If this project has other contributors, imagine how betrayed they must be.
Opening the project as FOSS until it becomes popular and then closing it to make money is such a scummy tactic
Welcome to the Python community on the programming.dev Lemmy instance!
October 2023
November 2023
Past
July 2023
August 2023
September 2023
If this project has other contributors, imagine how betrayed they must be.
Opening the project as FOSS until it becomes popular and then closing it to make money is such a scummy tactic
Fork the last commit with a LGPL commit?
GPL mentions explicitly that it is irrevocable, where as LGPL doesn't mention anything about it. IANAL, but it looks like there is a case for irrevocable without violation of clauses by default https://opensource.stackexchange.com/questions/4012/are-licenses-irrevocable-by-default#4013
For people considering contributing to FOSS in the future, maybe check for irrevocable clauses? I wish licenses selectors https://choosealicense.com highlighted this part more clearly.
Also depends on the contributions terms.
If they were a traditional FOSS, they can't change the terms without all contributors agreeing or removing/modifying the contributed code so that they no longer have ownership of their authored sections.
Either way, it's a dick move.
Can't anyone just fork one of the LGPL versions and start a new project?
@fidodo @SkyNTP Sure, but unless that someone keeps it updated that fork will be useless soon. And that looks like a lot of (unpaid) work.
I like the project (was surprised to even see my user name in the contributor list) but stopped using it because I couldnβt get accessibility working (mainly no full keyboard shortcuts).
For me, buying a yearly developer license to have a few GUI pop-ups at work is something Iβll only consider if I run out of options.
Never sign over copyright. If they didn't, they can sue.
I've had to sign specific paperwork regarding copyright for just big projects, many smaller ones take contributions without paperwork, which would leave the rights with each contributor. They be better dot their i's and cross their t's, it just the legal fees could isnk them before making any money from the commercial license.
IANAL, just in case.
If any contributors haven't signed a contract letting them close the source, this opens them up to lawsuits.
Does the LGPL really allow that or did they make all the contributors agree to allow their code to be relicensed?
Previous versions licensed under LGPL will remain licensed as such. The current maintainers have no obligation to contribute distributing the older versions, but they aren't permitted to prevent others from distributing it or modifying or doing anything else that was permitted by the license.
And, yes, to change from GPL/LGPL to another license you would need all of the contributors to consent, or to rewrite the parts that were contributed by anyone who doesn't agree with the license change. Since it looks like there only one contributor according to the GitHub page, this probably wasn't too difficult.
Was there only ever one contributor? There's only one now, but all the old commits have been removed.
They apparantly had a police of not accepting merge requests or even code snippets.
Ahh huh, I wonder if this was the plan the whole time then
Hmm thatβs a scary conspiracy. Seems like checking that there are at least a handful of contributors needs to be part of adding new dependencies.
@ebits21 #PySimpleGUI #python #opensource
πΆ Another bites the dust. πΆ
Moves like this are a bit... strange? It was on github. There are 1.8k forks, with intact LGPL. What is happening here? Is their dev work worth 99$/year ? Not saying people don't deserve to get paid for their work. I'm just not seeing the business case for this.
They claim that not enough people donated, hence the change in licensing. But yeah, I donβt see the business case. I imagine commercial devs will just move on to something else.
Itβs just a wrapper for other GUI libraries.
That and Iβm sure itβll be forked.
Yeah, if people didn't think it was worth donating to before, they sure as shit aren't going to pay for it now that it's also closed source. What's their value prop even supposed to be here?
This set of actions (making non Foss and deleting Foss code) will essentially blacklist it from any company that has used it in the past.
Last place I was at the process for getting legal to review and sign off on specific versions of a Foss was about 6 months, with one of the fields on the form being alternatives.
Whether you are a Hobbyist User or Commercial User, you can start using PySimpleGUI at no cost. To get started with a 30-day trial period, first install Python and then
python -m pip install pysimplegui
...
You can try PySimpleGUI for 30 days, after which you will need to Sign Up. Hobbyist users sign up at no cost, and Commercial Users subscribe at $99/year. For more details, see PySimpleGUI.com/pricing.
How is this trial enforced?
How is this trial enforced?
Since it's now closed source and they distribute what is possibly/probably/presumably a binary blob, the same way all the others are enforced. With some kind of DRM date checking whatever.
Does pip really allow binary blobs? That effectively makes it zero security.
To be fair it has some valid use cases, take ruff for example.
But pip/pypi does not have any proper security at all, and just blocking binary blobs wouldn't make a difference when you can freely execute any python code during installation - Much like downloading an executable from any site online, you are expected to make sure you can trust whoever uploaded what you are downloading. You could say the same about other sites like GitHub too.
There is a fair difference still between source available and binary blob. The blob has essentially no chance of ever being audited.
Take a look at the Source Distribution files: https://pypi.org/project/PySimpleGUI/#files
As far as I can see, it's still all just Python.
binary blobs aren't really a security hole , since AFAIK the pypi team don't check every package for malicious code before they get shown publicly . it just shifts the trust from pypi to the library authors
The user has to have a key to use the software, no free account then no key after 30 days unless the developer paid for the key.
Although rug-pulls like this are dubious to say the least, neither should FOSS contributors be hauled over the coals simply because, to justify continuing to commit more and more time to a project. they need to generate some kind of revenue. If more FOSS advocates donated reasonable amounts of money to the projects they use, this kind of bollocks would be much less frequent, and the long term stability of projects would increase dramatically. Sadly, way to many people donate nothing. And way too many companies, as well.
This is so sad. I'm especially bothered about the force push to change history. This was a great library. Now I guess it's time to either use the fork or find something else.
The history change was probably to avoid violating the LGPL. If any contributors don't agree with the change (or you don't want to do the onerous task of getting consensus as required) you should remove their contributions from the work you make closed source as the contributions still come under LGPL until the original author consents to the change.
Or at least that's what people said here.
That's incorrect in that you have to remove the contributions from source code or get permission. Rewriting git history doesn't get permission or remove history. It just hides it.