Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a bot that is supposed to configure the right license when employees start a new repo in the Microsoft GitHub org.

It seems the automation is also triggered when Repos are forked into the Microsoft GitHub org which isn't correct behavior.

This isn't a deliberate action. If it were plenty of employees (myself included) would be outraged. I assume it's a bug in the bot - an edge case that was not considered. It is very rare to fork something into the Microsoft GitHub org after all.

I'll pass it along to some people I know.



Thank you. So these are in fact all mistakes.

I looked at some of the other forked repos (95 out of 4.5K repos) and all the human commits from MS I saw seem to care about getting the licenses right. So it really is just a broken bot.

I hope the bot can be fixed soon and I'm going to put my figurative pitchfork down now.


I reached out to Jeff Wilcox who runs the Open Source Programs Office now earlier (see Tweet https://twitter.com/berndverst/status/1474789173882089472?s=...).

He since commented on this post with a lot more detail.


He wrote a great response. Not many people I know would stand in front of a online mob and say "It's code that I wrote". And then fix it on Christmas!

While I'm glad this got resolved so quickly, I'm slightly ashamed of myself and the HN community for how we handled this. In hindsight the outrage was wildly out of proportion for a simple bug.

I'll make a mental note to do better in 2022.


Thanks for saying this.


I'll consider it an unusual bug report.

Hopefully the bot can be fixed soon and the affected licenses changed back.

Realistically I'm not sure folks are working over the holidays, so give it a bit of time :)


Look at https://github.com/microsoft/cups/commit/8100595a3a3a6d5c7d0... . This was done by an human.


As noted elsewhere in this thread this one looks like human misunderstanding and has already been raised internally for fixage.

Shame it slipped through the cracks, but at scale eventually something's going to no matter how hard you try.


Are they deliberately getting their modifications under an pseudo-incompatible* license? This is the only reasonable explanation I can think of.

* IANAL. Although Apache 2.0 and MIT are compatible, using a different license makes it awkward for changes to be merged upstream.


The biggest change between Apache 2.0 and MIT are related to patents. INAL but the Apache 2.0 is a lot more safe in this aspect.


Things break all the time, so errors will happen.

If you look at life as good & evil, you won't solve any conflicts. You should rather focus on "incentives". Correcting bugs and errors take time and other resources, therefore require incentive to prioritize. If their bots were to stamp Microsoft projects with open source licenses, there would be huge incentive for them to tackle this problem within this sprint, and make sure it never happens again.

This bug profits them, or does not harm them at worst case. Therefore, by drawing attention and applying pressure, we should create the incentive for them to allocate resources to fix it, and make sure it does not repeat.


How can someone be so bad at their job that they realize that a bot that writes to the license file needs to avoid overwriting an existing file? A certain degree of malfeasance cannot possibly be explained as incompetence.


Please don't pile on like this. You can make your substantive points without "how can someone be so bad at their job" hyperbole. Any mistake can be made to look terrible if you're uncharitable enough.

https://news.ycombinator.com/newsguidelines.html


> A certain degree of malfeasance cannot possibly be explained as incompetence.

This is a missing conditional check, a mistake that is extremely easy to make and one I’m sure you’ve made at least once if you’ve been a professional programmer for any significant length of time.


or maybe they do not know/they missed that creating a fork from an existing project actually triggers “new repo created” event in the github organization, which has an unintended effect.


This is the type of online rage that we as a community need to stamp out.

Be better.


I agree with you in principle but "stamp out" and "be better" are phrases that produce the opposite of what you're aiming at. We're trying to avoid the online callout/shaming culture here.

https://hn.algolia.com/?sort=byDate&type=comment&dateRange=a...


These forks may be done for security purposes for projects that use source-based build systems so that the depending project doesn't have 3rd party repo dependencies.

As someone whose developed similar GH integrations, getting things right with their API is fairly tricky. What would actually be desirable is public-to-private forks so that the fork-dependency pattern is more enterprise friendly and this kind of confusion is mitigated.


Why would anyone write that so it changes the license to the right one instead of just flagging it as incorrect for review?


Have you considered that the reason for the outrage is because people don't actually trust Microsoft to do the right thing? I can see this is a mistake, but surely the litany of awful business practices by Microsoft in the past precedes it?


I didn't say anything about the outrage of others. I said a deliberate license change would be unacceptable to employees.

I'm no official representative of Microsoft...


Sorry, I didn't mean to imply you were. But no offense, so what if it isn't acceptable to employees? The decisions by Microsoft are made by the management of the company. As an example of another company with severe credibility problems, I'm sure there are plenty of employees at Facebook who don't like working there now, but they are still there. And still implementing the policies and directions of management.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: