我刚才测试了 badssl.com 上的一些示例域名，测试之前将其SNI加入 config.json 以指示 Accesser 不去除 SNI。对于有问题的TLS证书处理不同。
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
后面的 revoked 和 punning-test 是有问题的，但是我的浏览器也没有警告，所以不再测试。
Geremie R. Barmé 呀，第一篇提 GFW 的文章 The Great Firewall of China 作者就是他。
I don't see any unacceptable things
The CLA also allows us to use the code in other products that may not be open source
https://archive.vn/d2NZm (原文已被 Daniel Ray 删除)
I think he was just trying to be nice. He wouldn't have suggested an in-person chat or gone along with one if he knew you wouldn't be comfortable with it. Yes, some of the company's actions have been questionable, but their employees are still human and there is no need to hound them down for suggesting an in-person meetup. Please don't dehumanise these employees, they seem like nice reasonable people, especially making time to speak with a freelance journalist.
Thanks for injecting a more human element to this discussion. There is actually quite a bit more to this story here than most people realize.
I'll try to explain.
Wenzheng Tang (@Xmader) is actually violating the law with both repositories related to MuseScore, one of them a rather severe violation.
This repository violates 17 U.S. Code § 1201 - Circumvention of copyright protection systems.
Another repository of his, musescore-dataset, has far more serious implications as it may be considered willful infringement with criminal intent (see: 17 U.S. Code § 506 - Criminal offenses). That repository is actually illegally distributing copyrighted works licensed to MuseScore by major music publishers. That such distribution is considered copyright infringement on a massive scale (hundreds of thousands of works) is unambiguous. This purpose does not meet the four necessary requirements for fair use claim according to Section 107 of the U.S. Copyright Act.
Those factors are:
Further explanation of the four factors can be found in this article - The Fair Use Exception.
To provide further context, it is important to understands that 100% of all rights to transcription or arrangement of a copyrighted work belong to the rights holder, regardless of who performed the transcription or arrangement. This is a point of great confusion for many. Further explanation of this topic can be found in the following article - No, You Don’t Own Your Arrangement of That Hit Song.
So, if it is such a clear violation, it should be quite easy to get this taken down, right? Why hasn't this repo been taken down yet? Simply put, the actual process of requesting the take down and proving violation would have severe implication on Wenzheng Tang, so I have hesitated in the hopes he would simply choose to take it down himself.
I'll explain why...
Upon further investigation, it became clear that Wenzheng Tang is a Chinese national, but not resident in China. As a guest in his current country, his residency status is predicated on a number of conditions, one of which is not violating the law.
If found in violation of laws, residency may be revoked and he may be deported to his home country.
While under normal circumstances, he could apply for asylum in order not to be deported, but this option is extremely limited when found in violation of the laws of the country you are a guest in.
And though the laws cited above are in reference to US law and he is neither a resident or national of the US, this is simply the starting point as the initial distribution is through Github, which is a us company and the copyrights in question are US copyrights. There are treaties between countries that would allow this to then be extended to his country of residence in accordance with their own laws (I do not mention which country out of courtesy or any other details such as the basis of residency out of respect for personal privacy). So, both repositories remain up, for now, not because we are powerless to take it down... it is that the process of exercising this power could very literally ruin the actual life of another person.
At the same time, the company is legally obligated to enforce violation of copyrighted works licensed to them. There will soon come a time where hesitation is no longer possible. But do keep in mind that enforcement may also come from any one of the rights holders of the hundreds of thousands of copyrighted works illegally distributed at any time. It is unlikely that any others will be as empathetic. As you can see, there is far more to this story than what may be assumed by the external observer.
So, Wenzheng Tang (@Xmader), I'm writing this entire post here not as a representative of any company or entity, but just human-to-human to strongly encourage you to remove both repositories and move on with your life.
The LibreScore project is fully within your right as MuseScore is GPL, and is even encouraged, but I would suggest you remove any reference to registered trademarks.
What I have described in this post is not at all a threat, but an informed assessment of your own personal legal risk.
You are young, clearly bright, but very naive. Do you really want to risk ruining your entire life so a kid can download your illegal bootleg of the "Pirates of the Caribbean" theme for oboe?
我不希望弟弟热度上来之后被老秃驴们（you know who）利用，这样他们会收到更多的资金，再策划一些恶心的行动，某些媒体再抹黑我们一把。
中国用户也可能充当 snowflake 网桥。