from Hacker News

Winamp deletes entire GitHub source code repo after a rocky few weeks

by dangle1 on 10/16/24, 4:34 PM with 342 comments

  • by Calavar on 10/16/24, 4:54 PM

    We've lost a lot with the deletion of this repo. Not the code - that's already out in the ether - but the absurdist comedy of the issues, pull requests, and commit history of trying to piecemeal delete third party non-FOSS software.

  • by flamt on 10/16/24, 5:08 PM

    Here is a mirror of the repo, as of the last commit before it was deleted:

    https://git.cbraaten.dev/AtRiskRepos/winamp

    Also here is a git bundle file which can be cloned from:

    https://litter.catbox.moe/dwhadv.bundle

  • by fsflover on 10/16/24, 5:19 PM

    Related: https://news.ycombinator.com/item?id=41662105

    Winamp contained modified GPL code, violating the GPL (github.com/winampdesktop)

    18 points by mepian 19 days ago | 6 comments

  • by weinzierl on 10/17/24, 7:56 AM

    Someone found a prehistoric hand axe on their property. They realize it must have been one of the nicest hand axes of its time. They decide to donate it to a museum, so everyone can appreciate that marvel of human civilization.

    Being an extraordinarily nice axe, its original creator must surely have taken proper care of it and kept it clean, but over the years it clearly accumulated some dirt and a few modifications. Not wanting to damage an important historic artifact, the finder decides to leave the patina alone and donates the axe as found.

    The museum requires the donor to add an exhibit label. Unfortunately, the finder being Belgian and speaking only French, there is a severe misunderstanding about the purpose of the axe.

    On the day the exhibit is first shown to the public, hell breaks loose. People threaten to sue because the dirty prehistoric axe is against all regulations that apply to contemporary axes. Some attempts are made to remove the dirt, but only in a way that preserves the dirt, which enrages the other camp even more.

    Ultimately, the exhibit is withdrawn from the museum, but luckily many had a chance to make copies and 3D copies that they keep safely in their private collections.

  • by moomin on 10/16/24, 7:18 PM

    This, btw, is why open sourcing proprietary software rarely happens: you actually have to go to a fair amount of careful effort to get it right. If you don’t, you end up with this debacle.

  • by squarefoot on 10/16/24, 6:14 PM

    And here's another story to add to the book "How to shoot yourself in the foot by not knowing how the Internet and software licenses work", should anyone write that one day.

    Also, from one ArsTechnica link posted later in this story, one former dev told that the 4 WA Legacy developers were fired and soon he left too, so I guess they presumably had either no one or very few resources who knew that code and were in the best position to audit it before public release. This is not just shooting oneself in the foot; it rather looks like dancing on a landmine.

  • by Karellen on 10/16/24, 1:01 PM

    Hah, called it:

    https://news.ycombinator.com/item?id=41645867

    > Oh.... they vendored everything, including a bunch of external x86 binaries. 32- and 64-bit. FFS.

    > But also - I sure hope they got the licensing correct for those parts...

  • by francisofascii on 10/16/24, 7:22 PM

    This story is analogous to a landowner and a group of neighborhood kids. The landowner allows the kids to play baseball in his field, but then the kids complain the grass is not cut, they are playing late into the evening, a few kids vandalize damage his flower bed, and his lawyers tell him he will be sued if he doesn't make all these safety changes, and so the landowner says screw it and puts up a fence.

  • by mikeortman on 10/16/24, 6:17 PM

    It's wild to nitpick the licensing like this. I get why its conter-intuitive and in violation of Github's guidelines, but it's winamp, folk. It has no intrinsic value these days to update or fork outside of giving people the opportunity to learn from the tricks they had to do to make stuff work. There are solutions significantly better and open source today. 'Canceling' winamp in 2024 was not on my life's bucket list after the year 2000.

    There is hypocrisy here around internet archive, it's totally OK to store copy-write content on the archive, but its not OK when a company does so on their own.

  • by soulofmischief on 10/16/24, 5:37 PM

    Don't redistribute this software, but we're gonna redistribute some close-source software out of carelessness. Rules for thee, not for me.

  • by lolinder on 10/17/24, 1:58 AM

    > In seeking to remove offending files with a simple deletion instead of a rebase, Winamp kept it available to those who know Git mechanics

    "Those who know Git mechanics" in this case is talking about extremely simple Git mechanics. Those who know more advanced Git mechanics would know that even a rebase is not sufficient to solve the problem of having pushed up secrets.

    Aside from the obvious problem of all the forks and previously-cloned copies, the offending commits will still also be available on GitHub (at least until the next garbage collection), they'll just have the message "This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository."

    Any links that include the old hash will still be available online and will still turn up the code you tried to delete.

  • by VonGuard on 10/16/24, 5:07 PM

    This is a cautionary tale for preservationists. My current preservation project is still not open because we are very slowly reviewing the code to make sure we don't accidentally include any IP when we open the source code. The real things that get you are similar to what happened here: codecs, graphics libraries, and a really big one to look out for is fonts. It'd be great if there was a scanner that could detect this stuff, but unfortunately, the scanning tools out there tend to go the other way like Black Duck: they detect open source code, not closed source.

  • by abbbi on 10/16/24, 5:34 PM

  • by flatline on 10/16/24, 4:58 PM

    A little glimpse into what a lot of proprietary code bases look like - or at least did a couple decades ago.

  • by sureIy on 10/16/24, 5:05 PM

    I don't really understand why people complained.

    The source is open, if don't want to contribute, don't. Just because something doesn't fit a specific definition it doesn't mean it's not worth of existence.

  • by tdiff on 10/17/24, 7:02 AM

    I believe some people understimate how much huge number of companies dont care about OSS licenses and do what they want internally. Winamp was simply unfortunate to unveil it.

  • by pelorat on 10/16/24, 6:25 PM

    Plenty of people have copies of the source and the release was just a novelty really. There's no point in anyone actually forking, building and releasing new versions of Winamp as it has been surpassed by other "real" OSS players eons ago. Let's face it, the release was mostly for Internet historians.

  • by racked on 10/17/24, 9:35 AM

    It's a shame the GitHub repository got attacked by the kind of sexually frustrated perpetually-teenage crowd you normally see on 4chan.

    On the other hand, Radionomy's clear incompetence over the years sours me. Having the IP for all those years and laying it to waste, culminating in a half-assed attempt to open source it. It pains me to say as their intentions may be good at least in part, but one has to let Darwin get his way too.

  • by pxc on 10/17/24, 4:47 AM

    People are talking about the issues opened on GitHub as 'trolling' but honestly the license Winamp chose is itself an insult. From the license text via the Internet Archive:

    > The Winamp Collaborative License is a free, copyleft license

    also from that license text:

    > 5. Restrictions

    > No Distribution of Modified Versions: You may not distribute modified versions of the software, whether in source or binary form.

    Which means that the Winamp Collaborative License is neither free nor copyleft.

    What copyleft actually is:

    > Copyleft is a general method for making a program (or other work) free (in the sense of freedom, not “zero price”), and requiring all modified and extended versions of the program to be free as well.

    https://www.gnu.org/licenses/copyleft.en.html

    Releasing proprietary software is whatever. 'Shared source' and similar dilutions are one level of bullshit. Abusing and diluting the language of the free software movement is a step beyond that.

    This kind of 'open-source' is actively harmful to an exceptional degree and absolutely deserves to drown in ridicule. A lot of the mocking issues were unfocused or low-effort, but I can't really complain about their function or intent.

  • by paweladamczuk on 10/16/24, 8:40 PM

    "Proprietary packages from Intel and Microsoft were also seemingly included in the release's build tools"

    Can anyone speak to this? To me, it's the most interesting bit in this article. Does this mean Winamp developers had access to libraries of Intel/MS that are not publicly available?

  • by Communitivity on 10/17/24, 1:26 PM

    This is possibly why a number of Fortune 500 and government organizations avoid GPL like the plague. This whole debacle 'won' one battle for GPL licensing but set the war (and their stated ultimate goals) back by a significant amount. This event is a big topic among the devs where I work. It's reignited the 'we should make sure our policies state no use of GPL licensed code or libraries without the exception' (use of binary executables is unavoidable).

    In any online population, some people like to build the world (Aces), some like to rule the world (Kings/Queens), some like to watch the world burn (Jokers), and some spend all their time fire-fighting (Jacks). Corollary: There will always be jokers.

  • by theandrewbailey on 10/16/24, 11:52 AM

    I was afraid something like this would happen. Glad I downloaded the enitre repo soon after it was opened.

  • by childintime on 10/17/24, 1:23 PM

    When I try to search for Winamp on Github (without a login), I am blocked:

        Whoa there!

    You have exceeded a secondary rate limit.

    Please wait a few minutes before you try again;
    in some cases this may take up to an hour.
    Regular github browsing is ok, searches result in the above. For 4 hours now (without other any activity). Github is making it personal.

  • by jbverschoor on 10/16/24, 6:51 PM

    Tech and gaming communities are the most toxic ones ever

  • by AndyNemmity on 10/17/24, 2:33 AM

    Plutono just did too. I've been trying to find any information on the topic, and haven't found anything.

  • by fithisux on 10/17/24, 4:35 AM

    They should have asked help from the community to clean it and maintain it properly.

  • by Circlecrypto2 on 10/16/24, 5:11 PM

    Dang... The conversations must've been really entertaining.

  • by delduca on 10/16/24, 9:28 PM

    Once on the internet, always on the internet.

  • by bitbasher on 10/16/24, 6:36 PM

    Anyone have a mirror of it?

  • by arp242 on 10/16/24, 6:09 PM

    The trolling was ridiculous. I don't blame them.

    It was pretty clear that with "fork" they meant "don't create a WinAmp-ng fork" and not a "fork" in the "send a patch" GitHub sense. It's fine to point out "hey, I think your custom written license may need a bit of work!", but the amount of vitriol and hate over it (including on HN) was just ridiculous.

    It was one of those moments I was embarrassed to be posting here.

    And yes, they could have done better, sure. But instead of bringing in someone in the community you just chased them away. Well done everyone. Good job. Excellent result. A story to tell the grandchildren.

  • by AdmiralAsshat on 10/16/24, 7:41 PM

    Good job, team. Companies are sure to open source their legacy proprietary applications now after that warm reception.

  • by liquidpele on 10/16/24, 4:50 PM

    I’ll just leave this here. https://webamp.org/

  • by jfvinueza on 10/16/24, 7:16 PM

    The article mentions how deeply compressed the files we played were back then, but I'm pretty sure nowadays it's even worse.