I am genuinely interested: everybody here says that they removed the copyright headers. But when I browse through the Spegel sources, they do not contain a copyright header...
To me it's the Spegel author's fault: there should be a copyright header in every single file, such that Microsoft would have to keep it.
It's in the LICENSE file. With a MIT license, you assign a copyright to the project, or to a certain set of files. The Spegel license attributes copyright to "the Spegel authors", while Peerd attributes it to "Microsoft Corporation".
If some of the peerd code was lifted from Spegel, it's blatant stealing. Code attribution is the only thing a MIT license asks people to honor, and Microsoft couldn't even do that.
Can’t help but feel no matter what they’d done there would be some route of thought that leads them to wronging the author other than just paying and using the code as is. I don’t know why a corporation would do that though as they likely have their own changes and direction they want for it and working with an unknown 3rd party on that could be a nightmare.
From the authors reaction they chose the wrong license for the project.
> If some of the peerd code was lifted from Spegel, it's blatant stealing.
Could we say "it's incorrect attribution"?
> and Microsoft couldn't even do that.
Did you consider it may have been done by an engineer who, in good faith, thought they were giving proper credit by adding it to the README? Would you want that engineer fired because of the bad attribution?
It's not like Microsoft is making millions out of this. Sure, they should fix the attribution. It's a mistake.
Most startups/small companies I've seen rely heavily on open source and fail to honour every single licence. This is bad and nobody cares. Here, Microsoft mentioned the project in the README (which is not enough, but not nothing), and I'm pretty sure that they can fix it if someone opens an issue. But overall, companies like Microsoft do honour licences a lot better than startups in my experience.
BigTech is evil for many reasons, but maybe we could consider that this is just an honest mistake.
Of course it was a mistake. In fact, as of 20 minutes ago, the mistake appears to be sorted out, with both the main license file and the offending files sporting new copyright headers.
But corporations hiding behind their workers is a no-go. Corporations get to enjoy their successes, and it's fair to hold them accountable for their failures. Least Microsoft can do is a bit of public comms work detailing what they will do to ensure these mistakes are not repeated in the future.
Microsoft does credit the authors on their README. Maybe it's not exactly the right way to do it, but they do it.
Now if it's not the right way to do it, what about opening a PR and asking to change it? Instead of writing a blog post to complain about them?
Now maybe those engineers thought they did well, will get issues internally because of the bad publicity for Microsoft, and next time they want to use an open source project their legal department will be even more of a pain in the ass because if they aren't, then random people on the Internet use that to do bad publicity for the company.
Why not assuming that they are in good faith here? There are enough reasons to hate Microsoft other than this one.
The question is who does the copyright belong to in this repository. It is both original author and Microsoft (because they took authors code and modified it). So the License file should mention both.
I am not convinced that the main LICENSE file should mention both. I feel like somewhere, in the project, there should be a copy of the original license.
When you depend on a third-party, you don't add their copyright in your main LICENSE file.
In case of deps, the dependency comes with its own LICENSE file.
In this case the code is essentially forked, integrated and intermingled, so that is why it should be in the LICENSE file.
If it was file or two, it would be fine to add a comment pointing to the license file in the repo, if it was a directory, or to copy it verbatim to that file. It all the copied code was in a directory then having it in directory would be fine.
In this case it looks like they took the original code and heavily modified it, so the simplest way to solve it is one LICENSE with both notices.
I don't read anything suggesting that in the MIT licence. I don't see why they couldn't say "the fork came with its own LICENSE file, which we moved in this subfolder, and now the root LICENSE file is the one of our new project".
The question is, "If I look at this repo, who owns the copyright?"
Sure, you could move the original LICENSE into a directory. Still, if the files are intermingled, you should have a prominent notice that says, " Hey, these files have mixed copyright ownership."
