It's Apache licensed. Clause 4 does say some things about accreditation, etc.

IANAL, but simplifying the [what-I-call] legal enumeration, it says: "You must retain, in the Source form of any Derivative Works that You distribute, all copyright notices from the Source form of the Work".

Did you put any copyright notices in your work? If not, it may be too late, because they can continue to distribute the old version that did not have copyright notices.

There's also some requirements that they clearly identify anything they have changed, but I'm guessing they haven't changed much. Maybe their sneaky way of changing the branding would violate this? I don't know, IANAL.

If you believe they have not complied with this part of the license, then what they are doing is no different than hosting your copyrighted movie or book on GitHub and you can send a takedown request, sue for damages, etc. It may not be worth the cost though.

> Did you put any copyright notices in your work? If not, it may be too late, because they can continue to distribute the old version that did not have copyright notices.

This is not how copyright works. Without a license, default copyright law applies, and no one can make any copy of the code and profit from it, even if published on Github. Copyright protection is automatic under the Berne Convention, implemented by the US Copyright Act and EU Directive 2001/29/EC, meaning no registration or notice is required for protection.

I think the developer doing this is: https://github.com/obaraelijah

And it looks like he's done the exact same with a pen-testing project called Kraken: https://github.com/myOmikron/kraken-project

Probably trying to pad out his Github for freelancing.

Looks like he's also made everything non-public. Way too much bad publicity, so he'll probably do it again under a different organization. Cause now when someone searches for this "Sahomey Technologies" they find out he's blatantly copying github repos to pad his business.

On a side note, this person has 132 repos on his profile. They're probably trying to game the whole thing to make it seem like they have an active Github profile.

Let's hope Elijah Samson, AKA obaraelijah, AKA elly sam, AKA Sahomey Technologies, AKA Sahomey-Technologies will learn from this.

Oh wow, looks like he's also published it to the rust package repository.

The rabbit-hole deepens.

https://crates.io/crates/sahomedb/0.2.1

Also bragging about it on Medium: https://medium.com/@ellysam/introducing-sahomedb-a-high-perf...

Also another pseudonym or his "team": https://medium.com/@samowvance10/the-purpose-of-my-project-a...

At least searching for some of these entries links back to this HN post.

Yeah, it's so weird (and shameless).

Fake it 'til you ma^D^D go to prison (unlikely, I know).

I laughed a little at "Open Source Enthusiast". Seems like he's enthusiastic for the wrong reasons, and missing the point of open source

You may always put an "innocent" looking file into the output binary that states who is the actual authors. Say you may create AUTHORS file in your repo, but store a SHA512 of that file in some obscure file in resources e.g. META-INF/ArtifactSignId, don't automate this step in any way, do it manually. A lot of people that are mindlessly copy'ing your work will not bother doing anything more than remove some stuff & search'n'replace author name. Then you will have a proof in case this other fork gained popularity (not very probable) that it was stolen.

I would not stress over it until that other person sets up a project webside and starts a marketing campaign. Most probably it is only about making a good looking GitHub profile.

Yeah, I think they're just trying to ramp up the GitHub profile. But you're suggestion is some next level cool stuff there and I'll definitely keep it in mind.

This guy is also copying medium posts without attribution, first one I looked at:

https://awstip.com/using-nginx-as-an-api-gateway-ce7781c712b...

Stolen from: https://marcospereirajr.com.br/using-nginx-as-api-gateway-7b...

Nice find! This person is so blatant with their plagiarism, he doesn't even bother to change a thing.

Here's another one: https://medium.com/towardsdev/managing-complex-rust-workspac... Blatantly copied from: https://matklad.github.io/2021/08/22/large-rust-workspaces.h...

Another: https://towardsdev.com/understanding-and-implementing-enums-... Copied from: https://oliverjumpertz.com/blog/rusts-enums-explained/

And another: https://towardsdev.com/rust-what-inline-can-do-for-your-prog... Copied from: https://matklad.github.io/2021/07/09/inline-in-rust.html

More: https://towardsdev.com/idiomatic-caching-in-rust-133784ed114... Copied from: https://matklad.github.io/2022/06/11/caches-in-rust.html

Stop caring about this. You should be happy that people think your project is useful.

Yes. One part of me is a bit happy since people wouldn't just copy unknown & useless project

Yes. Don't be right. Be clever.

Your repo is licensed as Apache 2.0. It seems these guys MAY be in violation of that license. My first steps would be to fully understand the license you chose to apply to your original code, and then figure out if that's something you can report to GitHub for infringing.

Hey, thank you for your suggestion. I tried to read the license and if I'm not mistaken, they need to attribute the copyright to the original project, no?

It appears so. I have not personally gone with Apache before so I am not an expert.

For better or worse, your license is as good as your wherewithal to enforce it. This is a matter for your lawyers.

Yeah, that's probably true. I'm just an indie dev looking for a job and bringing lawyers into this probably wouldn't make sense for my situation.

I understand and empathize. At least the bad behavior doesn’t affect your ability to buy groceries and you probabaly have a better understanding of the bullshit in online discussions of software licenses.

People argue about licenses as if there are software license cops. There aren’t. Having money to pay lawyers to enforce your license is a reasonable reason to develop paid software.

Fork their project, add something giving your appropriate credit and create a pull request. If they merge it, problem solved. If not you can hit them with a take down notice if it really bothers you.

What is the difference between legitimately taking advantage of open-sourceness and plagiarism? Attribution? If so, try to contact them and ask them to put your name/link to each file derived from yours.

Thank you for the reply. This is my first time having this issue and I'm not quite sure either. I just think that giving credit where credit is due seems more ethical.

I will definitely try to contact them either via the repo issue or their Discord.

Someone copied a gist of mine from 2011, changed my name and made a blogpost about it.

Let them be, no point in wasting time worrying about small fraudsters. Cut them off and blacklist them so you will never have anything to do with them.

I recommend not to shame them publicly if you live in a country without freedom of speech (most of the world except from the USA) or they might have grounds for suing you for defamation (even if you are right and you can prove it).

Source: Someone scammed my landlord (and me) for tens of thousands and now he added me on LinkedIn. He's doing fine, probably doing some other real estate scams on top of some small BS companies that keep failing every 2-3 years (probably to avoid paying taxes). The police is not interested. The court case was dropped. Really tempted to out him online but lawyers don't recommend it. Justice is pretty weak in our times.

Sorry to hear that happen to you. I agree. I don't plan to escalate it. My current plan is to reach out to them and maybe report it to GitHub if ignored.

Not the first repo he is plagiarizing. One of the first things I see when visiting his profile:

https://github.com/obaraelijah/redis-proto

From:

https://github.com/dpbriggs/redis-oxide

But Elijah Samson / obaraelijah / elly sam has started removing or making repositories private now that he has been found out.

It seems like it. I'm curious as to why would he do this? Some people say that it's for portfolio to get a job. But wouldn't recruiter be able to tell that this is not their work?

I know it's not directly related to your question. But great work. Kudos for your project.

Hey, thank you so much for your kind words!

>> In every licensed file, original copyright, patent, trademark, and attribution notices must be preserved

Well, Edwinkys, it's your fault for not adding a copyright notice to each file. I recommend add one now at least, so future forks will have your name it it.

Something like this: https://github.com/aquarians/Public/blob/main/Aquarians/Back...

I see. I am not quite familiar with the legality of the licensing and stuff. I will keep this in mind for future reference.

Did they include your original copyright notice? If so, they're free to change the branding, name, contact information and so on - they simply forked your project.

Unfortunately not. I tried to find some form of attribution to the original project but I couldn't find any.

Then fill the DMCA form.

That is way too hostile for a first contact. It would be much better, at first, to politely ask them to comply with the license. If they ignore you, or refuse, then think about escalating.

Maybe. If it's just removal of the other info, then perhaps. If it's removal AND implying it's theirs? No, not too hostile at all, in that case.

Based on the commits, PRs, and issue history, they were all previous issues that exists in OasysDB. They changed the name of the contributors to their own.

For example, this is the PR in OasysDB by one of our contributors compared to theirs: https://github.com/oasysai/oasysdb/pull/43 https://github.com/Sahomey-Technologies/sahomedb/pull/9

I see. How should I do that? Report repository?

It looks like the person doing the copying didn't even bother to change the pictures properly (the background does not match). So I think if your great project lives on, this copy work is going to be just a bad and unsuccessful fork, maybe even one of few. Don't spend too much effort on this and just try to focus on your own project.

Yeah! That's what I noticed as well from the banner.

Have you attempted to put a issue on there repo and/or reach out privately?

That's a great idea! I will try that.