github/dmca
1
Fork 0
mirror of https://github.com/github/dmca.git synced 2025-06-18 17:05:41 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Process DMCA request

Browse Source
This commit is contained in:
dmca-sync-bot 2025-06-11 21:29:45 +00:00
parent 3fdb17aa52
commit 09eb8b7b3b
1 changed files with 126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
2025/06/2025-06-04-msrc-kb-severity-checker.md Normal file
View File

@ -0,0 +1,126 @@
Before disabling any content in relation to this takedown notice, GitHub
- contacted the owners of some or all of the affected repositories to give them an opportunity to [make changes](https://docs.github.com/en/github/site-policy/dmca-takedown-policy#a-how-does-this-actually-work).
- provided information on how to [submit a DMCA Counter Notice](https://docs.github.com/en/articles/guide-to-submitting-a-dmca-counter-notice).
To learn about when and why GitHub may process some notices this way, please visit our [README](https://github.com/github/dmca/blob/master/README.md#anatomy-of-a-takedown-notice).
---
**Are you the copyright holder or authorized to act on the copyright owner's behalf? If you are submitting this notice on behalf of a company, please be sure to use an email address on the company's domain. If you use a personal email address for a notice submitted on behalf of a company, we may not be able to process it.**
Yes, I am the copyright holder.
**Are you submitting a revised DMCA notice after GitHub Trust & Safety requested you make changes to your original notice?**
No
**Does your claim involve content on GitHub or npm.js?**
GitHub
**Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.**
I am the [private] and [private] of the work in question. [private] created and published the original MSRC-KB-Severity-Checker project under the GPL-3.0 license on GitHub at https://github.com/Myraas/MSRC-KB-Severity-Checker. The infringing repository contains both [private] publicly licensed code and proprietary code from [private] [private] that was never intended for public release.
The infringer was a contractor whom [private] hired and paid to privately help integrate [private] code with [private] Notion database for [private] personal use at [private]. This contractor was never granted permission to publish, redistribute, or make public any version of [private] code. The unauthorized publication not only violates the GPL-3.0 license terms but also breaches the confidential nature of our contractor agreement.
Most egregiously, the published code includes [private] private Notion database credentials on lines 7 and 8 of their republished script at https://github.com/musaspacecadet/notion_security_update/blob/master/security-updates.ps1, including [private] Notion Secret and Database ID, which compromises the security of [private] private database and was never intended for public exposure.
This is not a fork. The infringing repository at https://github.com/musaspacecadet/notion_security_update is a separate repository that reproduces [private] copyrighted work without proper forking or attribution. There are no additional forks to report at this time.
**Please provide a detailed description of the original copyrighted work that has allegedly been infringed.**
The original copyrighted work is a PowerShell script called 'MSRC-KB-Severity-Checker' designed to query Microsoft Security Response Center (MSRC) severity ratings for Knowledge Base (KB) articles. The work includes:
A complete PowerShell script with functions for querying MSRC data, caching results, and extracting unique KBs
Specific code structure, variable naming conventions, and implementation logic
Documentation including feature descriptions, disclaimers, and usage instructions
A private enhanced version with Notion integration functionality that was never publicly released.
The infringing repository contains virtually identical code, including both the public GPL-licensed portions and proprietary private code, without proper attribution or forking.
**If the original work referenced above is available online, please provide a URL.**
Original Public version: https://github.com/Myraas/MSRC-KB-Severity-Checker/tree/main
Original Private version (not publicly accessible): [private]
**We ask that a DMCA takedown notice list every specific file in the repository that is infringing, unless the entire contents of the repository are infringing on your copyright. Please clearly state that the entire repository is infringing, OR provide the specific files within the repository you would like removed.**
**Based on the above, I confirm that:**
The entire repository is infringing
**Identify the full repository URL that is infringing:**
https://github.com/musaspacecadet/notion_security_update
**Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice#complaints-about-anti-circumvention-technology">Complaints about Anti-Circumvention Technology</a> if you are unsure.**
No
**If you are reporting an allegedly infringing fork, please note that each fork is a distinct repository and <i>must be identified separately</i>. Please read more about <a href="https://docs.github.com/articles/dmca-takedown-policy#b-what-about-forks-or-whats-a-fork">forks.</a> As forks may often contain different material than in the parent repository, if you believe any of the repositories or files in the forks are infringing, please list each fork URL below:**
**Is the work licensed under an open source license?**
Yes
**Which license?**
gnu-general-public-license-v3.0
**How do you believe the license is being violated?**
Yes, the publicly available portion of [private] work is licensed under GPL-3.0. However, the infringing repository also contains proprietary code from [private] [private] that was never released under any open source license and was not intended for public distribution.
The GPL-3.0 license is being violated in multiple ways:
* No attribution: The repository fails to credit [private] as the original author
* Unauthorized license change: The infringer has republished [private] GPL-3.0 licensed work under an MIT license, which violates GPL-3.0's copyleft requirements that mandate derivative works maintain the same GPL-3.0 license.
* Misrepresentation of authorship: The work is presented as the infringer's own creation.
* Inclusion of unlicensed private code: The repository contains proprietary code from [private] [private] that was never licensed for public use
Failure to maintain license terms: GPL-3.0 requires derivative works to maintain the same license and attribution
* Failure to maintain license terms: GPL-3.0 requires derivative works to maintain the same license and attribution, but the infringer has improperly changed it to MIT without authorization
**What changes can be made to bring the project into compliance with the license? For example, adding attribution, adding a license, making the repository private.**
To bring the project into compliance, the following changes would be required:
* Add proper attribution clearly identifying [private] ([private]) as the original author
* Include the GPL-3.0 license text in the repository
* Remove all proprietary code from [private] [private] that was never licensed for public use (specifically the Notion integration code and any associated credentials)
* Add a clear README acknowledging the original source repository
* Ideally, delete the current repository and properly fork from [private] original repository to maintain proper version control history and attribution
However, given the infringer's demonstrated disregard ('i dont care') and the inclusion of [private] private proprietary code, [private] prefer complete removal of the infringing repository.
When confronted about the unauthorized publication, musaspacecadet responded:
* "i dont care"
* "the code was not mine"
* "ill fork as i stated in the issue and give you proper attribution, the code was always yours, i thought you were not going to ask for this again and the notion credentials didnt work so i made it public"
**Do you have the alleged infringers contact information? If so, please provide it.**
Yes, I have the infringer's contact information:
GitHub username: musaspacecadet
GitHub profile: https://github.com/musaspacecadet
[private] username: [private] (where we had direct communication about this issue)
[private] have already attempted to resolve this matter directly through both GitHub issues and private [private] messages, but the infringer has shown disregard for copyright compliance.
**I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.**
**I have taken <a href="https://www.lumendatabase.org/topics/22">fair use</a> into consideration.**
**I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.**
**I have read and understand GitHub's <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice/">Guide to Submitting a DMCA Takedown Notice</a>.**
**So that we can get back to you, please provide either your telephone number or physical address.**
[private]
**Please type your full name for your signature.**
[private]