How do people find out or know whether your repo which is having MIT or apache or AGPL license is being used by a corpo and profiting from it and not making the code open source or paying license fees?
For MIT, why do you care? That’s perfectly fine and explicitly allowed by the license. Same for Apache, but with a few extra requirements (like keeping a list of changes in the source code and preserving licensing information etc.).
As for how I know big corporations are using my code: the fact that a prominent project (publicly used by several tech giants) took a dependency on one of my tiny (permissively licensed) library packages is probably a clue.
I may have slightly misremembered the license text (subsection 4c):
You must cause any modified files to carry prominent notices stating that You changed the files;
So I guess technically you only need to indicate that you have changed the files, not what you’ve changed in them. I suppose that’s less burdensome because it only needs to be done once per file at most.
So what you’re saying is you could take down an entire company by introducing a bug?
I don’t think so, no.
Leaving aside the fact that I don’t want to do that:
They’ve quite sensibly vendored my library, so I’d have to hope they pull in updates without checking the code changes: since it’s such a tiny library (excluding tests but including fairly extensive comments, it’s less than 100 lines of quite readable code) I don’t think it’d be easy to get it past their code review system if I tried to sneak in enough code to take down entire companies.
Also, my GitHub account is tied to my real-world identity, so I’d probably be in a lot of trouble if I somehow succeeded.
“vendored my library”
I’m unfamiliar with this phrase, are you able to explain what it means (or point me towards an explanation)? Is it relating to forking?
