Apache StreamPark(incubating) 是一个流处理应用程序开发管理框架。初衷是让流处理更简单,旨在轻松构建和管理流处理应用程序,提供使用 Apache Flink 和 Apache Spark 等编写流处理应用程序的开发框架。同时,StreamPark 提供了一个流处理应用管理平台,核心能力包括但不限于流应用开发、调试、交互查询、部署、运维、实时数仓等。2021 年 4月 以 StreamX 为名进行开源,于 2022 年 8 月更名为 StreamPark,随后通过投票于 9 月 正式成为 Apache 开源软件基金会的孵化项目。
一、被抄袭侵权
前几天,有开发者跟我们反馈,有项目 copy StreamPark 的代码并且没有声明版权,起初我们不相信,以 Apache 项目的知名度和 Apache 开源协议的宽松程度一般不会有项目这么干,毕竟直接在代码中注明引用即可,协议对代码分发没有任何限制。带着疑惑和不解,我们在 GitHub 上找到了赤兔实时计算平台这一项目的主页以及代码,令人触目惊心的发现确实存在大量对 Apache StreamPark 代码的抄袭、并且所有引用代码的地方都删除了 Apache License 抬头,将 Apache License 2.0 协议修改成了 GPL 3.0。
1、拷贝 StreamParm 源码的事实
在其 flink 模块中存在大量的 StreamPark 项目源码, 由于篇幅有限,这里只罗列部分内容的对比,我们先看 common模块, 可以看到目录结构如下:
接着我们随便打开几个文件进行源码对比:
对比后发现整个 common 模块代码全部来自 StreamPark,只是更换了包名。接着我们看 flink-submit 模块 :
我们再打开一个源码文件进行对比:
对比结果看到:除了部分包名和类名发生变化之外,源码部分基本都来自 StreamPark 。结论:整个 chitu-sdp-flink 模块下 80% 以上的代码都 copy 自 StreamPark。
2、未声明来源
Apache 软件许可的软件允许对代码进行修改,但是代码在使用的过程中需要进行相关的声明。赤兔的开发团队更改了所有软包名称,删除了 Apache 软件基金会的抬头,在重新发行时没有保留 Apache 软件基金会和 Apache StreamPark 的 LICENSE(许可证)和 NOTICE(告知)文件。
此外,我们在对方的网站上和公众号等媒体平台也找不到任何关于使用 StreamPark 代码的版权的声明,赤兔团队也从来未曾提及这部分代码来自 StreamPark。
3、更改 License 再发行不合规
Apache StreamPark 使用的是 Apache-2.0 license 开源许可证,赤兔采用 GPL 3 开源许可证。被 copy 的代码再次分发未保留 Apache License Header,则默认和项目的开源协议一致是 GPL 3.0 开源许可, 根据 Apache 2.0 License 的相关规定,这是明确禁止的, 不能将 Apache 2.0 许可证下的代码未经授权的情况下转换为另一种许可证。
以上事实证明赤兔实时平台违反了 Apache 2.0 许可证,没有尊重 Apache 软件基金会和 Apache StreamPark 的知识产权和品牌。
二、关于赤兔高调宣布开源
该团队不仅没有认识到侵权这一客观事实,反而高调的宣称项目开源,完全视开源协议为无物,不尊重他人付出。请问该团队在如此重要的大会上宣称开源的时候,是抱着什么心理?有对代码的敬畏吗?有对原作者的尊重吗?这份拿来主义换的荣耀您揣着踏实吗?
以下内容摘自赤兔官方公众号:
作为 O**** 开源合作方,跨越速运集团受邀参加其 3月25日 在北京举办的开源生态大会-O**** DevCon 。届时跨越速运集团高级架构师 ** 将作为受邀嘉宾与大家共同分享 《赤兔+ O**** 构建实时应用》 ,并同时宣布“赤兔”产品开源。
活动介绍
开源生态分论坛活动流程
除此之外可以看到在其官方公众号里看到, 该团队多次参加相关技术峰会, 做主题演讲。
除此之外可以看到在其官方公众号里看到, 该团队多次参加相关技术峰会, 做主题演讲。以下内容摘自赤兔官方公众号:
赤兔实时计算平台已于3月25日的 O****e 开发者大会上,正式宣布开源,赤兔的开源,已经引起了业界的广泛关注。
为了让更多的开发者了解赤兔,赋能更多的企业用户,*** 老师将于4月1日再赴苏州,参加 Suzhou GDG “AIGC 与数据科学” 专场分享会,进一步向与会嘉宾、业界专家等分享赤兔实时计算平台的应用场景和使用方法,从而推动赤兔在企业中的落地及应用,拓展业界对跨越速运的品牌认知度。
这两年经常听到大家说软件改变世界,开源吞噬软件,从国家政策到各种形式的开源组织都在鼓励大家踊跃参与各种开源项目,这是好的,国内的开源发展一路狂飙。但是随之而来的代码抄袭,开源合规,知识产权等问题也随之而来,这些相关的意识是否同步跟上,是个值得讨论的问题。我相信 StreamPark 不是第一个被侵权也不是最后一个,广大的开发者该如何维护自己的合法权益,也是我们不得不去面对的问题。不知道针对这种拿着别人项目的源码,剔除声明,修改开源协议,参加行业峰会,呼吁大家积极加入的行为,大家如何看待?
我们的要求
Apache StreamPark(incubating)从最初的构想到开发出来,是开发者们用汗水换来的,而该项目也在我们的努力下被更多的人知道,有了更多的开发者加入,有了大量的企业去使用,有培训学校出了相关的教程,逐渐获得了一些业内专业人士的认可和一些奖项,万万没想的是我们的项目面临被抄袭的困境,被非法侵权,针对赤兔这种侵权行为我们已经提出了相关意见并保留采用法律手段维权的权利:
1. copy 的源码必须遵守 Apache-2.0 license 的合规要求,保留 Apache-2.0 License Header,声明来源
2. 公开回应,并且道歉,消除影响,合规使用开源代码
最后我们想说:作为项目的维护团队,我们深知自己力量渺小更无意与大厂抗衡,只希望以我们的经历向大家切身说法,呼吁对开源协议和知识产权的保护,开源是因为热爱才诞生,技术也是因为开源才变的更好。身为每一个技术从业者的我们,更要坚守开源的底线才能让开源世界得到更好的发展。希望这类事件能少一些,原创项目多一些,真诚奉献多一些,不要寒了广大开发者的心,也败了自己的名。
翻译:
Apache StreamPark (incubating) is a stream processing application development management framework. Originally designed to make stream processing simpler, it aims to easily build and manage stream processing applications, providing a development framework for writing stream processing applications using Apache Flink and Apache Spark. At the same time, StreamPark provides a stream processing application management platform. And its core capabilities include but are not limited to stream application development, debugging, interactive query, deployment, operation and maintenance, real-time data warehouse, etc. It was open sourced as StreamX in April 2021, renamed StreamPark in August 2022. And then officially became an incubator project of the Apache Open Source Software Foundation by vote in September.
Infringement by plagiarism
A few days ago, some developers gave us feedback that there was a project copy StreamPark code and no copyright declaration. At first, we did not believe that with the popularity of Apache project and the relaxed degree of Apache open source agreement. There would generally not be projects that do this, after all, directly indicate references in the code. The protocol has no restrictions on code distribution. With confusion and puzzlement, we found the home page and code of the Red Rabbit real-time Computing Platform project on GitHub. And it was shocking to find that there was indeed a lot of plagiarism of Apache StreamPark code. And all the places where the code was referenced deleted the Apache License header. Changed the Apache License 2.0 protocol to GPL 3.0.
The fact of copying StreamParm source code
In its flink module there are a large number of StreamPark project source code, due to limited space, here only listed part of the comparison. We first look at the common module, you can see the directory structure is as follows:
Then we open a few files to compare the source code:
The comparison shows that the entire common module code is from StreamPark, but the package name has been changed. Next we look at the Flinks-Submit module:
Let’s open another source file for comparison:
As a result of the comparison, except for some package and class name changes. The source code is basically from the StreamPark. Conclusion: More than 80% of the code in the chitu-sdp-flink module is copied from StreamPark.
No source is stated
The Apache software license allows modifications to the code, but the code needs to be declared during use. The development team changed all software package names, removed the Apache Software Foundation letterhead, and did not retain the LICENSE and NOTICE files for the Apache Software Foundation and Apache StreamPark at the time of the rerelease.
In addition, we can not find any copyright statement about the use of StreamPark code on the other party’s website and public account and other media platforms. And the Red Rabbit team has never mentioned that this part of the code is from StreamPark.
The License change and reissue are not compliant
Apache StreamPark uses the Apache-2.0 open source license, and Red Rabbit uses the GPL 3 open source license. If the copied code is distributed again without retaining the Apache License Header, the default GPL 3.0 open source License is the same as the open source license of the project. It is expressly prohibited to convert code under the Apache 2.0 license to another license without authorization.
These facts prove that the Red Rabbit Real-Time Platform violates the Apache 2.0 license and does not respect the intellectual property and brand of the Apache Software Foundation and Apache StreamPark.
About Red Rabbit high-profile announcement of open source
The team not only did not recognize the objective fact of infringement, but also high-profile claims that the project is open source, completely regard the open source protocol as nothing, and do not respect the efforts of others. What was the team thinking when they announced open source at such an important conference? Is there a reverence for code? Is there any respect for the original author? Do you have a solid heart for the glory of this doctrine?
The following content is taken from the Red Rabbit official public account:
As an open source partner of O, Cross Express Group was invited to attend its open source ecological conference -O DevCon held in Beijing on March 25th. At that time, senior architect ** of Cross Express Group will be an invited guest to share “Red Rabbit + O**** Building Real-time Application” with you, and announce the open source of “Red Rabbit” products.
Activity introduction
Open source ecological sub-forum activity flow
In addition, it can be seen in its official public account that the team has participated in relevant technical summits for many times and made keynote speeches.
In addition, it can be seen in its official public account that the team has participated in relevant technical summits for many times and made keynote speeches. The following content is taken from the Red Rabbit official public account:
Red Rabbit real-time computing platform has been officially announced open source at the O****e developer conference on March 25, Red Rabbit’s open source has attracted wide attention in the industry.
In order to let more developers know about Red Rabbit and enable more enterprise users, Teacher *** will go to Suzhou on April 1st to attend the “AIGC and Data Science” special sharing meeting on Suzhou GDG to share the application scenarios and usage methods of Red Rabbit real-time computing platform with the participants and industry experts. Thus promote the landing and application of Red rabbit in enterprises, and expand the industry’s brand recognition of cross-express.
In the past two years, I often hear everyone say that software changes the world, open source devouts software, from national policies to various forms of open source organizations are encouraging everyone to actively participate in various open source projects, which is good, the development of domestic open source all the way. But with the attendant problems of code plagiarism, open source compliance, intellectual property rights and so on. Whether these related awareness keep up is a question worth discussing. I believe that StreamPark is not the first infringement is not the last. The majority of developers how to protect their legitimate rights and interests, but also we have to face the problem. I don’t know about this kind of behavior of taking the source code of other people’s projects, eliminating statements, modifying open source agreements, attending industry summits, and calling on everyone to actively join, how do you think?
Our requirements
Apache StreamPark (incubating) from the initial idea to development, developers sweat for the project. And in our efforts, more people know about the project, more developers have joined. A lot of enterprises have used it, and there are training schools out of the relevant tutorial. Gradually won the recognition of some industry professionals and some awards, absolutely did not think that our project is facing the dilemma of plagiarism, illegal infringement. We have put forward relevant opinions and reserve the right to use legal means to defend rights:
- The source code of copy must comply with the compliance requirements of the Apache-2.0 license, retain the Apache-2.0 License Header, and declare the source
- Respond publicly, and apologize, eliminate the impact, and comply with the use of open source code
Finally, we would like to say: as the maintenance team of the project. Wknow that our own strength is small and have no intention to compete with the big factory. And only hope to use our experience to speak to everyone personally, calling for the protection of open source protocols and intellectual property rights, open source is born because of love, and technology is also better because of open source. As every technical practitioner. We must adhere to the bottom line of open source in order to make the open source world better. Hope this kind of event can be less, more original projects, more sincere dedication, do not cold the hearts of the majority of developers, but also lost their own name.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于 Apache StreamPark;编辑/翻译:数字化转型网宁檬树。
免责声明: 本网站(http://www.szhzxw.cn/)内容主要来自原创、合作媒体供稿和第三方投稿,凡在本网站出现的信息,均仅供参考。本网站将尽力确保所提供信息的准确性及可靠性,但不保证有关资料的准确性及可靠性,读者在使用前请进一步核实,并对任何自主决定的行为负责。本网站对有关资料所引致的错误、不确或遗漏,概不负任何法律责任。
本网站刊载的所有内容(包括但不仅限文字、图片、LOGO、音频、视频、软件、程序等) 版权归原作者所有。任何单位或个人认为本网站中的内容可能涉嫌侵犯其知识产权或存在不实内容时,请及时通知本站,予以删除。
