We’ve seen RIAA take down on Youtube-dl, Nintendo taking down fan projects, Github/Gitlab banning Iranian developer over dispute with USA and an angry somebody who is out for blood trying to take down somebody’s project with false DMCA take down (Remind you of YouTube DMCA anyone? No?)
Let’s be real here, Github and Gitlab are going to end up behaving the same thing as YouTube is doing with DMCA take down and that the fundamental problem with the law that isn’t going to be fixed in the next 2 lifetimes. Why would anyone want to subject themselves to the legal mess and repercussion over this?
We already know that TOR is already purpose built for privacy so it’s good enough for this. So it bring us back around to why aren’t we discussing/setting up Gitea on TOR as a hidden service to step-side the entire legal dilemma and repercussions for above?
One of the issue I recognize with this is, how are you supposed to trust the release/source code posted on hidden service which have a very sketchy reputation?
It’s simple, you don’t.
But there ARE ways that you can use to verify that the code is legit and one of them is by making sure the source code repository commits are signed by the authors which can lessen the work you have to do to ensure that code aren’t fiddled with by hostile actors, but at the end of the day, you still need to audit the source code or have someone you trust to verify that the code is legitimately safe to use.
To be honest, this actually isn’t any different from source code being posted on Github or Gitlab, it just that gitlab/github have a better marketing, there are basically nothing stopping people from posting malware and malicious code on github and that have in fact been done repeatingly in the past.
I am not a lawyer, so this is in no shape or form a legal advice, just an opinion from an internet user.
From what I understand, yep, you can argue that somebody copied your work and uploaded onto an anonymous platform and if somebody copied your work from there, the licensed work is still copyrighted to you regardless of where it’s uploaded to. You can do legitimate work and if someone copied your work onto another project in anonymous fashion, you can’t reasonably be responsible for whatever other project does with your code if your code was originally used for legitimate purpose, it’s like blaming Linux Kernel for helping run malware botnet.
Yep, but at the end of the day, what are your options anyway? If by any consolation, each new generation of users are becoming more tech literate, so there’s that. That’s the trade off for all of the above, maybe those technically illiterate users can trust other third party to package and sign binary that were built from such anonymous source code repository.