Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUILD] private libraries error #37

Closed
witchfindertr opened this issue Oct 26, 2023 · 31 comments
Closed

[BUILD] private libraries error #37

witchfindertr opened this issue Oct 26, 2023 · 31 comments

Comments

@witchfindertr
Copy link

Git error. Command: git clone --mirror https://github.com/MSOB7YY/flutter_scrollbar_modified C:\Users\rssmo\AppData\Local\Pub\Cache\git\cache\flutter_scrollbar_modified-12875d6fecb8ca42576de23fe99c70fab4fd3a98
stdout:
stderr: Cloning into bare repository 'C:\Users\rssmo\AppData\Local\Pub\Cache\git\cache\flutter_scrollbar_modified-12875d6fecb8ca42576de23fe99c70fab4fd3a98'...
remote: Repository not found.
fatal: repository 'https://github.com/MSOB7YY/flutter_scrollbar_modified/' not found
exit code: 128
Process finished with exit c

@Red6785
Copy link

Red6785 commented Oct 26, 2023

What are you attempting to do that is causing this error?

@MSOB7YY
Copy link
Member

MSOB7YY commented Oct 26, 2023

hellow witch, currently there are number of libraries still private, playlist_manager, queue_manager, history_manager, basic_audio_handler, etc

nothing much but the project is big & new and i just don't want people stealing it claiming ownership to third parties, however, im considering making it public if it ever got recognition, hope u understand and sorry for that 🌺

@ahdyt
Copy link

ahdyt commented Jan 11, 2024

yo MSOB7YY/dart_extensions also private

@hbatalhaStch
Copy link

hbatalhaStch commented Feb 29, 2024

hellow witch, currently there are number of libraries still private, playlist_manager, queue_manager, history_manager, basic_audio_handler, etc

nothing much but the project is big & new and i just don't want people stealing it claiming ownership to third parties, however, im considering making it public if it ever got recognition, hope u understand and sorry for that 🌺

what if you obfuscate the code from those private libraries and release them as a package? This way you can protect your code and still let people build the app,

@MSOB7YY
Copy link
Member

MSOB7YY commented Feb 29, 2024

@hbatalhaStch and how can one obfuscate code so that it's build-able but non-readable ☠️

@hbatalhaStch
Copy link

@hbatalhaStch and how can one obfuscate code so that it's build-able but non-readable ☠️

https://github.com/BankingofThings/dart-obfuscator
Didn't test it though

But tbh I just didn't think this idea through, I also assumed there would be a (official) way to obfuscate a flutter/dart packages the same way we do in JS (e.g. JQuery)

@MSOB7YY
Copy link
Member

MSOB7YY commented Mar 1, 2024

@hbatalhaStch obfuscation means making the code unreadable only in case of reverse engineering an apk file, it just changes how one could read and understand a function/etc, making it harder. in our case it wouldn't matter much since the real issue comes as soon as u have the code and are able to build
i would have considered close sourcing and use only play store but

  1. YouTube client won't be possible on play store
  2. i don't really mind ppl seeing/copying some code, it's how we learn

my real issue is with copying whole namida and building under different name or sussy code, which i cant really find good solution for without affecting nice ppl who just want to build and learn/contribute
sorry again

@hbatalhaStch
Copy link

hbatalhaStch commented Mar 1, 2024

@MSOB7YY I installed the app today and it is an amazing app, I would sure learn a lot from it and hopefully contribute it to it.

my real issue is with copying whole namida and building under different name or sussy code

This will always be an issue even after you get recognition. Every open-source project face this.

I want to ask you: how do you measure the recognition you receive (number of repo stars, number of installs, sponsorship) ? When will it be big enough to make those projects public?

@MSOB7YY
Copy link
Member

MSOB7YY commented Mar 3, 2024

@hbatalhaStch thank u so muchhhh <3 hope u learn as much.

ikr, but getting recognition makes it almost impossible for someone to do it, its like forking firefox and selling it as "your" browser ☠️

probably number of repo stars, its just a direct way to measure how many ppl know about namida, i don't have specific number tho, just the amount that shows it's now well-known

@John-Gee
Copy link

John-Gee commented May 5, 2024

Without being on a store I fear it's quite hard to become well known on Android.

@MSOB7YY
Copy link
Member

MSOB7YY commented May 6, 2024

@John-Gee not quite easy

  1. Google play:
    • YouTube client with download support
    • manage all files permission
    • possible donations
  2. FDroid:
    • code is not currently fully open sourced

@John-Gee
Copy link

John-Gee commented May 6, 2024

Yeah I get that, it's a tricky situation.
For Google play you could offer a stripped version and maybe a paid version (which could be the same as with ppspp or enhanced as with fairemail).

I also wonder how this semi proprietary thing affects users. Most users on play store obviously wouldn't care, but this is GH where people would expect some form of FOSS (that's what I expected when I followed your link in reddit, but having seem many for profits clones of FOSS projects I get you. Yet my whole point was to replace AIMP with a FOSS player so not sure what's next...). Would a disclaimer towards the top of the readme help prevent some from feeling baited?

@MSOB7YY
Copy link
Member

MSOB7YY commented May 6, 2024

there is a whole section with the info of building, i understand that some people expect fully open source but can't help it, its a site to share code/smth u made, not a "free code to use" site.

as for google play, i thought about a stripped version but it just aint useful, now namida would be just a normal music player (which is not even the main selling point) so idk not interested to deal with gp shit now.

as a user u don't really care wether it's foss or not, as a dev u also shouldn't, since bothways the license is not for complete ownership usage. the part of code that is privated is to only prevent unauthorized builds which is smth i don't wanna bother myself with. sorry for that i just wanna share my app

@lucasshiva
Copy link

lucasshiva commented Jul 1, 2024

Namida is the best offline "open source" music player I've tried so far. And I've tried quite a lot of those. However, I disagree with some of your points regarding people "stealing" your code and making unauthorized builds.

i understand that some people expect fully open source but can't help it, its a site to share code/smth u made, not a "free code to use" site.

That depends on your license. If you use a permissive license such as MIT, then yes, it becomes a "free code to use" site. If you use more restrictive (copyleft) licenses, then it would become illegal for someone to fork, modify, and distribute it without sharing the source code. For example, the GNU Public License (GPL-3) requires that any derivative work (change, modification, etc.) must also be licensed under the GPL.

as for google play, i thought about a stripped version but it just aint useful, now namida would be just a normal music player (which is not even the main selling point) so idk not interested to deal with gp shit now.

A stripped version without youtube (but fully-featured for offline usage) wouldn't be so bad. As I said previously, I use Namida mainly for offline songs (mp3, flac, ogg, etc), so youtube is not a big feature for me. Though that would only be nice if I could modify/build said stripped version. That's the main point of open-sourcing things, after all. Also, Google Play is not really required. F-Droid and word of mouth is already enough to hit a pretty big userbase. Tachiyomi, for example, is huge because it's the best in what it offers. I can see a similar potential in Namida.

as a user u don't really care wether it's foss or not, as a dev u also shouldn't,
I don't agree with this. Many users care about whether an app is FOSS or not. There are many benefits to being a "normal" user and knowing that the app you use and enjoy is open-source, such as improved privacy, no data collection, etc.

And as a developer, you should totally care whether the app you're using is foss or not. If it's FOSS, you can study it, modify it, build your own version of it, and many other things. There are plenty of reasons why developers should be interested in open-source apps, especially apps built using languages/frameworks that they know/would like to learn.

my real issue is with copying whole namida and building under different name or sussy code, which i cant really find good solution for without affecting nice ppl who just want to build and learn/contribute

I understand your reasonings, but I don't think you should worry that much about that. Tachiyomi (now Mihon) has always been fully open source, for instance. It even displays a list of endorsed forks on the website. And these are not the only forks available – I know of 8 different forks. Some forks made big changes (such as rebranding the entire UI), while others made small changes (such as adding more settings.)

In my opinion, the only situation where you wouldn't open-source the app would be if you were charging money for it. In that case, I'd understand how keeping some parts private would benefit you. But since Namida is currently free, I believe that open-sourcing it would be the best solution overall.

I, personally, planned on forking it and making a custom version for myself, with most changes being UI related.

@MSOB7YY
Copy link
Member

MSOB7YY commented Jul 1, 2024

@lucasshiva thank u so muchhh, but i also disagree with your opinion

license doesnt mean ur code is protected, unless you are a big company with legal papers, this really cant gurantee much. even tho Namida is under EULA, those specific ppl just dont care, and really there is no way for u to know too if someone stole/sell it to third party.

A stripped version without youtube (but fully-featured for offline usage) wouldn't be so bad.

yuh uh.. yt is not only the issue here, actually i think the only issue about youtube is downloads (giving that peertube for example is alive on google play).
the main issue here is with "manage all files" permission, which google strictly allows it only for file managers. we can still use SAF but thats just pain
another thing is i think donation links inside app is not allowed, so there is that also.

if its for f-droid or similar, we again going to hit the "fully open source" since they only accept that.
Tachiyomi is less likely to be abused since its a manga reader and is designed to be contribute-able, unlike Namida which is a player that third party clients would pay to get built for them "Poweramp for example"

Many users care about whether an app is FOSS or not. There are many benefits to being a "normal" user and knowing that the app you use and enjoy is open-source, such as improved privacy, no data collection, etc.

but that part is already clear in namida, almost like 95% is open source and available to read/check, the privated packages are also known for which purpose. i dont know if this doesnt make it clear but i think its at least way better than closed source, which again many users use without hesitating.

but in the end yeah i understand ur points are really valid and i would really want to support this type of contribution but really no other way, and with the upcoming yt login it would make it even harder too, so yeah sorry for that again

@VerySweetBread
Copy link

Don't you think you're the one who cares? I mean, a lot of people open their code for public and no one worries his code would be stolen

Also, I guess, Github has some services to protect your code. If it has utilities to check vulnerabilities in dependencies (why the hell these word are sooo hard), I almost sure it'll be block your code in other projects

Also (x2), there's no reason to hide. 5% is not hard to write it yourself, so you just don't let us contribute to help you or download the app on F-Droid, for example

@lucasshiva
Copy link

@MSOB7YY

license doesnt mean ur code is protected, unless you are a big company with legal papers, this really cant gurantee much. even tho Namida is under EULA, those specific ppl just dont care, and really there is no way for u to know too if someone stole/sell it to third party.

A license does protect your code. It would make it illegal for people to abuse of it. However, just because it's illegal doesn't mean it won't never happen, so you're right on that. Some people just won't care about it, and I understand that, but I believe that working with dozens of good contributors would outshine that one bad person who just wants to do bad.

but that part is already clear in namida, almost like 95% is open source and available to read/check, the privated packages are also known for which purpose. i dont know if this doesnt make it clear but i think its at least way better than closed source, which again many users use without hesitating.

I totally agree on that. What you currently have is better than everything being closed-source. It just sucks that I can't build the project because of the private packages.

the main issue here is with "manage all files" permission, which google strictly allows it only for file managers. we can still use SAF but thats just pain

Honestly, I'm not sure if targeting play store would be a good thing. It's not worth getting rid of features just to make Google happy.

if its for f-droid or similar, we again going to hit the "fully open source" since they only accept that.

F-Droid does have a Non-Free Dependencies anti-feature, but I guess having part of the code as private doesn't fit into that category. If it did, uploading it on F-Droid would be more than enough.

@lucasshiva
Copy link

Don't you think you're the one who cares? I mean, a lot of people open their code for public and no one worries his code would be stolen

Also (x2), there's no reason to hide. 5% is not hard to write it yourself, so you just don't let us contribute to help you or download the app on F-Droid, for example

The dev is attached to the project – that's normal. Also, most devs who feel like this don't tend to open source most of the app, so we're not in a terrible situation.

I guess their fear is for someone to fork Namida and release a better version under a different name that later becomes more popular than the original one. That's a real fear, and it happens quite a lot, especially with old/abandoned software. But I believe that living in fear is not worth living at all. If someone happened to create a "better" version, then great, we'd have another great app to use, modify, study, etc. But the amount of work that takes to manage a project is a lot bigger than simply contributing to said project. I doubt many people would be willing go that extra mile.

@VerySweetBread
Copy link

I guess their fear is for someone to fork Namida and release a better version under a different name that later becomes more popular than the original one.

Fork can be just merged

@lucasshiva
Copy link

I guess their fear is for someone to fork Namida and release a better version under a different name that later becomes more popular than the original one.

Fork can be just merged

But only if the one who forked it wants to merge it. There's nothing stopping people from forking, changing a bunch of stuff, renaming to something else, and publishing it as their own. And the dev doesn't want that to happen.

@VerySweetBread
Copy link

I guess their fear is for someone to fork Namida and release a better version under a different name that later becomes more popular than the original one.

Fork can be just merged

But only if the one who forked it wants to merge it.

Why you think so wrong? Forked repos even displays like another branch and you can't make fork private, if original repo is public. You just take some commits, which you like, and copy to your original repo without any problem

@lucasshiva
Copy link

Why you think so wrong? Forked repos even displays like another branch and you can't make fork private, if original repo is public. You just take some commits, which you like, and copy to your original repo without any problem

If Namida becomes fully open-source, people can just steal the code without forking or caring about licenses. They wouldn't need to fork, just copy and paste stuff into their own app, claim the code as their own, and charge money for it or something. There's no guarantee that this, or something similar to this, wouldn't happen if Namida was open source.

Besides, if these people change enough of the original code and make their version closed-source, it would be nearly impossible to figure out they stole Namida's code. The dev doesn't want to deal with situations like this, which I totally understand. Still, I think that not open sourcing an app just because things like this might happen, it would be akin to never going out outside because you might get robbed.

@VerySweetBread
Copy link

Why you think so wrong? Forked repos even displays like another branch and you can't make fork private, if original repo is public. You just take some commits, which you like, and copy to your original repo without any problem

If Namida becomes fully open-source, people can just steal the code without forking or caring about licenses. They wouldn't need to fork, just copy and paste stuff into their own app, claim the code as their own, and charge money for it or something. There's no guarantee that this, or something similar to this, wouldn't happen if Namida was open source.

Besides, if these people change enough of the original code and make their version closed-source, it would be nearly impossible to figure out they stole Namida's code. The dev doesn't want to deal with situations like this, which I totally understand. Still, I think that not open sourcing an app just because things like this might happen, it would be akin to never going out outside because you might get robbed.

You're answering to wrong quote, and reread this

@INF800
Copy link

INF800 commented Jul 22, 2024

hellow witch, currently there are number of libraries still private, playlist_manager, queue_manager, history_manager, basic_audio_handler, etc

nothing much but the project is big & new and i just don't want people stealing it claiming ownership to third parties, however, im considering making it public if it ever got recognition, hope u understand and sorry for that 🌺

Almost a year now. Would love to have basic app with basic features. But completely upto the owner 👍

@danieltommy
Copy link

hellow witch, currently there are number of libraries still private, playlist_manager, queue_manager, history_manager, basic_audio_handler, etc

nothing much but the project is big & new and i just don't want people stealing it claiming ownership to third parties, however, im considering making it public if it ever got recognition, hope u understand and sorry for that 🌺

basic_audio_handler and queue_manager,Can these two be open-sourced? I would like to learn how to use this player.

@Piecuuu
Copy link

Piecuuu commented Oct 26, 2024

It's been a year now, since the first comment. Are there any significant reconsiderations or updates to the situation?

@MSOB7YY
Copy link
Member

MSOB7YY commented Oct 26, 2024

@danieltommy @Piecuuu history_manager, dart_extensions & namico_db_wrapper were made public earlier, while youtipie & namico_login_manager were earlier added as private ones.

still no date or plans to make everything public yet

@danieltommy
Copy link

@danieltommy @Piecuuu history_manager and dart_extensions were made public earlier, while youtipie & namico_login_manager were earlier added as private ones.

still no date or plans to make everything public yet

OK,I am still very appreciative.

@xiedeacc
Copy link

xiedeacc commented Nov 4, 2024

can provider these libraries' aar file, let us can compile it success, I just want learn some UI from your project

@xiedeacc
Copy link

xiedeacc commented Nov 4, 2024

can provider these libraries' aar file, let us can compile it success, I just want learn some UI from your project

works after comment some dependence, I just need code jump

@MSOB7YY
Copy link
Member

MSOB7YY commented Nov 4, 2024

@xiedeacc compiling is the reason they're not public, good u commented and got to experiment with the code but keep in mind it's still licensed under EULA so u can't share/redistribute it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests