this post was submitted on 13 Oct 2024
33 points (100.0% liked)

Programming

17354 readers
612 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Kissaki@programming.dev 10 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

What a mess.

URL is still advanced-custom-fields, but then named Secure Custom Fields. Translations and source repo still map to the old name. It definitely is a takeover, not a "fork" in the classic, established sense.

The problem with the takeover is, of course, that the original publisher still develops, publishes, and sells their original plugin. Their official website now serves their own version with their own update source.

So you kinda don't but also have to rename it to avoid confusion.

I think a rename to something different is wrong and confusing though. It should add a disclosing addition, like "(Taken Over)" or "Adjusted" or "WPorg edition".

A supposed, partial rename is confusing. No information in the README is confusing, intransparent, and disingenuous. No clarity in the release notes is confusing.

Simply freeing previously and still sold pro features, without disclosing that fact, is very questionable. Not fair to the developers and certainly not transparent to the community.

Clearing the changelog and release log documentation, removing previously available information, is questionable as well.


I see in the readme.txt file that the plugin is licensed under GPL.

So the changes are permissible. And being able to do so is certainly a strength of the FOSS license.


My biggest issue is that they remove information, and rename without indication. It should be transparent and, within context and concerns, fair. Not like this.


Looking at the commit log:

6 days ago, 6.3.6.1 was tagged with

Security - ACF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)

14 hours ago, 6.3.6.2 and rename

  • Security - Harden fix in 6.3.6.1 to cover $_REQUEST as well.
  • Fork - Change name of plugin to Secure Custom Fields.

It also removes is-pro and pro-license-active checks, but fails to disclose so in the release notes.

Effectively, it frees pro functionalities.

It also removes all previous change log and release information.

[–] Kissaki@programming.dev 6 points 3 weeks ago

A strength of the GPL is that the community can fork projects, and "take them over" that way.

At the same time, and this instance is such a case, on a centralized platform, projects can be taken over instead of be forked.

They developed and published a plugin. Now it's been taken over by someone else, on the primary distribution and discovery platform, and they have no control over it. Worse than that, the takeover now offers their sold functionalities for free.

This makes the "open source but not free, but after two years true FOSS licensed" licenses look very useful if not necessary for businesses and developers that want to monetize. At the very least when they [have to] use centralized platforms.