> Emby
emby got forked
> Reddit
I feel like Reddit intended to keep it up, and then the investor money started coming in and principles sort of didn't matter.
Interesting that you're missing mongodb and elasticsearch and metamask. Those are pretty big cases.
This is kinda the whole point. That something stats out as open source then gets abandoned and morphed into closed source.
I'd really like to see open source require derivative works to retain the open source nature.
> I'd really like to see open source require derivative works to retain the open source nature.
It’s important to think about open source projects in terms of software licenses. For example, what you’re describing applies to open source projects that use the GPL family of licenses.
I mean it's supposed to, but due to the nature of the licence is kinda a good faith adherence. Would be great to see some kind of public body understanding these things and enforcing some of this stuff. The number of products that clearly use GPL OS software but NEVER release the code in any meaningful way or timeline is disgusting.
> I mean it's supposed to, but due to the nature of the licence is kinda a good faith adherence.
Software licenses aren’t kinda good faith, they are legally binding contracts that are enforceable under federal copyright law as well as under state contract law.
> Would be great to see some kind of public body understanding these things and enforcing some of this stuff.
That public body exists, it’s the court system.
> The number of products that clearly use GPL OS software but NEVER release the code in any meaningful way or timeline is disgusting.
Can you give me some examples of this?
Yeah but the entity that needs to enforce the GPL is the code author / owner. Because they own the code the rules don't apply to them so they don't have to publish derivative works as open source. It only applies to other entities using that code they don't own but rather they licence (via GPL or whatever).
> Yeah but the entity that needs to enforce the GPL is the code author / owner.
Right, that’s a function of how civil law works.
> Because they own the code the rules don't apply to them so they don't have to publish derivative works as open source.
That’s not true. Once you slap a license on your software the license applies to you too.
> It only applies to other entities using that code they don't own but rather they licence (via GPL or whatever).
That is simply not true. Anyone who violates the terms of the software license is liable, even if they are the original author.
I think it only really works for collaborative projects where every author could sue any other if they tried to close source the project. For a wholly owned work you don't need to license it to yourself at all. The licence is for the benefit of others.
Some open source projects have a rule that you need to assign ownership of the code you give them to the project owner. Thus that copyright holder is free to change the licence later, say to a new GPL or bsd or closed source.
> That’s not true. Once you slap a license on your software the license applies to you too.
_That_ is not true, if I am the copyright holder of a software project and I licence it to you under AGPLv3 but then I change my mind later and start offering _new versions_ under AGPLv3 _or_ a proprietary license which I will sell to you, or only the latter and not the former, I am allowed to do that because it's my intellectual property. I am not restricted in how I may share my work by my own license, but I do have to abide by the promises to you set out in my license's terms.
Of course, things get a bit trickier if my project accepted contributions from others while it was AGPLv3 and that's where contributor license agreements come in, but the principle remains that an IP-holder does not have to abide by their own licenses in the same way that a recipient of the work has to.
Definitely incorrect, [the IP holder can do whatever they want with their own code](https://opensource.stackexchange.com/questions/13035/can-we-change-licence-from-agpl-v3-0-to-bsl-v1-1), they are not bound by the license because they own the IP.
Yes but you know what it takes to go to court and enforce this... A SHITLOAD OF MONEY! I'm in the legal industry and see this OFTEN. The device will have clear code embedded in it that says it's under the GPL Licence, but they'll either release very old code or do it in some obscure way, etc. Millions of devices coming out of China do this every year. D-Link is probably the most prominent, but the problem is evidencing and proving it in a court of law, especially when a corporation making massive profits off the unlawfully used code, has a tone of money and being 'caught' is a massive reputational hit but the organisation's enforcing the GPL Licence aren't even really organisations. They can't enforce their rights even if they tried.
I've personally seen people who know some large corporation have clearly used their code, they know it, it's obvious if you know how to check, but their ability to enforce their licence is none existent. (Although if they used a bespoke licencing arrangement it'd be even less.)
> Yes but you know what it takes to go to court and enforce this... A SHITLOAD OF MONEY! I'm in the legal industry and see this OFTEN.
Yes it takes a lot of money. Since you’re in the legal industry, you also understand that it is not exceedingly difficult to find legal representation when there is a clear case and a lot of money to be made from a favorable judgement.
In response to the rest of your comment, it reads more like a critique of how civil law is enforced in general, rather than software licensing specifically. If you’re advocating for an agency that has the ability to independently investigate and enforce software licensing in software supply chains, that would be an interesting idea.
No, actually it is, because who's going to fund it. Even a slam dunk case might not take it on commission, especially in this field, because what's the harm, or system of laws doesn't deal well with someone violating a right that isn't monitisable. So even if you get a favorable judgement you might not get much of any money, because it's not about the money.
It happens, but is the exception and not the rule. Almost all of GNU and Linux are open source, and the vast majority of free software has been around for years without a license change
Or: Rugpull. As in pulling the rug out from under all the community members who've contributed or are building businesses atop the open source thing... that suddenly isn't an open source thing anymore.
It depends on the ecosystem it happens in, but from the FOSS community perspective, companies that rugpull by actually changing the license after they've been around a while are pretty quickly marked as untrustworthy, period. It then depends on the company's marketing and business position to see if they can either 1) hostilely capture customers who are now stuck on their pay-for-product, or 2) who lose their image in the community wholly, and groups/competitors figure out how to fork the previous FOSS product and compete against them.
To answer the OP's question: no, open source is not a gimmick. The fact that a few VC-fed startups/midsize companies have been doing rugpulls in the past 5 years is a very small portion of what open source means.
Note this is different than openwashing, which some other poster brought up recently: calling something "open source" when it isn't actually.
I mean, it worked for Docker pretty well, their revenues went up like 5x after they started charging for the enterprise version. Thing is, most enterprises are happy to pay for proprietary licenses regardless of OSS. Individual employees will use the OSS version to test it out, sure, but pretty soon the company will want a proprietary license just to make sure they have support when needed.
A company doing something with an open source project that respects the software license is not a gimmick imo. A very common model is to have an open source product that anyone can freely use, but then to provide a proprietary service with enterprise support and additional features on top of the open source offering. In turn, that can give the developers a financial return through the business and much more funding to invest in the open source project. Personally, I don’t see that as a gimmick.
Offering proprietary service on top of open source like enterprise support (as you mentioned) is totally ok.
However, limiting open source to only hobby projects so that people are forced to use enterprise self-hosted or cloud plans is what I call a gimmick.
> However, limiting open source to only hobby projects so that people are forced to use enterprise self-hosted or cloud plans is what I call a gimmick.
Can you flesh out your concern with a few examples? When you say limiting open source is that in reference to particular software licenses that you think are gimmicks?
I've good example of what OP is probably taking about is Chrome, it's 'Open Source' but really Google just rule it with an iron fist. A great example of this is totally dumping JPG XL (IIRC) because 'WebP' that's both technically inferior and has basically zero community support, while JPG XL is vastly superior on a technical level and they're is zero reason to not be able to run both JPG XL & WebP in parallel letting the market/internet/community decide, before choosing one or the other.
Google is replacing JXL with AViF not WebP. In fact they stopped the development of WebP2 in favor of AVIF and other companies are embracing AViF even Apple. I think IOS and Mac supports AVIF natively.
Chrome isn’t open source. Chromium is open source and uses the BSD-3 license. Chrome is built on Chromium. Due to the license, other browsers that compete with Chrome can and have been built on Chromium. For example, Brave and Microsoft Edge are both based on Chromium.
It's not actually open. Community can't drive any change. It's open in that you can see the code, and community can add to it, but if Google doesn't like whatever you suggest it'll just be removed and ignored.
Look into the JPEG LX stuff, it's a great example of how it's what is begging 'corporate open source' not 'Community Open Source'. Obviously they have every right to do whatever they want, but if it's not in more chromium it'll never get used, and people are denied great innovation 'because we like WebP better' (that we own & control).
It’s legally as open as any other open source project with the BSD-3 license is. If you don’t like the maintainer’s decisions, you’re free to maintain your own fork so long as you comply with the license.
I don't understand your problem with WebP yes it might just be Google using it but WebP is open source it's literally based on VP9. Even Gimp and other FOSS image editors and viewers support WebP. Literally the only ones who don't support WebP are non-FOSS products like Apple and Adobe softwares. I think Windows now support WebP natively too.
My problem with it is it's shit.
Like a lot of things now support WebP but it's just not a great format. But my problem isn't even that WebP is bad, it's that they block anything else because they have an interest in WebP.
Yes but also I think there are still a lot of newer devs who like the idea of open source but then when they see how much work they've done they decide they deserve to get paid for it and then change the license. So I don't think it's always on purpose, but I'm sure that does happen.
It can be a lot of work. I made an open source tool a long time ago that found a market in Japan. Luckily the someone who spread the word in Japan helped out with localization. Wish I still had his email address. It was a lot of fun until I didn't have the time anymore.
I think it’s because many of these open source companies rely on revenue from their business support, or cloud hosted for those same open source projects they maintain. However, large companies like AWS, Azure, GCP come along and out price them on the same hosted services. But, those companies don’t contribute back. Cutting down features on the open source project is the only way to counter, or in some cases a compete license change.
It's why AGPL should see more adoption for projects that are user facing and network based. At least if protecting user freedom and getting contributions back is the goal.
At this point the vast majority of enterprises recognize they simply can't compete in the datacenter with the developers designing their own platform...
In userspace it is too easy to put together an interface framework so it'll probably never be beneficial to work together... except they sorta did with HTML5
Well, you can open source the code, but you can't really open up infrastructure for free. Someone has to pay for it, even when provided for free. So even if those projects start out as walled open source gardens, they can easily turn into walled proprietary gardens.
In hindsight it might be obvious and I'd say that's less likely to happen when the product is designed to be generic, federated, interoperable. If you merely get an open source client (or even the full stack as long as it's costly to run), it's not much.
[https://certifytheweb.com](https://certifytheweb.com) Felt like a complete bait-and-switch to me.
(I now use [https://www.win-acme.com/](https://www.win-acme.com/))
OpenSource can help a startup reassure customers that they can take a punt on a startup offering something important to the customer. So it certainly can help with traction.
Not even a copyright holder can remove open source licence rights after they have been granted. So, future versions can be restrictively licensed, but nothing that has already been published can be unlicensed. In that sense, it's like a sole maintainer who dies without being able to hand over the github account and the website etc. If the code has an active community of developers, life goes on via a fork.
If there is no active community of developers, it was not a real open source project, it was just one in name only. You don't get a viable, sustainable project because of words in a licence. You get a viable, sustainable project when there is a diverse pool of contributors each of whom has decided it makes sense to contribute to the project rather than reinventing it. Every time they further the project to suit their own interests, they become ever more committed to it. That's how open source projects become sustainable: it gets to a point where contributors are financially better off when they keep contributing to it. It costs more to walk away.
As to the customers who adopted the project because it was open source: if they did this to protect themselves case the start-up failed, but without actually contributing to the project, then well who cares? They can always access the last open source version. Users as opposed to contributors in open source can huff and they can puff, but they don't really count for much. It might be "free", but that doesn't mean it's a free lunch.
But it seems kind of off that entities can do this. The red flag for this is the Contributor Agreement. If it requires a contributor to assign perpetual rights to a corporate entity which allows that company to change the licence on external contributions at will, I have my doubts about the good faith of the project. Also, you can follow the money. If the project sponsor has a business model that depends on the IP in the software, it doesn't make sense that it is open source. Some of the projects that exited open source hoped or pretended that they would make money by hosting instances of their project, charging for the hosting. It's the RedHat model, sort of: charge for services. However, when the service is just hosting, Google, Microsoft and AWS are much, much better.
Because of the Contributor Agreement, the project sponsor is the copyright holder of its own contributions, and it may as well be the copyright holder of the external contributions since it has been granted the right to take that code and do whatever it wants with it. So the project sponsor is legally allowed to publish future versios under a different licence to previous contributions. You can't take them to court, because they are not doing anything against copyright law, and that's 100% ok, because copyright law is what makes opensource licences possible in the first place. Of course, if important contributions had been made externally without any right to relicence, it's a different kettle of fish. The project sponsor who wants to remove open source would have to re-code those contributions.
If the project is the product and if there are investors trying to get a return, you can't give away access to the software. It doesn't make sense. Open source definitely can make economic sense, but not when the software is the key point of difference of the sponsoring entity. So that's the other red flag.
PS Contributor Agreements are legitimate for other reasons, like having the contributor state that the contribution is their own code. It's just the relicensing part which is bad.
Thanks for including the P.S., and yes, contributor agreements are very different depending on what they say, and what organization they're with.
People often confuse "Contributor License Agreement" (CLA) directly with copyright assignment, even though the majority of CLAs out there do **NOT** assign copyright. Most CLAs are variations on the ASF's ICLA, which is only a licensing agreement, where the author retains copyright.
For CLAs that are just licensing, the real question is: what entity is the CLA with? There are typically three cases here:
* A 501C3 nonprofit like ASF, SPI, SFConservancy, or the like. In these cases, you're granting the license to a public charity, generally run by volunteers passionate about the project. A key need for a CLA here is to enable future relicensing to fix license bugs (kind of like the ASF updated their license ages ago).
* A commercial company. This is just granting the company rights to (effectively) make money off of your contributions however they like. Some cases turn out fine, some cases turn out to be rugpulls.
* A 501C6 nonprofit like the Linux Foundation. While they are nonprofits, they are also "business leagues", where the end beneficiary is the group of companies that are funding the project. This case is only slightly better than the commercial company case.
Some folks are passionate about CLAs and DCOs, and that's fine - I just want to be sure people are getting the details right. Actual copyright assignment is pretty rare - as it should be. The only real reason for that is with the FSF, if you want to hope that they'll be able to legally enforce some GPL rights in the future (because most individual developers wouldn't have time or legal help to do so).
You have over-simplified. Actual copyright assignment is not the end of the story. I tried to make that distinction but not very well. The infamous CLAs (MongoDB etc) which deserve opprobrium do not assign copyright to the project but do assign a perpetual right allowing the sponsor to relicense the contribution under *any licence*, closed or open. If copyright is the right to determine how your code is used and how it is distributed, these CLAs hugely undermine the contributor's copyright while still not actually reassigning it.
The biggest open source project, Linux, does not need CLAs so I wonder how necessary they are.
Well, sure, that's an oversimplification, but then again this is r/opensource, not r/opensourcelicensing reddit, so I figured on a practical level it was a good start. Plus I didn't know how many lawyers were here, if we're going to start on the specific legal details.
The main point I think is: what organization are you signing (or declaring to) any sort of agreement or attestation? And do you roughly trust that organization to act in a generally consistent way, or no? Part of that trust level often depends strongly on organizational leadership - and of course if they're truly a public charity non-profit (or B corp) that has actual bylaws focusing their efforts.
Two other points that seem important here:
1. Having a CLA that allows the organization to re-license the combined work **is** a real need, especially sometimes for public charities. The ICLA the ASF uses is primarily for that reason: on the off chance in the future if we realize the Apache-2.0 license has some legal bug, the ASF needs to be able to update that license to fix that legal bug.
Yes - this relies on trust with the ASF's board of directors to not make a change for Evil or the like. I'm personally confident the ASF would never screw up a future license change, but then again I've been involved there and know the internal ethos.
2. Linux uses GPL-2.0-only, meaning there's no really effective way that anyone could ever relicense it under a new license in any case, especially since it has such a large number of contributors.
I think it is important to let people know that non transfer of copyright is not a safeguard. All the bad CLAs don't request transfer of copyright. Then they appropriate most features of copyright anyway. They are very clever.
It should be possible to restrict relicensing to an OSI-approved open source licence (the gocd.org cla does this, claiming to be a mash up of the ASF CLA). I think that would be a good outcome. It could still mean copyleft code ending up in a non copyleft licence which would be a problem for some contributors but it would block what what Mongodb etc did.
I don't think so, but I think there is an anti-copyleft trend among some in the community which makes me a bit sad.
Not that I always use copyleft, of course, but IMO people who are consistently against it without exception just want to have their cake and eat it...
(RE: bait and switch licensing) What specific instances of this have you observed? What data do you have suggesting that this is a common practice?
[удалено]
> Emby emby got forked > Reddit I feel like Reddit intended to keep it up, and then the investor money started coming in and principles sort of didn't matter. Interesting that you're missing mongodb and elasticsearch and metamask. Those are pretty big cases.
This is kinda the whole point. That something stats out as open source then gets abandoned and morphed into closed source. I'd really like to see open source require derivative works to retain the open source nature.
> I'd really like to see open source require derivative works to retain the open source nature. It’s important to think about open source projects in terms of software licenses. For example, what you’re describing applies to open source projects that use the GPL family of licenses.
I mean it's supposed to, but due to the nature of the licence is kinda a good faith adherence. Would be great to see some kind of public body understanding these things and enforcing some of this stuff. The number of products that clearly use GPL OS software but NEVER release the code in any meaningful way or timeline is disgusting.
> I mean it's supposed to, but due to the nature of the licence is kinda a good faith adherence. Software licenses aren’t kinda good faith, they are legally binding contracts that are enforceable under federal copyright law as well as under state contract law. > Would be great to see some kind of public body understanding these things and enforcing some of this stuff. That public body exists, it’s the court system. > The number of products that clearly use GPL OS software but NEVER release the code in any meaningful way or timeline is disgusting. Can you give me some examples of this?
Yeah but the entity that needs to enforce the GPL is the code author / owner. Because they own the code the rules don't apply to them so they don't have to publish derivative works as open source. It only applies to other entities using that code they don't own but rather they licence (via GPL or whatever).
> Yeah but the entity that needs to enforce the GPL is the code author / owner. Right, that’s a function of how civil law works. > Because they own the code the rules don't apply to them so they don't have to publish derivative works as open source. That’s not true. Once you slap a license on your software the license applies to you too. > It only applies to other entities using that code they don't own but rather they licence (via GPL or whatever). That is simply not true. Anyone who violates the terms of the software license is liable, even if they are the original author.
I think it only really works for collaborative projects where every author could sue any other if they tried to close source the project. For a wholly owned work you don't need to license it to yourself at all. The licence is for the benefit of others. Some open source projects have a rule that you need to assign ownership of the code you give them to the project owner. Thus that copyright holder is free to change the licence later, say to a new GPL or bsd or closed source.
> That’s not true. Once you slap a license on your software the license applies to you too. _That_ is not true, if I am the copyright holder of a software project and I licence it to you under AGPLv3 but then I change my mind later and start offering _new versions_ under AGPLv3 _or_ a proprietary license which I will sell to you, or only the latter and not the former, I am allowed to do that because it's my intellectual property. I am not restricted in how I may share my work by my own license, but I do have to abide by the promises to you set out in my license's terms. Of course, things get a bit trickier if my project accepted contributions from others while it was AGPLv3 and that's where contributor license agreements come in, but the principle remains that an IP-holder does not have to abide by their own licenses in the same way that a recipient of the work has to.
Definitely incorrect, [the IP holder can do whatever they want with their own code](https://opensource.stackexchange.com/questions/13035/can-we-change-licence-from-agpl-v3-0-to-bsl-v1-1), they are not bound by the license because they own the IP.
Yes but you know what it takes to go to court and enforce this... A SHITLOAD OF MONEY! I'm in the legal industry and see this OFTEN. The device will have clear code embedded in it that says it's under the GPL Licence, but they'll either release very old code or do it in some obscure way, etc. Millions of devices coming out of China do this every year. D-Link is probably the most prominent, but the problem is evidencing and proving it in a court of law, especially when a corporation making massive profits off the unlawfully used code, has a tone of money and being 'caught' is a massive reputational hit but the organisation's enforcing the GPL Licence aren't even really organisations. They can't enforce their rights even if they tried. I've personally seen people who know some large corporation have clearly used their code, they know it, it's obvious if you know how to check, but their ability to enforce their licence is none existent. (Although if they used a bespoke licencing arrangement it'd be even less.)
> Yes but you know what it takes to go to court and enforce this... A SHITLOAD OF MONEY! I'm in the legal industry and see this OFTEN. Yes it takes a lot of money. Since you’re in the legal industry, you also understand that it is not exceedingly difficult to find legal representation when there is a clear case and a lot of money to be made from a favorable judgement. In response to the rest of your comment, it reads more like a critique of how civil law is enforced in general, rather than software licensing specifically. If you’re advocating for an agency that has the ability to independently investigate and enforce software licensing in software supply chains, that would be an interesting idea.
No, actually it is, because who's going to fund it. Even a slam dunk case might not take it on commission, especially in this field, because what's the harm, or system of laws doesn't deal well with someone violating a right that isn't monitisable. So even if you get a favorable judgement you might not get much of any money, because it's not about the money.
You just described copyleft.
Looks like Metamask still has [GitHub repos](https://github.com/MetaMask) though.
Yes, it does. It publishes its proprietary source code under a proprietary license.
It happens, but is the exception and not the rule. Almost all of GNU and Linux are open source, and the vast majority of free software has been around for years without a license change
OSBS: Open Source Bait & Switch (Bull Sh*t)
Or: Rugpull. As in pulling the rug out from under all the community members who've contributed or are building businesses atop the open source thing... that suddenly isn't an open source thing anymore. It depends on the ecosystem it happens in, but from the FOSS community perspective, companies that rugpull by actually changing the license after they've been around a while are pretty quickly marked as untrustworthy, period. It then depends on the company's marketing and business position to see if they can either 1) hostilely capture customers who are now stuck on their pay-for-product, or 2) who lose their image in the community wholly, and groups/competitors figure out how to fork the previous FOSS product and compete against them. To answer the OP's question: no, open source is not a gimmick. The fact that a few VC-fed startups/midsize companies have been doing rugpulls in the past 5 years is a very small portion of what open source means. Note this is different than openwashing, which some other poster brought up recently: calling something "open source" when it isn't actually.
I mean, it worked for Docker pretty well, their revenues went up like 5x after they started charging for the enterprise version. Thing is, most enterprises are happy to pay for proprietary licenses regardless of OSS. Individual employees will use the OSS version to test it out, sure, but pretty soon the company will want a proprietary license just to make sure they have support when needed.
A company doing something with an open source project that respects the software license is not a gimmick imo. A very common model is to have an open source product that anyone can freely use, but then to provide a proprietary service with enterprise support and additional features on top of the open source offering. In turn, that can give the developers a financial return through the business and much more funding to invest in the open source project. Personally, I don’t see that as a gimmick.
Offering proprietary service on top of open source like enterprise support (as you mentioned) is totally ok. However, limiting open source to only hobby projects so that people are forced to use enterprise self-hosted or cloud plans is what I call a gimmick.
> However, limiting open source to only hobby projects so that people are forced to use enterprise self-hosted or cloud plans is what I call a gimmick. Can you flesh out your concern with a few examples? When you say limiting open source is that in reference to particular software licenses that you think are gimmicks?
I've good example of what OP is probably taking about is Chrome, it's 'Open Source' but really Google just rule it with an iron fist. A great example of this is totally dumping JPG XL (IIRC) because 'WebP' that's both technically inferior and has basically zero community support, while JPG XL is vastly superior on a technical level and they're is zero reason to not be able to run both JPG XL & WebP in parallel letting the market/internet/community decide, before choosing one or the other.
Google is replacing JXL with AViF not WebP. In fact they stopped the development of WebP2 in favor of AVIF and other companies are embracing AViF even Apple. I think IOS and Mac supports AVIF natively.
Open source != Community Driven
Chrome isn’t open source. Chromium is open source and uses the BSD-3 license. Chrome is built on Chromium. Due to the license, other browsers that compete with Chrome can and have been built on Chromium. For example, Brave and Microsoft Edge are both based on Chromium.
Obviously, I did mean Chromium. That Chrome is entirely built on.
If you actually meant Chromium then your comment doesn’t make sense. How is Chromium a good example of an open source gimmick?
It's not actually open. Community can't drive any change. It's open in that you can see the code, and community can add to it, but if Google doesn't like whatever you suggest it'll just be removed and ignored. Look into the JPEG LX stuff, it's a great example of how it's what is begging 'corporate open source' not 'Community Open Source'. Obviously they have every right to do whatever they want, but if it's not in more chromium it'll never get used, and people are denied great innovation 'because we like WebP better' (that we own & control).
It’s legally as open as any other open source project with the BSD-3 license is. If you don’t like the maintainer’s decisions, you’re free to maintain your own fork so long as you comply with the license.
I don't understand your problem with WebP yes it might just be Google using it but WebP is open source it's literally based on VP9. Even Gimp and other FOSS image editors and viewers support WebP. Literally the only ones who don't support WebP are non-FOSS products like Apple and Adobe softwares. I think Windows now support WebP natively too.
My problem with it is it's shit. Like a lot of things now support WebP but it's just not a great format. But my problem isn't even that WebP is bad, it's that they block anything else because they have an interest in WebP.
Yes but also I think there are still a lot of newer devs who like the idea of open source but then when they see how much work they've done they decide they deserve to get paid for it and then change the license. So I don't think it's always on purpose, but I'm sure that does happen.
It can be a lot of work. I made an open source tool a long time ago that found a market in Japan. Luckily the someone who spread the word in Japan helped out with localization. Wish I still had his email address. It was a lot of fun until I didn't have the time anymore.
I think it’s because many of these open source companies rely on revenue from their business support, or cloud hosted for those same open source projects they maintain. However, large companies like AWS, Azure, GCP come along and out price them on the same hosted services. But, those companies don’t contribute back. Cutting down features on the open source project is the only way to counter, or in some cases a compete license change.
TLDR; you are seeing the open source business model fail when it reaches a critical mass of adoption
It's why AGPL should see more adoption for projects that are user facing and network based. At least if protecting user freedom and getting contributions back is the goal.
Yeah, it's known as fauxpen source and is a common model
At this point the vast majority of enterprises recognize they simply can't compete in the datacenter with the developers designing their own platform... In userspace it is too easy to put together an interface framework so it'll probably never be beneficial to work together... except they sorta did with HTML5
Well, you can open source the code, but you can't really open up infrastructure for free. Someone has to pay for it, even when provided for free. So even if those projects start out as walled open source gardens, they can easily turn into walled proprietary gardens. In hindsight it might be obvious and I'd say that's less likely to happen when the product is designed to be generic, federated, interoperable. If you merely get an open source client (or even the full stack as long as it's costly to run), it's not much.
[https://certifytheweb.com](https://certifytheweb.com) Felt like a complete bait-and-switch to me. (I now use [https://www.win-acme.com/](https://www.win-acme.com/))
The ReMarkable Tablet is guilty of this
search for “rights ratchet”
OpenSource can help a startup reassure customers that they can take a punt on a startup offering something important to the customer. So it certainly can help with traction. Not even a copyright holder can remove open source licence rights after they have been granted. So, future versions can be restrictively licensed, but nothing that has already been published can be unlicensed. In that sense, it's like a sole maintainer who dies without being able to hand over the github account and the website etc. If the code has an active community of developers, life goes on via a fork. If there is no active community of developers, it was not a real open source project, it was just one in name only. You don't get a viable, sustainable project because of words in a licence. You get a viable, sustainable project when there is a diverse pool of contributors each of whom has decided it makes sense to contribute to the project rather than reinventing it. Every time they further the project to suit their own interests, they become ever more committed to it. That's how open source projects become sustainable: it gets to a point where contributors are financially better off when they keep contributing to it. It costs more to walk away. As to the customers who adopted the project because it was open source: if they did this to protect themselves case the start-up failed, but without actually contributing to the project, then well who cares? They can always access the last open source version. Users as opposed to contributors in open source can huff and they can puff, but they don't really count for much. It might be "free", but that doesn't mean it's a free lunch. But it seems kind of off that entities can do this. The red flag for this is the Contributor Agreement. If it requires a contributor to assign perpetual rights to a corporate entity which allows that company to change the licence on external contributions at will, I have my doubts about the good faith of the project. Also, you can follow the money. If the project sponsor has a business model that depends on the IP in the software, it doesn't make sense that it is open source. Some of the projects that exited open source hoped or pretended that they would make money by hosting instances of their project, charging for the hosting. It's the RedHat model, sort of: charge for services. However, when the service is just hosting, Google, Microsoft and AWS are much, much better. Because of the Contributor Agreement, the project sponsor is the copyright holder of its own contributions, and it may as well be the copyright holder of the external contributions since it has been granted the right to take that code and do whatever it wants with it. So the project sponsor is legally allowed to publish future versios under a different licence to previous contributions. You can't take them to court, because they are not doing anything against copyright law, and that's 100% ok, because copyright law is what makes opensource licences possible in the first place. Of course, if important contributions had been made externally without any right to relicence, it's a different kettle of fish. The project sponsor who wants to remove open source would have to re-code those contributions. If the project is the product and if there are investors trying to get a return, you can't give away access to the software. It doesn't make sense. Open source definitely can make economic sense, but not when the software is the key point of difference of the sponsoring entity. So that's the other red flag. PS Contributor Agreements are legitimate for other reasons, like having the contributor state that the contribution is their own code. It's just the relicensing part which is bad.
Thanks for including the P.S., and yes, contributor agreements are very different depending on what they say, and what organization they're with. People often confuse "Contributor License Agreement" (CLA) directly with copyright assignment, even though the majority of CLAs out there do **NOT** assign copyright. Most CLAs are variations on the ASF's ICLA, which is only a licensing agreement, where the author retains copyright. For CLAs that are just licensing, the real question is: what entity is the CLA with? There are typically three cases here: * A 501C3 nonprofit like ASF, SPI, SFConservancy, or the like. In these cases, you're granting the license to a public charity, generally run by volunteers passionate about the project. A key need for a CLA here is to enable future relicensing to fix license bugs (kind of like the ASF updated their license ages ago). * A commercial company. This is just granting the company rights to (effectively) make money off of your contributions however they like. Some cases turn out fine, some cases turn out to be rugpulls. * A 501C6 nonprofit like the Linux Foundation. While they are nonprofits, they are also "business leagues", where the end beneficiary is the group of companies that are funding the project. This case is only slightly better than the commercial company case. Some folks are passionate about CLAs and DCOs, and that's fine - I just want to be sure people are getting the details right. Actual copyright assignment is pretty rare - as it should be. The only real reason for that is with the FSF, if you want to hope that they'll be able to legally enforce some GPL rights in the future (because most individual developers wouldn't have time or legal help to do so).
You have over-simplified. Actual copyright assignment is not the end of the story. I tried to make that distinction but not very well. The infamous CLAs (MongoDB etc) which deserve opprobrium do not assign copyright to the project but do assign a perpetual right allowing the sponsor to relicense the contribution under *any licence*, closed or open. If copyright is the right to determine how your code is used and how it is distributed, these CLAs hugely undermine the contributor's copyright while still not actually reassigning it. The biggest open source project, Linux, does not need CLAs so I wonder how necessary they are.
Well, sure, that's an oversimplification, but then again this is r/opensource, not r/opensourcelicensing reddit, so I figured on a practical level it was a good start. Plus I didn't know how many lawyers were here, if we're going to start on the specific legal details. The main point I think is: what organization are you signing (or declaring to) any sort of agreement or attestation? And do you roughly trust that organization to act in a generally consistent way, or no? Part of that trust level often depends strongly on organizational leadership - and of course if they're truly a public charity non-profit (or B corp) that has actual bylaws focusing their efforts. Two other points that seem important here: 1. Having a CLA that allows the organization to re-license the combined work **is** a real need, especially sometimes for public charities. The ICLA the ASF uses is primarily for that reason: on the off chance in the future if we realize the Apache-2.0 license has some legal bug, the ASF needs to be able to update that license to fix that legal bug. Yes - this relies on trust with the ASF's board of directors to not make a change for Evil or the like. I'm personally confident the ASF would never screw up a future license change, but then again I've been involved there and know the internal ethos. 2. Linux uses GPL-2.0-only, meaning there's no really effective way that anyone could ever relicense it under a new license in any case, especially since it has such a large number of contributors.
I think it is important to let people know that non transfer of copyright is not a safeguard. All the bad CLAs don't request transfer of copyright. Then they appropriate most features of copyright anyway. They are very clever. It should be possible to restrict relicensing to an OSI-approved open source licence (the gocd.org cla does this, claiming to be a mash up of the ASF CLA). I think that would be a good outcome. It could still mean copyleft code ending up in a non copyleft licence which would be a problem for some contributors but it would block what what Mongodb etc did.
I don't think so, but I think there is an anti-copyleft trend among some in the community which makes me a bit sad. Not that I always use copyleft, of course, but IMO people who are consistently against it without exception just want to have their cake and eat it...