this post was submitted on 16 Jan 2025
61 points (100.0% liked)

Opensource

1678 readers
30 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 1 year ago
MODERATORS
pylapp
61
What are the legal consequences of changing the license of an open source product (github.com)
submitted 4 days ago by [email protected] to c/opensource
3 comments fedilink hide all child comments
 

The (2?) maintainers of Fluent Assertions have changed the license in the GitHub repository from Apache 2 to a proprietary commercial license. This happened yesterday, it looks like the other 200 contributors were not asked. Commercial users can now buy a license for $130 per developer, per year.

There are some suggestions that the take-over and the new license are violating some articles in the Apache 2 license.

My question is: Suppose that -with reasonable certainty- the maintainers and new owners violated the Apache 2 license. Is there anything that can be done? Is there any way violations like this can be brought to court?

(I'm just asking, not using FluentAssertions and not involved nor affected by this).

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 26 points 4 days ago* (last edited 4 days ago) (1 children)

The commit hash right before the license change will be unambiguously licensed under Apache. Anyone can fork from there.

Were contributors' rights violated? It may depend on whether contributors assigned copyright to whomever is in charge now or not. If there are a bunch of copyright assertions in the source files from diverse individuals, then likely not. If the copyright assertions are uniform, then assignments may have happened, but only if the individual contributors signed some agreement to that effect.

Apache is generally considered permissive, so even without assignments, it might be possible for these new people to offer a derivative work under more restrictive terms. The original contributions of the various contributors are still available under Apache 2.0, but the easiest way to get those is to check out an earlier commit hash.

Edit: so I actually read the ticket. It sounds like the villains pulled some git trickery to obfuscate the history. But that doesn't change the legal status. If this version x software was offered by its copyright holders under Apache terms in the past, then you can still use and redistribute version x under Apache terms now.

The clearest cause of action for aggrieved contributors seems to be clause 4, where the villains need to provide a copy of the Apache text to redistribute a derivative work. And not delete it like apparently happened.

[–] [email protected] 16 points 4 days ago* (last edited 4 days ago) (1 children)

As you noted, the real interesting thing is that having received contributions licensed under Apache compels them to maintain the attribution for those authors, even in a repackaged proprietary product. And you have to mention the Apache license you got the contributions under.

No major open source license has any expiration / revocation terms which the author could invoke unilaterally. Once you've shared it as open source, those versions stay open.

[–] [email protected] 4 points 4 days ago

Contributors rights are being violated then. This would only be legal if ownership over contributions was transferred via a CLA (Contributor License Agreement).

It doesn'l look like they have one even now (look at audacity for example which do have one), so I assume they had no CLA prior to this and every contributors rights are being violated by including their code in a closed license project.

There could naturally also be deals made with contributors to sign over those rights, there have been projects in the past that got enough developers to sign their contributions over and rewrote the rest. Doubt this makes sense for a medium-scale project like this tho.