Giters

sizzlemctwizzle / GM_config

A lightweight, reusable, cross-browser graphical settings framework for inclusion in user scripts.

Home Page:https://github.com/sizzlemctwizzle/GM_config/wiki

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Improperly licensed GM_config derivatives

Martii opened this issue Β· comments

commented

There are a few unlicensed and incorrectly licensed derivatives on Greasy Fork.

LGPL is mandatory for all derivatives for Copyleft to prevent DMCA actions against the site and to maintain the integrity of the Copyright.

Cc: @JasonBarnabe

Historical refs:

commented

Normal process is to submit feedback and choose the "report" type, which brings it to the user's and moderators' attention.

If you don't want to do that, let me know which are in violation and I will do it myself.

commented

@JasonBarnabe
I'll have to get back to you on this. Seems like your site is stalling a bit too... you might have your hands full.

Will take me some time to document what site metadata needs changed, etc. Think I'll do it here on GH though. Thanks for that.

commented

@JasonBarnabe

https://greasyfork.org/en/scripts/1884-gm-config

πŸ‘Ž Site license shows GPL v3 when it should be LGPL 3
πŸ‘ Code license header shows LGPL v3 (or later) currently here.

https://greasyfork.org/en/scripts/2722-gm-config-mod-library

πŸ‘Ž Site license shows N/A when it should be LGPL 3
πŸ‘ Code license header shows LGPL v3 currently here.

https://greasyfork.org/en/scripts/2855-gm-config

πŸ‘ This one is currently correct on site and code header license. :)

https://greasyfork.org/en/scripts/5722-gm-config

πŸ‘Ž Site license shows N/A when it should be LGPL 3
πŸ‘Ž Code license header stripped in source

https://greasyfork.org/en/scripts/6158-gm-config-cn

πŸ‘ This one is currently correct on site and code header license. :)

https://greasyfork.org/en/scripts/6217-gm-config

πŸ‘Ž Site license shows N/A when it should be LGPL 3
Code license header shows LGPL v3 currently here

https://greasyfork.org/en/scripts/7212-gm-config-eight-s-version

πŸ‘Ž Site license shows GPL v3 when it should be LGPL 3
πŸ‘ Code license header shows LGPL v3 currently here
πŸ‘ Library site description actually says it's LGPL v3

https://greasyfork.org/en/scripts/9005-gm-config

πŸ‘Ž Site license shows GPL v3 when it should be LGPL 3
πŸ‘Ž Code license header stripped in source

https://greasyfork.org/en/scripts/11562-gm-config-8

πŸ‘Ž Site license shows GPL v3 when it should be LGPL 3
πŸ‘ Code license header shows LGPL v3 currently here

https://greasyfork.org/en/scripts/28536-gm-config

πŸ‘Ž Site license shows N/A when it should be LGPL 3
πŸ‘ Code license header shows LGPL v3 currently here

https://greasyfork.org/en/scripts/30549-gm-config-eight-s-version

πŸ‘Ž Site license shows GPL v3 when it should be LGPL 3
πŸ‘ Code license header shows LGPL v3 currently here ... probable fork of earlier reference of "eights"

https://greasyfork.org/en/scripts/34660-gm-config

πŸ‘Ž Site license shows N/A when it should be LGPL 3
πŸ‘ Code license header shows LGPL v3 currently here

https://greasyfork.org/en/scripts/34711-gm-config

πŸ‘Ž Site license shows MIT when it should be LGPL 3
πŸ‘Ž Code license header stripped in source
πŸ‘Ž Derivative without stating changes and possible misuse of the GM_config branding

I reworked the repo here to get GitHub to recognize the master LICENSE file since back then I don't even think that file naming was around... but if you take a look at https://github.com/sizzlemctwizzle/GM_config/blob/master/LICENSE under Conditions:

  • License and Copyright notice ... must be kept intact... is the second biggest issue
  • Disclosing source is not an issue since it's all OSS.
  • State changes... perhaps some on their homepages... technically it should be in the file and they should add themselves as a contributor and don't replace the existing copyright since they aren't the original holder (neither am I for that fact which is why I'm under contributors)
  • Same license (library)... is the first biggest issue

Thanks for looking into these issues.

commented

The "site license" ones are mostly the site doing some bad checking. greasyfork-org/greasyfork#425

I have created these reports for the cases where the code does not include the proper license.

https://greasyfork.org/en/forum/discussion/31376/missing-license
https://greasyfork.org/en/forum/discussion/31377/missing-license
https://greasyfork.org/en/forum/discussion/31378/incorrect-license

commented

https://greasyfork.org/en/scripts/34711-gm-config

You sure about that one? The author says it's his own work, and spot-checking a few strings, I don't see any in common with the one in this repo.

commented

https://greasyfork.org/en/scripts/34711-gm-config

You sure about that one?

Positive... two issues here as I said above.... derivative works and absolutely misuse of the GM_config branding (which he's changed the script name slightly). That's Copyright infringement on the latter right there even if that users code wasn't related to the idea of "API for implementing Config Pages for Userscripts.". It is derived worked so it absolutely must be the same license. That user basically derived the code to make it asynchronous instead of synchronous.

commented

I've updated the site to use the verbatim license provided by @license to eliminate mistakes.

Current status of scripts reported, with outstanding issues in bold (please tell me if I missed something):

commented

If the site lists the license as "N/A" then that just means it couldn't automatically detect it (via @license), not that there isn't one. So should be fine.

Understood. I gave you a thumbs up for SPDX issue... the abuse on OUJS has been prominent which is why we require it now. May want to look into supporting the UserLibrary metadata block at some point too if you are willing. It definitely makes things a lot easier to automate with less manual administration.

please tell me if I missed something

It's a lot even for me to handle. :\ ... and I haven't even searched all the libraries to see if there are different namings on GF with the derived code.

What I can say from an additional relook on some of the "outstanding ones" is that:

... are actual implementation libraries e.g. it's the data structures instead of just the source Code ... since I don't see a way to back reference easily the "This library is listed as a @require for the script Unique Youtube Skin." I'll have to go perform a userscript search. Still getting used to traversing your site.

Will update if there's any changes to this... so don't go delete happy just yet. ;) As Admin of OUJS I'm currently holding off of my normal expediting removals because it's going to be a learning curve for everyone not used to it.

commented

Here's one update...

Ref:

References Joes fork .... so basically a issue is the misuse of GM_config for the naming of the library script that contains the data structures. Probably the same for the other one.

Let me recheck this... it's pointing to our site... confusing mess.

Okay... it's "dead code" for that "Unique Youtube Skin" userscript I guess. Joes library on OUJS doesn't even have GM_config in it. EDIT: Ref: https://greasyfork.org/en/scripts/5724-unique-youtube-skin-fork/code#n12 with Code @require and stripped license header.

commented

@JasonBarnabe
https://greasyfork.org/en/scripts/34711-gm-config

I will admit that script is heavily refactored and contains new code, but that doesn't constitute an original work. It has the same name, and the user uploaded a copy of GM_config to their account, so they can't deny knowledge of the original or access to its source code. As primary author of GM_config, and having developed it over the course of years, I can easily spot the refactored logic. It takes in an object for initialization that specifies the field definitions and creates field objects in memory to manage them. It also allows for setting the ID for the instance, a prefix for CSS, along with custom CSS to be injected for the UI. It then builds the UI dynamically from the in-memory field objects upon an API call and stores a reference to the relevant DOM element on each field object. It provides a save and close button. The save reads from the UI using the references on the field objects and saves the value in-memory. It provides the ability to only keep the saved values in memory, but by default saves the values using persisent storage. Some of the code reminds me of early versions of GM_config that used object literals instead of constructors. The way much of this fuctionality is implemented didn't happen over night. All of this proves the author of the script in question has read the original source and at the very least used it as inspiration. Therefore it must be considered a derivative work.

Personally I love derivative works and I actually appreciate the work the script author has done. This library thrives on new contributions, especially when they are radical redesigns. It is the reason I released GM_config under the LGPL in the first place. I want to make sure that people retain the right to make derivatives. I don't want someone building on the hard work of many others to suddenly claim that it is their work and they can release it under any license they want.

As far as the name is concerned, if you break backwards compatibility with the API detailed in the GH wiki, you must rename your derivative since it leads to great confusion (been down this road with a co-author before). I'm open to discussing an exemption if someone asks.

Jason, I'd like to thank you for your help in insuring that the free distribution, and right to modify this library is protected for everyone who wants to use it.

commented

Right now you say it's a derivative and the author says it's not.

I can easily spot the refactored logic

If you can point out the most egregious case of a copy (e.g. line x in the original versus line y in this script) then I will take a look and get him to respond. I searched for a few strings and didn't really see anything in common, but if it was all "reworded" then I wouldn't expect to.

commented

@JasonBarnabe
Re:

... you say it's a derivative ...

We say.

... the author says it's not.

Denial is usually the first step in a crime.

If you can point out the most egregious case of a copy ...

While there are many... the most prevalent is https://greasyfork.org/en/scripts/34711-gm-config/code?version=231503#n33 . That author clearly had intent to derive that work of this Copyrighted and OSL Code. One can't use GM.config as a variable name since it's would create an Object. Anything further you will need to examine yourself and get back to us. As a last resort there is the option to send a DMCA along with a TDN however I had hoped to avoid these by asking you to look into this amicably and hopefully in continued good faith from you as the sole site owner.

Copyright and contract law is unambiguous: Open source distributors cannot simply relicense other people's copyrighted software unless they have permission to do so. It is my strong impression that OpenByte has not been given this permission.

The Copyright on this project is very clear as well as the License is LGPL-3.0 which can be found by reading it at https://www.gnu.org/licenses/lgpl-3.0.en.html . There are many provisions included with this license to prevent infringement including termination of service or ending up in a court of law.

@sizzlemctwizzle

I don't want someone building on the hard work of many others to suddenly claim that it is their work and they can release it under any license they want.

Agreed which is why OSL exists. I don't think I could have conveyed what you said any better.

commented

@JasonBarnabe
Here's another example of how that author is not maintaining licensing and copyright at https://greasyfork.org/en/scripts/34555-greasemonkey-4-polyfills/code (archived)

This belongs to GM itself at https://github.com/greasemonkey/gm4-polyfill

It seems to me like the veracity is absent in the responses that you were given from your member.

commented

I understand what your license requires as evidenced by the fact that I removed a bunch of other reported ones. The issue is whether this one is a derivative or not. I am currently inclined to believe that this is a derivative based on the similarities @sizzlemctwizzle pointed out. It would have been helpful to have one specific thing to look at that would show me that it is, which is why I asked for some line numbers to compare. That would have made this an open-and-shut kind of thing.

As it is now, I've notified the author to update the licensing to something compatible. I will give him 1 day to comply or it will be deleted.

commented

The author deleted the script themselves.

commented

I think you'd have to take that up with the author and/or rawgit.com.

However since your post the author has reposted on Greasy Fork, so I've deleted the script and banned him.

commented

This doesn't need to stay open.