So he noticed a repo identifier of bk://thunk.org:5000/ and tried telnetting to it, typed 'help' and got a list of commands and tried 'clone' and it gave all the files as sccs. That is still reverse engineering, even if it is facilitated by the wire-protocol. Especially when one has been asked directly to not do any reverse engineering.
It also seems unlikely that that was where it stopped, as that likely wouldn't have gotten any attention. The whole claim just seems disingenuous.
One can be fulfilling one's curiosity in simple and obvious ways and still be breaking license terms or the law. That something is trivial doesn't mean that it is moral, legal or licensed.
It would still fall afoul of the CFAA (for which there is no exception for reverse engineering) and equivalent laws outside the US - the server he was connecting to was owned by BitMover (as far as I see) and he wasn't authorised to use it in that fashion. And the person through whom he might have authorisation (Linus) had explicitly disallowed reverse engineering. So nobody who could authorise it had done so. People have been arrested and lost court cases for less.
In good news, the supreme court clarified/limited the CFAA in June 2021 [1], so it's now seemingly legal to access a server however you like as long as you're not accessing information you wouldn't otherwise have access to.
> the server he was connecting to was owned by BitMover (as far as I see)
That would be surprising to me. Being a DCVS, lots of folks in the community would be running their own servers and sharing the URLs to them; that is were Andrew would have noticed URLs like bk://thunk.org:5000. For instance, here's one such URL being shared on the LKML where Andrew hung out: https://www.cs.helsinki.fi/linux/linux-kernel/2003-12/1108.h... It is my assumption that bk.arm.linux.org.ku was not owned BitMover.
Perhaps that means that whoever was running the server than Andrew connected to was in violation of their license by "authorizing" Andrew's access.
Thank you, that elucidates a little. I thought odd the wide claims that the metadata was stored on BitMover's servers and that they might own that IP.
Note that the CFAA is a criminal law, so it was possible for Andrew to be prosecuted for breaking it, given a report to the police, if he hadn't been given direct permission to access that server in that way, whether or not the server owner minded.
It also seems unlikely that that was where it stopped, as that likely wouldn't have gotten any attention. The whole claim just seems disingenuous.
One can be fulfilling one's curiosity in simple and obvious ways and still be breaking license terms or the law. That something is trivial doesn't mean that it is moral, legal or licensed.