You are not logged in.

#1 2011-03-24 14:21:47

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Tiny Core Fraud on Source Forge - A Slippery Slope

Just a story I wanted to share: http://www.raiden.net/node/331

Offline

#2 2011-03-24 14:27:40

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,148

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

Sourceforge can't just take down a project until its proven that it is a *fake*

I guess if the Tiny Core team is willing to put their names on a legal affidavit saying that they never uploaded Tiny Core on Sourceforge, then Sourceforge could contact the person who actually did and then go from there.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#3 2011-03-24 14:35:19

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

Inxsible wrote:

Sourceforge can't just take down a project until its proven that it is a *fake*

I guess if the Tiny Core team is willing to put their names on a legal affidavit saying that they never uploaded Tiny Core on Sourceforge, then Sourceforge could contact the person who actually did and then go from there.

If he was indeed asking for donations then it's a definite loophole. I wonder if FSF lawyers can be asked to help with this.

Offline

#4 2011-03-24 14:50:54

stqn
Member
Registered: 2010-03-19
Posts: 1,191
Website

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

Assuming that Tiny Core is licenced under the GPL, is it even illegal for someone to do that?

Offline

#5 2011-03-24 14:53:25

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,148

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

I am no GPL guru, but I would think that you can fork a project all you want, but you cannot use the same name which is what seems to have happened.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#6 2011-03-24 15:01:14

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

stqn wrote:

Assuming that Tiny Core is licenced under the GPL, is it even illegal for someone to do that?

That's why I called it a loophole. http://www.gnu.org/philosophy/selling.html

It may be a clueless person who wants to help some of his favorite projects by solicitation donations. He may not speak English very well etc. He may think "Well, you don't have to ask for permission to download this stuff, why would I need to ask for permission if I'm trying to help them?".

Or he may be a cynical cheater - and who said you have to be involved in the project to get money out of it? <big evil grin>

Offline

#7 2011-03-24 18:25:13

ANOKNUSA
Member
Registered: 2010-10-22
Posts: 2,141

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

My initial reaction, after doing about 20 minutes of research, is that this may well just be one seriously misguided individual who doesn't know what he's doing.  Maybe he's trying to bring knowledge of this project to a wider audience; perhaps he really is just a piss-poor con artist.  In any case,  it looks like he's not asking for donations (seems he was before, but he sure ain't now), and the "Support" tab now links to Tiny Core's homepage.  He's included several of "his" other projects as well, though, which as of yet might not be aware of this promotion (or scam, whatever it happens to be); he seems to be releasing "updates" as I type this, posting files and isos for aptosid, PuppyLinux, Grubinvaders and other projects and generating checksums for them.  My eyebrow's certainly raised.  There's also a project (Boothorn DistroOS) that Google traces back to him and him alone, and might be his Tiny Core spin-off.

Really, since it took all of two days for this to come to folks' attention and get called out, I'd say this is a testament to the vigilance, dedication and comradery of the FOSS community.  Although the witch-hunt mentality of some crying "bullshit" just rubs me wrong...  roll  Let's just see how this plays out.

Offline

#8 2011-03-24 20:12:36

Fruity
Member
Registered: 2009-12-16
Posts: 198

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

Inxsible wrote:

I am no GPL guru, but I would think that you can fork a project all you want, but you cannot use the same name which is what seems to have happened.

It's not been forked, the md5 of the real tiny core and the 'scam' tiny core are the same.

Surely though, it wouldnt be OK if I changed a logo, then called it fruity linux, to call the project mine?

Offline

#9 2011-03-24 21:37:29

ANOKNUSA
Member
Registered: 2010-10-22
Posts: 2,141

Re: Tiny Core Fraud on Source Forge - A Slippery Slope

Fruity wrote:
Inxsible wrote:

I am no GPL guru, but I would think that you can fork a project all you want, but you cannot use the same name which is what seems to have happened.

It's not been forked, the md5 of the real tiny core and the 'scam' tiny core are the same.

Surely though, it wouldnt be OK if I changed a logo, then called it fruity linux, to call the project mine?

It wouldn't really be ok--it'd be a real scumbag move, alright--but short of actually claiming the entire set of software that a distro consists of (or its unique tools) as his own, it's hard to find legal fault.  You could, for example, switch out to a different WM and wallpaper and call it your own "remix;" You could also make your own spin-off, either maintaining your own repos or asking for permission to use the originals.  As long as the source code is still available, credit is given and you're doing some work it should be fine.  This seems to happen with Debian/Ubuntu every 8 hours or so, and with regard to those distros (as well as SuSE, I believe) tools exist for users to do this.  But if you aren't doing the work to maintain a repo or update the .iso file, are asking for money and are deflecting people elsewhere for support?  Then there's a real problem.  What might come into legal play there is the stipulation in the GPL that requires an acknowledgement of the original source and changelog or "re-branding" after any modifications are made, so as to protect the reputation of the person(s) whose work you "borrowed" (I'm not gonna make any accusations at this point).  Frankly, my biggest concern with this issue isn't that it might be fraud for monetary gain, but that this guy might be modifying packages or .iso images and adding new checksums without documentation.  But since attention has already come to "his" projects, I don't foresee any serious issues arising from it.  And like I said: this could just be some naive person, uh... well, I'll just say "naive" for now.

EDIT: Can't say I really know what he's doing, but this is interesting:

<?xml version="1.0" encoding="UTF-8"?>
  <metalink xmlns="urn:ietf:params:xml:ns:metalink">
    <origin dynamic="true">http://sourceforge.net/projects/boothorn/files/images/archlinux/archlinux-2010.05-netinstall-dual.iso.meta4/download</origin>
    <file name="archlinux-2010.05-netinstall-dual.iso">
    <size>339738624</size>
    <hash type="md5">327f3865c7d1d785e62ff7f566a4fe7b</hash>
    <hash type="sha-1">06e2b80b365339a3c55b217e3b3ed01af43e58cc</hash>
    <hash type="sha-256">3a44e1f64020e4b227d975b00ee91d7781ef13df52527dcfa2933eed79538708</hash>
    <hash type="sha-384">f30ab4a63787cc6e1c17981cc2a35f0d5636e8afa90abe9e7fb693ec55f1d2e1a4b96267086d511375dfc4655191fe96</hash>
    <hash type="sha-512">f70ac04f6a11656575285f4ac49400f78bb8e7462f19dfa3c8dd126d01bbce179b2cab6072265d5af088129b2bf6a3b5c72aa737d0eeb1d652c31762adf339a6</hash>
        <metaurl mediatype="torrent" priority="1">http://www.archlinux.org/iso/2010.05/archlinux-2010.05-netinstall-dual.iso.torrent</metaurl>
        <url priority="10">http://distro.ibiblio.org/archlinux/iso/2010.05/archlinux-2010.05-netinstall-dual.iso</url>
    </file>
</metalink>

Last edited by ANOKNUSA (2011-03-24 21:46:42)

Offline

Board footer

Powered by FluxBB