The (2?) maintainers of Fluent Assertions have changed the license in the GitHub repository from Apache 2 to a proprietary commercial license. This happened yesterday, it looks like the other 200 contributors were not asked. Commercial users can now buy a license for $130 per developer, per year.

There are some suggestions that the take-over and the new license are violating some articles in the Apache 2 license.

My question is: Suppose that -with reasonable certainty- the maintainers and new owners violated the Apache 2 license. Is there anything that can be done? Is there any way violations like this can be brought to court?

(I’m just asking, not using FluentAssertions and not involved nor affected by this).

  • Kissaki@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 day ago

    Any previous contributor can bring them to court for violation of license / copyright violation. They contributed under Apache 2, which has conditions. They’re redistributing without meeting those conditions.

    I’m not sure how that applies to third parties. They seem to be misrepresenting what they’re distributing. Seems like that would be sueable by anyone. At the latest, after becoming a customer and paying, under false advertised premises, anyone could sue them.

  • mkwt@lemmy.world
    link
    fedilink
    arrow-up
    27
    ·
    edit-2
    7 days ago

    The commit hash right before the license change will be unambiguously licensed under Apache. Anyone can fork from there.

    Were contributors’ rights violated? It may depend on whether contributors assigned copyright to whomever is in charge now or not. If there are a bunch of copyright assertions in the source files from diverse individuals, then likely not. If the copyright assertions are uniform, then assignments may have happened, but only if the individual contributors signed some agreement to that effect.

    Apache is generally considered permissive, so even without assignments, it might be possible for these new people to offer a derivative work under more restrictive terms. The original contributions of the various contributors are still available under Apache 2.0, but the easiest way to get those is to check out an earlier commit hash.

    Edit: so I actually read the ticket. It sounds like the villains pulled some git trickery to obfuscate the history. But that doesn’t change the legal status. If this version x software was offered by its copyright holders under Apache terms in the past, then you can still use and redistribute version x under Apache terms now.

    The clearest cause of action for aggrieved contributors seems to be clause 4, where the villains need to provide a copy of the Apache text to redistribute a derivative work. And not delete it like apparently happened.

    • Natanael@slrpnk.net
      link
      fedilink
      arrow-up
      17
      ·
      edit-2
      7 days ago

      As you noted, the real interesting thing is that having received contributions licensed under Apache compels them to maintain the attribution for those authors, even in a repackaged proprietary product. And you have to mention the Apache license you got the contributions under.

      No major open source license has any expiration / revocation terms which the author could invoke unilaterally. Once you’ve shared it as open source, those versions stay open.

      • Redjard@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        4
        ·
        6 days ago

        Contributors rights are being violated then. This would only be legal if ownership over contributions was transferred via a CLA (Contributor License Agreement).

        It doesn’l look like they have one even now (look at audacity for example which do have one), so I assume they had no CLA prior to this and every contributors rights are being violated by including their code in a closed license project.

        There could naturally also be deals made with contributors to sign over those rights, there have been projects in the past that got enough developers to sign their contributions over and rewrote the rest. Doubt this makes sense for a medium-scale project like this tho.