See the entire conversation

James Donaldson is following through with seizing control of Copperhead and Copperhead infrastructure. He's untrustworthy and I consider the company and infrastructure to be compromised. I will be treating this as a serious compromise and preventing him from harming any users.
65 replies and sub-replies as of Nov 17 2020

James has even threatened to seize control of my personal GPG key that I created in 2009/2010 when I started packaging for the official Arch Linux repositories. I don't have an understanding of why he is taking these actions. It's completely illogical and extremely destructive.
Note that James Donaldson doesn't have access to my signing keys and I have prevented that from ever happening in any scenario. By the infrastructure being compromised, I mean he registered domain on his personal account so he can take it over via DNS.
argh, good luck!
When I saw James' tweet earlier today, I thought he meant that you two worked it out 😭
good luck man, your work has been nothing short of spectacular and seeing this project getting destroyed over a personal dispute is just a shame :/ hope you end up with a better CEO and a proper team of devs supporting you...
Daniel you no i am a big fan of yours and all you have done, having had a meeting with James today and looked at the legal documents you posted it’s clear that James offered you three posts and has tried to rectify this situation even offering you a holiday and then2meet up 1/2
Copperhead is a business and James has it’s best interests at heart so it can become what it is destined to be. James at no stage aired any dirty linen in public as this is very unprofessional. I hope hou take a step back and let the red cloud disperse and lets all move forward
Make sure to put your revocation certificate on a USB into a safe deposit box at your bank. Preferably one he can’t access. If worst comes to worst publish it.
This is completely unacceptable.
So now it's official, Copperhead and Copperhead OS are ruined. Very sad, I still don't get why James did this. As far as I understand it he is not even a developer, more a business person. So why would he get rid of the person doing all the work? I don't gz it. :(
Copperhead and Copperhead os are far from ruined i will make sure of that so please if you have nothing positive to add but gossip and speculation get back down into your parents basement! Oh and don’t pass judgement on James as yet again you are putting 1&1 together&getting 5
sir, your tone is not very helpful for a constructive conversation. I have talked to @_copperj in private about this. There is no bad blood between him and me, i just wanted to know something for the security of the userbase and he denied it!
i still think it's good to ask the ovious question and get a strait answer to it. So no one asumes something wrong. I asked if this dispute was about putting in a backdoor and @_copperj and @DanielMicay denied it! Good, so users don't have to worry!
No, firstly you made a quote about james taking cash for a backdoor option and then if that wasn’t enough you speculated the demise of Copperhead&Copperhead Os! @_copperj has acted dignified throughout this and has been professional&i wont have him or his name dirtied by gossip
Maybe in future go to the source instead of making assumptions? Theres a right and a wrong way to deal with this situation and dealing with it publicly on twitter is madness! @_copperj has been professional and will continue to be if all parties acted the same it wud b sorted
He has been anything but professional. Choosing to side with James is a mistake. I own the vast majority of the code and it's under a non-commercial usage license.
you did the right thing, don't listen to these skids.
What exactly happened? I assume James wanted to accept money for putting in a backdoor and Daniel refused. Is that correct?
Is there a particular reason you believe that's what happened? I haven't seen any indication but I'm really an outsider and have no idea what's going on.
I haven't said that's what happened.
I don't have an explanation for why James started this in May. It's completely illogical and destructive from my perspective. He's dishonest and manipulative which is why I consider him having control over the infrastructure to be a compromise. I can't predict what he will do...
I already prevented any possible compromise of the OS. I am not capable of compromising it anymore so no form of coercion can make me do that. It's very unfortunate that things ended this way and now I guess the little money I earned from this will go to legal fees, etc.
What did you do? Destroy the keys that would have allowed compromise?
Hopefully ATA Secure Erase actually works.
Before you do any damage think of everyone that has paid for a service. This is being dealt with the wrong way and completely unprofessionally, i am your biggest fan but this is wrong. Ive gave you my word that it can be sorted amicably but this way can only end one way! Think
Yes, they paid for a product which included a commitment to protecting them from the fallout from a situation like this. I had an obligation / commitment to protect those signing keys at all costs and to destroy them if I felt they were at risk of compromise which I certainly do.
James is not someone that can be trusted. Handing over my personal signing keys to him was never an option. It would have been incredibly unethical and a betrayal to the users that have trusted me with their security.
This is the right way to think about the keys you control and the responsibility that places on you.
Daniel, thank you for taking your work and responsibilities so seriously.
Could you be explicit? You imply that you have irretrievably deleted the CopperheadOS signing keys, but I'd like to be certain I understand.
I purged my Android signing keys which were used to sign CopperheadOS releases including all three offline backups of them. It's not possible to create app or OS updates that will be accepted anymore. No one else ever had access to my keys.
My GPG key is not (yet) purged but isn't used by the OS itself. It was only used to sign factory images. The GPG key was created 5 years before Copperhead was founded and I'm not yet sure if it makes any sense to revoke it and purge it so I haven't yet done that.
I think you should really talk to a lawyer first. Actually, it would have been best to do that before you went public with it. You're just handing over your *** on a plate. That James guy prolly has his lawyer telling him "DON'T TALK! Let the Micay guy screw himself for us."
I don't think he has a lawyer. The company has lawyers and I still own half of the company. I was looking out for the project I cared about by trying to get him to back off and stop destroying it by going public. However, he kept going and seized infrastructure + locked me out.
There's nothing left to get from me. He took control of the infrastructure and he was never going to get my personal signing keys. The most he can do is try to claim I caused damages but really that was all him and transparency is part of how this company has worked all along.
Just trying to say this, if you really care about the project, you must keep your calm, not get desperate and lawyer up asap.Give your future self a fighting chance. You're just throwing yourself out of the game before it even starts. Who's gonna fight when you're totally out? ;)
What makes you think that he hasn't? In any case, not the point. Even if, and I hardly believe that, he doesn't have 1, should he get 1 right now, he would be at a considerable advantage just because he kept quiet and you're already purging keys and sharing private email scrshots
Nothing private about those emails. There's no NDA and I stated clearly that I would publish them if they were sent.
My signing keys are my property and are used to prove my identity.
Fair enough...ish, I don't know, I'm not a lawyer and the laws of my country are certainly different from ours. But I'll get out of your hair. I sincerely wish you and CopperheadOS the best. Cheers.
Well, that's one way to brick any releases of CopperheadOS that require a signed update. 😯
What nonsense, where did you pull this backdoor rubbish from? Advisable to take that tweet down and maybe do a little research before leaving bull💩 comments! This should have and will be dealt with in house like a professional business! @DanielMicay do you see what this stirs?
People are right to be concerned. They trusted me, and the company is getting rid of me and demanding to seize control over my personal computer and signing keys. It was even stated that third parties would be given access for 'auditing'. Siding with James is the wrong approach.
There's nothing professional about trying to bully someone into giving up their rights and property with scary threats. Making legal threats to your business partner is not professional and ended any chance of this having a good outcome where we could have worked together.
It ended with the first threatening email. This is just the fallout. The moment I received that email in my inbox, I knew that I could never trust or work with James again. We could have found a way to work together before that. Not afterwards.
I will not discuss this here, take this nonsense down and deal with this like adults. We all have a vested interest in an outcome were all parties are happy and we all move forward but professionally! Email me.. Or Signal please
So don't discuss it here and remove your inaccurate claims: . I have no issues with you... and I am happy to talk to you somewhere else as I said.
Daniel you no i am a big fan of yours and all you have done, having had a meeting with James today and looked at the legal documents you posted it’s clear that James offered you three posts and has tried to rectify this situation even offering you a holiday and then2meet up 1/2
Check your dm get this all down and lets move forward please! And il do likewise
So sad to hear this! I hope it'll work out somehow for you!
Good. It's been a pile of shit since it was monetized and this is a long time coming after the user-base was disenfranchised.
You aren't entitled to my work for free any more than James is entitled to steal it when I haven't ever sold or handed over copyright ownership to Copperhead. You people are no different really. All of you are just looking to exploit someone for their work and toss them aside.
A beyond trying to be paying client that has been thrown aside (I have a Sailfish, check Reddit). Honestly, and maybe this is out of character to a fellow Canadian: I hope this fails.
You hope what fails? You don't need to convince me that the business was run totally incompetently despite having something that could have been enormously successful. Forcing out the person that developed everything and owns a substantial portion of the code is just more of it.
Yeah I stand by the initial assertion: who are you.
Daniel Micay, the person that email is addressed towards. The person that built CopperheadOS only to be completely screwed over with almost nothing to show for all of that work.
It seems like you think you're talking to James. I had nothing to do with sales. I only handled the technical side of things and that's completely over now. I apparently no longer work for Copperhead. Look at the names in the email. I think you have it backwards.
This needs to to be cleared up with real arguments and facts Daniel. I understand your position but for users sake - could you PLEASE calm down and put together an article with facts, signed by your pgp key, and ask publicly James to react? This will help us all.