I recently (less than 2 months ago) did an in-depth analysis in the area of license compliance that suggests that Microsoft and many other companies that are shipping Electron apps aren't in compliance with the LGPL. (By all signs, it looks like the Electron project might not even be aware that Electron is subject to the LGPL, though they are. Even Slack, which isn't violating the license appears to be in compliance only incidentally—because they're shipping other LGPL components that they know are LGPL.)
I was set to leave the company I was at a couple weeks later (end of November), and I did, so there haven't been any developments with my investigation/findings since I departed. I haven't prepared or published a formal write-up, and I've only brought it up in a semi-public setting once. It's a pretty big deal, though. Could you raise this with Microsoft legal (not Electron/GitHub) and suggest they look into this?
I had a brief look at the docker image, and it's pretty clearly a repackaged version of OpenConnect. Debian's copyright linked to from https://packages.debian.org/sid/openconnect says it's primarily LGPL but with a plethora of other licences like the GPL.
Since there is GPL they are required to make some source available, and if they modified it they are required by the LGPL to make their modifications available. They have extended it by adding Microsoft's authentication mechanisms, but perhaps that is just a DDL mixin, and I could well believe / forgive them not being aware of the other licences.
What is not so easy to forgive is them not acknowledging the open source they used in any way. Instead they slapped as pretty standard Microsoft Licence claiming it's all theipr own work, similar to this one: https://support.microsoft.com/en-us/office/microsoft-softwar...
Scant on details, sure, but hard to parse, not really.
The problem is folks this thread seemingly taking a interlocutory approach that can be summarized as, "That which is not explicitly denied can be freely assumed to be true."
(Then throw on top of that, "Depending on how committed you are to your grandstanding, that which is explicitly denied can be conveniently ignored.")
I'm not an engineer, and no one should be getting the impression that anyone else is under the impression that HN is the place to seek an authoritative disposition about this. It is, though, an acceptable channel for the sort of collegial and informal heads-up that this is (and which is all that this is).
Correct, that was my intent - Ben isn't the proper channel as he is just an engineer responding to comments here. Stuff like this is serious and so should be escalated.
The guidance you offer here remains as necessary and is as appreciated now as it was the first time. Rest assured that I am capable and well-informed about how to proceed with these sort of things. Warm regards.
I think it would be interesting for people if your comment was a little more specific about what the issue is. Is this about ffmpeg as raised here: https://github.com/electron/electron/issues/34236 ?
I recently (less than 2 months ago) did an in-depth analysis in the area of license compliance that suggests that Microsoft and many other companies that are shipping Electron apps aren't in compliance with the LGPL. (By all signs, it looks like the Electron project might not even be aware that Electron is subject to the LGPL, though they are. Even Slack, which isn't violating the license appears to be in compliance only incidentally—because they're shipping other LGPL components that they know are LGPL.)
I was set to leave the company I was at a couple weeks later (end of November), and I did, so there haven't been any developments with my investigation/findings since I departed. I haven't prepared or published a formal write-up, and I've only brought it up in a semi-public setting once. It's a pretty big deal, though. Could you raise this with Microsoft legal (not Electron/GitHub) and suggest they look into this?