LGPL violation/Missing references to ethereumj project

[freddy36]

It's very obvious that java-tron is based on the ethereumj project. E.g. compare these two files (Just a random example out of many): https://github.com/tronprotocol/java-tron/blob/develop/src/main/java/org/tron/datasource/leveldb/LevelDbDataSource.java https://github.com/ethereum/ethereumj/blob/develop/ethereumj-core/src/main/java/org/ethereum/datasource/leveldb/LevelDbDataSource.java

AFAIK this is violation of the LGPL (ethereumj) license because you didn't mention that java-tron has been derived from the ethereumj project.

You might want to get your licensing right. Copying someones work without giving them proper credits is at leased considered very bad practice in the open source community (ignoring any legal aspects of this because I'm not a lawyer).

[tronfoundation]

We referred some codes of ETH due to the festinate time, we apologize for it and will correct it immediately.

[tahitithebob]

And you just moved the file and changed some properties...

the diff:

https://github.com/tronprotocol/java-tron/commit/d4ad9c6dfee1ec9227693c2360cc0e5d211ea89a#diff-acbc52c7b79e9618773211a957bb07fe

the new file:

https://github.com/tronprotocol/java-tron/blob/8e64485be80755de4f81ba472152777eb21f1131/src/main/java/org/tron/storage/leveldb/LevelDbDataSourceImpl.java

This is not cool!

[pornin]

Also, files from https://github.com/tronprotocol/java-tron/tree/develop/src/main/java/org/tron/crypto/cryptohash appear to be straightforward imports from sphlib ( http://www.saphir2.com/sphlib/ ), with just the license removed and replaced with their own. Given that the sphlib license is very permissive and would see no problem with the import, provided that "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software" (exact wording of the license text), I'd say that this license surgery is quite inelegant. This is not the behaviour of worthy developers.

[ghost]

When you get mauled by a bear, you know you've messed up badly.

@tronfoundation Congratulations on losing your overall credibility and general public image. By bluntly stealing code and claiming it to be yours, you've done more that ignoring international copyright laws and violating every single license involved. Way to go… has been a long time since I saw such an innovative way to kill a project's public image beyond the point of recovery.

[AngelQuirogaM]

I have been reading this thread in my email. Just take it easy for all please :)

For all not so constructive comments:

• let the project developers breath a little bit please, and check it in the next release not at every commit.

For the developers:

• all the comunity is watching you, please kill all legal doubts about this in the next release.

Have a good day

[tronfoundation]

OFFICIAL STATEMENT

The design of TRON is based on it's own system and the realization of codes, some codes of Ethreum were used as reference, we didn't note related license, from now on we will note the copyright ownership and promise this won't happen again. Thank you for your support.

[larryluckland]

So all these Senior Alibaba engineers are just copying and pasting code? So much for Justin Sun and his "very strong developer team from great companies."

[pbuhrmann]

@larryluckland ever coded? copy paste is THE most powerful tool for any developer, thing is to know what to do with it afterwards. 95% of crypto is copy pasted code, however they should have left licenses untouched.

[ALawliet]

in on this because i wanna be a part of history. cheers everyone.

[ac-opensource]

People are complaining about this like this is released already. It's not even "released" yet so no actual violation was committed.

Edit: Talking about the FUD. Reporting these mishaps are actually good. We can only do better from here.

[nanilab]

Not the first time TRON Protocol does this...

[KyleHunter]

@ac-opensource Yes, but they have made significant monetary gains because of this premise.

[ghost]

isn't tron a blockchain based in China?

[rdvo]

why is this a surprise.. this is how the Chinese do business. lol DUMP TRON

[kalittl]

I agree with you Andrew! These idiots think they uncovered something new about open repos on github. Here’s a bomb shell story for the fake detective folks https://m.slashdot.org/story/334037

LOL

On Jan 14, 2018, at 10:11 PM, A-Ar Andrew V. Concepcion notifications@github.com wrote:

People are complaining about this like this is released already. It's not even "released" yet so no actual violation was committed.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[lxwagn]

This issue has been fixed as of commit 2754bcb51c4d51191e2b2c89346b76eff29e0ed3.

Please close the issue.

[rdvo]

amateur hour.. bulgarian coders copy pasting and removing licensing lol

[rmittapalliz]

Okay everyone just relax. copy paste not bad. But be open about it and give credit to ETH. @tronfoundation There is nothing wrong that your devlopers copy paste the code . if it helps tron to move forward by copy paste its definitely not a bad idea since it saves time. just dont forget to give credit.

i think people needs to stay away from development team and relax.

Copy pasting whitepaper is not cool tho.

[ptkenny]

What's the point of free software if developers won't follow the licenses anyway?

[oferze]

A crucial mistake in your official statement:

its, not it's.

[bonesoul]

Copy & paste the whitepaper, then copy & paste the sources. That's what we call TRON.

[YuurinBee]

Not to mention in your "official statement", you cannot even spell Ethereum correctly. You copy and pasted code, there's no reason you can't copy and paste the name, too... smh

[georgemickael-b]

For those who are whining about this issue. All these issues are common in development. If you say it's not, you haven't worked on serious projects with so much pressure to deliver. The thing hasn't even been released, its not even a violation now.

You are not going to perfect on day 1. This is professional network, don't undervalue yourself by making fake profiles and/or posting inappropriate comments.

[rmittapalliz]

Just shill people it's not issue at all

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: George Mickael Antony notifications@github.com Sent: Sunday, January 14, 2018 11:04:08 PM To: tronprotocol/java-tron Cc: Rajasekharreddy Mittapalli; Comment Subject: Re: [tronprotocol/java-tron] LGPL violation/Missing references to ethereumj project (#25)

Email originated from outside the company. Please use discretion if opening attachments or clicking links

For those who are whining about this issue. All these issues are common in development. If you say it's not, you haven't worked on serious projects with so much pressure to deliver. The thing hasn't even been released, its not even a violation now.

You are not going to perfect on day 1. This is professional network, don't undervalue yourself by making fake profiles and/or posting inappropriate comments.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/tronprotocol/java-tron/issues/25#issuecomment-357590295, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Ae4DBLgTE2aaank3r-Ycr0vr8iJQxtNMks5tKupYgaJpZM4RP2B0.

[opuxilem-4055]

Protip: buy more when the price crashes super low!

[rome138]

Maybe it is commented out lol

[pyskell]

GPL covers whenever code is distributed. Even if not "released" it was still distributed on GitHub.

Additionally the first thing the copyright holder does is ask for proper licensing and attribution.

The disturbing/garbage part is that removing those copyright notices and find/replace ethereum -> tron DOESN'T happen by accident. This is the second incident after the whitepaper. A third will be a really serious pattern.

[myrual]

in on this because i wanna be a part of history. cheers everyone.

[Mardoxx]

Has anyone called the cyberpolice?

[dreday966]

Blockchain world rule 1: be honest and transparent.

[MagicalTux]

AFAIK LGPL requires only to re-license under the same LGPL license (which java-tron is) so t here is no LGPL violation here.

Removing the copyright header & details of the source is however be in violation of copyright laws of most/all jurisdictions (the "Copyright (c) [2016] [ ]" part).

[skibz]

when the ethereumj project was originally licensed, it was using the MIT license. what does this mean for projects that derived from it at that point in time? are they also subject to the new license now?

[andydj]

@skibz no because you can't re-licence already-released code - it's not retrospective. It applies to all code released subsequent to the point of the license change. You can't legally back-port updates to the LGPL code to the old MIT licensed codebase, unless it's de minimis (trivial amounts).

Changing the license at the top of the code (and nothing much else) is simply a violation of international copyright law. Doesn't require any particular license, unless the existing license explicitly allows you to do this, or the work is already in the public domain or copyright has expired.

[diagprov]

Issue has not been fixed as of 2754bcb51c4d51191e2b2c89346b76eff29e0ed3, in particular the sphlib license has not been added to the affected files.

I have not checked to see if any other stolen code exists and whether the license has been replaced.

[githubbrunob]

who cares about giving credits to a, b or c? Intelectual Property is crap! and if that is really required by the lamer-community, then I would lose time on the references only when the product is out AND successful. meanwhile, we have to learn how to live in a copy-paste world. we can't have closed-source because otherwise no one would believe our product, so we really have to be fast, copy-pasting existing solutions (Ethereumj, Status, FileCoin, Flixxo, BAT) to come up with a wide-range product, tested and reliable for the users to use.

[andydj]

As mentioned by others above, if it's on GitHub it HAS been released AND Distributed, as defined by the LGPL. If it's publicly availabile, it has been RELEASED, and is thus in violation.

NOW IS THE TIME TO FIX this, not "the next release". Every commit to or clone/download of an LGPL covered source file is further violation. Hate to seem whiny, but that's just how it is, like it or not.

[andydj]

@githubbrunob you'll soon change your tune if the repo gets pulled from GitHub due to a copyright claim - then nobody gets to clone it anymore. Copyleft and permissive licenses rely on turning the exiting copyright system back on itself, to provide freedom for all. I agree the term "Intellectual Property" is crap, this is the way we get change for the better - by using the system against itself. The idea is that as many people as possible benefit, not just the few who make money off the efforts of other people.

[githubbrunob]

@andydj if the repo gets pulled from GitHub for whatever reason, that only means one thing: censorship.

[andydj]

It wouln't mean censorship per se. It would mean github avoiding being sued as an accessory to copyright infringement. It's how the safe harbour rules work: any infringement must be removed upon notification, or the outlet basically becomes liable. This is why youtube/facebook/soundcloud etc. all have takedown procedures - they can't continue to exist with the constant threat of lawsuits. Even if you idealogically oppose these ideas (as I do) you have to accept that you have to play by the rules of the existing system, whilst pushing the boudaries, in order to survive.

[Fohdeesha]

Censorship? No, it means GitHub enforcing their TOS as they always have. It quite clearly says they will not host stolen code (which, as defined by their TOS, and the gpl license in general, includes code that has been reused with licensing terms and origin removed)

[olibaron]

It is copyright infringement. I already did an article on tron https://medium.com/@olivierdejong/overvalued-meets-undervalued-71003a5b9dae. And now it turns out that the code that is available here is copy and paste.. Sad..

[githubbrunob]

@Fohdeesha how do you prove it is stolen code when we have automated code generators that also print those useless comments about copyright bla-bla-bla...? "Stolen code" that's a very amusing concept.

[Fohdeesha]

it's not a "concept", it's defined very clearly by the GPL terms. When you take someone's licensed code, (which Tron officially admitted doing above), remove the license terms and identifier, and do not mention the source (which once again, tron admitted to doing above) that is defined as stolen, by both gpl terms and githubs own TOS. Are you new to software development? This is beginner level stuff, I wouldn't have been caught dead doing this even when I was starting out in highschool

[andydj]

@githubbrunob you seem not to get that a simple, free, easy, and POLITE solution is to just follow the licensing requirements of each upstream project. It's not even hard.

You are right that it's not "stolen code" - it's copright infringement. Code cannot be "stolen" as far as the law is concerned (because the original owner still has their copy - theft involves removing the item from the possession of the original owner) but copyright infringement law does have drastically costly implications - not only lawsuits, but incredibly expensive standard fines. It's meant to be a deterrent, and that, it certainly is. Just see how the system has dealt with previous companies that have flouted the rules... Pirate Bay, MegaUploads, Napster... to name a few.

But with copyleft software, it doesn't need to end in destruction: just follow the license, and CARRY ON AS BEFORE in all other respects. It doesn't stop you doing much, if anything other than abiding by the license terms. And it's better for everyone. Check out http://gpl-violations.org/ for a rolling history of the afaik 100% success record against violations of the *GPL licenses.

[githubbrunob]

my question is: why matter with licensing, and references and all, if you can't profit if someone references your code?

I understand github's problems with law enforcement. but then I feel coders are working for the lawyers, and not for the community. next question: when does/will github goes decentralized?

[githubbrunob]

@Fohdeesha I'm still in kindergarten, I just don't take anything for granted.

[andydj]

It's precisely because of FREEDOM - freedom of the USERS of the code to run,study,share,modify the code without others encumbering it with additional restrictions. Everybody gets to have the same rights all the way down the line. Without this guarantee, someone, somewhen, will try to take them away.

It's a reciprocal deal. You get access to the code and everybody else gets access to your improvements, if you choose to share them. You can of course keep them to yourself, but AS SOON AS YOU GIVE SOMEONE ELSE YOUR "IMPROVED" VERSION, YOU HAVE TO PROVIDE THE SOURCE CODE TOO. Fork as much as you like, but play by the rules. It keeps everybody (apart from the shady suits) happy.

[githubbrunob]

@andydj code is not even digitally signed as it should be with PGP keys of the developer. Licencing is just a meaningless comment on the header of the file. People can copy the files, change it as they please while leaving the header untouched. Means nothing. I don't understand it. Hey, the whole China doesn't understand it (or should we all pay copyrights for gun-powder invention?)

The shady suits, use your code, and close it down, no questions asked. Great deal for them!

Toilet paper is a better invention.

[andydj]

@githubbrunob Haha. Why should PGP even be involved? It's proprietary, and flawed. I'm afraid practically the whole internet disagrees with you anyway. Without it, the internet wouldn't even exist. Doesn't really matter what you think if the whole world disagrees with you. Of course, you can act according to your own views. Good luck with that.

[ernesthilvano]

Man, THIS IS OPENSOURCE, why hate having no copyright? tsk tsk.