasonable requests to both behave with the minimum amount of professionalism and comply with the law are responded to evasion and insults any user of this software should really be questioning the safety of running it in the future.

@hedgepigdaniel

This comment has been minimized.

Show comment
Hide comment
@hedgepigdaniel

hedgepigdaniel Sep 11, 2017

How many months does it take you to review a release? Do all of you take months to review each others small fixes for serious vulnerabilities?

To be honest, regardless of whether it violates the MIT license, the attribution in the commit you want to discuss here is a small issue compared to the public attribution you are failing to give to the person who found and reported this vulnerability to you. Instead of trying to pretend that you knew beforehand that the problem existed and was serious perhaps you should thank Chris Jeffrey for his efforts in finding the bug and his private disclosure to you months ago. Perhaps also you should apologise publicly to all users of all the Bitcoin forks for having failed after all this time to make a release which fixes the problem, and for wasting your time with petty legal arguments like this now that the vulnerability is public and you have still not released a fix?

hedgepigdaniel commented Sep 11, 2017

How many months does it take you to review a release? Do all of you take months to review each others small fixes for serious vulnerabilities?

To be honest, regardless of whether it violates the MIT license, the attribution in the commit you want to discuss here is a small issue compared to the public attribution you are failing to give to the person who found and reported this vulnerability to you. Instead of trying to pretend that you knew beforehand that the problem existed and was serious perhaps you should thank Chris Jeffrey for his efforts in finding the bug and his private disclosure to you months ago. Perhaps also you should apologise publicly to all users of all the Bitcoin forks for having failed after all this time to make a release which fixes the problem, and for wasting your time with petty legal arguments like this now that the vulnerability is public and you have still not released a fix?

@thijstriemstra

This comment has been minimized.

Show comment
Hide comment
@thijstriemstra

thijstriemstra Sep 11, 2017

So you guys are prioritizing this instead of releasing a new version of Bitcoin Core that is not vulnerable?

This has nothing to do with the fact you're copy/pasting code and stripping out author. This is not done in any opensource project and you're trying to divert attention away from it. It's this project that creates unneccessary annoyance and extra work for the maintainers of bitcoin core.

thijstriemstra commented Sep 11, 2017

So you guys are prioritizing this instead of releasing a new version of Bitcoin Core that is not vulnerable?

This has nothing to do with the fact you're copy/pasting code and stripping out author. This is not done in any opensource project and you're trying to divert attention away from it. It's this project that creates unneccessary annoyance and extra work for the maintainers of bitcoin core.

@mariodian

This comment has been minimized.

Show comment
Hide comment
@mariodian

mariodian Sep 11, 2017

Contributor

compared to the public attribution you are failing to give to the person who found and reported this vulnerability to you

That's simply untrue. Sipa fixed it almost 5 months ago. Around 2-3 months before Chris Jeffrey "reported" it.

sipa fixed

Contributor

mariodian commented Sep 11, 2017

compared to the public attribution you are failing to give to the person who found and reported this vulnerability to you

That's simply untrue. Sipa fixed it almost 5 months ago. Around 2-3 months before Chris Jeffrey "reported" it.

sipa fixed

@howtoaddict

This comment has been minimized.

Show comment
Hide comment
@checksum0

This comment has been minimized.

Show comment
Hide comment
@checksum0

checksum0 Sep 11, 2017

Okay guys, I doubt this repo has anything to do with core's massive bug they refused to fix for two months...

Also @gmaxwell, why do you always make issues that has nothing to do with the code? Is there an actual issues created by this lack of copyright notice? I doubt it. You know damn well how to deal with this things. You are not the copyright assignee either.

checksum0 commented Sep 11, 2017

Okay guys, I doubt this repo has anything to do with core's massive bug they refused to fix for two months...

Also @gmaxwell, why do you always make issues that has nothing to do with the code? Is there an actual issues created by this lack of copyright notice? I doubt it. You know damn well how to deal with this things. You are not the copyright assignee either.

@is55555

This comment has been minimized.

Show comment
Hide comment
@is55555

is55555 Sep 11, 2017

It's worth noting that the repo can be taken down for this reason, so maybe you should just fulfil the legal requirement of attribution, if only because it's a legal requirement; provided you have no moral compass whatsoever to give attribution otherwise.

See:

is55555 commented Sep 11, 2017

It's worth noting that the repo can be taken down for this reason, so maybe you should just fulfil the legal requirement of attribution, if only because it's a legal requirement; provided you have no moral compass whatsoever to give attribution otherwise.

See:

@libitx

This comment has been minimized.

Show comment
Hide comment
@libitx

libitx Sep 11, 2017

LOL... https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/COPYING

No copyright infringement has taken place. Full credit remains in the license. It's an absolute nonsense to suggest that every single merge or line change needs to be attributed to it's respective author. If people want to dig deep, all that info is in the commits.

libitx commented Sep 11, 2017

LOL... https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/COPYING

No copyright infringement has taken place. Full credit remains in the license. It's an absolute nonsense to suggest that every single merge or line change needs to be attributed to it's respective author. If people want to dig deep, all that info is in the commits.

@mpatc

This comment has been minimized.

Show comment
Hide comment
@mpatc

mpatc Sep 11, 2017

mpatc commented Sep 11, 2017

@martin-lizner

This comment has been minimized.

Show comment
Hide comment
@martin-lizner

martin-lizner Sep 11, 2017

Can we please get back to original topic? That is: bcash developer copied code without preserving links to original author.

martin-lizner commented Sep 11, 2017

Can we please get back to original topic? That is: bcash developer copied code without preserving links to original author.

@troed

This comment has been minimized.

Show comment
Hide comment
@troed

troed Sep 11, 2017

This is the silliest thing I've seen in a long while. No license terms have been broken, COPYING correctly credits Core, and the few files I've looked do so even in the headers (which would not have been necessary according to the license)

Anyone who claims there's a license violation and referring to legal obligations should brush up on their open source license knowledge. Alternatively, if the Core developers want names attached to commits to be referenced by downstream projects, a new license with such terms should be created for future versions of the upstream project.

troed commented Sep 11, 2017

This is the silliest thing I've seen in a long while. No license terms have been broken, COPYING correctly credits Core, and the few files I've looked do so even in the headers (which would not have been necessary according to the license)

Anyone who claims there's a license violation and referring to legal obligations should brush up on their open source license knowledge. Alternatively, if the Core developers want names attached to commits to be referenced by downstream projects, a new license with such terms should be created for future versions of the upstream project.

@mjamin

This comment has been minimized.

Show comment
Hide comment
@mjamin

mjamin Sep 11, 2017

@gmaxwell I don't condone @deadalnix behaviour, but doesn't this satisfy the attribution requirement of the MIT license?

mjamin commented Sep 11, 2017

@gmaxwell I don't condone @deadalnix behaviour, but doesn't this satisfy the attribution requirement of the MIT license?

@yellowblood

This comment has been minimized.

Show comment
Hide comment
@yellowblood

yellowblood Sep 11, 2017

Come on guys, get a D&D room and be done with it.

yellowblood commented Sep 11, 2017

Come on guys, get a D&D room and be done with it.

@sleepdefic1t

This comment has been minimized.

Show comment
Hide comment
@sleepdefic1t

sleepdefic1t Sep 11, 2017

Bottom line.
License is MIT.

Projects I WANT control over, I release CC-BYSA 4.0.
And even THAT'S only so that no one can close-source it.

Who the fuck cares if others use a great idea if it helps everyone else?

If you don't like decentralization, GTFO of crypto;
bc concentrated power and secrecy flies directly in the face of what we're all doing here.

sleepdefic1t commented Sep 11, 2017

Bottom line.
License is MIT.

Projects I WANT control over, I release CC-BYSA 4.0.
And even THAT'S only so that no one can close-source it.

Who the fuck cares if others use a great idea if it helps everyone else?

If you don't like decentralization, GTFO of crypto;
bc concentrated power and secrecy flies directly in the face of what we're all doing here.

@cpacia

This comment has been minimized.

Show comment
Hide comment
@cpacia

cpacia Sep 11, 2017

This is a pretty amazing that this issue was filed. Not only are copyrights ethically dubious to start with but:

required attribution information

Is factually false.

Is this what Bitcoin development has come to? Desparate attempts to score political points by making false claims?

cpacia commented Sep 11, 2017

This is a pretty amazing that this issue was filed. Not only are copyrights ethically dubious to start with but:

required attribution information

Is factually false.

Is this what Bitcoin development has come to? Desparate attempts to score political points by making false claims?

@kallewoof

This comment has been minimized.

Show comment
Hide comment
@kallewoof

kallewoof Sep 11, 2017

Contributor

@pyalot You ask "what wrong has been done" and then you admit that it's "not nice". I guess if that's acceptable, we're just gonna have to agree to disagree. I prefer to hang with people who don't accept that kind of stuff, tbh.

As for your claims about copyright law, I may need to read up on that, but I'm pretty sure copyright can be implicitly granted in the fashion I mentioned (otherwise the top copyright header wouldn't really have a purpose, would it?).

I'm also surprised it's not illegal to claim copyright over something you didn't make (which is effectively what was done here, unless you are implying that copyright is, in fact, solely ascribed to the project itself, which is definitely not how I have understood it).

Contributor

kallewoof commented Sep 11, 2017

@pyalot You ask "what wrong has been done" and then you admit that it's "not nice". I guess if that's acceptable, we're just gonna have to agree to disagree. I prefer to hang with people who don't accept that kind of stuff, tbh.

As for your claims about copyright law, I may need to read up on that, but I'm pretty sure copyright can be implicitly granted in the fashion I mentioned (otherwise the top copyright header wouldn't really have a purpose, would it?).

I'm also surprised it's not illegal to claim copyright over something you didn't make (which is effectively what was done here, unless you are implying that copyright is, in fact, solely ascribed to the project itself, which is definitely not how I have understood it).

@sleepdefic1t

This comment has been minimized.

Show comment
Hide comment
@sleepdefic1t

sleepdefic1t Sep 11, 2017

@kallewoof

Where did they say it was 100% original?
Where did they not include the proper licensing?

All I can find is gmaxwell complaining and demanding apologies from people.

Can you guys seriously not see WHY this kind of centralization is damaging?

Like seriously.
BTC was literally created to get away from corporatism and give power to the users.

IDK, guys.
Maybe you should go work for the big banks,
because you're certainly acting like them.

Now everyone get back to work. lol

sleepdefic1t commented Sep 11, 2017

@kallewoof

Where did they say it was 100% original?
Where did they not include the proper licensing?

All I can find is gmaxwell complaining and demanding apologies from people.

Can you guys seriously not see WHY this kind of centralization is damaging?

Like seriously.
BTC was literally created to get away from corporatism and give power to the users.

IDK, guys.
Maybe you should go work for the big banks,
because you're certainly acting like them.

Now everyone get back to work. lol

@gmaxwell

This comment has been minimized.

Show comment
Hide comment
@gmaxwell

gmaxwell Sep 11, 2017

Contributor

I did not ask for an apology, much less demanded one. I pointed out that proper attribution is needed and that deadalnix is falsely attributing the work, both in the commit and in the media and that he has done similar multiple times in the past. This isn't even asking for a kindness, it's just simple professional and ethical behavior. Just make it right, that is all. If that were done I would extend my thanks.

On a commit basis this instance arguably severe as the schnorr signature one (where it was whole files), but this time it also came with false claims in the media (e.g. the trustnodes quotation).

This would be a good opportunity for the project to set clear standards on handling these things in a way which doesn't create public image or legal exposure for the project and potential problems for its users. Because of the history of abusive conduct, untruthful claims, etc. made by this project towards an upstream you depend on for fixes (such as this one) you really should take care to behave above board as possible. Fast and loose can work between friends but you do not behave like friends.

Contributor

gmaxwell commented Sep 11, 2017

I did not ask for an apology, much less demanded one. I pointed out that proper attribution is needed and that deadalnix is falsely attributing the work, both in the commit and in the media and that he has done similar multiple times in the past. This isn't even asking for a kindness, it's just simple professional and ethical behavior. Just make it right, that is all. If that were done I would extend my thanks.

On a commit basis this instance arguably severe as the schnorr signature one (where it was whole files), but this time it also came with false claims in the media (e.g. the trustnodes quotation).

This would be a good opportunity for the project to set clear standards on handling these things in a way which doesn't create public image or legal exposure for the project and potential problems for its users. Because of the history of abusive conduct, untruthful claims, etc. made by this project towards an upstream you depend on for fixes (such as this one) you really should take care to behave above board as possible. Fast and loose can work between friends but you do not behave like friends.

@pyalot

This comment has been minimized.

Show comment
Hide comment
@pyalot

pyalot Sep 11, 2017

copyright can be implicitly granted in the fashion I mentioned (otherwise the top copyright header wouldn't really have a purpose, would it?)

There's two terms you're confusing. That is being the copyright owner (which is denoted by the "copyright (c) by ..." and being allowed to copy and do other things (the license). You can transfer copyright ownership, probably even implicitly by not modifying the header to include your claim, but in that case, your ownership actually goes over to the credited entity "Bitcoin Core Developers". That can be a bad transfer either because a) the implicity of that transfer is not acknowledged (but it'd be hard to argue for that) or b) because the transferred to entity does not exist in the legal sense.

If the transferred to entity does not exist (and has never existed) in the legal sense, then it has no rights, and the transfer is null and void (no matter if explicit or implicit). And hence the original copyright still belongs to whomever contributed it. And in that case whoever administered "bitcoin" on github under the name "bitcoin" is committing copyright infringement.

I'm also surprised it's not illegal to claim copyright over something you didn't make (which is effectively what was done here

No it's not what was done here. Copyright was properly attributed as required by the MIT license.

Claiming publicly to have done a thing and not having done it (and if that thing happens to be software) is not copyright infringement, it's a social impropriety. Copyright infringement is when you copy something without permission. Everything however was copied properly according to the MIT license.

pyalot commented Sep 11, 2017

copyright can be implicitly granted in the fashion I mentioned (otherwise the top copyright header wouldn't really have a purpose, would it?)

There's two terms you're confusing. That is being the copyright owner (which is denoted by the "copyright (c) by ..." and being allowed to copy and do other things (the license). You can transfer copyright ownership, probably even implicitly by not modifying the header to include your claim, but in that case, your ownership actually goes over to the credited entity "Bitcoin Core Developers". That can be a bad transfer either because a) the implicity of that transfer is not acknowledged (but it'd be hard to argue for that) or b) because the transferred to entity does not exist in the legal sense.

If the transferred to entity does not exist (and has never existed) in the legal sense, then it has no rights, and the transfer is null and void (no matter if explicit or implicit). And hence the original copyright still belongs to whomever contributed it. And in that case whoever administered "bitcoin" on github under the name "bitcoin" is committing copyright infringement.

I'm also surprised it's not illegal to claim copyright over something you didn't make (which is effectively what was done here

No it's not what was done here. Copyright was properly attributed as required by the MIT license.

Claiming publicly to have done a thing and not having done it (and if that thing happens to be software) is not copyright infringement, it's a social impropriety. Copyright infringement is when you copy something without permission. Everything however was copied properly according to the MIT license.

@pyalot

This comment has been minimized.

Show comment
Hide comment
@pyalot

pyalot Sep 11, 2017

@gmaxwell

I pointed out that proper attribution is needed and that deadalnix is falsely attributing the work, both in the commit and in the media

That is incorrect. Proper copyright mention and license mention was made. both in the media resulting, as well as in the commit that created the media.

pyalot commented Sep 11, 2017

@gmaxwell

I pointed out that proper attribution is needed and that deadalnix is falsely attributing the work, both in the commit and in the media

That is incorrect. Proper copyright mention and license mention was made. both in the media resulting, as well as in the commit that created the media.

@gmaxwell

This comment has been minimized.

Show comment
Hide comment
@gmaxwell

gmaxwell Sep 11, 2017

Contributor

Everything however was copied properly according to the MIT license.

This is not my view as a relevant copyright holder and licensor the project where bitcoin-abc is copying code.

The specifics of copyright are something to debate in a court room: Blathering on about it here is not productive. You are not a lawyer or subject matter expert. (And if you were you would be telling abc that they're being crazy!)

Contributor

gmaxwell commented Sep 11, 2017

Everything however was copied properly according to the MIT license.

This is not my view as a relevant copyright holder and licensor the project where bitcoin-abc is copying code.

The specifics of copyright are something to debate in a court room: Blathering on about it here is not productive. You are not a lawyer or subject matter expert. (And if you were you would be telling abc that they're being crazy!)

@pyalot

This comment has been minimized.

Show comment
Hide comment
@pyalot

pyalot Sep 11, 2017

@gmaxwell

This is not my view as a relevant copyright holder and licensor the project where bitcoin-abc is copying code.

Is this below the proper copyright attribution and license mention?

// Copyright (c) 2009-2016 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

Do find that missing from any of the alleged "infringing" files?

pyalot commented Sep 11, 2017

@gmaxwell

This is not my view as a relevant copyright holder and licensor the project where bitcoin-abc is copying code.

Is this below the proper copyright attribution and license mention?

// Copyright (c) 2009-2016 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

Do find that missing from any of the alleged "infringing" files?

@sleepdefic1t

This comment has been minimized.

Show comment
Hide comment
@sleepdefic1t

sleepdefic1t Sep 11, 2017


[WIP, needs proper attribution] Update libsecp256k1
gmaxwell commented Jan 11, 2017 • edited

Its demagogery to accuse someone of stealing when the commit comment references original author.

The commit comment doesn't mention any of the authors. It does have an author line, which inaccurately attributes it to a BU developer, but makes no mention of anyone else.

and ironic coming from @gmaxwell who attributed all of Satoshi's commits t himself during the conversion from sourceforge to github.

That is an outright lie and you owe me an apology for it.


Dude.
You're getting in arguments with people online and demanding apologies.

You guys work hard.
There is no doubt in that.

But this all comes off as attention-seeking and self-righteous.

It's a huge turnoff that makes me not want to support you guys.

I got into crypto development because I can't stand this type of bureaucratic nonsense.

You're seriously upset because "Backport from Core" isn't good enough for you.
Ridiculous.

sleepdefic1t commented Sep 11, 2017


[WIP, needs proper attribution] Update libsecp256k1
gmaxwell commented Jan 11, 2017 • edited

Its demagogery to accuse someone of stealing when the commit comment references original author.

The commit comment doesn't mention any of the authors. It does have an author line, which inaccurately attributes it to a BU developer, but makes no mention of anyone else.

and ironic coming from @gmaxwell who attributed all of Satoshi's commits t himself during the conversion from sourceforge to github.

That is an outright lie and you owe me an apology for it.


Dude.
You're getting in arguments with people online and demanding apologies.

You guys work hard.
There is no doubt in that.

But this all comes off as attention-seeking and self-righteous.

It's a huge turnoff that makes me not want to support you guys.

I got into crypto development because I can't stand this type of bureaucratic nonsense.

You're seriously upset because "Backport from Core" isn't good enough for you.
Ridiculous.

@sleepdefic1t

This comment has been minimized.

Show comment
Hide comment
@sleepdefic1t

sleepdefic1t Sep 11, 2017

@gmaxwell

https://help.github.com/articles/licensing-a-repository/

https://choosealicense.com/

https://opensource.guide/legal/

Which open source license is appropriate for my project?

If you’re starting from a blank slate, it’s hard to go wrong with the MIT License. It’s short, very easy to understand, and allows anyone to do anything so long as they keep a copy of the license, including your copyright notice. You’ll be able to release the project under a different license if you ever need to.

sleepdefic1t commented Sep 11, 2017

@gmaxwell

https://help.github.com/articles/licensing-a-repository/

https://choosealicense.com/

https://opensource.guide/legal/

Which open source license is appropriate for my project?

If you’re starting from a blank slate, it’s hard to go wrong with the MIT License. It’s short, very easy to understand, and allows anyone to do anything so long as they keep a copy of the license, including your copyright notice. You’ll be able to release the project under a different license if you ever need to.

@pyalot

This comment has been minimized.

Show comment
Hide comment
@pyalot

pyalot Sep 11, 2017

@sleepdefic1t

The "bitcoin" project of the user "bitcoin" does however attribute copyright ownership to the entity "Bitcoin Core Developers" which apparently does not exist as a legal entity. That would be a problem, for the user "bitcoin" and his "bitcoin" project.

pyalot commented Sep 11, 2017

@sleepdefic1t

The "bitcoin" project of the user "bitcoin" does however attribute copyright ownership to the entity "Bitcoin Core Developers" which apparently does not exist as a legal entity. That would be a problem, for the user "bitcoin" and his "bitcoin" project.

@troed

This comment has been minimized.

Show comment
Hide comment
@troed

troed Sep 11, 2017

@gmaxwell My day job does involve understanding open source licenses, their requirements, how to do proper attribution etc. The bitcoin project is licensed under the MIT license. Your personal views are quite irrelevant when it comes to how you want attribution to be done, it's only what's stated in the actual license that has any legal relevance here.

Or, in other words, you're wrong. It's quite telling that a lot of people have pointed this out to you with you not seemingly able to accept that fact.

You claim the Bitcoin ABC project might be in "legal exposure" issues over this. I would be more inclined to believe that it's Blockstream investors that should be legally wary of having a CTO that does not understand the licenses of open source code he's involved in developing.

troed commented Sep 11, 2017

@gmaxwell My day job does involve understanding open source licenses, their requirements, how to do proper attribution etc. The bitcoin project is licensed under the MIT license. Your personal views are quite irrelevant when it comes to how you want attribution to be done, it's only what's stated in the actual license that has any legal relevance here.

Or, in other words, you're wrong. It's quite telling that a lot of people have pointed this out to you with you not seemingly able to accept that fact.

You claim the Bitcoin ABC project might be in "legal exposure" issues over this. I would be more inclined to believe that it's Blockstream investors that should be legally wary of having a CTO that does not understand the licenses of open source code he's involved in developing.

@pyalot

This comment has been minimized.

Show comment
Hide comment
@pyalot

pyalot Sep 11, 2017

@troed

having a CTO that does not understand the licenses of open source code he's involved in developing

As a CTO he is an officer of his company authorized to legally represent that company. Any legal trouble the company gets in, because of his actions, will not stick to the company, but to him (unlike with an employee where misconduct of an employee often ultimately remains the responsibility of the company).

pyalot commented Sep 11, 2017

@troed

having a CTO that does not understand the licenses of open source code he's involved in developing

As a CTO he is an officer of his company authorized to legally represent that company. Any legal trouble the company gets in, because of his actions, will not stick to the company, but to him (unlike with an employee where misconduct of an employee often ultimately remains the responsibility of the company).

@is55555

This comment has been minimized.

Show comment
Hide comment
@is55555

is55555 Sep 11, 2017

@troed

My day job does involve understanding open source licenses, their requirements, how to do proper attribution etc

So does mine, and so does @gmaxwell 's.

This doesn't seem like proper attribution to me, at all.

is55555 commented Sep 11, 2017

@troed

My day job does involve understanding open source licenses, their requirements, how to do proper attribution etc

So does mine, and so does @gmaxwell 's.

This doesn't seem like proper attribution to me, at all.

@MDrollette

This comment has been minimized.

Show comment
Hide comment
@MDrollette

MDrollette Sep 11, 2017

For my own understanding, what should the correct attribution look like in this case?

MDrollette commented Sep 11, 2017

For my own understanding, what should the correct attribution look like in this case?

@sleepdefic1t

This comment has been minimized.

Show comment
Hide comment
@sleepdefic1t

sleepdefic1t Sep 11, 2017

@is55555

So far as I can see, MIT license only requires the license be included.

I genuinely would like to know how it was improperly attributed per existing License.

sleepdefic1t commented Sep 11, 2017

@is55555

So far as I can see, MIT license only requires the license be included.

I genuinely would like to know how it was improperly attributed per existing License.

@troed

This comment has been minimized.

Show comment
Hide comment
@troed

troed Sep 11, 2017

@is55555 Then you're not very good at your job. The terms of the MIT license are upheld. The file COPYING in the Bitcoin ABC repository is all that's required. In addition, which is nice but not required, there's a header in all the relevant files also pointing out their origin.

A lot of people here seem to think git author information has anything to do with attribution as far as the license is concerned. It's not. You can license code under the MIT license without having a source code repository whatsoever.

@pyalot I was more thinking about the possibility that Blockstream internal code might fall afoul of other open source licenses which could directly impact the value of their investment. If they don't understand one of the simplest open source licenses of them all (MIT) then I would not trust them to understand the intricates of GPL2, AGPL, LGPL or GPL3 ...

troed commented Sep 11, 2017

@is55555 Then you're not very good at your job. The terms of the MIT license are upheld. The file COPYING in the Bitcoin ABC repository is all that's required. In addition, which is nice but not required, there's a header in all the relevant files also pointing out their origin.

A lot of people here seem to think git author information has anything to do with attribution as far as the license is concerned. It's not. You can license code under the MIT license without having a source code repository whatsoever.

@pyalot I was more thinking about the possibility that Blockstream internal code might fall afoul of other open source licenses which could directly impact the value of their investment. If they don't understand one of the simplest open source licenses of them all (MIT) then I would not trust them to understand the intricates of GPL2, AGPL, LGPL or GPL3 ...

@is55555

This comment has been minimized.

Show comment
Hide comment
@is55555

is55555 Sep 11, 2017

Then you're not very good at your job. The terms of the MIT license are upheld. The file COPYING in the Bitcoin ABC repository is all that's required. In addition, which is nice but not required, there's a header in all the relevant files also pointing out their origin.

You have mentioned "proper attribution" - there is nothing proper about this - about the MIT licence, I'd check it in court. See how good you are at your job then.

is55555 commented Sep 11, 2017

Then you're not very good at your job. The terms of the MIT license are upheld. The file COPYING in the Bitcoin ABC repository is all that's required. In addition, which is nice but not required, there's a header in all the relevant files also pointing out their origin.

You have mentioned "proper attribution" - there is nothing proper about this - about the MIT licence, I'd check it in court. See how good you are at your job then.

@troed

This comment has been minimized.

Show comment
Hide comment
@troed

troed Sep 11, 2017

@is55555 "Proper attribution" is detailed in COPYING. That's the license. It's the whole license.

Copyright YEAR COPYRIGHT HOLDER

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

https://opensource.org/licenses/MIT

troed commented Sep 11, 2017

@is55555 "Proper attribution" is detailed in COPYING. That's the license. It's the whole license.

Copyright YEAR COPYRIGHT HOLDER

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

https://opensource.org/licenses/MIT

@is55555

This comment has been minimized.

Show comment
Hide comment
@is55555

is55555 Sep 11, 2017

@troed I never appropriate other's code, so I don't have to worry about which licences exactly allow me to pretend a bugfix/improvement done by someone else is my own.

Licence applies to what was copied, not to what was added afterwards. You cannot keep removing authorship of posterior code.

The implication of:

Copyright (c) 2009-2017 The Bitcoin Core developers

Copyright (c) 2017 The Bitcoin ABC developers

Is that the Bitcoin ABC developers took over the development and are the copyright holders to the code added afterwards.

I'd defo file a takedown, if you guys have no decency to attribute things otherwise, and sue. Because appropriation has consequences, like the implicit forfeiture of prior art claims.

is55555 commented Sep 11, 2017

@troed I never appropriate other's code, so I don't have to worry about which licences exactly allow me to pretend a bugfix/improvement done by someone else is my own.

Licence applies to what was copied, not to what was added afterwards. You cannot keep removing authorship of posterior code.

The implication of:

Copyright (c) 2009-2017 The Bitcoin Core developers

Copyright (c) 2017 The Bitcoin ABC developers

Is that the Bitcoin ABC developers took over the development and are the copyright holders to the code added afterwards.

I'd defo file a takedown, if you guys have no decency to attribute things otherwise, and sue. Because appropriation has consequences, like the implicit forfeiture of prior art claims.

@troed

This comment has been minimized.

Show comment
Hide comment
@troed

troed Sep 11, 2017

@is55555 If you really deal in open source development in your day job you might want to ask your employer if they can send you on a course. I'm sure you believe that the things you bring up are relevant, but they aren't.

the rights to use, copy, modify, merge, publish, distribute

troed commented Sep 11, 2017

@is55555 If you really deal in open source development in your day job you might want to ask your employer if they can send you on a course. I'm sure you believe that the things you bring up are relevant, but they aren't.

the rights to use, copy, modify, merge, publish, distribute

@is55555

This comment has been minimized.

Show comment
Hide comment
@is55555

is55555 Sep 11, 2017

@troed

if you really deal in open source development in your day job you might want to ask your employer if they can send you on a course. I'm sure you believe that the things you bring up are relevant, but they aren't.

If you think copy-pasting code without attribution is okay, whatever the licence, maybe your employer should find someone with a minimum of decency because you obviously have none.

With respect to the legality, I'd take it to legal - it's their main job.

is55555 commented Sep 11, 2017

@troed

if you really deal in open source development in your day job you might want to ask your employer if they can send you on a course. I'm sure you believe that the things you bring up are relevant, but they aren't.

If you think copy-pasting code without attribution is okay, whatever the licence, maybe your employer should find someone with a minimum of decency because you obviously have none.

With respect to the legality, I'd take it to legal - it's their main job.

@troed

This comment has been minimized.

Show comment
Hide comment
@troed

troed Sep 11, 2017

@is55555 I'm only commenting on the legal aspect, since that's what @gmaxwell brought up. Feel free to consider it legal advice.

troed commented Sep 11, 2017

@is55555 I'm only commenting on the legal aspect, since that's what @gmaxwell brought up. Feel free to consider it legal advice.

@is55555

This comment has been minimized.

Show comment
Hide comment
@is55555

is55555 Sep 11, 2017

I gave my advice as well. For starters, attempt the takedown. Then court. Worst comes to worst, the vermin get away with stripping appropriation from code. Anything else you get is good fun. Not too expensive either.

is55555 commented Sep 11, 2017

I gave my advice as well. For starters, attempt the takedown. Then court. Worst comes to worst, the vermin get away with stripping appropriation from code. Anything else you get is good fun. Not too expensive either.

@djvs

This comment has been minimized.

Show comment
Hide comment
@djvs

djvs Sep 11, 2017

"You're disrespecting our free software license intended to support humanity's access to free software! Stop or we'll file a legal order to destroy humanity's access to your free software repository!"

djvs commented Sep 11, 2017

"You're disrespecting our free software license intended to support humanity's access to free software! Stop or we'll file a legal order to destroy humanity's access to your free software repository!"

@pyalot

This comment has been minimized.

Show comment
Hide comment
@pyalot

pyalot Sep 11, 2017

@is55555

If you think copy-pasting code without attribution is okay, whatever the licence

Code was properly attributed and licensed

Can you tell me 1) is this the proper attribution/license?

// Copyright (c) 2009-2016 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

And 2) Do you find that attribution/license missing in any of the files partaining to the changeset (or any file at all)?

If your answers are YES and NO then what exactly are you complaining about?

pyalot commented Sep 11, 2017

@is55555

If you think copy-pasting code without attribution is okay, whatever the licence

Code was properly attributed and licensed

Can you tell me 1) is this the proper attribution/license?

// Copyright (c) 2009-2016 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

And 2) Do you find that attribution/license missing in any of the files partaining to the changeset (or any file at all)?

If your answers are YES and NO then what exactly are you complaining about?

@bitcartel

This comment has been minimized.

Show comment
Hide comment
@bitcartel

bitcartel Sep 11, 2017

Release notes do provide attribution:

  • Store the UTXO set on a per output basis rather than a per transaction basis (backport from Core)

https://github.com/Bitcoin-ABC/bitcoin-abc/blame/67d83e7ce1657c3e59f7c2678eaeb30158abf1d5/doc/release-notes.md#L21

bitcartel commented Sep 11, 2017

Release notes do provide attribution:

  • Store the UTXO set on a per output basis rather than a per transaction basis (backport from Core)

https://github.com/Bitcoin-ABC/bitcoin-abc/blame/67d83e7ce1657c3e59f7c2678eaeb30158abf1d5/doc/release-notes.md#L21

@zquestz

This comment has been minimized.

Show comment
Hide comment
@zquestz

zquestz Sep 11, 2017

The release notes clearly state this was backported from the core team. I do not understand the purpose of spreading this FUD.

zquestz commented Sep 11, 2017

The release notes clearly state this was backported from the core team. I do not understand the purpose of spreading this FUD.

@deadalnix

This comment has been minimized.

Show comment
Hide comment
@deadalnix

deadalnix Sep 11, 2017

Contributor

As already mentioned, release note mention it is a backport from core, the copyright notices in all file do mention core as specified int he license and all commits either directly mention pieter or refer to other commits which do so.

Everybody involved has lost enough time on this already. I'm locking this.

Contributor

deadalnix commented Sep 11, 2017

As already mentioned, release note mention it is a backport from core, the copyright notices in all file do mention core as specified int he license and all commits either directly mention pieter or refer to other commits which do so.

Everybody involved has lost enough time on this already. I'm locking this.

@Bitcoin-ABC Bitcoin-ABC locked and limited conversation to collaborators Sep 11, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.