My open source project was relicensed by a YC company [license updated]

looks like they fixed it: https://github.com/pickle-com/glass/commit/5c462179acface889...

let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.

people monetizing something you open-source isn't stealing.

If it was 'just' a licensing slip up sure, but there's still a lot of integrity issues here despite that. The presentation of "we created an open source library to do X in just days" comes across as a lie right?

I feel like ycombinator leads may want to look more deeply into this one. If they are presenting it as something they've achieved that's an integrity issue right?

From what I understand, it would be a breach of contract at minimum (based on what I remember from past discussions of this sort of activity involving different participants).

If someone else has a better idea of what “forking GPL 3 source code and using a different licence” would be, then please let me and others know.

You're ignoring the part about attribution due to copyright law, see: https://opensource.stackexchange.com/questions/13038/does-so...

Is the copyright still attributed to the original developer?

> that was accidentally too free.

You are ignoring the fact that they claimed that they "built it in just 72 hours", accidentally omitting to mention that it's a fork of another repo.

This is the crux of it all to me. Anyone in the industry knows mistakes happen all the time but the braggadocios nature rubs me the wrong way and spits in the face to those of YC who do indeed have integrity.

Realistically this will probably just have a reputational cost for Daniel Park/Pickle. Whether he intended to or not, some amount of people will associate “pretends to make things that he did not make” with him because of this entirely unforced error.

yes, but sublicensing to even permissive ("free-er") license (GPLv3+ to Apache2.0) is a violation of license.

GPL is supposed to viral, if you are using project adopted that, you are taking the risk with it. If you are just changing the license and took the code, that's wrong and need to get an attention. If anyone could go just yoink and relicense the GPL code to other permissive license was "legal", the https://gpl-violations.org wouldn't exist in the first place (i.e. you can just take the linux kernel code and rename it something like "mynux", redistribute in bsd-3 clause and "don't distribute the derivative part").

no. its BOTH attribution AND license violation.

It's baffling why someone would do this tbh. It's not like the base project is some spectacular piece of engineering that would be very costly to replicate.

I'm guessing they just looked at it as a jumping point. It probably went something like:

- We know how to polish an electron app

- here is a barebone electron app with an interesting idea

- Can we build a polished UI around this, and give a demo?

The baffling part is, had they just disclosed that, no one would have given a shit. Plenty of demos begin like that: "here is a cool idea we found, here is that idea on crack". is a very common demo pattern. But of course you can't give a shout out to 'cheating-daddy' at YC demo.

It's like a fine student at a fine college, in a class they are doing fine in, then they decide to copy their friend's cover letter because "eh", then they get caught and now what? wtf would you do this?

And they've now orphaned that commit, they're a sketchy bunch at best.

Unfortunately, sketchy is generally rewarded.

It looks like they've squashed everything into a single commit, since there's only a commit on their repo right now that was pushed 28 minutes ago (as of this comment).

That's probably the right thing to do Git-wise, because licences might not be retroactive.

>From what I understand, it would be a breach of contract at minimum

Isn't that the minimum bar for a "business model" capable of attracting VC interest these days?

If you don't follow the license, then you don't have a license to use, distribute or modify the code. So then you get into copyright violation territory, up to $150,000 per infringement in the US if it's intentional.

Sadly in my experience various courts have taken a stance that violating GPL does not cause monetary damages, because the software in question is free.

Can you cite some actual cases?

Like the frog in the parable,[1] people with integrity often struggle when they attempt to understand the motivations of people who cheat. “Why would they cheat in this particular situation?”, they ask themselves. “It makes no sense!” Well they are cheaters. Cheaters cheat.

[1] https://en.wikipedia.org/wiki/The_Scorpion_and_the_Frog

The license they used was less free than the GPL license. Laundering GPL code into projects with licenses that aren't as free is classic copyright infringement.

They cloned (not forked) the repo, removed the history, claimed it as their own, and changed the license. This is not a mistake

I somewhat doubt they can since in the US the BusyBox lawsuits pretty much all ended with the infringers settling and paying out, and those that didn’t settle, busybox won[1]. I would think that, and the original artistic license lawsuits (which were decided on by the US court of appeals) established that infringing open source softwaree licenses is a copyright infringement.

[1] https://en.wikipedia.org/wiki/BusyBox#GPL_lawsuits

> looks like they fixed it: https://github.com/pickle-com/glass/commit/5c462179acface889...

Not fixed, covered up.

> let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.

What a poetic formulation? In reality, they deleted history and they put a license that allows the "freedom" to let them monetize the code. I wonder how's the original author more free with this license? How is anyone more free? Sounds like the license was "accidentally" "too free" in a way that only made themselves more free.

> people monetizing something you open-source isn't stealing.

It's, in fact, the precise definition when the open-source project uses the GPLv3 license.

I'm starting to sense a pattern with this project.

They've squashed the history to hide their earlier "error". This isn't compliant with section 5a of the GPLv3[1].

"sketchy at best" is a polite description of this pattern of behaviour.

[1] https://www.gnu.org/licenses/gpl-3.0.en.html#section5

You can read the text of the GPLv3 license itself; it has a specific provision for this case.

> "Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice."

https://www.gnu.org/licenses/gpl-3.0.html

To attach a couple of personal anecdotes to this:

1) I once was in a position where I had root on the linux boxes at a large corporation because I had been a sysadmin there and even when I changed roles, I was never removed from sudoers. Years later there was an accusation that someone had stolen source code and taken it with them to a new job. On its face this made absolutely no sense whatsoever - the system they were accused of stealing was a complete pos in the middle of a complex ecosystem so even if you had it, you couldn’t use it without all the other pieces and in any case, it was old and outdated and just total garbage. Anyway this accusation was somewhat hush—hush so the cto came to me and asked me to just look into whether or not it could be true. Sure enough, there in his bash history I could see him checking out the code and pushing it to an external repo. It made absolutely no sense, but he had indeed stolen the source code to a system that was a total piece of junk. He ended up with a criminal conviction, he lost his shiny new job, his wife left him etc. It was very said and baffling.

2)Second example, fast forward some years and I was working for a saas provider. We had won an initial proof of concept and were negotiating a 5-year, multi-million dollar contract. At the same time, our client asked us to just do a free two-week spike on something unrelated. We had to sign a (different) zero dollar contract to cover licenses, liability etc for the free spike. The same purchasing lawyer was working on both contracts. The usual contracting process is you send the contract over to the other side with some markup and comments, they make some markup and comments, you propose language, they amend it, they propose language, you amend it, eventually everyone agrees and you make a clean copy and both sides sign. While we were doing this for the big contract, we got to the point of signing the zero dollar contract. At the last moment with everything agreed, the other side said they would make the clean copy. They sent it over to us and when we did our final check before signing we found the guy on the other side had meticulously gone through and made a version which accepted all their changes and backed out all of our changes. This required a lot of extra work and could not have been an accident (think cherrypicking commits and fixing all the merge conflicts using only MS Word revision history), and it was on the zero dollar contract so there was no conceivable upside except he could say he “won” somehow by tricking us. All this while we were negotiating the multi-million dollar multiyear contract. It made absolutely no sense whatsoever to do what he did. There is no way to understand why he decided to do it, but he did it.

So yeah, don’t even try to understand why some people do the unethical things they do. Scorpions gotta sting. It’s just what they do.