- That Linux lawsuit: 20 years later, SCO vs IBM may finally be ending
- 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities: Unit 42
- Fedora Linux 35 Beta makes its first appearance
- Technology skills in demand, 2021: cloud, with a twist of open source
Ex-President Donald Trump and his associates have been accused of many crimes, but here’s a new one. The Software Freedom Conservancy (SFC), a non-profit organization that promotes open source software and defends open source licenses such as the Gnu Affero GPL version 3 (AGPLv3) license, has accused the Trump Media and Technology Group of violating the AGPL by illegally copying the Mastodon social network source code for its Truth Social social network beta.
Here’s how it worked, as Bradley M. Kuhn, a free software activist and SFC Policy Fellow and Hacker-in-Residence, sees it.
Early evidence strongly supports that Trump’s Group publicly launched a so-called “test site” of their “Truth Social” product, based on the AGPLv3’d Mastodon software platform. Many users were able to create accounts and use it — briefly. However, when you put any site on the Internet licensed under AGPLv3, the AGPLv3 requires that you provide (to every user) an opportunity to receive the entire Corresponding Source for the website based on that code. These early users did not receive that source code, and Trump’s Group is currently ignoring the very public requests for it. To comply with this important FOSS license, Trump’s Group needs to immediately make that Corresponding Source available to all who used the site today while it was live. If they fail to do this within 30 days, their rights and permissions in the software are automatically and permanently terminated. That’s how AGPLv3’s cure provision works — no exceptions — even if you’re a real estate mogul, reality television star, or even a former POTUS.
Mastodon is free and open source software for running self-hosted social networking services. Anyone can use it, as Kuhn observes: “The license purposefully treats everyone equally (even people we don’t like or agree with), but they must operate under the same rules of the copyleft licenses that apply to everyone else.” But, if you use it, you must release the source code or make it possible for users to get the code; Trump and his cronies didn’t. It’s that simple.
The AGPLv3 is one of the less commonly used open source licenses. It’s explicitly designed to ensure that the operator of a network server that provides a service, such as a social network, must provide the source code of the modified version running there to its users.
It’s pretty simple really, but mistakes were made. Once made aware of the issue; however, the site was taken down. But that’s not good enough.
As Kuhn pointed out, the site was live and early users did set up accounts. Whether they wanted it or not, these users did not receive that source code nor were given an option to get it. “And Trump’s Group is currently ignoring their very public requests for it.”
If I may make a suggestion, obey the law, release the code. And, while they’re at it since I doubt very much that Trump et al. want the source code to their tightly restricted and highly-controlled social network to be made public, they hire someone to write a proprietary social network for the site. Good luck with that. Almost all social networks are now built around open-source software.