PySimpleGUI is now closed-source
(github.com)
from ebits21@lemmy.ca to python@programming.dev on 18 Feb 2024 13:34
https://lemmy.ca/post/15665231
from ebits21@lemmy.ca to python@programming.dev on 18 Feb 2024 13:34
https://lemmy.ca/post/15665231
Previously LGPL, now re-licensed as closed-source/commercial. Previous code taken down.
Commercial users pay $99/year, free for personal use but each user has to make a free account after a trial period.
#python
threaded - newest
Does the LGPL really allow that or did they make all the contributors agree to allow their code to be relicensed?
Previous versions licensed under LGPL will remain licensed as such. The current maintainers have no obligation to contribute distributing the older versions, but they aren’t permitted to prevent others from distributing it or modifying or doing anything else that was permitted by the license.
And, yes, to change from GPL/LGPL to another license you would need all of the contributors to consent, or to rewrite the parts that were contributed by anyone who doesn’t agree with the license change. Since it looks like there only one contributor according to the GitHub page, this probably wasn’t too difficult.
Was there only ever one contributor? There’s only one now, but all the old commits have been removed.
They apparantly had a police of not accepting merge requests or even code snippets.
Ahh huh, I wonder if this was the plan the whole time then
Hmm that’s a scary conspiracy. Seems like checking that there are at least a handful of contributors needs to be part of adding new dependencies.
…
How is this trial enforced?
Since it’s now closed source and they distribute what is possibly/probably/presumably a binary blob, the same way all the others are enforced. With some kind of DRM date checking whatever.
Does pip really allow binary blobs? That effectively makes it zero security.
Sure, and it’s really nice for big compiled projects to not have to compile that on every update.
binary blobs aren’t really a security hole , since AFAIK the pypi team don’t check every package for malicious code before they get shown publicly . it just shifts the trust from pypi to the library authors
To be fair it has some valid use cases, take ruff for example.
But pip/pypi does not have any proper security at all, and just blocking binary blobs wouldn’t make a difference when you can freely execute any python code during installation - Much like downloading an executable from any site online, you are expected to make sure you can trust whoever uploaded what you are downloading. You could say the same about other sites like GitHub too.
There is a fair difference still between source available and binary blob. The blob has essentially no chance of ever being audited.
Take a look at the Source Distribution files: pypi.org/project/PySimpleGUI/#files
As far as I can see, it’s still all just Python.
They injected some binary code to make a code object (and in doing so inject some obfuscation)… if someone wants to violate the new license, they can easily work around it via installing through pip, commenting out that license check… Not that I endorse library license violations.
I put up packages on pypi with the last LGPL code versions for my own usage. I don’t plan on updating them much, but they work for me.
PySimpleGUI-4-foss And psgtray-foss.
The user has to have a key to use the software, no free account then no key after 30 days unless the developer paid for the key.
@ebits21 #PySimpleGUI #python #opensource
🎶 Another bites the dust. 🎶
Moves like this are a bit... strange? It was on github. There are 1.8k forks, with intact LGPL. What is happening here? Is their dev work worth 99$/year ? Not saying people don't deserve to get paid for their work. I'm just not seeing the business case for this.
They claim that not enough people donated, hence the change in licensing. But yeah, I don’t see the business case. I imagine commercial devs will just move on to something else.
It’s just a wrapper for other GUI libraries.
That and I’m sure it’ll be forked.
Yeah, if people didn’t think it was worth donating to before, they sure as shit aren’t going to pay for it now that it’s also closed source. What’s their value prop even supposed to be here?
How else do you expect their time to be paid for?
Donations?
@HKayn This may sound cold hearted and I swear I'm not:
There is no obligation for the world in general to pay someone for open source software. (right now)
Everyone should think long hard about writing software and donating time and effort because of this.
I don't like this state of things, I would prefer some kind of "general usefulness" tax financed grant thing.
And this is exactly why the dev of PySimpleGUI did what they did.
Whether they have a business case will depend on what happens on those forks. Will they be as maintained as the original was?
Sounds like entitlement to me
It’s quite entitled and dishonest to expect free beta-testing, marketing, and clout from the use of FOSS as a shortcut for your product.
If you are sincere then you should know what you are getting into when you create that license.txt with LGPL terms on it.
Either show us where they voiced this expectation, or stop talking out of your ass.
Right, people usually carry a banner stating their intentions clearly and unambiguously.
The entire FOSS community works for very little compensation. You’re not special. Read the fucking room. A lot of people spend their free time building cool shit to share with the community. You’re a prick if you think that you’re in the right calling people in the FOSS community entitled.
Everyone can see your mental state degenerate in real time. You’re unable to stop yourself from flinging insults with every comment you type, be it here or in the other thread where you’re currently losing a debate.
Donations can give you hobby money. Not “multi-millionaire, going to retire” money. If people who start FOSS projects don’t want to admit that, then they are just looking for free popularity/shortcut to success. They can stop abusing the FLOSS community just so they can make a quick buck.
Hey, A lot of people spent their precious free time to look at your project, test it out, and talking about it to their colleagues. How are you going to pay us for wasting however many minutes or hours of time spent on your supposedly open source project before you did the bait-and-switch?
(By “you” I meant the developer.)
If this project has other contributors, imagine how betrayed they must be.
Opening the project as FOSS until it becomes popular and then closing it to make money is such a scummy tactic
Never sign over copyright. If they didn’t, they can sue.
I’ve had to sign specific paperwork regarding copyright for just big projects, many smaller ones take contributions without paperwork, which would leave the rights with each contributor. They be better dot their i’s and cross their t’s, it just the legal fees could isnk them before making any money from the commercial license.
IANAL, just in case.
Fork the last commit with a LGPL commit?
GPL mentions explicitly that it is irrevocable, where as LGPL doesn’t mention anything about it. IANAL, but it looks like there is a case for irrevocable without violation of clauses by default …stackexchange.com/…/are-licenses-irrevocable-by-…
For people considering contributing to FOSS in the future, maybe check for irrevocable clauses? I wish licenses selectors choosealicense.com highlighted this part more clearly.
Also depends on the contributions terms.
If they were a traditional FOSS, they can’t change the terms without all contributors agreeing or removing/modifying the contributed code so that they no longer have ownership of their authored sections.
Either way, it’s a dick move.
Can’t anyone just fork one of the LGPL versions and start a new project?
If any contributors haven’t signed a contract letting them close the source, this opens them up to lawsuits.
Bruh. This is why I hate all the open source license that are not GPL. Are not free software. I am not bother to pay for it. But I am bother to not see the code :(
Only to a certain extent.
The problem is that a lot of software is very complex and requires full-time development/maintenance. It’s simply not possible to work on stuff for free unless this is just a hobby and you can sustain yourself with a main job.
The main thing I have a problem with this instance is the following sequence of events
This tells me:
Yeah if you really care about FOSS you should use GPL and not MIT BDS and a multiple license. Because at the end of the day the code can became close source in just a second. That is the point of GPL and the Foss. I am willing to pay with money because I can. But I am not willing to pay with trust.
What? The GPL would have offered no more protection for this exact scenario than the LGPL (or any other license for that matter).
Can anyone recommend a good alternative?
PyQt.
Ah yes, the complete opposite of “simple” with 20x the boilerplate. Pysimplegui was alternative to pyqt for a good reason.
This set of actions (making non Foss and deleting Foss code) will essentially blacklist it from any company that has used it in the past.
Last place I was at the process for getting legal to review and sign off on specific versions of a Foss was about 6 months, with one of the fields on the form being alternatives.
The amount of people who feel like they’re entitled to the previous code and are calling the license change scummy make me sick.
This developer put their own free time into this project, they made sure to not accept anyone else’s code, and they understandably felt they deserve to be paid for their time. Whether this was a smart move is another matter entirely.
The one case where I can understand being upset is if you donated shortly before this happened. But otherwise, you should really reflect on how you’re giving back to the people who make the tools you feel oh so entitled to.
Fuck off
You don’t have any good counterarguments, so you resort to insults.
I wanted to elaborate, but then decided that a simple fuck off is much more appropriate and gets to the gist of the content, you know?
That’s assuming you have something to elaborate with in the first place.
You’ll know best how far that attitude gets you.
Read my comment and enlighten all of us on how stealing free testing work from the community under the pretense of “open source” is not entitlement? How is this project going to compensate users for beta testing their software for free?
fuck off isn’t really an insult.
The previous code exists under an irrevocable open source license, so they are entitled to it. Also, fuck off.
Is the license revoked because the dev deleted the previous code on their side?
Of course it isn’t. At least have your points make sense if you’re gonna behave like an ass.
No, it’s not, because it’s irrevocable
But you’re not sick at the fact that they licensed it as LGPL just to get their product popular and then said “I got the eyeballs I wanted, time to milk this!”
When your code is open source the expectation is that you are sharing code with people for free so that the community can enjoy the work and hopefully you gain respect and popularity as your product matures and a lot of people utilize it. People might even fund you for your hard work if you become popular enough. Maybe a whole new product gets developed on top of your product and you become important. That’s how a lot of successful open source projects work.
If you are entitled to quick success, we are entitled to our ideology around FLOSS.
So they just wanted people to test their product and market them for free? Who’s entitled here?
(Also that argument is not going to work in court when people sue them for violating LGPL terms)
What about the compensation for people who beta-tested this product for free and recommended them to others?
The giving back part is increasing respect, popularity, and a community of contributors who will grow YOUR product for free. Don’t act like this small project is a gift from God.
Also, the author literally didn’t accept contributions. That just means they were looking for free marketing and eyeballs. As soon as it was convenient for them to pull the rug they did so without even thinking about the community. Who’s the scumbag, you tell me?
Show us where the dev said exactly that.
You are not entitled to anything. The dev simply released their work with a license that allows others to use it freely. Nothing more, nothing less.
Again, show us where they vocalized exactly that.
What compensation were they expecting?
So far you’ve done nothing but put a whole bunch of malicious words into this developer’s mouth.
Apparently you want me to point out where I took the developer’s words but intentions are not words. You’re deliberately trying to argue that I am accusing the dev of things they did not do, but that’s not true. I am only arguing on their actions and assigning motive to their actions which I make clear in all my comments.
You’re the one who is calling people entitled for expecting LGPL code to be FOSS. I am merely replying to your comments.
You’re asking me to show me where the dishonest person admitted to being dishonest.
I wonder if you typed that with a straight face. If so then you are wildly out of touch with how FOSS and the democratization of FOSS development works.
You use words like “entitled” as a derogatory term when you clearly don’t understand that yes, the community is entitled because that’s how these FOSS licenses work. And people have every right to be upset when the status quo changes for a project they have also helped develop and helped get popular.
So either you are trolling, or you are clueless. Either way you should be ignored and this is as much time I’m going to waste writing this comment.
What exactly did the FOSS community lose right there?
They can still use the versions that were licensed to them. The forks are right there.
However, you are not entitled to the dev distributing those versions for you.
Actually the LGPL legally binds the dev to distributing those versions. So you’re just a troll. I am done replying to you but it has been fun watching you try to justify shit in the name of compensation.
You’ve been unable to back up a single thing you said in this conversation with proof.
You had to walk back your accusations towards the dev, and you’re unable to actually point to the passage in the LGPL that supposedly binds the dev.
All you’re able to do at this point is call me a troll. You’re a parasite in the FOSS community who expects the work of others to be provided to them for free in perpetuity, and it pains you to realize it can be taken away from you.
You’re a dumbass who can’t read and doesn’t understand foss.
And that’s how we know you’re out of arguments.
Who’s we here? You’re getting downvoted to oblivion because of your hostility. I am merely replying in kind.
Do you know if there were any other contributors to the project? I’ve always held the view that the tail of contributors should prevent relicensing under incompatible terms.
It’s a shame you are being downvoted, although I don’t (mostly) agree with you, I feel your opinion contributes positively to the discussion.
The previous code was released under lgpl so…. Yeah if you can find a copy of it you are entitled to it. That was the developer’s choice.
Taking all the old code down with a force push to GitHub suddenly is a bit futile since obviously there are ways to get the old source.
I’m not against developers getting paid, but there’s definitely a ‘rug-pulling’ aspect to this situation that leaves a bad taste.
I hear mojo a callin
This is so sad. I’m especially bothered about the force push to change history. This was a great library. Now I guess it’s time to either use the fork or find something else.
The history change was probably to avoid violating the LGPL. If any contributors don’t agree with the change (or you don’t want to do the onerous task of getting consensus as required) you should remove their contributions from the work you make closed source as the contributions still come under LGPL until the original author consents to the change.
Or at least that’s what people said here.
That’s incorrect in that you have to remove the contributions from source code or get permission. Rewriting git history doesn’t get permission or remove history. It just hides it.
Although rug-pulls like this are dubious to say the least, neither should FOSS contributors be hauled over the coals simply because, to justify continuing to commit more and more time to a project. they need to generate some kind of revenue. If more FOSS advocates donated reasonable amounts of money to the projects they use, this kind of bollocks would be much less frequent, and the long term stability of projects would increase dramatically. Sadly, way to many people donate nothing. And way too many companies, as well.
If previous code was lgpl then anyone with a git repo can simply reupload it to git and continue the project under a different name.
To whomever owns this project: fuck you for taking the work of multiple people and just taking it for yourself.
Booo