-
Notifications
You must be signed in to change notification settings - Fork 447
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(Semi-Official) Status Update #317
Comments
2 -- Definitely don't try to transfer away the repo, it's his code in the end |
@EthanHindmarsh I would not even consider it "his" code @DABH seemed to actually change more of the code (in terms of lines of code) as well as other contributors. So technically they would own the copyright for the characters they changed: Thems the breaks with OSS that doesn't have a explicit CLA for copyright assignment. |
Totally agree. People fork projects so fast just to get some fame. It's his code. Period. Also, @DABH you didn't clone the repo, you just uploaded it as if it was yours. I don't like those moves. |
I wonder if @torvalds would call the Linux source code "his code". |
Can we please not send this thread to spam-hell as well. Keep discussions in the other one instead since that is basically the only thing it is used for right now. |
it isn't about the MIT-licensed code, but about a repository. |
There are 44 contributors to this project, it is their code, not his. |
Feedback from everyone will be sought and we can have ample flame wars as soon as NPM/GitHub tell us what resolution they find acceptable. Thanks. |
@sashmit My point still stands regardless of who we consider the "owner" of the code: It would be incredibly disrespectful to the original author & maintainer of the code to take the repo off his account w/o his permission -- pointing the NPM package to a different repo is a different issue entirely |
It's funny how people are arguing here about how to take ownership of this repository from its rightful owner. It may not be ONLY his code, but it's also his code and this should not be done without the consent of all copyright holders. Allowing this means corporations like Microsoft, which runs GitHub if you had been living under a rock recently, can just ban someone and transfer their repositor(y|ies) to another user deemed more worthy of being able to speak out. Don't support this bullshit, the idiots that automatically updated their dependencies in production are the ones to be blamed. Trying to rob someone of their own code is outright theft and you guys are disgusting individuals |
Not only his code. Copyright isn't a black or white matter: the code he wrote IS in fact his. The reason why the kernel couldn't switch from GPL2 to GPL3 is exactly because not all copyright holders could agree on changing the license, which means that even if your contributions aren't the majority they still belong to you. |
|
@DABH are you in talks with GitHub to at least possibly get write access to this repository, given there is a large amount of content that is not constructive & harmful is being spread through the issue & PR listings. |
Yes |
Sounds like github needs to overhaul their permission system to be more accurate. Remove the A ban of the MIT license might be in order. It erroneously states: Where the actions here seem to show that repo owners are required to not have any breaking changes. If anyone running on Now we know. |
You, sir, are spot on. However, if the FOSS community really wants to destroy copyright they will inadvertently completely neuter all copy left licenses. |
Code and distribution of said code are two very different things. Yes the lead maintainer of an MIT licensed project is entitled to their code, but they are not entitled to it's distribution. NPM/GitHub/Microsoft are well within their rights to remove versions based on their AUP, specifically acceptable content: https://docs.npmjs.com/policies/open-source-terms#acceptable-content Likewise NPM reserves full right to remove any package or version they believe to violate their AUP: https://docs.npmjs.com/policies/open-source-terms#your-content That being said, the package name does legally belong to the account that created it unless it's transfered or is stale for a period of time. If you aren't sure on this you can always just email GitHub's or NPM's legal teams. |
It has been allowed and still is by publishing the code under the MIT license. Feel free to read it.
Actually it is. Yes, the code he wrote is his, but he gave everyone to do what ever he wants to do with it (except remove the copyright notice and text of the original license). Even Microsoft and others. They may even take the code, reserve all rights (take responsibility), ship it with their product and make big money. So if you want to have a stricter license, fork the repository, add some lines of code and apply a GPL license. I doubt anyone is going to use your fork, but you may publish it. |
That was not my point! I wasn't referring to licensing matters, but to how
Microsoft can just shut someone down because they don't like their commits,
which is incredibly scary to me
…On Wed, Jan 12, 2022, 07:52 r-bird ***@***.***> wrote:
Allowing this means corporations like Microsoft, which runs GitHub if you
had been living under a rock recently, can just ban someone and transfer
their repositor(y|ies) to another user deemed more worthy of being able to
speak out.
It has been allowed and still is by publishing the code under the MIT
license. Feel free to read it
<https://github.com/Marak/colors.js/blob/master/LICENSE>.
Copyright isn't a black or white matter: the code he wrote IS in fact his.
Actually it is. Yes, the code he wrote is his, but he gave everyone to do
what ever he wants to do with it (except remove the copyright notice and
text of the original license). Even Microsoft and others. They may even
take the code, reserve all rights (take responsibility), ship it with their
product and make big money.
So if you want to have a stricter license, fork the repository, add some
lines of code and apply a GPL license. I doubt anyone is going to use your
fork, but you may publish it.
—
Reply to this email directly, view it on GitHub
<#317 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFS6TPKUU5AIWSSYT3BPA2DUVUQJ3ANCNFSM5LVAWA2Q>
.
You are receiving this because you commented.Message ID: <Marak/colors.
***@***.***>
|
I don't get it, are you complaining about the GitHub UI not showing it's a fork? There's functionality built around forks that would get in the way if it was still being marked as a fork. Regardless, your statement is misleading at best, anyone can go check the commit history, the history wasn't rewritten in any way. Also, @DABH seems to have been the guy making sure things go smooth since about 2014 with this project, it's as much "his" as it is Marak's. |
I apologize for the spamming of PRs 🙁 Pardon for all the noise @EthanHindmarsh and folks on this thread. |
I think you've mixed things up. None of what you're saying relates to what I've said. Maybe you're replying to others? 🤷 |
Maybe, I don't know... Honestly if you have a special status in this thread I haven't noticed, and in general I haven't kept track of each person's opinion. I was just responding to a few messages that link Marek's Github account with intellectual property, and pointing out that the two things are unrelated. But I'm sure you do deserve attention and I hope you get it. |
I'll have you know I've already contacted my secret network of 64th Level Dwarf Paladins at the Electronic Freedom Foundation. As you read this they are in the midst of drafting a Pull Request the likes of which the world has never seen before. This pull request will be written entirely in the Holy C Programming Language. This pull request will contain over 144,000 custom Node.js modules, each one greater than the next. The sheer act of witnessing the magnificence of this Pull Request will cause all tests on all Continuous Integration servers to fail. Travis CI himself will be banished to the land of SourceForgia for 1,000 years. |
I'm sorry, what? You just notified everyone for something very confusing. |
To ensure that this Pull Request will be merged: I have compiled Temple OS in a VMWare virtual machine over 9000 times. I have read the Holy C documentation 33 times. I have personally built a shrine to Terry A. Davis consisting of Gold, Silver, and 1980s M.U.S.C.L.E Men collectable figurines. |
To the righteous members of the 69th Division of Social Media Medics: I thank you for your thoughts and prayers. I can assure you that I am of sound body and mind. I have attached a certificate from the Reid Mental Institution, which proves beyond a shadow of a doubt, that I Marak Squires, do not have Donkey Brains. Can the members of the 69th Division of Social Media Medics provide a document which proves they do not have Donkey Brains? I've taken out my Rolodex and contacted Surgeon General Captain Crunch. As you read this we are going through your Google Search history dating back to when all four of your Great-Grandfathers were born. I can assure you that we will find out once and for all who is and isn't Donkey Brained. |
He probably has notifications off. |
Well, they're awake right now. They live in Oregon. |
So? He probably gets tens or maybe hundreds of notifications each day. |
Good point. |
It doesn't matter, he doesn't understand you. @torvalds only speaks in ANSI C. |
The community has spoken. The community now controls faker.js: https://fakerjs.dev/update.html @Marak fucked up, plain and simple, and now nobody will trust him -- rightly so. |
You kind of misunderstood the point of his actions I think, but I feel like you're right (sadly) |
@hello-smile6 @TechStudent11 you dimwits realize torvalds doesn't use github because it's an abomination of his git, right? The linux here is a mirror. @Marak good posts bro, don't worry about these soys, they'll all go to therapy and recover after a few years. |
I didn't know that. The more you learn.
I am not insulting or personally attacking or whatever you want to @Marak. I'm just confused about what he's posting. IDK how you understand them, but okay. |
gosh |
yep |
Wtf is going on here? Is this guy mentally insane? |
IDK. |
same |
To anyone following this thread: the final resolution of this issue is that https://github.com/DABH/colors.js is the official repository going forward, and the official package on NPM is @colors/colors. It is recommended you update your package.json to refer to @colors/colors instead of colors. Collaborators will be added to the colors org in NPM in due course after interviews are conducted. In the meantime, PRs are welcome on the new repository. I am unsubscribing from all threads in this old repo and will not see any notifications here. Thanks all. |
@DABH you aren't gonna see this, but thanks for maintaining colors. |
A Security Vuln was identified in the Colors package for >1.4.0, offending packages being `1.4.1`, `1.4.44-liberty` - [source1](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet) - [source2](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet) - [source3](https://security.snyk.io/vuln/SNYK-JS-COLORS-2331906) This PR updates the color package to using [@dabh/colors](https://www.npmjs.com/package/@dabh/colors) as stated on this [colors issue #317](Marak/colors.js#317 (comment)) which is a safe alternative.
Folks:
Since #285 has been spammed into oblivion, I thought I would post a new issue here instead for better visibility. As promised, here is the update I have from today:
Thanks, and I'll post another update when I have one.
The text was updated successfully, but these errors were encountered: