This is theft

It’s not theft. Learn how open source software works before you start giving out 1 star reviews to one of the best WordPress plugins in the repo.

If this is theft, then making billions on the back of the FOSS without giving anything back then isn’t? How does that work in your head?

They literally hijacked this repo including all the reviews and install stats. That is absolutely not how open source works.

It’s literally not.

Here’s how this would not be theft: taking an existing plugin, forking it, and then starting from scratch with zero users and installs. That’s all good, and Automattic could have done that – and built up a user base quickly and effectively given their marketing reach and spend.

Taking an existing plugin and – by stealth – changing the name but leaving the slug intact so that you’ve effectively switched 2m+ users from Plugin1 maintainer (trusted) to Plugin2 maintainer (dodgy as f*** right now) is theft. And it’s equivalent to a supply chain attack too, a security risk.

Matt has a point about big commercial entities giving back to O/S. But this is a shitty, awful way of going about things and any sympathy I and the community might have had for his position is rapidly disappearing.

I like how you carefully talked around the point I made earlier for your own convenience:

If this is theft, then making billions on the back of the FOSS without giving anything back then isn’t? How does that work in your head?

Jasper

Anyway, you will keep ACF/SCF installed and in one week you won’t even remember this. Then after a month you’re like ah what the heck, Matt was right and you remove this appaling “review”.

Anyway, you will keep ACF/SCF installed and in one week you won’t even remember this. Then after a month you’re like ah what the heck, Matt was right and you remove this appalling
“review”.

Jasper

I think the people who had their businesses and websites disrupted by this will surely remember it?

Using basic analysis of the situation you can see that this was not done in an ethical manner. It has also discredited the years of work and effort by Elliot Condon.

@studiotwee I have (or in fact – had) some sympathy for MM’s point. I think there is nuance – and it’s certainly disingenuous for anyone who claims that WPE don’t give anything back – they do. I do agree that commercial entities should contribute more back. But that’s an ethical should and not a legally enforceable should.

But – any sympathy I did have has been entirely removed by MM’s actions and the rapidity with which he’s carried them out. This whole last couple of weeks has shown how fragile WordPress (the org) is. We apparently have a single figure who can literally at will turn off a feed to a competitor (let’s not forget that subtle little wrinkle here…) and then in a completely underhand way take probably the most important plugin in the ecosystem and shift its ownership in the way I’ve described above. This is not healthy, and your defence of his actions is similarly abhorrent.

@studiotwee

You’ve mention guideline 18. These guidelines are IMO not in line with current circumstances so yes, I would definitely call this theft.

1. This is definitely not a fork, it’s a (hostile) takeover.
2. They didn’t just take over, they rebranded.
3. The reason they gave is a recent (small) security issue which ACF has already patched for some time. ACF was denied access to the repo to be able to upload it here… This is just plain gaslighting to public.

Now to be clear, I’m definitely not pro WPE.
But as @dmje also already stated, actions like these are not acceptable in any situation, regardless of a fight between these two companies (who IMO are both in fault here).
From my point of view, also taking into account the history between these two giants, this whole fight is clearly about money and has nothing to do with open-source.

• This reply was modified 1 month, 1 week ago by Jory Hogeveen.

If this is theft, then making billions on the back of the FOSS without giving anything back then isn’t?

@studiotwee

Making money based on FOSS and giving nothing back is perfectly fine. I agree that it is unethical and is a major issue in FOSS, but this is absolutely besides the point in this discussion.

This discussion is about the fact that if I hit “update”, I no longer receive the code that I expect, from the developer that I expect, but I receive some altered code from a developer without any experience in maintaining this plugin.

It was a move from a single person, and the fact that this single is willing to take over a plugin in the repository as he sees fit is very concerning.

—

Imagine this happening on npm? Imagine Meta getting into a legal dispute with Microsoft (the owners of GitHub, who in turn own npm), and Microsoft responding by directing GitHub to ban all Meta employees from accessing their repositories. And then Microsoft just takes over the official React repository, pointing it to their own Super React fork. This is the kind of crazy we’re talking about.

https://world.hey.com/dhh/open-source-royalty-and-mad-kings-a8f79d16