WingNews logo WingNews
top | item 46506275

(no title)

colbythrowaway | 1 month ago

Hey, Ben.

I recently (less than 2 months ago) did an in-depth analysis in the area of license compliance that suggests that Microsoft and many other companies that are shipping Electron apps aren't in compliance with the LGPL. (By all signs, it looks like the Electron project might not even be aware that Electron is subject to the LGPL, though they are. Even Slack, which isn't violating the license appears to be in compliance only incidentally—because they're shipping other LGPL components that they know are LGPL.)

I was set to leave the company I was at a couple weeks later (end of November), and I did, so there haven't been any developments with my investigation/findings since I departed. I haven't prepared or published a formal write-up, and I've only brought it up in a semi-public setting once. It's a pretty big deal, though. Could you raise this with Microsoft legal (not Electron/GitHub) and suggest they look into this?

discuss

order

intern4tional|1 month ago

Assuming this is real and you have the authority to share your work from previous location; you should reach out and contact Microsoft Legal directly.

A random engineer on Hacker News is not the proper channel.

Link: https://www.microsoft.com/en-us/legal/compliance/sbc/report-...

rstuart4133|1 month ago

I'll give you another example. The "Microsoft Tunnel Gateway" is a end point for Microsoft's InTune VPN downloadable as a docker image for Linux from here: https://learn.microsoft.com/en-us/intune/intune-service/prot...

I had a brief look at the docker image, and it's pretty clearly a repackaged version of OpenConnect. Debian's copyright linked to from https://packages.debian.org/sid/openconnect says it's primarily LGPL but with a plethora of other licences like the GPL.

Since there is GPL they are required to make some source available, and if they modified it they are required by the LGPL to make their modifications available. They have extended it by adding Microsoft's authentication mechanisms, but perhaps that is just a DDL mixin, and I could well believe / forgive them not being aware of the other licences.

What is not so easy to forgive is them not acknowledging the open source they used in any way. Instead they slapped as pretty standard Microsoft Licence claiming it's all theipr own work, similar to this one: https://support.microsoft.com/en-us/office/microsoft-softwar...

z3dd|1 month ago

This is just attention seeking, hard to imagine that after having worked there their best contact is a random person on HN.

colbythrowaway|1 month ago

I'm not an engineer, and no one should be getting the impression that anyone else is under the impression that HN is the place to seek an authoritative disposition about this. It is, though, an acceptable channel for the sort of collegial and informal heads-up that this is (and which is all that this is).

Your desire to condescend, however, is noted.