Here is a mirror of the repo, as of the last commit before it was deleted:
https://git.cbraaten.dev/AtRiskRepos/winamp
Also here is a git bundle file which can be cloned from:
Related: https://news.ycombinator.com/item?id=41662105
Winamp contained modified GPL code, violating the GPL (github.com/winampdesktop)
18 points by mepian 19 days ago | 6 comments
Someone found a prehistoric hand axe on their property. They realize it must have been one of the nicest hand axes of its time. They decide to donate it to a museum, so everyone can appreciate that marvel of human civilization.
Being an extraordinarily nice axe, its original creator must surely have taken proper care of it and kept it clean, but over the years it clearly accumulated some dirt and a few modifications. Not wanting to damage an important historic artifact, the finder decides to leave the patina alone and donates the axe as found.
The museum requires the donor to add an exhibit label. Unfortunately, the finder being Belgian and speaking only French, there is a severe misunderstanding about the purpose of the axe.
On the day the exhibit is first shown to the public, hell breaks loose. People threaten to sue because the dirty prehistoric axe is against all regulations that apply to contemporary axes. Some attempts are made to remove the dirt, but only in a way that preserves the dirt, which enrages the other camp even more.
Ultimately, the exhibit is withdrawn from the museum, but luckily many had a chance to make copies and 3D copies that they keep safely in their private collections.
This, btw, is why open sourcing proprietary software rarely happens: you actually have to go to a fair amount of careful effort to get it right. If you don’t, you end up with this debacle.
And here's another story to add to the book "How to shoot yourself in the foot by not knowing how the Internet and software licenses work", should anyone write that one day.
Also, from one ArsTechnica link posted later in this story, one former dev told that the 4 WA Legacy developers were fired and soon he left too, so I guess they presumably had either no one or very few resources who knew that code and were in the best position to audit it before public release. This is not just shooting oneself in the foot; it rather looks like dancing on a landmine.
Hah, called it:
https://news.ycombinator.com/item?id=41645867
> Oh.... they vendored everything, including a bunch of external x86 binaries. 32- and 64-bit. FFS.
> But also - I sure hope they got the licensing correct for those parts...
This story is analogous to a landowner and a group of neighborhood kids. The landowner allows the kids to play baseball in his field, but then the kids complain the grass is not cut, they are playing late into the evening, a few kids vandalize damage his flower bed, and his lawyers tell him he will be sued if he doesn't make all these safety changes, and so the landowner says screw it and puts up a fence.
It's wild to nitpick the licensing like this. I get why its conter-intuitive and in violation of Github's guidelines, but it's winamp, folk. It has no intrinsic value these days to update or fork outside of giving people the opportunity to learn from the tricks they had to do to make stuff work. There are solutions significantly better and open source today. 'Canceling' winamp in 2024 was not on my life's bucket list after the year 2000.
There is hypocrisy here around internet archive, it's totally OK to store copy-write content on the archive, but its not OK when a company does so on their own.
Don't redistribute this software, but we're gonna redistribute some close-source software out of carelessness. Rules for thee, not for me.
> In seeking to remove offending files with a simple deletion instead of a rebase, Winamp kept it available to those who know Git mechanics
"Those who know Git mechanics" in this case is talking about extremely simple Git mechanics. Those who know more advanced Git mechanics would know that even a rebase is not sufficient to solve the problem of having pushed up secrets.
Aside from the obvious problem of all the forks and previously-cloned copies, the offending commits will still also be available on GitHub (at least until the next garbage collection), they'll just have the message "This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository."
Any links that include the old hash will still be available online and will still turn up the code you tried to delete.
This is a cautionary tale for preservationists. My current preservation project is still not open because we are very slowly reviewing the code to make sure we don't accidentally include any IP when we open the source code. The real things that get you are similar to what happened here: codecs, graphics libraries, and a really big one to look out for is fonts. It'd be great if there was a scanner that could detect this stuff, but unfortunately, the scanning tools out there tend to go the other way like Black Duck: they detect open source code, not closed source.
shares some insights:
https://arstechnica.com/civis/threads/winamp-really-whips-op...
A little glimpse into what a lot of proprietary code bases look like - or at least did a couple decades ago.
I don't really understand why people complained.
The source is open, if don't want to contribute, don't. Just because something doesn't fit a specific definition it doesn't mean it's not worth of existence.
I believe some people understimate how much huge number of companies dont care about OSS licenses and do what they want internally. Winamp was simply unfortunate to unveil it.
Plenty of people have copies of the source and the release was just a novelty really. There's no point in anyone actually forking, building and releasing new versions of Winamp as it has been surpassed by other "real" OSS players eons ago. Let's face it, the release was mostly for Internet historians.
It's a shame the GitHub repository got attacked by the kind of sexually frustrated perpetually-teenage crowd you normally see on 4chan.
On the other hand, Radionomy's clear incompetence over the years sours me. Having the IP for all those years and laying it to waste, culminating in a half-assed attempt to open source it. It pains me to say as their intentions may be good at least in part, but one has to let Darwin get his way too.
People are talking about the issues opened on GitHub as 'trolling' but honestly the license Winamp chose is itself an insult. From the license text via the Internet Archive:
> The Winamp Collaborative License is a free, copyleft license
also from that license text:
> 5. Restrictions
> No Distribution of Modified Versions: You may not distribute modified versions of the software, whether in source or binary form.
Which means that the Winamp Collaborative License is neither free nor copyleft.
What copyleft actually is:
> Copyleft is a general method for making a program (or other work) free (in the sense of freedom, not “zero price”), and requiring all modified and extended versions of the program to be free as well.
https://www.gnu.org/licenses/copyleft.en.html
Releasing proprietary software is whatever. 'Shared source' and similar dilutions are one level of bullshit. Abusing and diluting the language of the free software movement is a step beyond that.
This kind of 'open-source' is actively harmful to an exceptional degree and absolutely deserves to drown in ridicule. A lot of the mocking issues were unfocused or low-effort, but I can't really complain about their function or intent.
"Proprietary packages from Intel and Microsoft were also seemingly included in the release's build tools"
Can anyone speak to this? To me, it's the most interesting bit in this article. Does this mean Winamp developers had access to libraries of Intel/MS that are not publicly available?
This is possibly why a number of Fortune 500 and government organizations avoid GPL like the plague. This whole debacle 'won' one battle for GPL licensing but set the war (and their stated ultimate goals) back by a significant amount. This event is a big topic among the devs where I work. It's reignited the 'we should make sure our policies state no use of GPL licensed code or libraries without the exception' (use of binary executables is unavoidable).
In any online population, some people like to build the world (Aces), some like to rule the world (Kings/Queens), some like to watch the world burn (Jokers), and some spend all their time fire-fighting (Jacks). Corollary: There will always be jokers.
I was afraid something like this would happen. Glad I downloaded the enitre repo soon after it was opened.
When I try to search for Winamp on Github (without a login), I am blocked:
Whoa there!
You have exceeded a secondary rate limit.
Please wait a few minutes before you try again;
in some cases this may take up to an hour.
Tech and gaming communities are the most toxic ones ever
Plutono just did too. I've been trying to find any information on the topic, and haven't found anything.
They should have asked help from the community to clean it and maintain it properly.
Dang... The conversations must've been really entertaining.
Once on the internet, always on the internet.
Anyone have a mirror of it?
The trolling was ridiculous. I don't blame them.
It was pretty clear that with "fork" they meant "don't create a WinAmp-ng fork" and not a "fork" in the "send a patch" GitHub sense. It's fine to point out "hey, I think your custom written license may need a bit of work!", but the amount of vitriol and hate over it (including on HN) was just ridiculous.
It was one of those moments I was embarrassed to be posting here.
And yes, they could have done better, sure. But instead of bringing in someone in the community you just chased them away. Well done everyone. Good job. Excellent result. A story to tell the grandchildren.
Good job, team. Companies are sure to open source their legacy proprietary applications now after that warm reception.
I’ll just leave this here. https://webamp.org/
The article mentions how deeply compressed the files we played were back then, but I'm pretty sure nowadays it's even worse.
We've lost a lot with the deletion of this repo. Not the code - that's already out in the ether - but the absurdist comedy of the issues, pull requests, and commit history of trying to piecemeal delete third party non-FOSS software.