Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Open Source

As Companies Try 'Open Source Rug Pull', Open Source Foundations Considered Helpful (redmonk.com) 40

"In the era of the open source rug pull, the role of open source foundations is more important than ever," argues the co-founder of the developer-focused industry analyst firm RedMonk: The "rug pull" here refers to companies that have used open source as a distribution mechanism, building a community and user base, before changing the license to be restricted, rather than truly open source. "This is capitalism, yo. We've got shareholders to satisfy. It's time to relicense that software, move to a Business Source license." [...] Where open source used to be a sustainable commitment, today too often it feels like a short term tactic. Commercial open source isn't what it used to be.

Which means that open source foundations, which provide ongoing governance and intellectual property management for open source projects, are in an interesting position, in some cases becoming more adversarial than they historically have been with vendors.... [T]he Apache Software Foundation (ASF) has done a great job of fostering sustainable, commercial, open source for decades now, most notably in the data infrastructure space — think Hadoop, Spark, Kafka, Flink etc. ["[C]ommercial open source would almost certainly never have achieved critical mass and continued success without foundations in the mix," the article notes later. "The ASF was founded in 1999, and underpinned the adoption of open source middleware in the enterprise..."] One premise behind the Cloud Native Computing Foundation (CNCF) is that user organisations can within reason trust it to stand behind the projects it incubates and manages. While not an explicit commitment, adopters generally, and enterprises specifically, have seen the CNCF imprimatur as one that they can rely on. In the era of the open source rug pull this kind of promise becomes even more important....

Sid Sijbrandij, CEO of GitLab has argued that open source companies should commit to an Open Charter as a mechanism to protect users from open source rug pulls. "Open source software isn't useful if people can't rely on the project remaining open source. Adopting Open Charter offers open source users predictability amidst the growing licensing switch trend." With a CNCF project, though, the need for this kind of charter becomes less important, because the code is by design not single source, but has a diverse set of contributors. Which is to say that open source foundations can make rug pulls a lot less likely than adoption of open source technology built by a single company. Relying on benevolent dictators is generally pretty risky. And recently the benevolent dictators have seemed... less benevolent.

In conclusion, "Open Source Foundations Considered Helpful," according to the post's title. It does argue that "Any company is within its rights to relicense its software, but it can certainly be problematic from a community and project health perspective.

"Which is exactly why open source foundations are more important than ever."
This discussion has been archived. No new comments can be posted.

As Companies Try 'Open Source Rug Pull', Open Source Foundations Considered Helpful

Comments Filter:
  • Capitalism (Score:5, Insightful)

    by JBMcB ( 73720 ) on Saturday September 21, 2024 @11:53AM (#64805735)

    Closed source is capitalism. Open source is capitalism. Shared source is capitalism. The whole point of capitalism is you are free to produce products however you want. You can charge for code. You can charge for services. You can charge for maintenance. You don't have to charge at all. The point is that it's up to you and not someone else.

    • Enlighten us how not charging at all is capitalism. Hmm..
      • People give away freebies all the time, it's their choice so long as no one else dictates the terms of sale or distribution.

      • Enlighten us how not charging at all is capitalism. Hmm..

        The ability to manage your property however you see fit, without the interference of leftists who know of course better than you what you should do with it, does categorically include the ability to give it away from free. What is so hard to understand?

        • https://softwareengineering.st... [stackexchange.com]

          Microsoft public source license expressly prohibited any code they released into an open source project from being subjected to a license from the open source project.

          Maybe same thing here such as, the 'cloud revenue, support revenue, etc' from said open source software would be split 50% / 50% with the company hosting the software/supporting the software and 50% goes to an open source foundation for the project to pay open source developers or fund other open source project

    • Yeah, I'm trying to make a joke out of your FP. I think you were going for "seminal", but there is no such mod around here.

      What you actually seem to be saying is that the word "capitalism" has no meaning to you. Mixed concurrence, though mostly I think it's a personal problem. Yes, the meanings of lots of words are getting getting abused for various economic or political or even authoritarian reasons, but that doesn't mean you and I have to go along. We can make good faith efforts to define our terms and st

      • Definitions (Score:2, Informative)

        by JBMcB ( 73720 )

        What you actually seem to be saying is that the word "capitalism" has no meaning to you. Mixed concurrence, though mostly I think it's a personal problem. Yes, the meanings of lots of words are getting getting abused for various economic or political or even authoritarian reasons, but that doesn't mean you and I have to go along.

        It has a very specific meaning. It's how an economy is structured to provide goods and services as efficiently as possible. Mainly it means private ownership, market pricing mechanisms, and a government that stays out of the market as much as possible.

        Capitalism itself has no precepts as to how products actually get produced. You can make jam in your home. You can make jam in a giant factory. You can sell it door to door, you can sell it online, or you can sell it in supermarkets. Your company can be a gian

        • by AmiMoJo ( 196126 )

          Most people don't have that narrow meaning in mind when they use the world capitalism. Just like when they say socialism, they don't mean simply that the workers own the means of production, they are talking about things like social safety nets, strong pro-consumer regulation, socialized healthcare, and representative government.

          It's a shame because it makes it hard for people to separate different aspects of capitalism. For example, social democratic societies in Europe have a capitalist market system as t

    • by YetAnotherDrew ( 664604 ) on Saturday September 21, 2024 @12:36PM (#64805815)

      The whole point of capitalism is you are free to produce products however you want.

      Capitalism is about who controls the means of production. Capitalism is about investors leaching off the system.

    • Re:Capitalism (Score:5, Informative)

      by Eunomion ( 8640039 ) on Saturday September 21, 2024 @01:30PM (#64805903)

      "The whole point of capitalism is you are free to produce products however you want. You can charge for code. You can charge for services. You can charge for maintenance. You don't have to charge at all. The point is that it's up to you and not someone else."

      That's liberalism. Capitalism is pursuit of financial profit by ownership of capital (hence the name). The two have nothing to do with each other. You can have liberal capitalist enterprises (open source businesses), illiberal capitalist enterprises (patent trolls, cartels, and monopolies), liberal non-capitalist (nonprofit), and illiberal non-capitalist (power-seeking individuals and groups).

    • See below what capitalism is: âCapitalism is pursuit of financial profit by ownership of capital (hence the name).â Those developers doing the work (getting 0 dollars for it and so not making a financial profit) and the corps take it and giving it on their paid systems is ending and that is perfect. Fork it, put your own developers on it and keep it free if you want, perfect.
    • Re:Capitalism (Score:5, Insightful)

      by Growlley ( 6732614 ) on Saturday September 21, 2024 @02:29PM (#64805981)
      "The whole point of capitalism is you are free to produce products however you want." hardly otherwuse we wouldnt have ip laws etc.
    • I think you might be confusing capitalism with free enterprise.

      • Well Eastern Bloc socialism famously didn't have free enterprise, so you can see how that's an easy connection to make.
    • The whole point of capitalism is

      redirecting surplus and keeping the means of production away from the people. Thus, opensource is NOT capitalism.

  • by lsllll ( 830002 ) on Saturday September 21, 2024 @12:46PM (#64805843)

    From The Summary:

    Any company is within its rights to relicense its software, but it can certainly be problematic from a community and project health perspective.

    Of course they are, the key being "its" software. The question is what they do when it's not "their" software. I checked out the breakdown of licenses [github.blog] on GitHub and the MIT license is the most used, by far. The MIT license does not force you to release changes you make to the software, even if you distribute the binaries. The GPL, both versions of which are way down the list, do require you to release the changes you made to the GPL software. Seems to me if you want to encourage (or even force) corporations to have to release their changes, you should have used GPL instead of MIT as a license. There have been cases where companies have been taken to court over their refusal to distribute their modified GPL source code and the companies have lost. That tells me that the courts have read the GPL license correctly. So this problem os "rug pulling" seems mostly to be "because they can". Developers should have thought about this when they released their software under more permissive licenses.

    • Yes, you are missing the issue.

      They are not talking about downstream modifications not being released back to the community. They are talking about the originators choosing to stop producing a free open-source version of their software.

      i.e. version 1.x was open source, free, software -but now that a market has developed the author decides to make 2.0 forward a closed source pay-to-license software.

      I don't see a problem with it personally. The author has no obligation to keep producing future works for fre

      • The problem lies in that they are not re-licensing `their` code, they are relicensing code that written by others, without the permission of the original author.

        • That is an easy one. If they don't hold the copyright on the code, they cannot relicense it.

          They may be able to include code that others hold copyright on in their application, if the license for the code allows it... but that is not the same thing.
          They could also relicense the code if the original author had assigned the copyright to them... but again, not the same thing.

          They cannot relicense code that someone else holds copyright on. It may take a lawsuit to enforce, but that is what lawyers are for.

          • They can relicense code to which someone else holds the copyright if they received that code under a license that allows them to do so. I am not a lawyer, but I believe most FOSS licenses allow this. About the only OSS license that would reasonably prevent this is the GPL.
    • Can you cite the case of company loosing in a GPL lawsuit?  Afaik, they have all settled but not lost.
  • If you're not sure the source is going to be made available in the future, get it while you can. And do not be surprised when the main "provider" decides to bounce to a "screw you" form of license.
  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Saturday September 21, 2024 @01:06PM (#64805871)

    ... are for?
    Hudson -> Jenkins
    Mambo -> Joomla
    Redis -> some FOSS fork that came out 2 hours after they introduced a stricter licence

    Any FOSS product that has widespread use and experiences attempts to close the source again usually has a fork up and running within a few weeks and usually the community migrates just as fast.

    That's my experience anyway.

  • If you want these clowns to stop doing a rugpull, then you need to convert your bare license into an enforceable contract by actually paying cash money. This problem has been known for decades now and people were content to pay nothing. This is the consequence of doing that. Don't say you weren't warned, because you were, and chose to pretend that those who said this could happen didn't know what they were talking about.

    • Thats the thing, is that for most of these open source licenses, they dont actually own an exclusive license to the code, because they never paid the contributors to the code, thus its not apparent that they can relicense someone else's code, when the project had promised that the license would be MIT or GPL, etc.

      In fact a permissive (mit) license can be revoked at any time by the original author.

      https://www.law.cornell.edu/wex/promissory_estoppel

      • Not just a permissive license, but the GPLv2 as well. This is why GPLv3 added verbage to indicate that it was intended to be irrevocable. However, this does not mean in and of itself that the GPLv3 would be utterly irrevocable, since estoppel does not extinguish rights, and with suitable notice one could still do a rugpull, albeit if one wanted royalties or a withdrawal of software issued during the time it was under said license they would likely be estopped from such an action (see, for example, Central L [wikipedia.org]

  • Nobody wants to pay if they don't need to. People are forced to earn money to survive. Profitable companies can litigate poorer groups out of existence, regardless if they're wrong or right.

    Which leads to this... not all that surprising, honestly. Takers gonna take. Especially if they can lie about it later (to themselves and others).

  • Rug pull implies this was some sort of dastardly long term strategy. I think the reality is that these companies were started with FLOSS enthusiasts thinking they could be the next Red Hat, they released a well written well supported FLOSS code base, took over their respective market segments, and then founds themselves struggling to keep small companies afloat while proprietary competitors ran healthy mid-sized businesses.

    Sure, there's always a few corporations that will pay for support or custom solutions

  • I'd like to note that the license changes are being driven in part (IMO in large part) by business behavior itself. For instance, the Redis license changes were driven by Azure, AWS etc. making business offerings from Redis and making lots of money but not contributing in any significant way to Redis development. I can readily understand why Redis changed the license, because the behavior they were facing was a direct violation of the general agreement behind free and open-source software: you can benefit f

    • > It'll be interesting to see which direction ends up winning.

      I think we can already see that: your option a). business-source/Full commercial.

      The AGPL should be a very important license in today's SaaS world, but isn't...
      The {,L,A}GPL has been tainted for businesses by years of FUD spreading.
      Very few projects have such a scope that it is beneficial for them to be permissively licensed (video codecs are the main one that comes to mind).

      I'm slowly making my peace that software is lost to the corporations

      • That's mostly because businesses don't like the GPL-type licenses because they make it impossible to avoid contributing in some way. The LGPL is the least-bad from their standpoint, you can use the binaries without incurring GPL-like terms on your application but if you need to enhance the library you'd need to make your additions or changes available to everybody on demand.

        The thing is that most of these projects aren't run by businesses. They're run by developers and the decision which way things will go

        • > The LGPL is the least-bad from their standpoint, you can use the binaries without incurring GPL-like terms on your application but if you need to enhance the library you'd need to make your additions or changes available to everybody on demand.

          The LGPL also requires the final end user to be able to swap out the distributed library out of the final product. This immediately kills any kind of distributor code signing.

Experiments must be reproducible; they should all fail in the same way.

Working...