|
| 1 | +Before disabling any content in relation to this takedown notice, GitHub |
| 2 | +- contacted the owners of some or all of the affected repositories to give them an opportunity to [make changes](https://docs.github.com/en/github/site-policy/dmca-takedown-policy#a-how-does-this-actually-work). |
| 3 | +- provided information on how to [submit a DMCA Counter Notice](https://docs.github.com/en/articles/guide-to-submitting-a-dmca-counter-notice). |
| 4 | + |
| 5 | +To learn about when and why GitHub may process some notices this way, please visit our [README](https://github.com/github/dmca/blob/master/README.md#anatomy-of-a-takedown-notice). |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +While GitHub did not find sufficient information to determine a valid anti-circumvention claim, we determined that this takedown notice contains other valid copyright claim(s). |
| 10 | + |
| 11 | +--- |
| 12 | +One or more repositories in this DMCA takedown notice has been processed in accordance with GitHub's prohibition on sharing unauthorized product licensing keys, software for generating unauthorized product licensing keys, and/or software for bypassing checks for product licensing keys. |
| 13 | + |
| 14 | +You can learn more in [GitHub's Acceptable Use Policies](https://docs.github.com/en/github/site-policy/github-acceptable-use-policies). |
| 15 | + |
| 16 | +--- |
| 17 | + |
| 18 | +**Are you the copyright holder or authorized to act on the copyright owner's behalf? If you are submitting this notice on behalf of a company, please be sure to use an email address on the company's domain. If you use a personal email address for a notice submitted on behalf of a company, we may not be able to process it.** |
| 19 | + |
| 20 | +Yes, I am authorized to act on the copyright owner's behalf. |
| 21 | + |
| 22 | +**Are you submitting a revised DMCA notice after GitHub Trust & Safety requested you make changes to your original notice?** |
| 23 | + |
| 24 | +No |
| 25 | + |
| 26 | +**Does your claim involve content on GitHub or npm.js?** |
| 27 | + |
| 28 | +GitHub |
| 29 | + |
| 30 | +**Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.** |
| 31 | + |
| 32 | +I am authorized to write on behalf of Mend.io, the owner of the IP. |
| 33 | + |
| 34 | +I am an [private] [private] on the proprietary product that this claim is about. |
| 35 | + |
| 36 | +I am also a [private] on the Renovate CLI (Open Source) and the [private] for the project. |
| 37 | + |
| 38 | +**Please provide a detailed description of the original copyrighted work that has allegedly been infringed.** |
| 39 | + |
| 40 | +The proprietary software in question is Mend Renovate Self-Hosted product (https://www.mend.io/renovate/), which is protected under copyright law. The software utilises license key enforcement to protect against unauthorized use and distribution. |
| 41 | + |
| 42 | +The pre-built Docker images for “CE” and “EE” are distributed publicly, for ease of use and distribution. |
| 43 | + |
| 44 | +License key enforcement is then performed when the Docker image starts up and runs Mend-proprietary code (`[private]` or `[private]`). |
| 45 | + |
| 46 | +**If the original work referenced above is available online, please provide a URL.** |
| 47 | + |
| 48 | +**We ask that a DMCA takedown notice list every specific file in the repository that is infringing, unless the entire contents of the repository are infringing on your copyright. Please clearly state that the entire repository is infringing, OR provide the specific files within the repository you would like removed.** |
| 49 | + |
| 50 | +**Based on the above, I confirm that:** |
| 51 | + |
| 52 | +Specific files within the repository are infringing |
| 53 | + |
| 54 | +**Identify only the specific file URLs within the repository that is infringing:** |
| 55 | + |
| 56 | +https://github.com/USA-RedDragon/dockers/blob/7a7fc0d5a3eb5d3d76ad1518a52d7719dd4a8c63/images/renovate-ee-worker/Dockerfile#L7-L23 |
| 57 | + |
| 58 | +Repository: https://github.com/USA-RedDragon/dockers |
| 59 | +File: images/renovate-ee-worker/Dockerfile |
| 60 | +Commit: 7a7fc0d5a3eb5d3d76ad1518a52d7719dd4a8c63 (current commit) |
| 61 | +Lines: 7-23 |
| 62 | + |
| 63 | +First introduced in db5dfa0fed0650007fb9503237f767143eef5222 |
| 64 | + |
| 65 | +**Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice#complaints-about-anti-circumvention-technology">Complaints about Anti-Circumvention Technology</a> if you are unsure.** |
| 66 | + |
| 67 | +Yes |
| 68 | + |
| 69 | +**What technological measures do you have in place and how do they effectively control access to your copyrighted material?** |
| 70 | + |
| 71 | +License key enforcement is then performed when the Docker image starts up and runs Mend-proprietary code (`[private]` or `[private]`). |
| 72 | + |
| 73 | +The license key is signed by Mend’s asymmetric signing key, and on startup, the code verifies the signature against a public key. |
| 74 | + |
| 75 | +The public key is distributed as part of the (obfuscated) Javscript code. |
| 76 | + |
| 77 | +**How is the accused project designed to circumvent your technological protection measures?** |
| 78 | + |
| 79 | +The signing key in the Javascript code has been replaced with a signing key known by the attacker. |
| 80 | + |
| 81 | +They use that signing key to generate a signed license key that now validates against this attacker-owned license key, which bypasses Mend’s license key validation. |
| 82 | + |
| 83 | +**If you are reporting an allegedly infringing fork, please note that each fork is a distinct repository and <i>must be identified separately</i>. Please read more about <a href="https://docs.github.com/articles/dmca-takedown-policy#b-what-about-forks-or-whats-a-fork">forks.</a> As forks may often contain different material than in the parent repository, if you believe any of the repositories or files in the forks are infringing, please list each fork URL below:** |
| 84 | + |
| 85 | +**Is the work licensed under an open source license?** |
| 86 | + |
| 87 | +No |
| 88 | + |
| 89 | +**What would be the best solution for the alleged infringement?** |
| 90 | + |
| 91 | +Reported content must be removed |
| 92 | + |
| 93 | +**Do you have the alleged infringer’s contact information? If so, please provide it.** |
| 94 | + |
| 95 | +From Git commit metadata: |
| 96 | + |
| 97 | +[private] |
| 98 | +[private] |
| 99 | + |
| 100 | +**I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.** |
| 101 | + |
| 102 | +**I have taken <a href="https://www.lumendatabase.org/topics/22">fair use</a> into consideration.** |
| 103 | + |
| 104 | +**I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.** |
| 105 | + |
| 106 | +**I have read and understand GitHub's <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice/">Guide to Submitting a DMCA Takedown Notice</a>.** |
| 107 | + |
| 108 | +**So that we can get back to you, please provide either your telephone number or physical address.** |
| 109 | + |
| 110 | +[private] |
| 111 | + |
| 112 | +**Please type your full name for your signature.** |
| 113 | + |
| 114 | +[private] |
0 commit comments