Apr 21, 2025
5 min read
Three years ago, I was part of a team responsible for developing and maintaining Kubernetes clusters for end user customers. A main source for downtime in customer environments occurred when image registries went down. The traditional way to solve this problem is to set up a stateful mirror, however we had to work within customer budget and time constraints which did not allow it. During a Black Friday, we started getting hit with a ton of traffic while GitHub container registries were down. This limited our ability to scale up the cluster as we depended on critical images from that registry. After this incident, I started thinking about a better way to avoid these scalability issues. A solution that did not need a stateful component and required minimal operational oversight. This is where the idea for Spegel came from.
As a sole maintainer of an open source project, I was enthused when Microsoft reached out to set up a meeting to talk about Spegel. The meeting went well, and I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers. I continued discussions with one of the Microsoft engineers, helping them get Spegel running and answering any architecture questions they had. At the time I was positive as I saw it as a possibility for Micorosft to contribute back changes based on their learnings. As time went on, silence ensued, and I assumed work priorities had changed.
It was not until KubeCon Paris where I attended a talk that piqued my interest. The talk was about strategies to speed up image distribution where one strategy discussed
12 Comments
glenngillen
Hey, this sucks. Unfortunately the MIT license doesn't do much to prevent this and (I think?) their licensing transgression is they haven't kept "Copyright (c) 2024 The Spegel Authors" in the LICENSE file. I suspect if you call them out on it that'll be the remediation.
Did you manage to reach out to any of the people at MSFT you originally spoke to to ask wtf?
diggan
> As a sole maintainer of an open source project, I was enthused when Microsoft reached out to set up a meeting to talk about Spegel. The meeting went well, and I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers.
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
– https://news.ycombinator.com/item?id=23331287 – The Day AppGet Died (keivan.io) 1930 points | May 27, 2020 | 550 comments
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.
benwilber0
Don't use one of the most permissive licenses in existence and certainly not one that doesn't provide copyleft. This is all very well established at this point and yet somehow the GPL seems to have gone out of vogue.
keepamovin
[delayed]
hardwaresofton
The future continues to be AGPL
https://vadosware.io/post/the-future-of-free-and-open-source…
hresvelgr
While Microsoft is certainly in the wrong for removing the copyright notice, I think the author has zero basis for complaint otherwise. If you're going to release software with one of the most permissable licenses, you need to accept that for all it entails. Consider what you're comfortable with and pick an appropriate license relative to your values.
koiueo
> I default to using the MIT license as it is simple and permissive
What's good about being "permissive"?
I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
AGPLv3 still allows forking, still allows making profit (if your business model is sane). But it is at least backed by some prominent figures and organizations, and there are precedents where companies were forced to comply.
asdefghyk
Microsoft does, it because they know they can get away with it. Its in Microsofts DNA in my opinion. The company has a long history of such practices, decades. Occasionally they meet someone who has a enough clout to hold them to account. Sometimes they have even tried to copy patented information and get away with it.
skywhopper
Not just forked. Microsoft stole the code without attribution, violating the license terms. Truly shameful behavior. Best case, it was a single engineer who was tasked with duplicating the functionality, but chose the lazier, fraudulent route and was even too lazy to clean things up entirely. Still, MS should own up, correct the record, and make this right.
CommenterPerson
Could people say they used "AI" to build the new code?
martin-t
I wish people would seriously consider GPL for their projects more often. It hasn't happened here, though has certainly happened in the past without anyone knowing – GPL would make it hard for them to make a closed source "fork".
In fact, I wish an even stronger license existed which allowed the original author to dictate who can build on top of the project to avoid exactly these kinds of situations where a powerful actor completely disempowers the authors while technically following the license (I assume MS will "fix" their error by fixing the licensing information but will continue to compete with Spegel with the intent to make it irrelevant).
ryao
Failing to abide by the MIT license is copyright infringement. My advice is to contact these guys:
https://softwarefreedom.org/
They likely can file a cease and desist on your behalf.