Open Source Code Lifted For Windows 7 Download Tool

Microsoft took responsibility for a developer lifting code from a CodePlex-hosted open-source project to build its free Windows 7 USB/DVD Download Tool, an incident that caused Microsoft to yank the program from its online Microsoft Store earlier in November.

Microsoft had originally introduced the WUDT in October as a way of porting Windows 7 onto netbooks, many of which do not contain DVD drives. The tool allegedly copied code from the GPLv2 (General Public License Version 2)-licensed ImageMaster project, described on the CodePlex site as “a .NET C# application for reading and writing disc images,” without following ImageMaster’s terms of use.

Under ImageMaster’s terms of use for open-source code, Microsoft should have provided source code for modifications to ImageMaster. Microsoft also grafted its own licensing terms onto the WUDT tool, a further violation of the terms of use.

In a 6 Nov. post on his Within Windows blog, Rafael Rivera described how he had been poking around the WUDT’s internals and had a “weird feeling” that “there was just wayyyyy too much code in there for such a simple tool.”

After additional digging, Rivera found that a “simple search of some method names and properties … revealed the source code was obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project. The author of the code was not contacted by Microsoft.”

On the late afternoon of 13 Nov, as everyone headed out for the weekend, Microsoft confirmed that Rivera’s findings were sound.

“After looking at the code in question, we are now able to confirm this was indeed the case, although it was not intentional on our part,” Peter Galli, open-source community manager for Microsoft’s Platform Strategy Group, said in a statement published on Port25, a site that bills itself as, “Communication from the open-source community at Microsoft.”

The issue, according to Galli, was limited to the WUDT.

“While we had contracted with a third party to create the tool, we share responsibility as we did not catch it as part of our code review process,” Galli said. “We had furthermore conducted a review of other code provided through the Microsoft Store and this was the only incident of this sort we could find.”

Galli’s statement concluded with an olive branch of sorts for the open-source community: “When it comes to our attention that a Microsoft component contains third-party code, our aim is to be respectful of the terms under which that code is being shared. As a result, we will be making the source code as well as the binaries for this tool available next week under the terms of the General Public License v2 … and are also taking measures to apply what we have learned from this experience for future code reviews we perform.”

A Microsoft spokesperson indicated to eWEEK that this would be the only statement at this time concerning the matter.

Nicholas Kolakowski eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Nicholas Kolakowski eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

9 mins ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

39 mins ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

1 hour ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

2 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

2 hours ago

North Koreans Stole $1.34bn In Crypto This Year

North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…

3 hours ago