Microsoft admits that a third-party developer lifted open-source code from the GPLv2-licensed ImageMaster project in creating its free Windows 7 USB/DVD Download Tool. The WUDT had originally been intended as a way of porting Windows 7 onto netbook users' machines. Microsoft takes responsibility for not catching the code replication as part of its code review process.
Microsoft took responsibility for a developer lifting code from a
CodePlex-hosted open-source project to build its free Windows 7 USB/DVD
Download Tool, an incident that caused Microsoft to yank the program from its
online Microsoft Store earlier in November.
Microsoft had originally introduced the WUDT in October as a way of porting
Windows 7 onto netbooks, many of which do not contain DVD
drives. The tool allegedly copied code from the GPLv2 (General Public License
Version 2)-licensed ImageMaster project, described on the CodePlex site as
"a .NET C# application for reading and
writing disc images," without following ImageMaster's terms of use.
Under ImageMaster's terms of use for open-source code,
Microsoft
should have provided source code for modifications to ImageMaster.
Microsoft also grafted its own licensing terms onto the WUDT tool, a further
violation of the terms of use.
In a Nov. 6 post on his
Within
Windows blog, Rafael Rivera described how he had been poking around the
WUDT's internals and had a "weird feeling" that "there was just
wayyyyy too much code in there for such a simple tool."
After additional digging, Rivera found that a "simple search of some
method names and properties ... revealed the source code was obviously lifted
from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project. The author
of the code was not contacted by Microsoft."
On the late afternoon of Nov. 13, as everyone headed out for the weekend,
Microsoft confirmed that Rivera's findings were sound.
"After looking at the code in question, we are now able to confirm this
was indeed the case, although it was not intentional on our part," Peter
Galli, open-source community manager for Microsoft's Platform Strategy Group,
said in
a
statement published on Port25, a site that bills itself as, "Communication
from the open-source community at Microsoft."
The issue, according to Galli, was limited to the WUDT.
"While we had contracted with a third party to create the tool, we
share responsibility as we did not catch it as part of our code review
process," Galli said. "We had furthermore conducted a review of other
code provided through the Microsoft Store and this was the only incident of
this sort we could find."
Galli's statement concluded with an olive branch of sorts for the
open-source community: "When it comes to our attention that a Microsoft
component contains third-party code, our aim is to be respectful of the terms
under which that code is being shared. As a result, we will be making the
source code as well as the binaries for this tool available next week under the
terms of the General Public License v2 ... and are also taking measures to apply
what we have learned from this experience for future code reviews we
perform."
A Microsoft spokesperson indicated to eWEEK that this would be the only
statement at this time concerning the matter.
Email
Print
