[btilly]

"You can in general never retroactively change a license, so their usage back then was certainly valid."

No, it wasn't. It was reasonable, but not valid.

They were using copyrighted code without permission from the copyright holder, relying on a false claim. The false claim gave them no right to use the copyrighted code, and will not protect them if the copyright holder sues them. However the fact that they were acting in good faith and had no idea is likely to help them when it comes to damages. And furthermore if they got sued, then they would have the right to sue the author of the gem whose false claim got them in trouble.

If the original author wanted to claim damages under GPL from Rails, he would have to do so via the gem's author. And even then: What damages?

I have no idea why you think that the copyright holder would have to go to the gem's author to sue about a copyright violation. Furthermore damages are not the only thing you can sue for. See https://www.lib.purdue.edu/uco/CopyrightBasics/penalties.htm... for a list. That statutory minimum of $200 per infringement can add up really fast when you're generating copies electronically.

[smarx007]

I think MIT license only claims the code I wrote is provided under MIT (that's why you also have to include a NOTICES file listing other library licenceses in addition to the LICENSE file). It's not like they put MIT header and their name on that XML file.

> then they would have the right to sue the author of the gem whose false claim got them in trouble

I think this is where a useless all-caps text comes handy:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND [...] AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Noninfringement is mentioned right there. It literally says that I DO NOT promise you that my code that I license to you under MIT (in good faith, ofc) does not infringe anyone's rights.

[btilly]

You have a point, but it is not as absolute as the license suggests.

The problem is that a license is overridden by local law if there is a conflict. For example suppose that there is a law saying there is an implied warranty that goods sold are yours to sell, and you sold a stolen good "as is". In that case the law wins and the buyer can still sue you for having sold tem stolen goods.

And as https://www.klemchuk.com/legal-insights/warranty-against-inf... explains, a common local law is an implied warranty against infringement on others' intellectual property. Which a copyright violation would qualify as.

As always, I am not a lawyer, and this is not legal advice. If something like this arises in practice, you should consult a lawyer familiar with the laws of the venue that the case will be decided in to find out whether any laws apply, and to what extent the generic liability disclaimer won't actually provide protection.

[onli]

> They were using copyrighted code without permission from the copyright holder, relying on a false claim.

Again, that does not seem to have been the case here.

> I have no idea why you think that the copyright holder would have to go to the gem's author to sue about a copyright violation.

1. It depends where you are, which jurisdiction gets applied. Might explain the different expectation. 2. It'd be the gem author that created an unlicensed derivative work, not anyone else directly. Have fun claiming damages, copyright infringement or anything for indirect usage in such a good faith situation. I really think that wouldn't fly, but again, might depend where you are.

[btilly]

Again, that does not seem to have been the case here.

Again? Not sure where you said it. But the copyright holders in question are the authors of shared-mime-info, and they certainly never gave permission for their work to be used by Rails in the way that it was.

It depends where you are, which jurisdiction gets applied. Might explain the different expectation.

I'm in the USA. But I'm pretty sure that what I said is generically true.

It'd be the gem author that created an unlicensed derivative work, not anyone else directly.

Copyright is triggered by downloading unlicensed copies. And lots of people other than the gem author did that.

An unlicensed derivative was created by anyone who used Rails and wrote code that did mime detection - for example they were handling uploaded files.

It is an open question whether these cases are worth litigating, and what would be decided in court. They might well decide that there isn't enough creative work in the compilation for the file in question to have copyright protection at all. But in the meantime it would be a generally good idea to treat the issue seriously, and to accept that lots of people are potentially liable here. (Even if, in all probability, none will suffer more than a temporary inconvenience as the dependency is removed.)

[onli]

> Again? Not sure where you said it

Here, it was in the comment (and not an edit :) ):

> It would be further be complicated by the file in question being a database file. You typically can not license databases in a meaningful way under GPL. Even if you could, reading a GPL'd database has no chance of carrying GPL code obligations over to the consuming program.

But I actually just wrote again because I made that point in another subthread, no criticism implied.

[btilly]

Not so fast in that claim.

First of all the infringing file is https://github.com/minad/mimemagic/blob/master/script/freede.... Sure, it is in XML. But it contains a tremendous amount of free-form text, specific sets of pattern matching rules for the data types, and so on. It is a compilation of sometimes original research on the best ways to detect file types. Ruby has other mime libraries. The reason why this one was chosen is that its detection algorithms make better choices. And the reason that they make better choices is that they copied the decision rules from a GPLed project.

But even if it were a simple compilation, it still is not guaranteed that there is no copyright. See https://en.wikipedia.org/wiki/Copyright_in_compilation for an introductory article on what can and can't be copyrighted about a compilation. And one of the elements that matters is creativity in the selection of the material. A set of rules with a lot of "look for this" while leaving out various reasonable thats that don't work so well shows considerable creativity.

That said, a judge may decide otherwise. You never know until a judge decides. But I would not presume that there is no copyright interest to be had here.