Android now forces apps to include proprietary code for push notifications

[saagarjha]

Telegram violates multiple open source licenses, so I wouldn’t hold it up as an example.

[krn]

> Telegram violates multiple open source licenses

Any examples for those who would like to learn more about this?

[lloeki]

Interested too.

There seems to be a lot of Telegram bashing but every assertion I saw eventually failed to be backed up†, if at all attempted. This ends up triggering my BS detector every single time, and the significant influx of such occurrences makes me think of some astroturfing/FUD campaign.

† I also do my homework when fact checking, but failed to turn up anything relevant, only more non-backed up assertions or obviously inflated beyond proportion facts twisted beyond recognition. I may very well miss something, that's why if backing up material is known by the detractors it's always worthwhile to share (which applies to any pro/con discussion really)

[saagarjha]

I’m doing the research work for you, though it’ll be a while before I can stop procrastinating for long enough to write a whole thing about it. While you wait, https://github.com/overtake/TelegramSwift/issues/163 is probably a good start.

[saagarjha]

I have a thing I’m writing that will go into more detail, but in short Telegram’s client applications (which are licensed under various incarnations of the GPL) are updated frequently while the source code in their publicly available repositories lags far behind. In addition, they use a number of open source libraries that at the very least require attribution, but Telegram does not follow their terms.

[dataflow]

> while the source code in their publicly available repositories lags far behind

I don't think this violates GPL. GPL requires you to be able to receive the source if you want to, not that it be on an online repository. You might have to request it and have it sent to you.

[saagarjha]

I mean, I could, but I think it's fair for me to assume that the GitHub repository that the official website links to as the source code for their client is where they’d publish up-to-date code.

[dataflow]

They might well publish it right there if you ask. Just saying they haven't violated the license as long as they have a written offer to provide you with the source code somehow if you ask. (That's what GPLv2 seems to require.)

[Conan_Kudo]

They provide no alternative "written offer". On the website, they directly point to GitHub for the source code offer: https://telegram.org/apps#source-code

[saagarjha]

I have asked.

[gpm]

If they are going to go that route it requires a written offer. I haven't checked but would be surprised if they had that.

[DannyBee]

FWIW: It's trivially true on Android, at least in the world they posit.

The FSF does not consider GPLv2 to be Apache 2.0 compatible, telegram-FOSS is GPLv2, and Android/AOSP is Apache v2.

Additionally, their own codebase contains a bunch of Apache v2 licensed stuff, like exoplayer2, recyclerview, libtgvoip, fastdateparser, ABSL, etc.

They do not appear to be even giving attribution as required (or at least i can't find it)

They are in no worse a position than they were yesterday:

>ag -Ri apache

will produce tons of matches like this one:

TMessagesProj/jni/libtgvoip/webrtc_dsp/absl/strings/internal/m emutil.cc

  3:// Licensed under the Apache License, Version 2.0 (the "License");
  7://      http://www.apache.org/licenses/LICENSE-2.0

[icebraining]

Irrelevant; they can still sue the Telegram-FOSS team, even if they are themselves in violation of other licenses.

[saagarjha]

I’m not fully aware of the situation regarding Telegram-FOSS, but I’d assume Telegram can sue them for license violations regarding code that they own the rights to.

[kemonocode]

I have yet to see any proof of this. Granted, it's true that Telegram's backend is closed-source and that part of the infrastructure is completely opaque, but at least they're sincere about it, unlike Signal's open-but-not-quite[1] approach.

[1] https://signal.org/blog/the-ecosystem-is-moving/

[saagarjha]

> I have yet to see any proof of this.

See https://github.com/overtake/TelegramSwift/issues/163. I don’t know too much about Signal other than the fact that it exists, so I can’t judge it in comparison to Telegram.