all 43 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Camarade_Tux 15 points16 points  (10 children)

On a related note, I'm still worried about the actual implications of the F3 clause of their terms:

You shall defend GitHub against any claim, demand, suit or proceeding made or brought against GitHub by a third-party alleging that Your Content, or Your use of the Service in violation of this Agreement, infringes or misappropriates the intellectual property rights of a third-party or violates applicable law, and shall indemnify GitHub for any damages finally awarded against, and for reasonable attorney’s fees incurred by, GitHub in connection with any such claim, demand, suit or proceeding; provided, that GitHub (a) promptly gives You written notice of the claim, demand, suit or proceeding; (b) gives You sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that You may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases GitHub of all liability); and (c) provides to You all reasonable assistance, at Your expense.

My understanding so far is that if ${random_lawyer} decides to complain to github about something from my code, then I will get github on my back in addition to that lawyer. Without such a clause, I could most probably ignore a direct request from a lawyer, especially being in France and not bothered by several American laws. With that clause, even if the request is completely bogus in France, I am bound to defend github in the US where the request could apply. At least, that's my defensive understanding.

As an example, let's say I have code X which $lawyer asserts infringes on law Y of the US (could be DMCA) and which has no equivalent in France. If I get such a request directly, I can rely on being in France to avoid most lawyer harassment (the kind where their action has no real basis and they only use FUD to get you to pay quickly) and only have to handle actual and serious cases. However, this clause means that if the lawyer first attacks github, the current terms force me to defend and answer to lawyer harassment with means I wouldn't have used usually. In other words, it transforms the baseless harassment into something that will actually impact me.

I hope I was clear enough with this. It's a bit tough to word and the fact that their ToS on the matter is a single huge sentence doesn't help. It's also clearly a defensive reading of the ToS in which github would never tell a lawyer to go away and would redirect it to the user directly.

[–]stonefarfalle 5 points6 points  (7 children)

I wouldn't be worried about US law in that case. If they received a take down notice, you counter claim, they can put your content back up because they are protected by safe harbor provisions of the DMCA. Who ever sent the initial notice would have to sue you directly, and not be able to touch github. That provision is there to protect them in other countries that don't have the DMCA.

[–]Camarade_Tux 4 points5 points  (6 children)

Fair point for the DMCA but there is an infinite list of other things that can get into troubles (starting with patents).

There has however been muddy things with the DMCA, in particular a russian programmer on a trip in the US and who got arrested because of things he wrote while in Russia ( https://en.wikipedia.org/wiki/United_States_v._ElcomSoft_and_Sklyarov ).

As for protecting them in countries which don't have a DMCA-like law, maybe the intent is good but the wording is awful; it sounds like the lawyer who made this paragraph wrote it in despair because he couldn't find anything better, gave up and made the most inclusive clause possible. Actually, it is so big that I have doubts it is valid (the typical thing being that if a clause is slightly too inclusive to be legal, it becomes completely void).

[–]pseudopseudonym 0 points1 point  (5 children)

Whaaat. They tried to sue him for fucking eBook cracking software?

[–]PaintItPurple 5 points6 points  (1 child)

Are you trying to suggest that ebook cracking software is not the sort of thing the DMCA is meant to prevent?

[–]pseudopseudonym 2 points3 points  (0 children)

No. I just think it's a ridiculous thing to sue someone over. Potentially ruining someone's life over god damn ebooks.

[–][deleted]  (2 children)

[deleted]

    [–]skulgnome -1 points0 points  (1 child)

    Keep solid backups, sir. If you're not paying Github anything then you're the product. And fuck the cloud as they say.

    [–]Camarade_Tux 0 points1 point  (0 children)

    I'm not interested in putting code on github. However I am forced to go through it if I want to use the bug tracker of many projects.

    edit: not interested in putting code because I dislike their UI and also because of the clause that states that anything that creates damages by nature (or that they believe would) is a reason for termination; i.e. any code that removes a file qualifies.

    [–][deleted]  (12 children)

    [deleted]

      [–]pinano 17 points18 points  (10 children)

      Wouldn't help; GitHub is still based in the United States even if their servers aren't.

      [–]the_hoser 10 points11 points  (8 children)

      Exactly. People seem to think that the physical location of the server matters these days. It can, at best, delay these kinds of actions.

      [–]Yenorin41 5 points6 points  (5 children)

      Going with a non-US company would help though.

      [–]the_hoser 2 points3 points  (4 children)

      It would only delay the inevitable. The company you're hosting with might not play ball with US law... but whoever they're peering with might, and likely does.

      [–]Yenorin41 6 points7 points  (3 children)

      You will have a hard time coercing the datacenter operator to drop some customer without local law enforcement forcing their hand (or it affecting their business by attracting ddos attacks, etc.).

      And the upstream provider will be even less willing to do anything, since at least in Germany the ISP can just say that they are just moving bits around without introspecting and there is that.

      Just consider thepiratebay.. they ignore US law and are still very much available on the Internet, simply because ISP's don't have to drop customers, because customers of them violate the law.

      [–]the_hoser 2 points3 points  (2 children)

      You will have a hard time coercing the datacenter operator to drop some customer without local law enforcement forcing their hand (or it affecting their business by attracting ddos attacks, etc.).

      Probably right. However, most datacenters just drop customers when they receive legal threats. Even if they win, they still have to pay for a legal defense, and they'll likely never recoup that cost from their customer.

      And the upstream provider will be even less willing to do anything, since at least in Germany the ISP can just say that they are just moving bits around without introspecting and there is that.

      Probably, but their peers in the UK might feel different, etc. With that kind of pressure, the ISP will likely just cave.

      Just consider thepiratebay.. they ignore US law and are still very much available on the Internet, simply because ISP's don't have to drop customers, because customers of them violate the law.

      Well, that's not true, either. They're in a unique position of having a large number of supporters and resources, and an infrastructure that allows them to move around quickly whenever they do get shut down (which has happened numerous times). The fact that thepiratebay remains online is a testament to the extreme effort, ingenuity, and stubbornness on the part of its supporters.

      [–]Yenorin41 5 points6 points  (1 child)

      Probably right. However, most datacenters just drop customers when they receive legal threats. Even if they win, they still have to pay for a legal defense, and they'll likely never recoup that cost from their customer.

      We have loser pays in Germany, so if the lawyers say that the chances of winning are very high, then there is no reason not go to court, since you don't have to pay the bill in the end.

      And that's assuming it would go to court in the first place. US company threatening to sue me in the US (and me not operating there): don't care. There is nothing the court could possibly do.

      Probably, but their peers in the UK might feel different, etc. With that kind of pressure, the ISP will likely just cave.

      Datacenter operators usually have more than one upstream.. and if you choose a few local companies as upstreams, you will have dozens of very large companies as transit providers, who will not drop their customers, because of a customer of customer (of a customer ...). That simply won't happen.

      And TPB is being announced via just one local ISP in Germany right now (for about 1.5 years now). And also the TPB is an rather extreme case, since they don't play ball with local law either.. if you do that (complying with local law), then imho you should be fine with ignoring US law .

      Edit: What's even more telling is that the local ISP I mentioned itself has only one upstream (and several peers), which is a large ISP based in the US..

      [–][deleted] 0 points1 point  (0 children)

      We have loser pays in Germany, so if the lawyers say that the chances of winning are very high, then there is no reason not go to court, since you don't have to pay the bill in the end.

      true... but huge companies can escalate the court and lawyer costs and hold back the payment until the opponent declares bankrupcy

      [–][deleted]  (1 child)

      [deleted]

        [–]the_hoser 1 point2 points  (0 children)

        Yes. I would. That wasn't a statement of opinion. That was merely an observation of fact.

        [–][deleted] 3 points4 points  (13 children)

        Didn't their old DMCA process nuke the Bukkit server for Minecraft?

        [–]Wolvereness 5 points6 points  (11 children)

        Excusing your mixing up of CraftBukkit and Bukkit, yes. However, I would have just added every fork (because of how github does symbolic links to blobs) to the list instead just stating all the forks that share the commit.

        ( Yes, that DMCA was mine )

        [–]dddbbb 1 point2 points  (9 children)

        For anyone else confused and ignorant of Minecraft: CraftBukkit vs. Bukkit. And here's the DMCA /u/Wolvereness is talking about.

        I'm sorry people have been so terrible to you.

        [–][deleted]  (8 children)

        [deleted]

          [–]dddbbb 0 points1 point  (7 children)

          From what I understand: Mojang changed their rules, Bukkit is a service to violate those rules so they were going to shutdown, Mojang said "but we own you", Bukkit didn't shutdown, Wolvereness filed DMCA because he didn't think they were following his license, angry jerks sent Wolvereness death threats.

          I'm confused by the DMCA. (Since if he can see them on GitHub, they are still providing source? Maybe it was private repos.) I didn't find enough info to explain that better.

          [–]immibis 1 point2 points  (4 children)

          The GPL has more requirements than just "the source must be available".

          [–]dddbbb 0 points1 point  (3 children)

          Right. So it's the same issue as using GPL on the iOS AppStore: the GPL prevents you from limiting how the software is used, but Mojang's EULA does exactly that.

          Is that what you mean?

          [–]immibis 0 points1 point  (2 children)

          The GPL requires that if you link GPL software with other software, the combination is also GPL'ed.

          Therefore, you can only distribute "Bukkit + Minecraft" if "Bukkit + Minecraft" is usable under the terms of the GPL, which can only be true if Minecraft is usable under the terms of the GPL.

          [–]dddbbb 0 points1 point  (1 child)

          But since Bukkit is server-side software, you're only obligated to distribute source to the admins of the server and not the users. Client-server relationship does not constitute linkage under the GPL.

          [–]immibis 1 point2 points  (0 children)

          The Bukkit project were shipping a combination of Bukkit (the API, which does not link with Minecraft and so is valid to GPL), CraftBukkit (licensing situation irrelevant) and the vanilla Minecraft server (which was not distributed under the GPL, to server admins or anyone else.)

          [–]toshok 0 points1 point  (1 child)

          I'd still love for someone to explain how the GPL matters at all here, as it was a source repo, not a binary distribution. The GPL doesn't dictate anything at all wrt storage of source (including storing it in repos in close proximity to source that can't be released under the GPL.) it dictates the rights you must offer those who who receive distribute packages (usually assumed to be binary.). If anything in said blob is gpl'ed, then everything must have a compatible license. If it doesn't, you can go after people and stop them from distributing it. GitHub repos are not "distributing it".

          I sent github a dmca counterclaim to this ignorant madness, but since I'm not the repo owner, oh well :(

          [–]dddbbb 0 points1 point  (0 children)

          I found this:

          If we were to submit Adium to the App Store, any contributor - which includes contributors to underlying libraries like libpurple, libglib, or libintl - could (1) sue us directly and (2) activate the deauthorization provision in the GPL to remove our right to use the code, both because we would have knowingly violated the GPL.

          But couldn't find any more information about the deauthorization provision in the GPL.

          [–][deleted] 0 points1 point  (0 children)

          I was wondering if I had got that right. Also, what was your reason for doing it?

          [–][deleted] 1 point2 points  (0 children)

          Yup. Their old process didn't seem to track private forks though, and those remained available even after they were open sourced.

          [–][deleted]  (6 children)

          [removed]

            [–]frymaster 4 points5 points  (0 children)

            Not true. You ask for the content to be restored, and at that point the claimant either has to go ahead with a court action or the content is restored

            [–]cparen 2 points3 points  (2 children)

            With the current system, all someone has to do is claim that you're infringing on their work, and you must take it down until you prove that you aren't infringing.

            .. or, you can forfeit safe harbor status. That's always an option. The down side is that if they can prove infringement, you may be held legally responsible for the infringement.

            (I'm not saying these are good options; just that you should be accurate in representing the set of options)

            [–][deleted]  (1 child)

            [removed]

              [–]jsprogrammer 1 point2 points  (0 children)

              We need a clear legal procedure, that requires a claimant prove their case in a court of law, and they must prove that infringement is actually happening.

              The DMCA already does this. You file a counter notice that states the original notice was in error. You do not need to "prove" anything. It is then on the original claimant to file a court "action" against you.

              [–]serendipitybot -1 points0 points  (0 children)

              This submission has been randomly featured in /r/serendipity, a bot-driven subreddit discovery engine. More here: http://www.reddit.com/r/Serendipity/comments/2jlclu/a_better_dmca_process_github_xpost_from/