Is .NET foundation paying them money? Or what is the relationship between the projects and Microsoft/.NET Foundation?
Reading the "apology" on github, it seems that .NET Foundation/Microsoft thinks those projects are essentially theirs, and they are free to put them under their enterprise account to "simplify billing"
But reading this article, and the one below, the maintainers think otherwise?
There are also some notes about copyright that I don't understand. Who owns the copyright? Microsoft or the maintainers?
edit: From the github "apology":
> Projects might not fully understand what joining the .NET Foundation means. We share a checklist with project maintainers on project changes they accept as part of becoming part of the .NET Foundation. That’s obviously not sufficient. We will post a new document that describes what you can expect when your project joins the .NET Foundation. This will include changes (observable or legal) and new benefits. It will also include changes that could occur later.
....ok? That seems scary, coming from Microsoft
According to the article, the only thing the .NET foundation did for them was provide certificates, other than that they did nothing for a very long time. And then, of course, this...
So it is mismatch of expectation. To blame is the foundation, because what you can read on the web page and the feedback of the maintainer community does not fit to their agenda so they could have understood this early and resolve it peacefully (they are the ones in power).
This is about open source leadership. They screwed up. Legally this is (mostly) fine, content wise it is (mostly) fine but the way how they operate is not okay. And saying sorry is not enough
It took you a lot fewer words than me too. :)
P.S. I read that .NET foundation board now meets every day. I think Apache/Eclipse Foundation boards meet every 1..3..12 months, at least judging by the rarity of emails summarizing their meeting minutes. If a board needs to meet every day, something must be really wrong.
Your experience with the Eclipse Foundation is very different from how the .NET Foundation has interacted. On top of that, communication has been very poor for a long time. I believe those two differences are at or near the root of all of these issues.
To take the example from the blogpost; the author was particularly scared by the move into github enterprise. I don't want to dismiss that worry; but on the other hand - the only consequence of that move seems to have been that logged in members of the project have a very slight UI change. Obviously that's not what people are worried about; they're worried about... well, what else does that mean?
Well, what else does that mean? Is this really something to worry about, or is this really just a misunderstanding - or both?
It means microsoft has hijacked the repo. I don't think their intentions or anything else matters. This is imo crossing a huge line.
I was always kind of wary of github, ever since MS acquired it, and I have always made sure to not get trapped by using any lock in features. But I never assumed their lock-in includes going full SourceForge and hijacking people's repos.
Honestly, if GitHub/MS don't come out with a very good statement on how and why this will never happen again, I'll need to figure something out and make sure people use a different URL instead of pointing to my github.
It's absolutely something to worry about. If someone breaks into your house, you should be worried irregardless of if they stole something, or not.
In addition to the obvious issues, this is also about Microsoft and their relationship with the Foundation.
If that sounds absurdly vague, it's because the concrete accusations are that vague.
On the one hand: it's possible this tiny UI change does signify some deeper permissions change, but it's not exactly obvious what that would be (especially given the already admin nature of the dnfadmin account). Nor is it clear both the foundation and maintainer really understood what that permission might mean, if it even exists. It's not clear the maintainers have any specific reason to object in the first place!
The one thing that seems clear is that the github UI wasn't clear, allowing the maintainers and dnf to read very different things into a superficially trivial change, and that there's some level of miscommunication at the very least. But it's still not at all clear whether the actual change made warranted the fears expressed, not at all.
Personally, while the dnf clearly and objectively failed in its task of keeping maintainers on board, I can't help but also feel that these maintainers deserve a bit of opprobrium. They essentially started a major social media freak out, and cannot even express exactly what it is they're afraid of, let alone point to any evidence that whatever mistakes the foundation made weren't fixable by measures with less collateral damage.
It's all very nice to blame some scary sounding not-entirely-defined shadowy corporate conspiracy between github, microsoft and dnf, but at the end of the day meltdowns like this do harm, and it's just not clear that was at all warranted.
It’s unfortunate that this has become our mode of conflict resolution: blog posts, public apologies that don’t grovel enough and a trivial issue that people have turned into a political football so they can run that shit into the end zone and spike the hell out of it.
Grievance culture is weak, and frankly, dishonorable.
I’m curious in what ways the MicroSoft take over of GitHub is and is not starting to feel like that.
For me, one is just the difference in scale. GitHub is vast in both content as well as tooling compared to SourceForge at it’s highest points. And a commercial entity orders of magnitude smaller than MicroSoft took over SF. The rate of descent into Not Good(tm) territory also seems slower and more ponderous.
But while the magnitudes differ, the vectors look similar. Not exactly the same, because history rhymes with itself before it repeats itself.
Curious what other similarities and dissimilarities other old timers see.
But this issue now really isn't about the source control hosting provider. It isn't even about Microsoft. It's about my relationship with the .NET Foundation who (now) holds the copyright of the project I released on SourceForge over 17 years ago.
GitHub actually had the tools I needed to move the project back. Not much more I could have asked for, honestly.
It might force them to show their colors, and if anything turn the brouhaha into something more clear cut.
And there are advantages to a legally well protected entity holding the copyright. One for example: my company (FireGiant) is "firewalled" from certain legal issues.
So I'm still contemplating the future and don't have a real answer for you yet.
Not sure what I'd do in your situation though. It sounds like you've put a shed load of time into improving "their" product, and don't really have much recourse if they don't want to play nice. :/
Though if you do fork it, it sounds like most of the non-MS employees would switch across to your fork?
> And there are advantages to a legally well protected entity holding the copyright.
I can imagine copilot being another point in the not-so-good direction, but is there anything else you are thinking of when comparing Githubs trajectory to SourceForges?
Popups, notifications, etc
Hostile ui in general
I think this is an important classification. When I, and I assume many of the people here, see an email to them or a friend that looks legitimate, we check the sender's full email (as opposed to the shorthand displayed, which is meaningless), and often don't click on any links, opting to physically type a url into our browser and navigate to where we should instead. There's some feeling that something is funny, in the same way some people don't buy thousands of dollars of cheap makeup from Avon and others do.
I still trust GitHub and am a happy customer. I don't think they're going the way of the buffalo. I definitely can see how (again, not an opinion I hold), one could perceive UI/UX changes that they don't like as a sign of imminent downfall.
The understanding of natural instincts in relation to simpler interactions have some reasonable explanations, albeit not universally agreed upon. How dare we have the audacity to claim an understanding of human instincts when it comes to the youngest universal man-made change to our species possibly ever?
Weird rant. Nothing against anyone.
MicroProse, on the other hand, went with the capital P.
In any case I appreciate it doesn't try to cast itself as a free service while remaining affordable. I've got my fill of arcane, polymorphic subscription models.
Except that's pretty hard to do without developers noticing because you'd need to engineer some hash collisions to get their local git clones to accept the code changes.
So let's limit the paranoia to where it actually applies, shall we? The .NET Foundation has made a right mess of this, but it's not the same thing as Microsoft trying to backdoor all open source code on GitHub. I'm pretty sure the people there are smart enough to realise how much that would backfire.
gh is just trying to get you to stop using git itself
For developers obviously only a small part of that is relevant but the service is not really primarily for developers and since developers "hold the keys" it makes sense that once services that care more about developers appeared many developers moved there. From a user's perspective it is sad though since pretty much every other supposed alternative does not provide a lick of SourceForge's features and the fact that there isn't any after all these years shows -IMO- how much most FLOSS developers care about their users.
On the other hand SourceForge always had a terrible UI, especially in its earlier days and while its current incarnation is the best its ever been (aside from the oversized elements) it still often feels like a mess of elements jumbled together and while they do provide a lot of useful functionality, it is often behind very clunky interfaces.
I wish there was a real alternative though.
Counterpoint: the readme (or GitHub.io site) in combination with lightweight features like the star count is a good enough replacement for all of the bespoke knobs on SF. OS app stores have also become a thing since SF’s decline and they’re a better route for most non-technical users.
I have never once been lured into clicking a sleazy download button on GitHub and I recall that happening on the semi regular when I visited SF back in the day.
The .NET Foundation asked for owner access on the author's repository (for a CLA bot). The author declined and a workaround was organized.
Years later the .NET Foundation asked for "owner access" on the author's repository (to allow them enforce Code of Conduct across all repositories). The author declined.
The CLA bot stopped working. The author was told it would work if he gave it owner access. The author was annoyed because they previously had a workaround. They gave in and gave @dnfadmin owner access (temporarily, it was later revoked after the CLA bot was set up, thanks /u/ethbr0 for the correction).
Some time later the author realized that the project had now been silently moved to GitHub Enterprise (likely in the short window @dnfadmin had owner access). The author states that projects in GitHub Enterprise can be entirely controlled by the owner of the account (the .NET Foundation). This transfer happened silently.
Independently, this happened to another project (who had coincidentally had an issue with a Microsoft employee and former contributor force a pull-request into their project: https://github.com/reactiveui/splat/pull/778). The change itself seems innocuous, but the approach bothered people.
People are upset because of how tone-deaf all of this is. They would like the .NET Foundation to stop trying to gain complete control over the member projects. They would especially like for their projects not to have their ownership changed silently.
Edit: For the record, I do not believe this is part of some embrace, extend, extinguish plan on behalf of Microsoft. I think these accusations actually cheapen what has happened here. I suspect this was more of a "can we make this process easier and more convenient for the .NET Foundation"-type thing.
The people involved with this will have to do some soul searching. The .NET Foundation should operate in service of its member projects, not the other way around.
This had a huge impact on us. With thousands of employees and citizens calling our IT support staff of 5 people every day.
When I used our OSM official “City off X” account to fix it, I was an utter idiot and submitted both a real life picture I took myself as well as a Google maps and a krak maps (Danish map service) screenshots. I didn’t know this wasn’t legal, because I was an idiot, but it resulted in our fix getting reversed and a week long discussion with the OSM community members about fixing the damn street.
We made the street one way. But we couldn’t fix it in an OSS map service because the community wouldn’t let us because we made a stupid mistake.
We’ve now switched our services to Krak. But I can promise you that if we had, had the admin power to force our chance through during those days, we wouldn’t have given any regards to the OSS community.
If an popular tool wasn’t working within the .Net framework CLA I imagine the process would be somewhat similar inside Microsoft.
It’s just one of those things where the OSS community processes and Enterprise process of “get this fixed right now, at any cost by any means, ignoring every standard we may have, just get it fixed, now. Then make sure it never happens again.” that happens every now and then when the beast awakens, clashes. I’m not sure how you can avoid it, as Enterprise will never want to comply with OSS processes when it’s in a hurry.
I get that the OSM community is trying to practice something equivalent to a clean room reimplementation, but that's equivalent to a person in the "cleanroom" being shown a public domain code library and then a file from that same library, but taken out of a ROM dump. Yes, they saw the copyrighted file, but they also saw the public domain file so they're entirely within their right to base their reimplementation either partially or fully on it.
But yes, it may seem a little confusing that even though you can do X, it may not be appropriate.
I think that's also why people are upset in this case. They actually did try to protect themselves from power grabs, only to find themselves cheated.
By the way, there's a Danish mailing list for OSM. I don't know if you explained the issue there, but if you did, I think it's likely someone would have made the correction for you relatively quickly.
What was the problem? Why isn't that legal?
At best it's a breach of GMaps ToS by that user. And in this case the user attached a photo they took. The screenshots are just noise.
And since its a community consensus thing, people will wait a few days to reintroduce a change once it has been challenged unless the challenge is obviously unreasonable. It's not like a change being delayed a few days is some unreasonable big punishment, it's just part of QA process to run. Maybe wasn't strictly necessary here, but it's a really obvious warning signal to trip.
(To make a (admittedly stretched) software analogy, if you submit a PR somewhere and show disassembly from the Windows kernel as evidence that it's a good algorithm others also use, it'll also cause some concern, and you would've been better of just showing your solution on its own)
"Unless you have special permission, don't copy from online or paper maps."
I mean, we own the map rights. Google had to seek permission from us to map our area and publish it.
I suspect there was also just a different picture on what the .NET Foundation even meant inside and outside of MS. It's different people working on it inside MS than the ones who originally set things up, and the new people may not have even seen their actions as trying to take control of anything because they were under the impression that everyone considered them in charge already.
The leadership of the .NET Foundation changed twice since my project joined it. So it is very possible (likely?) norms and expectations did not have flowed from one set of leaders to the next. I don't know. I'm still waiting to hear.
Temporarily gave @dnfadmin access, is my read.
> "The .NET Foundation had admin access to the WiX Toolset organization for a week, not more than a week ago"
Otherwise, reasonable summary without as much flair and color commentary as the original. ;)
So, the proper, open-source-if-a-bit-dickish way to go about this would have been...
1) Microsoft forks the primary git repository and declares theirs to be "Microsoft-blessed".
2) Microsoft puts a skeleton team in charge of maintaining the Microsoft-blessed version, but mostly they just pull the original maintainer's patches.
3) People slowly migrate to the Microsoft blessed version.
NOT: We flipped this hidden switch under the table and now your repository in GitHub is controlled by us.
Of course from the issues that came up the last few days it seems that there is literally no point in joining the .Net Foundation and kicking a project out is essentially doing the maintainers a favor.
Apache and Eclipse and others all mandate that they control a lot of minutia of source control like what .NET Foundation seems to want to be doing with their GitHub Enterprise account, but their transparency policies mean all of the discussions of that are open and no one is surprised when changes happen.
Microsoft and orgs like it are too big, you cannot trust a massive machine to be efficient, there's little incentive for proper management.
Microsoft is the "Founding Member" of the .NET Foundation. They are entitled to appoint an Exec. Director (ED) and the board has no say in this matter (The current ED is the person who forced a commit on a member project). The ED's tenure has no expiry other than when Microsoft feels the need to change (or they leave). All other board members are elected for a set term.
Lastly, the ED can block any board resolution; aka, the elected board needs Microsoft's blessing to do literally anything.
But this is what Rodney Littles is quoted as having said in his interview with The Register
> From Littles' perspective, though, the .NET Foundation is insufficiently independent from Microsoft, does too little to help its member projects, and lacks a strong sense of mission or purpose.
> does too little to help its member projects, and lacks a strong sense of mission or purpose.
That's on the .NET Foundation, not Microsoft.
It was the head of the .NET Foundation
That's the change.
Writing the whole entry was challenging because there is a lot of detail I wanted to provide to being everyone along the journey. I've seen some people drop in at any isolated point and say, "Why is this a big deal?"
Also I'll be the first to admit that when in story telling mode, I am not particularly terse. :)
They aren't involved in this situation.
But, i disagree. Even if it were an entirely different company. The fact that GitHub didn't send an e-mail and that repos can be hijacked like that, is in itself something GitHub needs to address. And thus at the very least, GitHub needs to be dragged in.
To that point, I've had GitHub people tell me they never imagined the feature I used to get out of GitHub Enterprise to be used that way. I got lots of emails (since I owned the target organization) but maybe the GitHub Enterprise did not?
Are there improvements that could be done to allow these bots to perform with less rights? That would be something maybe github could tackle but it's not the worst thing about this problem.
This isn't a new problem, how do you prevent a rougue admin from kicking all other admins and taking over. The simplest and a pretty effective solution is to have another privilege level: Founder. Of which there can only be one, and admins can do everything, except strip the founder of their rights. (And/or transfer the repo, if the founder can't easily undo that.)
E.g. removing other admins, or other permissions-related actions like the re-orging in question
If your problem case is "one rogue admin," having multiple admins and requiring consensus seems an easy fix.
Even an admin shouldn't be able to avoid other admins getting notified and seeing an audit log of what they've done.
A massive red flag for all this are the words "code of conduct". They're not "bad" to have, generally projects already have them, they were previously called "rules". But if the "code of conduct" is filled with title 9 speak then you know you're dealing with corporate types, not developers. For those that haven't taken title 9 training, you're told to be the gestapo morality police and actively go out of your way to vocally suppress any discussion that might involve something that could have the potential to be discriminatory. This is done for liability protection, for the company. Not because it would actually be discriminatory/immoral. Yet somehow its made it's way into software repos.
The problem here was about trust in the foundation and power over the repositories.
> When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
> Please don't use Hacker News for political or ideological battle. It tramples curiosity.
HN ideology is basically "we're all adults here, act like one". People that push for stuff like code of conducts usually consider that these guidelines are not enough to protect marginalized people. So they add stricter rules about how to act. That means that you have to agree with them about who is marginalized, that they need protection and how to protect them. I don't think any of this is universal. Note that I don't mean that this is a good or a bad thing, just that it's politically charged in some way. That's nothing new, since free software has always been politically charged. But the values conveyed by code of conducts are not always the same as the "old values of free software/open source". This is of course very vague, because everyone has their own values and most projects aren't very clear about what their values are. But you can see the consequences of that change when you see how the opinion on Richard Stallman changed, or how Linus evolved. Again, I'm not saying any of this is good or bad. I'm saying that things are changing and not everyone agrees with it.
Now on the American-centric part. I don't think I can add anything worthwhile to what's already in this article: http://antirez.com/news/122.
They are US based, yes, but they are usually good rules. Whether a CoC is bad or good is in the hands of the humans enforcing it. The .NET Foundation shows terrible human to human handling of a non CoC related topic.
Edit: What good does a commitment do anyway, if it guarantees nothing and changes nothing? It's just someone shouting, hoping someone else hears and approves. If anything, that underlines my point about the fundamental immaturity of the decision to introduce a CoC.
Edit2: I understood your point to be that introducing a CoC means a commitment, which is somehow something that is good. When all this commitment does is deflect responsibility, that is not a healthy result. I feel like that addresses your point fine.
I happen to have gained a moderator role in a community that has a pre-existing CoC. I'm not sure why I would "hide behind" or "point at" the CoC when acting in that role, I'm perfectly fine with telling people off (or more if necessary) without doing so.
And yes, if you assume the worst of everybody commitments don't have any value. But people generally attempt to actually uphold things they commit to, and thus it is seen as a positive signal, even if it's not a guarantee. (Ideally we wouldn't need CoCs because the baseline established by them would be such a universal commitment in society that you could just assume it to be valid everywhere, but experience shows that's apparently not the case) Several community members told me that it has been relevant to their decision to interact/join.
EDIT: and even if you say just a commitment is worth anything (as said above, I personally also don't think "has a CoC" is that much of a signal without seeing how mods actually act, but clearly other people do), that's quite a difference from a blanket "CoCs are always toxic".
You might discuss repairing trust with a burglar you caught in your house after his criminal trial. At this point, Microsoft is the burglar and he’s still in your house with the ski mask on (unless you would prefer for the burglar to be a she).
Also, this is about the .NET Foundation not Microsoft.
I didn't say stealing the code.
Also, the .NET Foundation is Microsoft because a Microsoft employee is doing all of this behind the scenes.
Maybe it's not MS on paper. But the DNF looks like it would be fully under MS control.
I think those affected have commendably kept their cool so far but I’d say this (diversity Trojan horse, “we need full control to enforce the CoC, whoops you’re fired goodbye”) is a playbook that will be often repeated in the coming years.
Smacks of social engineering to me.
We had a new repo where the CLA bot was not automatically working. I was busy with a deadline so to unblock the team, I granted admin access.
It wasn't social engineering. I did it. I just didn't realize what was going to happen after doing so.
I explain it all in the post.
I probably shouldn't have speculated it was all a set up, but even if it wasn't all kicked off with that intent, how it was then used sure was not ok. It reeked of trickery and deceit, which I construed as social engineering from that point of view - hope that makes sense (edit: #1).
Kudos on handling this, and hope you're doing well all considered. It was fantastic to read how you claimed the ownership back.
#1) that they requested "Yesterday we announced Foundation-wide Code of Conduct Enforcement. Part of making that work requires that the dnfadmin GitHub user has owner permissions to GitHub organizations."
The only issue I have with the timing is that I told them I was not comfortable with them as admin on the repo yet as soon as they were made admin (to fix the CLA bot, which happened to be only a week or so after my email) this happened. No social engineering necessary but really poor timing on top of non-existent communication.
And here we are, sadly.
How's that not social engineering?
"(in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes."
I didn't really want to argue it any further as the issue was inflamed, but I absolutely think that when an account privilege was requested purely for "trivial thing A and we really really need it because think of the children", for it to then be used in the next breath for "evil thing B" - then what else is it but a more sophisticated social engineering attack? (I would certainly like to know if there's a better definition of it.)
For the benefit of the doubt there could very well be things going on in the background where the account access was discovered by someone else than those who requested it, and then jumped on the opportunity. However that's giving a fair bit of leeway.
That part reads really fishy.
That seems very strange given the fact that GH sends otherwise mails for almost everything done there if you didn't disable it.
I don't know, I don't own a GitHub Enterprise to try.
If there where changes post MS acquisition of GH to this parts this would look like planed long hand.
I'm curious about this too. I was told (by someone at GitHub) that the features I used to do the move are brand new and were not expected to be used the way I did. It is very possible pieces are missing in the audit trail GitHub creates.
Meh. I might be more interested if I actually had a GitHub Enterprise myself.
It would appear there's a backdoor system for them.
The OP used a workaround of starting a new GitHub project a couple of project renames, and a project transfer - which did generate a flurry of notification emails.
(I’m surprised the “move into enterprise account t” action doesn’t at least notify all owners on the account. If it normally does, and these ones didn’t, that’s a super bad look for both the foundation and GitHub…)
The workaround "project transfer" used/suggested for getting back _out_ of that enterprise account gets explained in the article like this:
1) Create a new GitHub organization, normally. For example, name it new-yourorgname
2) Rename your organization in GitHub Enterprise in the Settings to something like, dnf-yourorgname
3) Rename the organization from step 1 to your desired organization name. You want to complete this quickly after step 2 so no one takes your organization's name.
4) In the GitHub Enterprise dnf-yourorgname go into each repository's Settings and transfer the repo to the brand new yourorgname organization.
Not at all surprising that generates a flurry of emails, especially since in the authors case step 4 needed too be done 44 times, once for each repo in the org.
What was not expected was the move to GitHub Enterprise while the CLA bot was fixed.
This actually lessens the vendor lock-in problem and also means less of a risk of Microsoft pulling out of providing security updates for key components.
So far as I can observe, C#, F# and .NET Core as a platform for web development have benefited from the OSS-ification in the form of more dynamic and transparent progress/evolution.
Disclaimer: I'm more of a Python/Django guy.
And Microsoft isn't involved. The .NET Foundation holds the copyright.
They already did.
And you can argue about the trade-offs of different "ownership structures", and compare for example the .NET foundation over the Django/Python foundation over whatever Java is currently doing.
Let this fold out for a while and reassess it.
- Most of the stuff outside of .NET, Java pair suffers from lack of refactoring tools, and are therefore unsuitable for sufficiently large projects. The exceptions are TypeScript (which is OKish, but lacks performance) and Go (which is tailored for web dev and has a few major drawbacks as programming language).
- Most non-dynamic languages apart from .NET, Java, and C++ have very limited debuggers.
This is particularly frustrating when an organisation switches leadership and goes from participative to hierarchical. I think this is what happened here: .NET Foundation leadership must have changed and with it came a new, hierarchical leadership style.
Python is fully corporate now and free spirits have been removed.
This isn't a literal "I am your boss, you MUST work now", this is "hey, I'm the person who volunteered to get this release out, please help if you can!".
No, it's not hyperbole. Go check the foundations website and you'll find that Microsoft has exclusive access to the highest level of power in the self-styled "independent" organization written right in to the bylaws.
I'm not saying Novotny should be fired, simply that the Foundation has demonstrated a corporate behavior fundamentally at odds with its supposed reason for existence.
Respect for community and contributors was obviously not encoded into the design of the organization. That a board exists to rectify, rationalize, or abet mistakes isn't enough. They have to fix the root of the problem, which is that Novotny was able to do this at all. They need to make an explicit and ironclad promise to developers.
They allowed institutional structure to oppose their mission. That won't change with mere words and staffing shuffles.
- continued lack of communication
- for so many issues to occur to multiple parties paints a picture of it being routine
- that no immediate reversals have happened with utmost immediacy
- the ethos of the maturity model
- the policies apparently being enforced - even now…
- for calls to solve things privately
It’s culturally indicative of the foundation’s values whether they know it or not.
A healthy community is one where discussions happen in the open, good and bad.
This is not good, and I’d recommend the community coming together and maybe finding or forming an alternative - which is difficult I know.
I think apache.org could help here.
What's being done here is changes to how the project is managed. Basically inserting an upper management over the heads of existing maintainers. AFAIK, this right was not given (or at least the maintainers did not intend to give) to the umbrella org.
The new owner can do further on how he pleases.
Sad in this case(es) but from a legal standpoint it's very likely like that, I guess (INAL).
This is a cooperate thinking applied to a foundation. Is a recipe for failure.
But the argument is about whether the .NET Foundation could do such a thing. The argument is whether they should. And, the .NET Foundation chooses that they should take over the projects, project maintainers can make different decisions themselves.
None of this has been decided yet.
I used the key to steal your car.
Isn't a better analogy that they willingly gifted away their garage with everything in it under a _promise_ that they can still use the car?
Honestly, to me the only way out seems to exercise the licensee rights and fork.
It might be even more weird if they did try weigh in.
Given how especially Scott always has a big opinion about how great OSS is and how much Microsoft loves OSS, and given how it was ultimate MS employees that were responsible for creating this current distrust, I think it would be very appropriate for them to voice their opinion about this.
And, who knows, maybe they are doing something behind closed doors. But I very much doubt they'll embarrass their employer by speaking up in public. They know who pays their salary and are much to good at corporate politics to do that.