Closed gmaxwell closed 7 years ago
deadalnix
commented
7 years ago The schnorr code is backported from https://github.com/deadalnix/schnorr/blob/master/schnorr.d The per txout db is backported from core and it is mentioned in the series of commits.
gmaxwell
commented
7 years ago The schnorr code copies libsecp256k1 verbatim, down to grammatical errors in comments. Misleading people about it is not helping your case. Are you really going to force us to use stronger means to get you to stop this infringement and further instances of it? :(
TheBlueMatt
commented
7 years ago Can you point to where in the per txout db change in abc it is mentioned that this is someone elses' work? I cant seem to find it anywhere.
gmaxwell
commented
7 years ago @TheBlueMatt he credited a couple of the minor refactors he previously merged. It's missing on the substantive change that I linked. This is unsurprising considering he recently proposed in their private tracker to remove all attribution to Bitcoin Core everwhere in the repository.
sandakersmann
commented
7 years ago So you guys are prioritizing this instead of releasing a new version of Bitcoin Core that is not vulnerable? Fits the pattern of backward priorities from you blockstreamers.
chrisrico
commented
7 years ago @sandakersmann Bitcoin Core 0.15 is not vulnerable to the attack. It was fixed back in April.
sandakersmann
commented
7 years ago Bitcoin Core 0.15 is not released yet...
chrisrico
commented
7 years ago sandakersmann
commented
7 years ago That means it's cut 1 hour ago. Still not released:
chrisrico
commented
7 years ago No, that's a release. Anyone can build their own binaries of the final version of 0.15. You're just shifting goalposts.
It's also a stupid argument since there's more than one person on the Bitcoin Core team and not all of them are involved in the release process.
hedgepigdaniel
commented
7 years ago Please...
For the 99% of users that don't compile their own node, the vulnerability is effectively not fixed until the binaries are released and easily available to them.
Anyone is also free to fork the project and fix a vulnerability, this does not mean that it is fixed.
chrisrico
commented
7 years ago For the 99% of users that don't upgrade their nodes immediately upon posting of binaries on bitcoin.org, does that mean that Core hasn't released a fixed until they upgrade their nodes? I await the shifting of goalposts.
No response to the copyright infringement happening in this repository then? Or do you think it's acceptable to break open source licenses? I expect more deflection to follow.
sandakersmann
commented
7 years ago Read and learn troll:
https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md
hedgepigdaniel
commented
7 years ago @chrisrico If there is a vulnerability in two consecutive releases, and you just casually tag a commit halfway in between that happens to not have the vulnerability, and don't publicly announce that users need to compile and run that commit, would you say that even though the latest and all the other releases on the downloads page are still vulnerable, that somehow the vulnerability is "fixed"?
I await the shifting of the goalposts...
There seems to be some serious delusion going on here - do you really disagree that in software which is widely used by non developers, a release needs to be compiled and available for download before it is "released"? Do you think the typical Windows/OSX user of bitcoin even knows what compiling is?
If there is a potentially serious vulnerability, anybody who knows about it should take responsibility for making sure that the code is fixed, released, and announced asap so that the problem is actually solved, not hidden somewhere where no one will hear about it merely to be used as a personal defence for when the truth eventually leaks out.
chrisrico
commented
7 years ago Unlike in the Bitcoin Cash world, rushing releases to critical pieces of code is not an option.
Would you care to comment on the actual topic at hand, which is widespread copyright infringement by the primary Bitcoin ABC developer?
gmaxwell
commented
7 years ago We just pushed the release ~4 days ahead of schedule due to an unethical breach of confidentiality by chjj whom stated that it shouldn't be disclosed until the fixes were widely deployed and then broke his word without warning (and apparently after telling conference organizers he would not do so https://twitter.com/BashCo_/status/906866338563588097 ). Fortunately we were able to do this because we've already had a reasonable release candidate cycle spanning back the last month, but even with that it still takes time to perform multiparty deterministic builds and can't be sped up: review takes time and if a release can be pushed without review it would be an immediate vulnerablity. But all this is completely offtopic for the habitual dishonest and license violating misattribution by this project's contributor.
We kindly permit bcash to just outright copy our fixes but they're required to preserve the attribution. Going on and fraudulently claiming to have fixed it faster while misattributing our own fixes is just over the top; it isn't just unprofessional but it also risks harming the users of this software. I think we're being more than tolerant here and if reasonable requests to both behave with the minimum amount of professionalism and comply with the law are responded to evasion and insults any user of this software should really be questioning the safety of running it in the future.
hedgepigdaniel
commented
7 years ago How many months does it take you to review a release? Do all of you take months to review each others small fixes for serious vulnerabilities?
To be honest, regardless of whether it violates the MIT license, the attribution in the commit you want to discuss here is a small issue compared to the public attribution you are failing to give to the person who found and reported this vulnerability to you. Instead of trying to pretend that you knew beforehand that the problem existed and was serious perhaps you should thank Chris Jeffrey for his efforts in finding the bug and his private disclosure to you months ago. Perhaps also you should apologise publicly to all users of all the Bitcoin forks for having failed after all this time to make a release which fixes the problem, and for wasting your time with petty legal arguments like this now that the vulnerability is public and you have still not released a fix?
thijstriemstra
commented
7 years ago So you guys are prioritizing this instead of releasing a new version of Bitcoin Core that is not vulnerable?
This has nothing to do with the fact you're copy/pasting code and stripping out author. This is not done in any opensource project and you're trying to divert attention away from it. It's this project that creates unneccessary annoyance and extra work for the maintainers of bitcoin core.
mariodian
commented
7 years ago compared to the public attribution you are failing to give to the person who found and reported this vulnerability to you
That's simply untrue. Sipa fixed it almost 5 months ago. Around 2-3 months before Chris Jeffrey "reported" it.
howtoaddict
commented
7 years ago 
checksum0
commented
7 years ago Okay guys, I doubt this repo has anything to do with core's massive bug they refused to fix for two months...
Also @gmaxwell, why do you always make issues that has nothing to do with the code? Is there an actual issues created by this lack of copyright notice? I doubt it. You know damn well how to deal with this things. You are not the copyright assignee either.
is55555
commented
7 years ago It's worth noting that the repo can be taken down for this reason, so maybe you should just fulfil the legal requirement of attribution, if only because it's a legal requirement; provided you have no moral compass whatsoever to give attribution otherwise.
See:
libitx
commented
7 years ago LOL... https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/COPYING
No copyright infringement has taken place. Full credit remains in the license. It's an absolute nonsense to suggest that every single merge or line change needs to be attributed to it's respective author. If people want to dig deep, all that info is in the commits.
mpatc
commented
7 years ago I'm all about free speech, but I think Greg & his Electric Trolls should find other places to do their work. I get it, they're scared they'll lose their power, but If ever there was a (non) issue begging for a lock, this is it.
On Mon, Sep 11, 2017 at 5:55 AM, libitx notifications@github.com wrote:
LOL... https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/COPYING
No copyright infringement has taken place. Full credit remains in the license. It's an absolute nonsense to suggest that every single merge or line change needs to be attributed to it's respective author. If people want to dig deep, all that info is in the commits.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Bitcoin-ABC/bitcoin-abc/issues/85#issuecomment-328480924, or mute the thread https://github.com/notifications/unsubscribe-auth/APNcvh4Pm-_GDgUzvT4iovehrDag1F8Oks5shQOFgaJpZM4PSc8w .
martin-lizner
commented
7 years ago Can we please get back to original topic? That is: bcash developer copied code without preserving links to original author.
troed
commented
7 years ago This is the silliest thing I've seen in a long while. No license terms have been broken, COPYING correctly credits Core, and the few files I've looked do so even in the headers (which would not have been necessary according to the license)
Anyone who claims there's a license violation and referring to legal obligations should brush up on their open source license knowledge. Alternatively, if the Core developers want names attached to commits to be referenced by downstream projects, a new license with such terms should be created for future versions of the upstream project.
mjamin
commented
7 years ago @gmaxwell I don't condone @deadalnix behaviour, but doesn't this satisfy the attribution requirement of the MIT license?
yellowblood
commented
7 years ago Come on guys, get a D&D room and be done with it.
sleepdefic1t
commented
7 years ago Bottom line. License is MIT.
Projects I WANT control over, I release CC-BYSA 4.0. And even THAT'S only so that no one can close-source it.
Who the fuck cares if others use a great idea if it helps everyone else?
If you don't like decentralization, GTFO of crypto; bc concentrated power and secrecy flies directly in the face of what we're all doing here.
ghost
commented
7 years ago Where were you, when they built the Ladder to Heaven? Did it make you feel like crying? Or did you think it was kinda gay?
pyalot
commented
7 years ago @gmaxwell
It came to my attention today that bcash developer Amaury SECHET (deadalnix) wholesale copied the migration to the per-txout UTXO database from the Bitcoin Core project ( 611284f ) while affixing his name and stripping off the name of the change's author. This commit is more or less a 1:1 copy from Bitcoin Core, down to copying grammatical oddities in comments.
The MIT license states that:
Permission ... subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
All files resulting from 611284f adhere to to this condition (see APPENDIX) as they all retain the copyright notice and permission notice found in the Core sources. Hence your complaint is baseless and possibly libelous.
// Copyright (c) 2012-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2012-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2012-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2012-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2014-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2014-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Copyright (c) 2017 The Bitcoin developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2012-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
// Copyright (c) 2012-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php.
oojr
commented
7 years ago @gmaxwell I will continue to be a fool and use this "foolish" software, thanks for your insight on professionalism, we're all waiting for Core's POW hard fork, do not worry that code won't be copied, its time to bring on the Blocksteam lawyers and sue Bitcoin Cash. The only fools are people who think Blockstream devs client/software brought the most value to bitcoin when in fact it was Satoshi's code and exchanges like Coinbase, your team can take credit for 1% of transactions that uses segwit
kallewoof
commented
7 years ago @oojr I think most core devs are hoping that BCash succeeds, but no one likes having their hard work stolen without attribution. That's what this is about. I'm appalled at the level of trolling going on here, when an obvious wrong has been done.
If you copy code, you mention the original author. You don't pretend as if you solved it yourself. Yes, the license file says "Bitcoin Core developers", but that is an implicit shared copyright by the author, who is the original and main copyright owner of their contribution. (If we go too far down that route, btw, it ends up meaning the bitcoin core devs own BCash. I don't think you want that and neither do we, trust me.)
Anyway, look at the original PR for this change here. It has 246 comments and ranges from April 12 to 9 hours ago (it was merged June 2, nearly 2 months after it was created). Lots of hard work went into that thing. I would be upset too if someone came in and claimed they did it themselves without giving me props. Isn't that fair? :(
Disgraceful. I really hope you shape up and stop behaving like this. I want BCash to succeed, so we can finally move beyond our differences and decide who is right once and for all (big block or layer 2).
sleepdefic1t
commented
7 years ago @kallewoof
Look about 2 comments above.
I'm not seeing where anyone skipped attribution.
Again. Cry-babies on a power trip.
dabura667
commented
7 years ago @sleepdefic1t Is it really that hard?
I mean, no, literally is it just that you have no clue how to use git?
I can teach you how to use git if you don't know hiw to use git. Might be a good skill to have if you want to run FOSS repo... just maybe.
sleepdefic1t
commented
7 years ago they chose the wrong License.
Stuff I want control over, or ensure attribution, or keep open source... I CC-BYSA 4.0.
sleepdefic1t
commented
7 years ago MIT License only states the license must be present. It is.
sleepdefic1t
commented
7 years ago @dabura667
I'm not too good to learn.
Whatchya got for me, toots 😘
kallewoof
commented
7 years ago @sleepdefic1t I understand the confusion.
We good now or do you need more clarification?
pyalot
commented
7 years ago @kallewoof
I'm appalled at the level of trolling going on here, when an obvious wrong has been done.
What wrong has been done?
If you copy code, you mention the original author.
And the original author has been properly cited as required by the MIT license
Yes, the license file says "Bitcoin Core developers", but that is an implicit shared copyright by the author, who is the original and main copyright owner of their contribution.
Only natural and legal entities can own copyright. There is no such thing as an "implicit shared copyright" that would be recognized in any legal interpretation. Since you're implying that "Bitcoin Core developers" isn't a legal entity (and it isn't a natural one), and greg confirmed that the user "bitcoin" on github has no contributor agreement for the repository "bitcoin", that means that would be an improper copyright claim.
So either the "bitcoin" project by the "bitcoin" user on github is in breach of copyright by claiming copyright that isn't theirs, or the contributors to the "bitcoin" project of the "bitcoin" user on github do contribute their copyright to the entity "Bitcoin Core Developers" and attributing that entity is the proper procedure for anybody who makes use of the rights granted under the MIT license. Which shall it be?
is55555
commented
7 years ago You believe back-ported, new code after the original licence is exempt from attribution?
sleepdefic1t
commented
7 years ago I wasn't aware anyone said the implementation was 100% original.
Source?
pyalot
commented
7 years ago @kallewoof
You use someone else's code that is MIT licensed. (this is OK)
And this was done properly.
You claim that you made something that someone else made (this is not OK)
Which is not a copyright infringement, nor is it even illegal, it's just not nice. Plagiarism in itself is legal (though it may often run afoul of copyright). But this isn't plagiarism and no copyright has been violated. You're offended by somebody lying in public, which isn't illegal. And a github issue is hardly the appropriate place to discuss social improprieties, I take it you have a twitter account or something for that.
cpacia
commented
7 years ago This is a pretty amazing that this issue was filed. Not only are copyrights ethically dubious to start with but:
required attribution information
Is factually false.
Is this what Bitcoin development has come to? Desparate attempts to score political points by making false claims?
kallewoof
commented
7 years ago @pyalot You ask "what wrong has been done" and then you admit that it's "not nice". I guess if that's acceptable, we're just gonna have to agree to disagree. I prefer to hang with people who don't accept that kind of stuff, tbh.
As for your claims about copyright law, I may need to read up on that, but I'm pretty sure copyright can be implicitly granted in the fashion I mentioned (otherwise the top copyright header wouldn't really have a purpose, would it?).
I'm also surprised it's not illegal to claim copyright over something you didn't make (which is effectively what was done here, unless you are implying that copyright is, in fact, solely ascribed to the project itself, which is definitely not how I have understood it).
sleepdefic1t
commented
7 years ago @kallewoof
Where did they say it was 100% original? Where did they not include the proper licensing?
All I can find is gmaxwell complaining and demanding apologies from people.
Can you guys seriously not see WHY this kind of centralization is damaging?
Like seriously. BTC was literally created to get away from corporatism and give power to the users.
IDK, guys. Maybe you should go work for the big banks, because you're certainly acting like them.
Now everyone get back to work. lol
gmaxwell
commented
7 years ago I did not ask for an apology, much less demanded one. I pointed out that proper attribution is needed and that deadalnix is falsely attributing the work, both in the commit and in the media and that he has done similar multiple times in the past. This isn't even asking for a kindness, it's just simple professional and ethical behavior. Just make it right, that is all. If that were done I would extend my thanks.
On a commit basis this instance arguably severe as the schnorr signature one (where it was whole files), but this time it also came with false claims in the media (e.g. the trustnodes quotation).
This would be a good opportunity for the project to set clear standards on handling these things in a way which doesn't create public image or legal exposure for the project and potential problems for its users. Because of the history of abusive conduct, untruthful claims, etc. made by this project towards an upstream you depend on for fixes (such as this one) you really should take care to behave above board as possible. Fast and loose can work between friends but you do not behave like friends.
pyalot
commented
7 years ago copyright can be implicitly granted in the fashion I mentioned (otherwise the top copyright header wouldn't really have a purpose, would it?)
There's two terms you're confusing. That is being the copyright owner (which is denoted by the "copyright (c) by ..." and being allowed to copy and do other things (the license). You can transfer copyright ownership, probably even implicitly by not modifying the header to include your claim, but in that case, your ownership actually goes over to the credited entity "Bitcoin Core Developers". That can be a bad transfer either because a) the implicity of that transfer is not acknowledged (but it'd be hard to argue for that) or b) because the transferred to entity does not exist in the legal sense.
If the transferred to entity does not exist (and has never existed) in the legal sense, then it has no rights, and the transfer is null and void (no matter if explicit or implicit). And hence the original copyright still belongs to whomever contributed it. And in that case whoever administered "bitcoin" on github under the name "bitcoin" is committing copyright infringement.
I'm also surprised it's not illegal to claim copyright over something you didn't make (which is effectively what was done here
No it's not what was done here. Copyright was properly attributed as required by the MIT license.
Claiming publicly to have done a thing and not having done it (and if that thing happens to be software) is not copyright infringement, it's a social impropriety. Copyright infringement is when you copy something without permission. Everything however was copied properly according to the MIT license.
pyalot
commented
7 years ago @gmaxwell
I pointed out that proper attribution is needed and that deadalnix is falsely attributing the work, both in the commit and in the media
That is incorrect. Proper copyright mention and license mention was made. both in the media resulting, as well as in the commit that created the media.
gmaxwell
commented
7 years ago Everything however was copied properly according to the MIT license.
This is not my view as a relevant copyright holder and licensor the project where bitcoin-abc is copying code.
The specifics of copyright are something to debate in a court room: Blathering on about it here is not productive. You are not a lawyer or subject matter expert. (And if you were you would be telling abc that they're being crazy!)
It came to my attention today that bcash developer Amaury SECHET (deadalnix) wholesale copied the migration to the per-txout UTXO database from the Bitcoin Core project ( https://github.com/Bitcoin-ABC/bitcoin-abc/commit/611284f473fb9c3b60a6f2c29cab9cc2b5798d64 ) while affixing his name and stripping off the name of the change's author. This commit is more or less a 1:1 copy from Bitcoin Core, down to copying grammatical oddities in comments.
Beyond being fraudulent and sleazy behavior, this action is a violation of the very minimal requirements of the MIT license.
And not only does it not provide the required attribution information, Amaury is running around in public claiming to have fixed the issue faster than Bitcoin Core when his fix was copied from our project (which is what brought my attention to this issue in the first place). [E.g. his interview with "trustnodes" states: The vulnerability has not been patched in Bitcoin Core. The reason for their failure to do so remains unclear. [...] Sachets took two days to implement the patch, he says, while Bitcoin Core still hasn’t at the time of writing.]
Amaury SECHET has a well known history of these copyright violating false attribution events: e.g. https://twitter.com/murchandamus/status/890627104148148224 and http://archive.is/k7wBK to give a few other examples. I also understand that he is advocating in your private issue tracker to remove all attribution to Bitcoin Core in the codebase from your repository.
Please discontinue the copyright infringement, correct your repository to credit the actual authors of the changes, and avoid similar unprofessional conduct in the future.