Organic Maps had a private (but MIT-licensed) Cloudflare Worker in a repo called meta. Alexander Borsuk (an Organic Maps maintainer, and co-founder of maps.me) surreptitiously removed the license and added logging to the worker.
Roman Tsisyk, another maintainer of Organic Maps, noticed this. He undid the changes, made this post, and has now been booted from the organization?
Some facts: Alexander Borsuk, Roman Tsisyk and Viktor Havaka are co-founders of Organic Maps which is a fork of Maps.Me. Alexander and Viktor were co-founders of Maps.Me as well. All of them are not working for Maps.Me anymore and Organic Maps (OM) is independent project since its inception.
Now, the current situation: OM's map server (CF worker) albeit under MIT license was de-facto closed source all this time. Roman opened the repo for public access. Alexander revoked Roman's GH permissions and closed the repo again.
(I've been actively contributing to OM for 3 years and I thought that all parts are open source. Until very recently..)
>OM's map server (CF worker) albeit under MIT license was de-facto closed source all this time. Roman opened the repo for public access. Alexander revoked Roman's GH permissions and closed the repo again.
I'm not sure if there is some distinction between software and map-data entailed in the discussion of this "server", "software repo", etc. but assuming it's all one thing:
if the content in question was MIT-licensed as specifed by the license in the repo, any one of the members of the project with access to the material would be within their rights to make copies public. There is no de-facto closed source wrt open licenses.
So am I understanding correctly that there was a private repo that had original code, and in that private repo, someone added the MIT licence? Which didn't make the code open source, because that licence hadn't actually been given to anyone*?
And then Roman made the repo public, effectively distributing the licence to people and thus making it open source, without coordinating with the other contributors?
I don't see any replies by Alexandr, but it feels like this could have easily been resolved with a less antagonistic response by Roman - but of course, I don't know what other history they have.
* I guess technically, it was given to the other contributors with access to the private repo - i.e. Roman did have the legal right to distribute it further under the MIT licence. Presumably, the original contributor (Alexandr) just applied that licence by mistake.
The MIT license was added by Alexander himself in the initial commit in June 2021.
Since then Roman has contributed actively to the code and Viktor started to contribute more recently.
So there are people who contributed the code under the MIT license, so its not a sole work of Alexander and the license was not added as a mistake.
IMO from a legal standpoint Roman is absolutely in his right to redistribute the code.
Yes, as I mention in my footnote, Roman was absolutely legally in the clear. I'm just saying that Alexandr's initial adding of the licence was probably a mistake in the sense that he did not intend to do that (that led to people contributing under different assumptions), and one they probably could have found a way to resolve had he communicated about the difference in assumptions.
This sounds like it is de-facto true but it isn't. A private file repository with a closed source license is in-facto different than a private file repository with an open source license. The license is not altered by the access permissions of the repository, and the access permissions of the file repository are not altered by the license. A compiled version of code in a private repository with a closed source license can be released publicly without that code. The same is not true if the private repository contains code with an open source license.
I'm not confused, I'm pointing out that the license in a private source repository changes the legal rights of the person with respect to distribution of the software defined by the contents of the repository, and than therefore a private repository with open source code inside is not a de facto closed source repository.
> A private file repository with a closed source license is in-facto different than a private file repository with an open source license.
Yes, and "in-facto" is not the same as "de-facto".
De-facto means "describes practices that exist in reality, regardless of whether they are officially recognized by laws or other formal norms". It is not a precise term.
I have some code on my server that I wrote with an MIT license. You have no way of accessing my server, and the code has not been made available elsewhere. You can't even know that the code exists, much less that it has an MIT license. To you, it is for practical purposes the same as closed-source software, in the sense that you cannot obtain the source code of the software, despite it having an open source license. This is an applicable situation for "de facto" by its common meaning.
"Open source" is not even a precisely defined term, although people who are persnickety about the definition refer to the OSI definition, which includes "Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code". By this definition, code with the MIT license held secretly in a private repo is not open source. It became open source when Roman made it public, as was his right to do by the license. The license is one component of what makes software open source, but there are other components as well.
In your view, what would be an example of code that is de jure open source but de facto closed, if not a case where people have the legal ability but not the technical means to access it?
I'm rejecting the idea that software distributed in any way that has an MIT license can be "de facto" closed source. I think that this is a conceptual misapplication of the term "de facto," which implies an argument of equivalence in a situation where that equivalence does not exist. The question is not whether or not we can access the source code; we can now access the source code. The question is what the license was. To say that the license was "de facto" closed source before the software was distributed without the repository controller's knowledge or intent is to make a legal argument about that license. That argument was false. It just just as false as the argument that an electrical fire in the wall of your house that you could not see occurred 'before' your house was on file.
Calling it defacto closed while it was physically inaccessible, is exactly not making any legal argument. That's the whole point of the term is to say "it's not really closed legally, it just has the same effect as being closed, because for some other reason besides it's license, no one can have it.
There are these books that explain the meanings of terms. We don't have to guess and have random individual ideas about what words mean, and then wonder why no one can communicate.
the definitions of closed source and open source that you are using are not de facto correctamundo. If I download a copy of your copyright noticed and unlicensed closed source software from your server, no matter how I got access, it's still closed source and I am not entitled to even the copy I have. de facto, and ipso facto: in fact-o
Another example of a pushover license failing the purpose a developer wants it to serve. Should have used some copyleft license, that mandates sharing of modifications. The one that comes to mind is of course AGPL, which would have avoided the whole scenario of it being closed and hidden in the first place. Maybe someone will learn a lesson now.
Roman supported the private repo and was aware of the temporary (last 3 days only) CF logs to address CDN abuse. However, several hours ago, he (or someone else using his account?) unexpectedly made the repository public without discussing it with the project's maintainers. As a result, his account rights were temporarily restricted to clarify the situation.
There is still no response from Roman regarding his motivation for ignoring the usual governing board rules. Previously, all similar important project decisions were always discussed with maintainers/active contributors before being executed.
I hope that we resolve this strange situation successfully soon.
Yeah I mean, of course technically that's not how it's supposed to be done, but if they initially added the code and the licence (the latter by mistake), then I can see how the internal narrative is "here's my code (that Roman has contributed to) and I accidentally added the licence to it - oops, let me remove that before we accidentally make it public".
Of course at that point they should have realised that they weren't the only author of the code any more and that Roman understandably would have the wrong idea. But I see how it's an easy mistake to make, and it would probably also have easily been resolved had Roman reached out about it, rather than just instantly making it public and implying nefarious behaviour ("quietly made a change...discovered by me").
Was that decision put to a vote like "all important project decisions" are? I assume it can't have been unless Roman is blatantly lying about only noticing it a few days later.
I guess he was in both maps.me and organic maps? Which seems odd.. I thought these were completely separate organizations with different priorities and goals. That seems odd they would have leaders contributing in both products.
To clarify, Roman claims that he has had some permissions revoked from the Organic Maps organization on Github in response to this. Alexander Borsuk stated that he "will return access if we solve the problem of Roma making decisions alone".
It looks like that code was never actually MIT licenced but had the licence-file in there by mistake. Then Roman made the repo public after the faulty licence got removed, because he (wrongly) believed the code actually was MIT-licenced before the change.
That's how I read it. Is it true? No idea but it might be.
If the code is in a repo that has been shared with other people and with a license file saying "All code in this repo is under MIT license", then the code is MIT licensed.
You can't come along later and say "I changed my mind" or "I made a mistake". Hard luck, be more careful next time.
The only exception would be if you ask the people whom it was shared with if they're ok with retroactively changing the license.
The MIT license was added by Alexander himself in the initial commit in June 2021. Since then Roman has contributed actively to the code and Viktor started to contribute more recently too.
So there are people who contributed the code under the MIT license, so its not a sole work of Alexander and the license was not added as a mistake.
Organic Maps had a private (but MIT-licensed) Cloudflare Worker in a repo called meta. Alexander Borsuk (an Organic Maps maintainer, and co-founder of maps.me) surreptitiously removed the license and added logging to the worker.
Roman Tsisyk, another maintainer of Organic Maps, noticed this. He undid the changes, made this post, and has now been booted from the organization?