The repository for the previously private submodule is still called Floorp-private-components, though it’s public.

https://blog.ablaze.one/4125/2024-03-11/ is a maintainer’s official response to… Reddit, which crossposted me apparently. Hooray!

  • @thesmokingman
    link
    11
    edit-2
    3 months ago

    You really shouldn’t apply a CC license to code. Someone who does that after saying what the dev said about not forking their open source code has no fucking clue what they’re talking about and is either about to spiral out or build something really dumb (or both).

    Edit: yeah the dev seems pretty delusional

    • AatubeOP
      link
      fedilink
      23 months ago

      You think a malicious fork that only changed the branding would openly fork it on GitHub?

      • @thesmokingman
        link
        6
        edit-2
        3 months ago

        There were forks that wanted to hide the fact that they were Floorp forks, forks that did not want to contribute to Floorp at all, forks that used the code for life and just changed the name of Floorp, and many other forks were born.

        There are three visible forks that have any stars. All of them have one star. You’re telling me that a project that is so widely and maliciously repackaged has no normal forks with more than one star? Is this tech that only bad actors want to use and has no following in the open source community?

        Where are these evil forks, how do we actually know they’re forks, and why are they still up if they’re breaking license?

        Edit: Here is a fork with 200+ stars that isn’t a direct GH fork. Given its premise is an opinionated and branded Floorp, is it morally wrong for its maintainers to not contribute to Floorp (assuming they don’t only for the sake of argument)? Does your answer apply to fediverse server owners (eg Mastodon, Lemmy) whose premise is hosting an opinionated and branded instance often explicitly without the technical skill to suggest patches?

        • NaN
          link
          fedilink
          English
          23 months ago

          The blog says specifically that FireDragon is not an issue. I am also curious about these forks.

        • AatubeOP
          link
          fedilink
          1
          edit-2
          3 months ago

          I also wonder which forks these are (should probably ask maintainers), but I do not get your point about Floorp or the three forks in the screenshot at all.

          why are they still up if they’re breaking license?

          Because they didn’t. Code was previously up under MPL, a permissive license

          Does your answer apply to fediverse server owners (eg Mastodon, Lemmy) whose premise is hosting an opinionated and branded instance

          I haven’t seen an instance that claims it doesn’t use e.g. Lemmy when it’s using it.

          • @thesmokingman
            link
            23 months ago

            If a repo is very popular, it should have a lot of forks. The higher the upstream popularity, the higher the downstream popularity. When a dev makes a claim that there are a ton of malicious forks stealing IP, we can vet that claim by looking at the forks that respect the upstream. Big projects have a big community with big forks with many stars. The popular downstreams drive traffic to the upstream.

            In this case, we have a couple hundred direct forks. That’s not a ton. Out of those, only three have stars. All of them only have one star. At face value, that could imply a few things: the repo is not very popular, the community is centralized around the upstream, or something else along those lines. Comparing this to other open source projects, our initial conclusion is that this is not a hugely popular repo and does not get a lot of development outside of its incredibly niche community.

            Occam’s razor is a tool, not objective truth. Based on the facts as we can see them, this focus on forking from the dev is much more indicative of a burnout spiral, incredibly common in the FOSS community, than nefarious actors. If we see receipts, eg a collection of takedown requests on malicious forks attempting to claim ownership of the code, our analysis falls apart. That’s still a possibility, however remote.