Update: Kode54 has renamed the fork to foo_openmpt54 and all issues have been cleared up. See the blog post at https://kode54.net/2018/01/regarding-foo_openmpt-fork-and-the-new-foo_openmpt54/ and the actual code repository at https://bitbucket.org/losnoco/foo_openmpt
foo_openmpt is the libopenmpt-based decoder component for the foobar2000 audio player and has been maintained by the libopenmpt project since its first release 4 years ago.
Earlier this month, a third party developer named Christopher Snowhill (also known as kode54) forked foo_openmpt. By leveraging the foobar2000 component update infrastructure, he rolled out his changes directly to previous foo_openmpt users. He did so under the same “foo_openmpt” project name and with a version number identical to our current foo_openmpt unreleased development version, and with at that point in time no source code available. The libopenmpt team has only been informed by him about his actions after all of this had already been done.
Even though he by now has renamed his fork (thereby stopping having foobar2000 suggest users to upgrade to his version) and provided some source code (albeit not in a form that is easily adoptable by others or follows best practices), the libopenmpt project cannot endorse his actions. Taking over and forking an actively maintained open source project using the identical name and upgrading previous users to his version is against all written or unwritten rules of cooperative open source development and honest trustworthy behaviour towards fellow developers and users. The libopenmpt/OpenMPT project has no understanding as to why he forked in the first place. There was no prior indication or urge to do so. The libopenmpt project was and is always open to patch contributions from developers outside of our project.
Even though we are not aware of any further malicious actions performed by kode54’s component, we highly recommend that all users who had our foo_openmpt 0.3.4 (or earlier) component installed and who have been suggested by foobar2000 to upgrade to kode54’s version 0.4.0-pre.3 (or similar) to re-download our stable release version from our website https://lib.openmpt.org/ (and only from our website and no other place). In case you want to test unreleased versions, we provide those at https://buildbot.openmpt.org/ and https://builds.openmpt.org/.
We also want to state absolutely clearly that kode54’s actions have not been endorsed by the foobar2000 project. To the best of our knowledge, individual third party developers can manage their own component listings on the foobar2000 component website after they have initially registered to do so with the foobar2000 project maintainers.
By listing our foo_openmpt on the foobar2000 website ourselves long ago, the libopenmpt project could probably have avoided some amount of the trouble caused. However, the foobar2000 project does not document the fact that this is required in order to claim a component name, although it apparently is in practice. We honestly were not aware of that fact.
How the libopenmpt project will continue with regard to foo_openmpt has not yet been decided finally. The situation is complicated, in particular also for its users, because of the amount of changes and apparent improvements that kode54 has made to the component.
Staying silent about what happened could be viewed as being dishonest to our users, which is not what we want to do. The libopenmpt project thus had no choice but to issue this statement.
We may issue an additional more detailed statement on the whole situation at a later time.
Regards, manx and Saga Musix (libopenmpt and OpenMPT maintainers)