The (2?) maintainers of Fluent Assertions have changed the license in the GitHub repository from Apache 2 to a proprietary commercial license. This happened yesterday, it looks like the other 200 contributors were not asked. Commercial users can now buy a license for $130 per developer, per year.
There are some suggestions that the take-over and the new license are violating some articles in the Apache 2 license.
My question is: Suppose that -with reasonable certainty- the maintainers and new owners violated the Apache 2 license. Is there anything that can be done? Is there any way violations like this can be brought to court?
(I’m just asking, not using FluentAssertions and not involved nor affected by this).
The commit hash right before the license change will be unambiguously licensed under Apache. Anyone can fork from there.
Were contributors’ rights violated? It may depend on whether contributors assigned copyright to whomever is in charge now or not. If there are a bunch of copyright assertions in the source files from diverse individuals, then likely not. If the copyright assertions are uniform, then assignments may have happened, but only if the individual contributors signed some agreement to that effect.
Apache is generally considered permissive, so even without assignments, it might be possible for these new people to offer a derivative work under more restrictive terms. The original contributions of the various contributors are still available under Apache 2.0, but the easiest way to get those is to check out an earlier commit hash.
Edit: so I actually read the ticket. It sounds like the villains pulled some git trickery to obfuscate the history. But that doesn’t change the legal status. If this version x software was offered by its copyright holders under Apache terms in the past, then you can still use and redistribute version x under Apache terms now.
The clearest cause of action for aggrieved contributors seems to be clause 4, where the villains need to provide a copy of the Apache text to redistribute a derivative work. And not delete it like apparently happened.
As you noted, the real interesting thing is that having received contributions licensed under Apache compels them to maintain the attribution for those authors, even in a repackaged proprietary product. And you have to mention the Apache license you got the contributions under.
No major open source license has any expiration / revocation terms which the author could invoke unilaterally. Once you’ve shared it as open source, those versions stay open.