Comment by pabs3
3 years ago
Unfortunately the cloudflared software, while the source is available on GitHub, and there are pull requests open and accepted for it, is not under an open source license, and the license it is under does not allow modifications, so any modifications (including the aformentioned pull requests) are contrary to the license and thus copyright law and thus illegal. The issue I filed about this is still waiting for action since October 2021.
Hello from the Cloudflare team - thanks for the nudge. We're in the process of migrating away from the proprietary license to an Apache license. We'll update the GitHub issue too; should be wrapped up in the next couple of weeks but likely sooner.
Could you also provide an update on this issue about the Cloudflare open source contact address?
https://github.com/cloudflare/.github/issues/13
Excellent, thanks for the update. Apache isn't what I would have chosen but is reasonable enough.
Curious about this; is it the patent clause? What would you have picked - mit/bsd?
1 reply →
As someone who watches this space closely and recommends Cloudflare Tunnel regularly, this is fantastic news.
Do you know if it will be feasible to add Cloudflare tunneling to 3rd party Golang apps?
everyone believes that statement because?
Because in two weeks time if it's not done you can come back here and yell at me.
1 reply →
PS: I note cloudflared uses some form of telemetry, although I have not looked at what data is transmitted and didn't try to remove it after seeing the above license.
PPS: I wish cloudflared were split up into client and server instead of one binary for both, it would be easier to audit and understand that way.
PPPS: I noted while auditing that cloudflared embeds its dependencies instead of depending on them and uses some golang libraries that are obsoleted.
hearing this I'm not sure I want cloudflared inside my network at all
it's already vast... and telemetry always seems to be the thin end of the wedge
a minimal version, not maintained by the company, under a proper open source license with no bullshit and a vastly smaller attack service would seem like a easy win...
(and even better if it supported more service providers than just cloudflare... killing their lock-in)
Thanks for pointing this out as it does appear even taking the source and applying a pull request ones self does break the license.
Just to clarify: many pull requests have been accepted and would thus from my perspective be covered by the license as having become part of the software.
Caveat: did not dig deeply enough to check if it's mostly Cloudflare employees developing publicly, etc.
Edit: worth mentioning here on HN customer support as well that 'opensource@cloudflare.com' is misconfigured.
No, pull requests are not illegal, at least when done on Github, because by posting code on Github (that you are allowed to post) you grant Github and its users certain rights:
https://docs.github.com/en/github/site-policy/github-terms-o...
> By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).
That license doesn't allow modifications, which is what pull requests are. The forking thing is only about making copies, not modifications.
Not a lawyer, but it seems like it could be implied-in-fact that you're allowing people to submit pull requests if you publish on GitHub. https://en.wikipedia.org/wiki/Implied-in-fact_contract
I suppose you can modify the code, but not use it (compile) as such?
2 replies →
In this specific case you might be correct but in the general case this is not true. The uploader agreeing to something does not affect the rights of other authors than the uploader.
Breaking a contract is not illegal. Seems to be a common misconception.
Please explain? I've googled your sentiment and have found some links but not many answers. Breaking a contract is just as illegal (~ against the law) as breaking the law? This follows trivially from contract law being a part of law. More substantive: Both contracts and laws proscribe actions. One can find remedy for breaking either via the legal system. (Obviously the severity of punishment can differ several orders of magnitude.) Only if you limit 'illegal' to criminal law you might be right in some jurisdictions.
> This follows trivially from contract law being a part of law
That does not follow trivially. Contracts themselves are not articles of contract law.
5 replies →
Its copyright law that is being broken here that makes it illegal, not breaking the license/contract.
I think the misconception is between civil law and criminal law.
In civil law countries it is. Also you can be sued for it.
you may be interested on zSSH then. apache v2.
https://github.com/openziti-incubator
enables ssh without exposing sshd ports to the networks.
disclosure: founder of company who builds products on OpenZiti open source