Have there been binaries released without the source code disclosed for them?

I noticed there’s been only 3 commits to the source, but [there are multiple releases in the changelog. The AGPL license requires that the source code be disclosed.

From the AGPL preamble, copied directly from LICENSE.md:

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.

…The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public.

The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.

I hope that the author will at least commit to the repo whenever there’s a new release. It’s against the license not to.

Version with links at aether://board/86e782e80681ac580b4d6d102b12e787c066e59f194fee57bb0bf83cc1e42fc6/thread/fc0da9fb110ac55ecf46d5819ce9be76655cad44a60479922a08316f8ab1d764

1 Like

(If you have multiple questions, please put them in the same thread, it makes it easier for me to find and respond.)

There’s a bunch of things here, so I’m just going to point out the most important:

  • The number of releases being different than the number of versions doesn’t actually imply there are releases without source code. Some releases were cut based on the source code, especially earlier on, while I was still figuring out the release process and got botched. For example dev 4, 5, 6 are all the same source, just the version is incremented so that the auto update framework would pick it up and update people’s clients appropriately from broken releases. This happened a bunch of times.

  • When a version with a buggy change is released, when I discover that, I usually merge the change that fixes it to that version’s commit, so all commits on the repo matches to functioning versions. For example dev.9 was a patch to dev.8 in this way, and the changes in dev.9 was applied into dev 8’s commit, so that it’s easier for other people working on the same code to realise that something important has gotten updates - it guarantees that they will get a merge conflict and grab the change when making their own version.

In short, the commit count on github doesn’t mean there has been that many updates. It’s just a count of ‘waypoints’, not actual number of changes made, which corresponds much closer to updates. etc.