How do people find out or know whether your repo which is having MIT or apache or AGPL license is being used by a corpo and profiting from it and not making the code open source or paying license fees?

  • AnarchistArtificer@slrpnk.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    “vendored my library”

    I’m unfamiliar with this phrase, are you able to explain what it means (or point me towards an explanation)? Is it relating to forking?

    • maynarkh@feddit.nl
      link
      fedilink
      arrow-up
      3
      ·
      5 months ago

      It means, at least in the golang world, that they keep a copy of your source for themselves and use it for builds. They don’t pull from the public repo every time they build their stuff, so malicious code could only get in with new versions, but they check for that.