[lindenksv85]

If you are putting up code on GitHub to which you don’t have all the rights you’re actually in violation of their TOS and you are violating the rights of other copyright holders. I understand this is common and may not violate community norms or expectations but it is technically a license violation on multiple fronts. Contributors who add to existing GitHub projects are providing the same license to GitHub as the project maintainer though per the TOS.

[jolmg]

> If you are putting up code on GitHub to which you don’t have all the rights you’re actually in violation of their TOS and you are violating the rights of other copyright holders.

I can't find where in the TOS it says that you must "have all the rights [to the code]". It just says that you must not violate copyright nor other laws.[1] FOSS licenses by definition permit redistribution, so uploading to GitHub seems to be in-line with the license granted by the copyright holders.

What are the violations you mention?

> Contributors who add to existing GitHub projects are providing the same license to GitHub as the project maintainer though per the TOS.

Sure, but that's not the only way. If you contribute to a FOSS project elsewhere, those changes go under the same license of the project. Whoever you pass those changes to has liberty to redistribute per the terms of the license. The TOS is unneeded to legally redistribute FOSS-licensed projects with GitHub.

The TOS saying that you must grant GitHub these permissions is only to protect GitHub in cases where people upload projects without licenses.

[1] in addition to content restrictions, like no porn.

[mr_toad]

> FOSS licenses by definition permit redistribution

Uploading to GitHub is not just redistribution, it’s relicensing. Whether that is permitted depends on the license.

[jolmg]

From the TOS[1]:

> If you upload Content that already comes with a license granting GitHub the permissions we need to run our Service, no additional license is required.

[1] https://docs.github.com/en/github/site-policy/github-terms-o...

[sudosysgen]

But legally, they can't provide such a license. So GitHub can't have that license, surely, because they never had the legal authority to bestow it upon Github.

[Animats]

A third party who finds their GPL code on Github but is not themselves a user of Github has a right of action. They're not bound by Microsoft's terms.

[AdamJacobMuller]

> is not themselves a user of Github

Is it that widely scoped? Can't we narrow it to "A third party who finds their GPL code on Github but has not uploaded that specific code to Github themselves has a right of action limited to that specific code."

Just because I created a github account once and agreed to the TOS doesn't mean that I agree to let others upload my code to github, where would that scope end. Could someone steal code off my computer which i've never published and put it on Github and that was OK because I once signed up for a github account, clearly a contrived example but.

[axiosgunnar]

You are correct

[lakecresva]

I'm not sure that someone who published their work under the GPL hasn't thereby given consumers the right to put the repo on github. If the rights Github asks for in their ToS can be construed as a subset of the rights granted by the GPL, Github is just another GPL licensee. Unless they violate the conditions of the license, they're just utilizing their GPL rights.

[eitland]

> Github is just another GPL licensee. Unless they violate the conditions of the license, they're just utilizing their GPL rights.

And here is exactly the problem.

GitHub seems to be copying copyrighted code left and right and pretend they made it!

No attribution, no license.

They are of course allowed to let their AI study the code, but as "employer" of that AI GitHub/Microsoft has a responsibility if that AI breaks copyright right and left and they as a company pretend the code is theirs to give away.

[dsr_]

With GPL rights come GPL responsibilities.

[eitland]

Agree.

[lindenksv85]

That was a problem before copilot though. And copyright holders have and will continue to have the right to send DMCA take-down notices if they like.

[CuriousCosmic]

But the thing to note is that a user can have a right to distribute (as with GPL) but does not necessarily have the rights to the license.

So if the user uploads the source to GitHub, they agree to the terms (which they may not actually have the rights to) but that isn't equivalent to the rights owner giving GitHub the rights to distribute the source under a different license.

The TOS can only modify those distribution terms (if it even can be found to be legally binding) if the user uploading the source is the rights owner which in so many cases is not the case.

[josephh]

I think the bigger question is whether GitHub will be able to honor DMCA requests that pertain to copyrighted materials showing up in Copilot's suggestions.

[joshspankit]

Are we entering in to a new realm where a DMCA (or DMCA-like) request can be filed to remove content from the training data for an AI (and likely cause it to require retraining)?

[rightbyte]

I guess the Github Copilot authors did not handpick projects they checked were legitimately put on Github. So they are accomplices in that case.

[filoleg]

YouTube doesn't really handpick things that get put on their platform either, beyond very basics and whatever automated tools they have to cover that.

Beyond that, that's what DMCA takedown requests are for. Github would only be an accomplice in that case, if they got a legitimate DMCA takedown request and chose to completely ignore it.

[account42]

If the TOS has been violated is irrelevant to the question if github has a license to the code. They may be able to take action against the uploader for damages, but ff the uploader does not have the rights to give them the license, they don't have a license.

[kzrdude]

Today is the first time I've considered that, but it's certainly something we should think about. If big projects moved on this, I think github would take notice and "issue a clarification".

[axiosgunnar]

Sure, perhaps the uploader could be sued, but this is irrelevant to the question whether Github ends up with valid rights. (the answer is no)