Adhere to the GPLv3, do not make exceptions

[catfromplan9]

Goal

Cease all takedowns of PolyMC forks through the use of invalid GitHub takedown requests.

Motivation

I created a fork of PolyMC which removed 4 lines of code from a file. I didn't think this would a problem, but a PolyMC developer apparently could not bear the thought of 4 lines of code being commented out and demanded I take action to keep Microsoft happy. I thanked him for his suggestion but politely declined, only to see that a few days later he had filed a takedown on the grounds of "Private Information" (see here https://docs.github.com/en/site-policy/content-removal-policies/github-private-information-removal-policy) citing a PolyMC API key for Microsoft authentication which was published under GPLv3.

Specification

What I'm proposing may be a little difficult to properly implement, but the implementation I have in mind is the following: Find a way to avoid making false takedown requests for GPLv3 licensed programs citing the publication of GPLv3 code as an invasion of privacy. I'm not sure of a proper method for this myself yet, but it's definitely doable.

Drawbacks

You might have to bear with the existence of forks you personally do not agree with. This might be quite the challenge, and I'm open to possible solutions for this.

Unresolved Questions

How can this be implemented in such a way where the project is still able to continue regular functionality if there exists forks that comment out GPLv3 licensed code?

Alternatives Considered

Discontinue PolyMC and become amish, or continue violating the GPLv3 license.

This suggestion is unique

• [x] I have searched the issue tracker and did not find an issue describing my suggestion, especially not one that has been rejected.

You may use the editor below to elaborate further.

No response

[Scrumplex]

Stop using our API keys. They are NOT covered by the GPL-3.0 as they have other terms and conditions bound to them. If you need assistance in requesting keys for yourself, feel free to ask in an issue.

If you actually care about morals and values behind Free Software, then please be aware that your actions will limit the freedoms of our users, if for example our API key gets revoked because of your actions. You are actively harming this project by breaking Minecraft EULA and using our name and keys.

If I wanted I could just close this issue by saying "Thanks for your feedback", as you did with our simple request, where we just asked you to remove the keys.

Next time you want to make a piracy-enabling fork, go ahead and call it something else. Most of the branding lives in program_info, so it should be fairly easy to do.

[yamirui]

@Scrumplex do you realize that GPL includes build scripts (in which your keys are)? User must be able to rebuild the software AND modify it however they wish. Considering your project cannot be built without those keys, it sounds like a fault on your part, it's very sketchy to have a project that cannot be forked and built under GPLv3 because it "violates" some nonexistent proprietary rule that you just made up, by using GPL in a wrong way that makes free software non-free. If you care about free software, maybe consider fixing this or better yet, consider not trolling with takedowns for user doing nothing but following the rules that are laid out in the license and not violating a single one of them?

If you have a Microsoft key in a build script that is licensed under GPLv3, and someone else using it violates terms of service (between Microsoft and you), that is YOUR fault.

In the same regard, if you have SourceForce key in a build script, which is licensed under GPLv3, and someone else using it somehow breaks something for you, causing issues between SourceForge and you, that is YOUR fault. Keep your keys somewhere else and not in a build system maybe. A comment saying to change something is irrelevant, the least you could do is modify the license to address this instead of chimping because of an user using software according to the license you gave to them. You set it up in the way that allows this kind of IP trolling, and now you're playing the victim, when in fact, it is other way around. Your attitude is the definition of anti-freedom.

[Scrumplex]

You can build this software without those API keys. No API key is required to build the software. They are there so that people don't need to deal with if they are building this project themselves. I don't really get why you need it in your stupid piracy fork anyway, as I wouldn't expect anyone to login to a MSA account on a piracy launcher.

[yamirui]

I don't really get why you need it in your stupid piracy fork anyway, as I wouldn't expect anyone to login to a MSA account on a piracy launcher.

Because that's what's allowed according to GPLv3. You made your keys public, they're licensed under GPLv3 because they're in a build script that's GPLv3, it is now public property. If you don't like that fact, consider fixing it on your end instead of blaming the user.

[Scrumplex]

I could do a rug-pull and say that the build files are actually not under GPL. There is no indicator in the repository that would state that the build files are GPL.

[yamirui]

I could do a rug-pull and say that the build files are actually not under GPL. There is no indicator in the repository that would state that the build files are GPL.

No you cannot, user must be given everything they need to build the software you provide, including the build files. You cannot just "rug-pull" anything, and even uttering this concept is the definition of anti-freedom and you're the most evil person who has ever worked on any GPL licensed project that I've ever met in my entire life.

[yamirui]

The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.

[DioEgizio]

No you cannot, user must be given everything they need to build the software you provide, including the build files.

Which is what PolyMC is doing?

You cannot just "rug-pull" anything, and even uttering this concept is the definition of anti-freedom and you're the most evil person who has ever worked on any GPL licensed project that I've ever met in my entire life.

I don't agree, api keys are provided only for building the software, not for abusing them in something that clearly breaks the minecraft ToS and then cry in an issue like this

[Scrumplex]

Fuck this. I was writing a large passage about clarifying stuff. But you are just making me mad. Go leech of the work of many FOSS developers without respecting a single request from upstream. People like you are the whole reason why MultiMC went the way it went.

This is not about licensing, this isn't about copyright. It is literally about building a healthy free software ecosystem. We are working with a proprietary game and proprietary APIs. A software license can not overrule the ToS of an API. That's not how that works. If you are implying that wr should just remove the API keys from the build scripts, you are implying that we should make them "secret". Which will make it harder for everyone to build PolyMC.

Piracy forks, not changing branding or apikeys, when upstream is mad: [Insert surprised pikachu face]

[yamirui]

not for abusing them in something that clearly breaks the minecraft ToS and then cry in an issue like this

Irrelevant and out of scope. You chose to use this model and now you're blaming the user.

[DioEgizio]

Irrelevant and out of scope. You chose to use this model and now you're blaming the user.

if you prefer a software that doesn't allow to get built from source, use something like MultiMC

[yamirui]

Fuck this. I was writing a large passage about clarifying stuff. But you are just making me mad. Go leech of the work of many FOSS developers without respecting a single request from upstream. People like you are the whole reason why MultiMC went the way it went.

This is not about licensing, this isn't about copyright. It is literally about building a healthy free software ecosystem. We are working with a proprietary game and proprietary APIs. A software license can not overrule the ToS of an API. That's not how that works. If you are implying that wr should just remove the API keys from the build scripts, you are implying that we should make them "secret". Which will make it harder for everyone to build PolyMC.

Piracy forks, not changing branding or apikeys, when upstream is mad: [Insert surprised pikachu face]

Have you considered not including any API keys as dependencies for building the software? It may be just my opinion, but build-as-a-service isn't something I consider to be free.

if you prefer a software that doesn't allow to get built from source, use something like MultiMC

This is also irrelevant to the topic. All I'm doing is educating you on the license that you're supposed to know everything about before you even apply it to your repository. I don't care what multiMC is nor what it does, same with your project, the point is - you misdesigned your build system and now you blame users for forking it. They are NOT obliged to change the build system before using it. If they are, that should be in the modified version of GPL with clear explanation as to why and etc.

But in general, it looks like you don't like free software, consider using a proprietary license to suit your proprietary needs next time...

[DioEgizio]

Have you considered not including any API keys as dependencies for building the software? It may be just my opinion, but build-as-a-service isn't something I consider to be free.

they're not depedencies but without them CurseForge/MSA won't work

[Scrumplex]

Are you fucking kidding me. Read my comment above about API keys not being required for building. Have you even read the source code of the program you are claiming things about

[DioEgizio]

But in general, it looks like you don't like free software, consider using a proprietary license to suit your proprietary needs next time...

The one that doesn't understand free software here is you, free software doesn't mean "do the fuck you want"

[yamirui]

Are you fucking kidding me. Read my comment above about API keys not being required for building. HAVE YOU EVEN READ THE SOURCE CODE OF THE PROGRAM YOU ARE CLAIMING THINGS ABOUT?

Yes I did, and there, on line 99 of /CmakeLists.txt, there's this key you set which seems to be your core issue. Why is it here if it's not needed? Will you remove this line or should I submit a PR removing it for you? Since it does nothing and is not required, I'm sure your project will not have issues accepting this minor change.

The one that doesn't understand free software here is you, free software doesn't mean "do the fuck you want"

Never implied that it does, but GPL has no clause that makes me obliged to following the morals that you have, and so, it kind of does. I recommend you read what freedom GPL gives and doesn't give to the user, and you may realize that it in fact allows to turn your client into a cracked one. Whether it is okay to do is not my problem to ponder about, the fact that it somehow gets you into trouble because of some stupid keys you chose to put into build system and then blame the user for is simply ridiculous.

[Scrumplex]

I personally am done with this request. Don't pretend you are on the moral high ground, if the consequences of your actions will harm others but not you specifically.

[yamirui]

I personally am done with this request. Don't pretend you are on the moral high ground, if the consequences of your actions will harm others but not you specifically.

I have personally done no harm to anyone, unless speaking the truth about what GPL is and isn't somehow hurts your feelings. I'm sorry that you got hurt, but GPL is not, it's a piece of well-written text that I recommend you read this weekend when you have some free time, as it appears that you did not...

[Scrumplex]

@yamirui I will explain the presence of the API key, judt for you:

There are people who paid for an account to play this game. Let's call these people "users". These users want to play the game, even if they installed this software from a source-based distribution like Gentoo or from the AUR. Or in general from third party packaging. So the reason why this API key is there, is for convenience when packaging PolyMC. If you want to make a change to the codebase, that will break ToS of one of these APIs, then don't use these API keys, or at the very least rename the launcher, so that the user-agent of the API requests is not "PolyMC"

[Scrumplex]

I personally am done with this request. Don't pretend you are on the moral high ground, if the consequences of your actions will harm others but not you specifically.

I have personally done no harm to anyone, unless speaking the truth about what GPL is and isn't somehow hurts your feelings. I'm sorry that you got hurt, but GPL is not, it's a piece of well-written text that I recommend you read this weekend when you have some free time, as it appears that you did not...

I have read the GPL. I want to emphasize that I was not the person who made the request at GitHub. I am just mad about how you are treating us here.

[Scrumplex]

I spend multiple hours of the day working on this project, with no reimbursement, and today I have to discuss with people who have not contributed a single line of code if it is fine or not to use API keys from upstream if they actively break the terms of service.

[yamirui]

I've already explained to you why your users breaking the TOS that YOU YOURSELF and not the user is responsible for is YOUR OWN fault and should be fixed by you. The user isn't using the service you use. The user is now forced to use the service you use.

You provide code, build code is, well, you guessed it, code. User is free to use, modify and share said code. Even if that code includes your banking details and whatever else. Who put that in YOUR project? Who is responsible for it being here?

This is akin to charity. Yes, you intended the homeless person to wear the clothes you washed and took time to take to the shelter and not use them to wash their ass and then the ground around where they sleep, but that's life for you, do you now go beat him up for it and take your clothes back? Or do you own up to your "mistake" and maybe next time don't give away something you're not prepared to lose?

Maybe a little bit of convenience here and there could be sacrificed for the greater good sometimes? Because, as you know, this is a public place, and anyone can copy your key and do whatever they want with it, without using your project at all, and what are you going to do about it then? This is very trivial problem and you're the one creating it out of thin air - for the user to fix and be blamed when they don't, when GPL does not oblige the user to fix software they use, in fact, it does not force anything to be done with the software before user can use it, that's what GPL is all about, you give the user the code, and user uses it, how they use it is completely separate topic that I am not going to discuss with you.

The only thing that matters is that you make the abuse easy. Yes, it is also more convenient to not lock your door when you go outside, do you now do this

I spend multiple hours of the day working on this project, with no reimbursement, and today I have to discuss with people who have not contributed a single line of code if it is fine or not to use API keys from upstream if they actively break the terms of service.

I wonder how many of these hours are spent playing the victim due to "no reimbursement" and other non-issues created by noone else but you yourself with stupid design choices that hamper user's freedom and even cause problems for you. You may not realize this today, but eventually you will learn that this whole issue could've been avoided by being smarter with how the user acquires your provided source code.

[DioEgizio]

you're clearly here just for making people mad, and you don't understand anything.

1. if you want to remove the keys from your builds, you can!
2. you don't seem to understand even the most basic thing of "good sense"
3. you barely know what PolyMC is and you're complaining here :P

[DioEgizio]

but eventually you will learn that this whole issue could've been avoided by being smarter with how the user acquires your provided source code.

so basically you want PolyMC to not become buildable from source anymore?

[Scrumplex]

you're clearly here just for making people mad, and you don't understand anything.

1. if you want to remove the keys from your builds, you can!

2. you don't seem to understand even the most basic thing of "good sense"

3. you barely know what PolyMC is and you're complaining here :P

This sums it down really well.

Maybe a little bit of convenience here and there could be sacrificed for the greater good sometimes?

What is the greater good here? You, potentially, abusing our API key and therefore breaking this software for thousands of people?

[yamirui]

you're clearly here just for making people mad, and you don't understand anything.

1. if you want to remove the keys from your builds, you can!

2. you don't seem to understand even the most basic thing of "good sense"

3. you barely know what PolyMC is and you're complaining here :P

I am free to remove the keys from my builds huh... Which part of GPL states that I am not free to NOT remove the keys? This is what this topic is about.

Me, making people mad? As far as I am concerned, you were mad before this even happened. You share keys that give access to something that noone else but you should have access to, and now complain about abuse...

[yamirui]

What is the greater good here? You, potentially, abusing our API key and therefore breaking this software for thousands of people?

The user being able to build your project without needing some random sourceforge key.

[yamirui]

so basically you want PolyMC to not become buildable from source anymore?

You're the one who wants this to happen, considering you keep piling random restrictions that are not covered by the license you provide. Today user cannot have their own fork because "those keys are mine though", tomorrow they will be unable to build it because "you need sourceforge account to compile this due to abuse on our sourceforge keys that happened yesterday".

First of all, why do you need some random sourceforge keys at all? Is your software that proprietary that it cannot even compile without going through some 3rd party of questionable legibility before user can use your software?

[Scrumplex]

Please read the source code you are talking about. There is no reference to SourceForge anywhere in the codebase. This issue is also primarily about Microsoft Authentication, not about CurseForge.

[DioEgizio]

sourceforge? what

[Scrumplex]

Also see https://github.com/PolyMC/PolyMC/pull/659

[DioEgizio]

Please read the source code you are talking about. There is no reference to SourceForge anywhere in the codebase. This issue is also primarily about Microsoft Authentication, not about CurseForge.

well it's also about cf

[yamirui]

Please read the source code you are talking about. There is no reference to SourceForge anywhere in the codebase. This issue is also primarily about Microsoft Authentication, not about CurseForge.

My bad, but I don't see how this counters my point (it does not), proprietary keys are proprietary keys, you put them there.

Once again: user is not obliged to modify the software before one can use it. Your project should be set up in a way where that does not affect you negatively.

Considering this is a client that's not maintained by microsoft, one is already willing to give up convenience for freedom, but here they are - dealing with your nonsensical demands. Once again, if you know that this is prone to abuse, then remove it. Nobody cares about convenience, especially not one that causes damage to others. If you make private keys that should be private public, they will be abused, that's the rule of internet and you're not exempt from it. You're dealing with consequences and instead of fixing the issue you created, you're now blaming others.

[catfromplan9]

Stop using our API keys. They are NOT covered by the GPL-3.0 as they have other terms and conditions bound to them. If you need assistance in requesting keys for yourself, feel free to ask in an issue.

If you actually care about morals and values behind Free Software, then please be aware that your actions will limit the freedoms of our users, if for example our API key gets revoked because of your actions. You are actively harming this project by breaking Minecraft EULA and using our name and keys.

If I wanted I could just close this issue by saying "Thanks for your feedback", as you did with our simple request, where we just asked you to remove the keys.

Next time you want to make a piracy-enabling fork, go ahead and call it something else. Most of the branding lives in program_info, so it should be fairly easy to do.

All launcher code is available under the GPL-3.0-only license.

Source for the website is hosted under the AGPL-3.0-or-later License.

The logo and related assets are under the CC BY-SA 4.0 license.

[catfromplan9]

You can build this software without those API keys. No API key is required to build the software. They are there so that people don't need to deal with if they are building this project themselves. I don't really get why you need it in your stupid piracy fork anyway, as I wouldn't expect anyone to login to a MSA account on a piracy launcher.

You addressed nothing and dodged every response made here. I do not care if I am fully able to remove this key, I do not care if me using this key hurts you, I do not care about you at all. Your existence makes no difference to me, I only ask that you comply with the license you supposedly use. If you want to act like this, then change your license to a proprietary one and stop labeling it as libre.

[DioEgizio]

You addressed nothing and dodged every response made here. I do not care if I am fully able to remove this key, I do not care if me using this key hurts you, I do not care about you at all. Your existence makes no difference to me, I only ask that you comply with the license you supposedly use. If you want to act like this, then change your license to a proprietary one and stop labeling it as libre.

Don't know if you know, but some services have something called Terms of Service which you need to respect no matter the license

[d-513]

You are breaking the terms of service of MSA while using our key and user agent, so the blame is shifted to us. This has nothing to do with GPL. We politely asked your piracy fork to remove the keys so that we don’t get in trouble with MS.

Either way it would be probably beneficial for your fork to not be able to contact MS Servers at all.

[catfromplan9]

No you cannot, user must be given everything they need to build the software you provide, including the build files.

Which is what PolyMC is doing?

You cannot just "rug-pull" anything, and even uttering this concept is the definition of anti-freedom and you're the most evil person who has ever worked on any GPL licensed project that I've ever met in my entire life.

I don't agree, api keys are provided only for building the software, not for abusing them in something that clearly breaks the minecraft ToS and then cry in an issue like this

Oh look, the redditor thinks he can add to the conversation. Listen to me, you nimwit, GPL means GPL, how I modify PolyMC is of no significance. I am freely allowed to modify PolyMC as long as I follow the GPL. It is of no relevance what the intent of providing these API keys is either, this is unrelated to the situation here. I am not following a "Do as I ask you to" type of license where demands like this are permitted, the license on PolyMC is GPL.

[Scrumplex]

You are piggybacking off of work that was made by others. And then you feel entitled to disrespect and insult everyone who has contributed to this project. The BitTorrent protocol has a fitting name for people like you: leeches.

[DioEgizio]

No you cannot, user must be given everything they need to build the software you provide, including the build files.

Which is what PolyMC is doing?

You cannot just "rug-pull" anything, and even uttering this concept is the definition of anti-freedom and you're the most evil person who has ever worked on any GPL licensed project that I've ever met in my entire life.

I don't agree, api keys are provided only for building the software, not for abusing them in something that clearly breaks the minecraft ToS and then cry in an issue like this

Oh look, the redditor thinks he can add to the conversation. Listen to me, you nimwit, GPL means GPL, how I modify PolyMC is of no significance. I am freely allowed to modify PolyMC as long as I follow the GPL. It is of no relevance what the intent of providing these API keys is either, this is unrelated to the situation here. I am not following a "Do as I ask you to" type of license where demands like this are permitted, the license on PolyMC is GPL.

gpl means gpl, tos means tos

[catfromplan9]

Fuck this. I was writing a large passage about clarifying stuff. But you are just making me mad. Go leech of the work of many FOSS developers without respecting a single request from upstream. People like you are the whole reason why MultiMC went the way it went.

This is not about licensing, this isn't about copyright. It is literally about building a healthy free software ecosystem. We are working with a proprietary game and proprietary APIs. A software license can not overrule the ToS of an API. That's not how that works. If you are implying that wr should just remove the API keys from the build scripts, you are implying that we should make them "secret". Which will make it harder for everyone to build PolyMC.

Piracy forks, not changing branding or apikeys, when upstream is mad: [Insert surprised pikachu face]

"Waah, waah, he hurting my feelings I mad WAAAH!" Shut the fuck up, I do not care about your feelings crybaby. You say it's not about licensing or copyright yet this is what you claimed it was about at the beginning of this issue. Please keep your story straight, you are changing it.

[Scrumplex]

@catfromplan9 If you continue disrespecting maintainers or contributors, I might need to ban you from this GitHub org for breaking our code of conduct. See this as a warning.

[catfromplan9]

The one that doesn't understand free software here is you, free software doesn't mean "do the fuck you want"

Free software follows 4 essential freedoms, freedom to copy the program, distribute exact copies, and distribute modified copies. I am distributing modified copies of PolyMC and being sent fraudulent takedown requests.

[Scrumplex]

What are you trying to achieve now? Are you worried about your fresh GitHub account being closed by GitHub or something? I only see you harming this project.

[catfromplan9]

@yamirui I will explain the presence of the API key, judt for you:

There are people who paid for an account to play this game. Let's call these people "users". These users want to play the game, even if they installed this software from a source-based distribution like Gentoo or from the AUR. Or in general from third party packaging. So the reason why this API key is there, is for convenience when packaging PolyMC. If you want to make a change to the codebase, that will break ToS of one of these APIs, then don't use these API keys, or at the very least rename the launcher, so that the user-agent of the API requests is not "PolyMC"

What microsoft does is out of the scope of what we are discussing here. Your project is licensed under the GPL, you need to follow the license. You believing your API key is being misused does not excuse violation of the GPL.

[yamirui]

You are breaking the terms of service of MSA while using our key and user agent, so the blame is shifted to us. This has nothing to do with GPL. We politely asked your piracy fork to remove the keys so that we don’t get in trouble with MS.

Either way it would be probably beneficial for your fork to not be able to contact MS Servers at all.

You're the one breaking terms of service of MSA, the key is yours, not the user's. If user spams with your key, it is literally your fault, and your account will get suspended, not the user's. I've been trying to explain this to you but you seem to believe that you can do no wrong, and are gravely mistaken.

[catfromplan9]

What are you trying to achieve now? Are you worried about your fresh GitHub account being closed by GitHub or something? I only see you harming this project.

I'm trying to help you understand what my problem is and how your practices violate your license. I am not being given Freedom #3 (or #4, if you start at #1)

[DioEgizio]

You are breaking the terms of service of MSA while using our key and user agent, so the blame is shifted to us. This has nothing to do with GPL. We politely asked your piracy fork to remove the keys so that we don’t get in trouble with MS. Either way it would be probably beneficial for your fork to not be able to contact MS Servers at all.

You're the one breaking terms of service of MSA, the key is yours, not the user's. If user spams with your key, it is literally your fault, and your account will get suspended, not the user's. I've been trying to explain this to you but you seem to believe that you can do no wrong, and are gravely mistaken.

No we aren't, the Microsoft Client ID is not a secret

[catfromplan9]

you're clearly here just for making people mad, and you don't understand anything.

1. if you want to remove the keys from your builds, you can!

2. you don't seem to understand even the most basic thing of "good sense"

3. you barely know what PolyMC is and you're complaining here :P

Yes, I can remove it, but I do not want to because according to your license I am not under any situation required to

[yamirui]

You are breaking the terms of service of MSA while using our key and user agent, so the blame is shifted to us. This has nothing to do with GPL. We politely asked your piracy fork to remove the keys so that we don’t get in trouble with MS. Either way it would be probably beneficial for your fork to not be able to contact MS Servers at all.

You're the one breaking terms of service of MSA, the key is yours, not the user's. If user spams with your key, it is literally your fault, and your account will get suspended, not the user's. I've been trying to explain this to you but you seem to believe that you can do no wrong, and are gravely mistaken.

No we aren't, the Microsoft Client ID is not a secret

If that's the case then keep it out of this issue because that's between the user and Microsoft. You're literally not affected by it, and if you are, then it is exactly as I said.