That's what open source is, isn't it? Anyone can use it, including hackers, NSA, etc. Why is it surprising that they, like nearly every other technology company, depend on open source software?
# This tool may be used for legal purposes only. Users take full responsibility
# for any actions performed using this tool. The author accepts no liability
# for damage caused by this tool. If these terms are not acceptable to you, then
# do not use this tool.
#
# In all other respects the GPL version 2 applies:
"The JSLint license is a derivative of the MIT License. The sole modification is the addition of "The Software shall be used for Good, not Evil.""
The story (transcript from a conference):
"About once a year, I get a letter from a lawyer, every year a different lawyer, at a company – I don’t want to embarrass the company by saying their name, so I’ll just say their initials – IBM…
[laughter]
…saying that they want to use something I wrote. Because I put this on everything I write, now. They want to use something that I wrote in something that they wrote, and they were pretty sure they weren’t going to use it for evil, but they couldn’t say for sure about their customers. So could I give them a special license for that?
Of course. So I wrote back – this happened literally two weeks ago – “I give permission for IBM, its customers, partners, and minions, to use JSLint for evil.”
[laughter and applause]
And the attorney wrote back and said: “Thanks very much, Douglas!”"
1) The intent behind the original license doesn't match with what the author intends. This seems to be the likely case. But, there is also the second issue to look at.
2) The violation of the license, assuming the source code was not shared with the clients. This is a direct violation, and through the common use of the term theft when it applies to copyright violation, it matches. Basically, if you don't adhere to my license, you don't have a right to use my code, and as a result, you've effectively "stolen" it.
People like to pretend that even MIT style licenses don't have requirements. They do, and you can violate that license, and by violating, you never had the right to use that code.
Basically...
> Anyone can use it, including hackers, NSA, etc.
Incorrect. Anyone who abides by the license can use it. While that might not seem onerous, it's an important distinction to make. So, considering the code in discussion was licensed under a GPL license (one of them, not sure which), one wonders if they were abiding by the license.
"2) The violation of the license, assuming the source code was not shared with the clients. This is a direct violation, and through the common use of the term theft when it applies to copyright violation, it matches. Basically, if you don't adhere to my license, you don't have a right to use my code, and as a result, you've effectively "stolen" it."
Because you know that the nation states who used the services of this company didn't also receive the source code to the tools, correct?
The intent behind the original licenses doesn't matter. One of the repos[0] had two licenses the Apache License 2.0 and the LGPL v2.1. If that means it is open source then it is fair play as I don't have the time nor the expertise to go through both licenses. You know who probably didn't either, Hacking Team. They are professional hackers and even if they straight up stole the code the main way they would be caught is if their code leaked. In that scenario, an angry dev would be/currently is the least of their problems.
If it is on Github and it is worth using, it will get used. Good and bad people use open source software, it is a just a tool, totally neutral.
The intent does matter when answering the original question of why this is surprising. It's because the original author released the code under a license that gave freedoms they didn't intend. It's the original developer suddenly being surprised, and they realize the mistake they made in choosing the license they used.
https://raw.githubusercontent.com/portcullislabs/ssl-cipher-...