Based on Ghost's MIT license, seems Substack using it is fine, but damn would have been nice to have at least some kind of attribution... leaves a sour taste to take without acknowledging.
Hey, Substack CTO here. We don't distribute Ghost's code at all and the only piece of code included is a client-side search library used by the third party theme. But that library is actually hotlinked and hosted on jsdelivr (via npm) with no modifications made to it what-so-ever. This includes the line at the top with the license link as Ghost originally built it
That’s not obviously clear - after all MIT software can be used to produce output that doesn’t need to include a “made by X” - and arguably that’s what ghost provides.
And they didn’t even copy the JavaScript to their own CDN …
> Based on Ghost's MIT license, seems Substack using it is fine,
As long as they provide appropriate attribution, which apparently¹ they are not so it isn't fine.
> but damn would have been nice to have at least some kind of attribution...
Not just nice, but required. From the licence: “The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.”
Many projects, commercial and other OSS ones, get conformance with MIT and similar licences wrong in this way.
----
[1] Caveat: Going by the Twitter thread. I've not verified this. Maybe they have it somewhere hidden away, so are compliant but minimally so².
[2] Which would be a dick move³, but compliant.
[3] Which I wouldn't put past them as they are using Ghost's CDN to include some of the stuff instead of covering the hosting for that themselves, which is hard to think is accidental. If this is accidental then I'd never trust them from either a code quality PoV or an infrastructure security PoV.
The copyright notice and license is referenced in the JS library, that's enough.
This is literally no different from any reason person using bootstrap on their site in terms of license. Does every site powered by bootstrap have a link or attribution to Twitter?
I'd not checked personally, but the original Twitter thread suggested more than "a library" had been used.
[knee jerks back]
Though I'm assuming here, as I reply without having yet revisited the full thread, you have checked or otherwise have been furnished with new information, and are right!
Quick everyone, to the research-o-tron!
----
Update: it looks like the library was being drawn in by a 3rd party theme/add-in that isn't included in the main distribution at all. More detail elsewhere in this thread (above, unless voting has for some reason reversed).
> Caveat: Going by the Twitter thread. I've not verified this.
That's the problem. The Twitter thread is wrong.
If someone makes a fact claim that doesn't hold up under scrutiny, then consider what effect comments have when they uncritically take those claims at face value. They end up demanding/diverting attention towards what is just noise.
We have enough experience by now that we shouldn't have to relearn where hot takes go wrong, and yet here we are: in the comments on what was a #1 story on HN with dozens of people getting a false impression after swallowing unsubstantiated (and ultimately untrue) alleged facts.
