Unfortunately the cloudflared software, while the source is available on GitHub, and there are pull requests open and accepted for it, is not under an open source license, and the license it is under does not allow modifications, so any modifications (including the aformentioned pull requests) are contrary to the license and thus copyright law and thus illegal. The issue I filed about this is still waiting for action since October 2021.
Hello from the Cloudflare team - thanks for the nudge. We're in the process of migrating away from the proprietary license to an Apache license. We'll update the GitHub issue too; should be wrapped up in the next couple of weeks but likely sooner.
PS: I note cloudflared uses some form of telemetry, although I have not looked at what data is transmitted and didn't try to remove it after seeing the above license.
PPS: I wish cloudflared were split up into client and server instead of one binary for both, it would be easier to audit and understand that way.
PPPS: I noted while auditing that cloudflared embeds its dependencies instead of depending on them and uses some golang libraries that are obsoleted.
hearing this I'm not sure I want cloudflared inside my network at all
it's already vast... and telemetry always seems to be the thin end of the wedge
a minimal version, not maintained by the company, under a proper open source license with no bullshit and a vastly smaller attack service would seem like a easy win...
(and even better if it supported more service providers than just cloudflare... killing their lock-in)
Thanks for pointing this out as it does appear even taking the source and applying a pull request ones self does break the license.
Just to clarify: many pull requests have been accepted and would thus from my perspective be covered by the license as having become part of the software.
Caveat: did not dig deeply enough to check if it's mostly Cloudflare employees developing publicly, etc.
Edit: worth mentioning here on HN customer support as well that 'opensource@cloudflare.com' is misconfigured.
No, pull requests are not illegal, at least when done on Github, because by posting code on Github (that you are allowed to post) you grant Github and its users certain rights:
> By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).
Uh, so I just realized how we are discussing how developers submitting pull requests to this project with this license are basically demonstrating publicly performance art style that they've broken copyright law. Or we give the benefit of the doubt and assume they are not testing their changes at all.
In this specific case you might be correct but in the general case this is not true. The uploader agreeing to something does not affect the rights of other authors than the uploader.
Please explain? I've googled your sentiment and have found some links but not many answers. Breaking a contract is just as illegal (~ against the law) as breaking the law? This follows trivially from contract law being a part of law. More substantive: Both contracts and laws proscribe actions. One can find remedy for breaking either via the legal system. (Obviously the severity of punishment can differ several orders of magnitude.) Only if you limit 'illegal' to criminal law you might be right in some jurisdictions.
Contracts themselves are not articles of contract law. - This is true, but the concept of inheritance holds.
'Illegal' ~ 'against the law'. What is doing something against the law? Doing something the law states you are not allowed to do. So in practice under continental law (Napoleonic / Germanic) a law states "do X" or "leave Y" and doing the opposite is illegal. Then, if the law states "you must (under good faith) fulfill your contract" and you do not fulfill your contract ... that's illegal. A legally binding contract has the force of law for the signing parties.
> Contracts themselves are not articles of contract law. - This is true, but the concept of inheritance holds.
Of 'inheritance'? What does this mean? Are you trying to apply the rules of OOP to contract law, as if an individual contract were an instance of contract law...?
Yeah I was trying to make an argument the target audience might find persuasive. Inheritance is a nice concept when reasoning about (continental) contracts since a contract is only a contract if and only if it abides by contract law. That's a strict inheritance there. In truth, it's a bit more flexible: a contract could still be a contract if there are illegal provisions in the contract since at first only the illegal provisions will be scrapped by a judge.
> a contract is only a contract if and only if it abides by contract law
That's true, but I don't quite see how that makes a contract the law. Someone who doesn't turn up to work isn't doing something illegal by dint of breaking their employment contract. IME, 'illegal' generally refers to breaking the criminal law, whereas I wouldn't say this even breaks civil law, sensu stricto. https://malesculaw.com/is-breach-of-contract-a-tort/
https://github.com/cloudflare/cloudflared/issues/464