Am 2020-07-08 18:12, schrieb Jonathan Riddell:
Recently we've noticed some KDE apps ending up on the Microsoft Store uploaded by unknown third parties. Maybe to up some credit score for their developer account. Maybe to install bitcoin miners. We don't know the motivations. Since it's all free software the licence allows it.
Honestly I don't think we should try to get software from Microsoft Store based on trademark. As you already notice our license allows this. And even more on Linux it's the normal way that someone else distributes our software. Back in the days SuSE even sold our software. It's even common that our distributors apply patches to our software. So we shouldn't treat the Microsoft Store different to Linux distributions.
Granted I consider it as a huge problem that the Microsoft Store might contain copies of our software with malware. But to that we have solutions: the GPL. We can demand the source code from those distributors. If they don't comply: even better, than we have something! If they comply and our software is reproducible, we can verify that the uploaded binary is not tampered with (and that it doesn't comply to GPL). Yes, that puts work on our shoulders. If our software doesn't build reproducible, we need to fix that.
Otherwise I suggest that we bring all our software in the Microsoft Store to ensure we at least uploaded it. If we have it uploaded and someone else uploads it as well, we can still ask Microsoft to do something about it. I hope that Microsoft is interested in not distributing malware and removes copies of open source projects or adds links to the original authors. After all Microsoft really tries to be on the good side currently, so we should try ;-)
Cheers Martin
