[HN Gopher] What's up with these new not-open source licenses?
___________________________________________________________________
What's up with these new not-open source licenses?
Author : todsacerdoti
Score : 121 points
Date : 2021-03-18 15:59 UTC (7 hours ago)
(HTM) web link (github.blog)
(TXT) w3m dump (github.blog)
| donmcronald wrote:
| What's up is that large companies started abusing the open source
| licenses to benefit themselves at the expense of open source
| communities. All it took was one jerk ignoring the spirit of open
| source and exploiting open source projects to the maximum extent
| that was legal under the old licenses. It's not hard to guess who
| it was either.
|
| It's a good lesson. As soon as one person cheats or violates the
| spirit of a system, everyone else has to too or they'll fall
| behind. Unethical people ruin everything.
| pessimizer wrote:
| > the spirit of open source
|
| This is not a thing that exists. What we have are licenses, not
| ghosts.
| donmcronald wrote:
| The spirit of collaboration and working for a common good
| absolutely used to exist. Many of the internet's core
| protocols were built with the spirit of cooperation weren't
| they?
|
| Think about email and the value it adds to the world. Would
| we ever get the protocols needed to create email if we
| started right now today? Not a chance.
|
| IMO the previous generation(s) of tech people were way better
| than what we have today. They were interested in and
| enthusiastic about building awesome tech / products. Today
| the only thing anyone with influence is interested in
| building is a company that can IPO and make them a
| billionaire.
| pessimizer wrote:
| > The spirit of collaboration and working for a common good
| absolutely used to exist.
|
| That currently still exists. It has nothing in particular
| to do with software, though. People collaborate, academics
| collaborate. Are you telling me that massive corporations
| were part of this back in the _good old days,_ just helping
| people for the fun of it?
| stonesweep wrote:
| >> the spirit of open source
|
| > This is not a thing that exists. What we have are licenses,
| not ghosts.
|
| Before we had open source, we released software as public
| domain. The _spirit_ existed before the trademark phrase was
| even invented and long after people were already giving away
| their software for free because of the _spirit_ of the
| community. We used to go to computer swap meets in
| fairgrounds buildings and buy boxes of floppy disks with
| random software on them just to see what was around, people
| uploaded it to BBSes and shared the work they did - we had
| Donationware, Shareware, Postcardware (a personal favorite),
| Beerware and everything in between which was 100% based on
| the _spirit_ of the community. We just called most of it
| Freeware.
|
| We have _licenses_ because the _spirit_ was abused.
| pessimizer wrote:
| You're projecting your good feelings about collaborating
| with other computer hobbyists onto a set of software
| licenses applied to extremely corporate, not-hobbyist
| software. And additionally complaining that the "abuse" of
| these licenses by massive corporations are _keeping the
| authors of this software from getting rich._
|
| If you're doing this for the pure joy of programming,
| you're already rich in spirit - Amazon taking your software
| and using it is actually a tribute.
| SAI_Peregrinus wrote:
| There are two broad spirits of open-source license: copyleft
| and corporate charity.
|
| Copyleft licenses like the GPL encourage those using the code
| to contribute back to the open-source community.
|
| Charity licenses like the BSD or Apache license are used by
| developers who want to work for exposure. They only encourage
| giving credit to the original developers, and implicitly allow
| closing the source. Letting people do that is the whole spirit
| of these licenses. People who don't want to be making
| charitable donations to megacorps shouldn't use charity
| licenses.
| kps wrote:
| Not necessarily. The project I'm currently working on was
| initiated by a group of mostly-mega corps, staffed with
| dozens of full-time developers, and Apache licensed -- all
| out of rational self-interest.
| mrob wrote:
| Following the terms of the license is not abuse. The whole
| point of permissive licenses is to allow anybody to exploit the
| software as they wish. If that's not what you want then don't
| use a permissive license. AGPL is a good alternative choice.
| esperent wrote:
| > Unethical people ruin everything.
|
| In this case, let's be clear: it was unethical companies.
| bluefirebrand wrote:
| Companies don't have ethics. It's unethical people running
| and working at those companies.
|
| And it's really far past time we stopped giving those people
| a pass because "it's the company, not me"
| jacques_chester wrote:
| Companies are made of people.
| remus wrote:
| While it would be nice if we could get away with people abiding
| by an unwritten 'spirit of the agreement' the reality is that
| if you don't want someone to do something with your code then
| it needs to be written down in a license. I think it is
| somewhat naive to expect it work any other way, as when you
| potentially have millions of devs using some code it is
| unrealistic to expect them all to grasp an unwritten set of
| rules from a culture they potentially know nothing about.
| jrochkind1 wrote:
| Plus as a consumer I always thought the "spirit" of the open
| source agreement included avoiding vendor lock-in, in the
| first place. Now the argument is that the "spirit" all along
| was intended to require vendor lock-in, that consumers
| wanting the software hosted for them as a service should have
| only one option (Or authorized licencees of that one monopoly
| option), and that was always the "spirit" of open source?
|
| I don't think so. I thought the "spirit" was the opposite of
| that, that open source would let consumers of software avoid
| vendor lock-in or monopoly control of the software.
| wongarsu wrote:
| You can have quite relaxed rules as long as everyone abides
| by the spirit of the agreement. As soon as one party violates
| that spirit you are forced to make everything much more
| explicit, which inflicts collateral damage on use cases
| nobody would have objected to previously.
| growse wrote:
| > You can have quite relaxed rules as long as everyone
| abides by the spirit of the agreement. As soon as one party
| violates that spirit you are forced to make everything much
| more explicit, which inflicts collateral damage on use
| cases nobody would have objected to previously.
|
| How are newcomers to know what the mystical "spirit of the
| agreement" is if it's not written down?
|
| How do you detect that there isn't, in fact, a precise
| consensus over the "spirit of the agreement" if it's not
| written down?
| wongarsu wrote:
| Newcomers can just look at what others are doing, and if
| what they want to do goes beyond standard practice should
| ask themselves "do I do undue harm to others?".
|
| That's how society generally runs on all scales, whether
| we are talking about the office fridge or about national
| law. Things generally start with very few explicit rules,
| and new rules get made when they are proven necessary.
| growse wrote:
| Eh? The national law is _literally_ written down.
|
| "Guesswork" doesn't seem like a good way to do anything
| without stumbling into a lot of confusion and
| miscommunication.
| wongarsu wrote:
| If law was as simple as reading what's written down, then
| what are all the lawyers and courts for. There is a lot
| of interpretation going on.
|
| But really I was referring to the process of how the laws
| are formed in the first place. A lot of the time they
| start out under-specified, and as abuses emerge we make
| more concrete laws using our new understanding. Of course
| the latter part usually leads to a lot of discussion and
| resistance because of the collateral damage any new law
| causes by being slightly broader than necessary. Which is
| a major reason many industries self-regulate in the
| attempt to make explicit laws unnecessary.
| endisneigh wrote:
| Is there a single case of someone misusing an open source license
| and being assigned significant damages as a result in a court?
|
| I know Google v Oracle is still ongoing but other than that?
|
| Unless there's a whistleblower in your organization or your
| product itself is open source it seems impossible to identify,
| let alone litigate.
| wongarsu wrote:
| Cisco/Linksys had to make available the source code that became
| the basis for a whole ecosystem of open router software that
| offers enterprise features on much cheaper devices. Cisco also
| paid an undisclosed amount to FSF. Similar things have also
| happened to other router manufacturers.
|
| Westinghouse had to pay the SFC $90k for shipping BusyBox
| without observing the license.
|
| Most cases that are pursued are settled out of court though.
| speeder wrote:
| I don't remember if any damages were awarded, but I do remember
| that the infringing software were all removed from the market
| when SCUMMVM sued Atari for releasing Nintendo Wii games using
| their game engine without sharing anything at all.
|
| Atari of course got stuck in a bad situation then, if they
| complied with GPL they would breach Nintendo NDA, so their
| choice was just stop selling the products in question entirely,
| so I must assume the lost sales were smaller than the potential
| damage if they were found guilty of copyright infringement.
| makk wrote:
| In an acquisition, the acquirer will have full access to source
| code and may look for open source violations during technical
| due diligence. They may then use any violations to squeeze the
| valuation and/or demand remediation, either of which is a real
| cost to the company being acquired. It's not in court, but is
| is a routine situation that does not require a whistleblower,
| where the violations are relatively easy to identify.
| sneak wrote:
| A reminder:
|
| Projects aren't able to do this (relicense a whole code base
| unilaterally) if you don't sign the CLA that assigns them your
| copyrights in the project.
|
| Never sign a CLA to contribute to an open source project.
| geofft wrote:
| Over a decade ago, I remember that we were debating the merits
| of CLAs that got all of OpenOffice.org owned by Oracle (cf.
| https://lwn.net/Articles/443989/ as a random starting point).
|
| I really think this was the FSF's fault - they insisted on
| copyright assignment for any contributions to GNU, because if
| the FSF held the entire copyright, they'd be in a better place
| to pursue legal action against violators. But history has shown
| that this clearly hasn't been required: Linux doesn't have this
| policy, and no Linux enforcement case has ever failed because
| the Linux Foundation wasn't able to demonstrate clear standing.
| And the FSF basically legitimized everyone else asking for
| CLAs. Had they stood firm and said that giving up ownership of
| your code to a central entity is antithetical to the spirit of
| free software, and the license is all that people can rely on,
| I think we would have been in a much better place today.
| pessimizer wrote:
| Unlike MIT/Apache/BSD-style Open Source licenses, Free
| Software can't be relicensed by anyone but the copyright
| owner. It's a completely different situation.
|
| The current problems stem from pretending that Open Source
| has any more of a relationship with Free Software than it
| does to proprietary software - an expectation that reifies
| (and honestly necessitates) things like "the Spirit of Open
| Source" in the minds of developers. The Spirit of Open Source
| is that you're working for massive companies who can ignore
| you.
|
| The only relationship between Open Source and Free Software
| is the fact that Open Source code _can be arbitrarily
| relicensed_ and therefore can be relicensed as Free Software
| as easily as it can be as proprietary software.
| geofft wrote:
| MIT, Apache, and BSD are "GPL-Compatible Free Software
| Licenses" according to the FSF:
| https://www.gnu.org/licenses/license-
| list.html#GPLCompatible...
|
| I gather you have some meaning of Free Software that is
| different from what the FSF means by it, and also different
| from what groups like Debian and Fedora mean by it. Can you
| expand on what you mean by "Free Software" and what
| relationship it has with the "Free Software" movement as
| defined by the FSF, Debian, Fedora, etc.?
|
| Do you think that the FSF, therefore, works within "the
| Spirit of Open Source", that contributors to glibc are
| working for the FSF, which can ignore them?
| pessimizer wrote:
| > "GPL-Compatible"
|
| Of course they are. They can be placed into GPL software.
| They can be placed into any software.
|
| > Do you think that [...] contributors to glibc are
| working for the FSF, which can ignore them?
|
| Yes.
| athms wrote:
| Please stop spreading incorrect information. Re-licensing
| is an exclusive right granted to the copyright holder; it
| has a specific meaning under copyright law. There is
| nothing in the Apache, BSD, or MIT license that grants re-
| licensing. Using source code that has been licensed under a
| permissive license in a larger work that is licensed
| differently (including more restrictions) isn't re-
| licensing.
| geofft wrote:
| Absolutely true. There's a consequence of this that
| people tend to ignore: You cannot remove the (e.g.) MIT
| license text from an MIT-licensed work if you
| redistribute it as GPL.
|
| The MIT license gives you "Permission ... subject to the
| following conditions: The above copyright notice and this
| permission notice shall be included in all copies or
| substantial portions of the Software."
|
| You can abide by that condition by distributing your
| software under the GPL _and retaining the MIT license
| text_ for portions. You cannot abide by that condition by
| "relicensing" the software and removing the MIT license:
| you are in violation of the license.
| pessimizer wrote:
| Fair distinction in MIT's case, and other attribution-
| ware.
| pessimizer wrote:
| > Using source code that has been licensed under a
| permissive license in a larger work that is licensed
| differently (including more restrictions) isn't re-
| licensing.
|
| Whatever you want to call it is fine. I prefer to think
| that GPL'd software that incorporates Open Source takes a
| copy and makes it GPL (especially because if I modify the
| Open Source at all, my changes are not available under an
| Open Source license.) Other people who are using that
| piece of Open Source are not using my copy, which is GPL.
| string wrote:
| I recently chose to sign a CLA for an MR I wanted to make to a
| commercial entity's SDK. The feature I added will enable me to
| build a product and potential revenue stream. I could have
| forked the project and maintained my own version, but I'd
| rather do the work for free and have someone else maintain the
| library going forward. I don't care about who owns or has
| access to the the work I did in this instance, so I was
| comfortable with signing it.
| chubot wrote:
| I think they can effectively do the same thing if they own the
| copyright to a significant portion of the work.
|
| Here's a thought experiment: Suppose that Mongo or Cockroach
| consists of 80% code for which they own the copyright (written
| by employees). And it's 20% written by contributors who have
| NOT signed the CLA.
|
| Now can they relicence the whole codebase? No, but I think they
| can do something with thes same effect by relicensing their
| parts.
|
| I think it's easier to see if they start a new project. Say
| Mongo starts a new project called "Dumbo".
|
| Dumbo consists of 80% Mongo code relicensed. And they simply
| reuse the contributors' code under the existing open source
| license. So you distribute both licenses with the code.
|
| But now it is still impossible (*) for Amazon or whoever to
| stand up a cloud service according to the license -- unless
| they want to rewrite 80% of the code.
|
| I'm not a lawyer but that's my understanding of how it works.
| Interested in contrary (informed) opinions.
|
| (*) edit: better to say that it's harder, not impossible. They
| can fork the old code under the old license. It really depends
| if the they "understand" the code.
| ghaff wrote:
| A CLA certainly makes things clearer. But, as is common with
| legal questions, the answer is some combination of it's not
| 100% clear and it depends on the particulars. For example,
| around the time of GPLv3, there was some discussion of
| whether Linux _could_ be relicensed to GPLv3 if Linus wanted
| to. (He didn 't.) Eben Moglen for one was of the opinion that
| it probably could be. [1]
|
| [1] https://www.cnet.com/news/linux-to-gplv3-a-practical-
| matter-...
| PeterisP wrote:
| If the initial license was GPL or the like, then it would
| prevent that, as long as they want to include any of the
| contributors' GPL code, they have to offer the whole package
| under GPL. MIT-style licenses would generally permit what you
| describe.
|
| Also, they can't "unlicense" previously distributed code - if
| the system was previously distributed with an open source
| license, Amazon can use that version as the basis for a
| "Dumbo-compatible" cloud service without rewriting the 80% of
| the code as long as they're basing it on the last open
| release; they would only have to reimplement the new things
| that "Dumbo" added if they want; Amazon does not have to
| accept the new license if they don't need the new code and
| the old code with the old license fits their needs better.
| athms wrote:
| >Also, they can't "unlicense" previously distributed code
|
| The United States allows authors (and heirs), except work-
| for-hires, to clawback copyright transfers and terminate
| licenses after 35 years on works made after 1977. This is
| an inalienable statutory right, which means it cannot be
| waived even with a contract.
|
| That said, it may be difficult to terminate licenses in
| practice because open source licensing is done informally
| in most cases and courts haven't ruled whether this impacts
| the right of termination. However, copyright assignment and
| contributor license agreements are subject to termination.
| PeterisP wrote:
| Okay, the consequences of this paragraph
| (https://www.copyright.gov/title17/92chap2.html#203) are
| potentially devastating if triggered, but 35 years is
| quite a long time in the tech world. It would be very
| interesting on how such a fork could proceed once the 35
| year term (measured from the grant of that licence,
| essentially the last day the original open source version
| was distributed) happens if the copyright owner issues
| the termination letters, but for all the recent licence
| switches this won't be an issue until 2050s, and in any
| case the users would have at least two years of warning
| to switch to something else or possibly make the product
| compliant by rewriting whatever of the original 35 year
| old parts are still needed.
| chubot wrote:
| Yes that matches my understanding.
|
| And IMO it's fair for Amazon to continue the development
| based off an old version. Forking is an important right in
| open source. Nobody who releases code as open source should
| expect that their code isn't forked.
| wrs wrote:
| And indeed, Amazon forked Elasticsearch from the last open-
| source version and is continuing independent development.
| x1798DE wrote:
| They can still do this if the old code base is under a
| permissive license, since permissive licenses like BSD, Apache
| and MIT are compatible with proprietary licenses.
| athms wrote:
| I think you are confusing re-licensing with sub-licensing,
| which are not the same. Under copyright law, the copyright
| holder is granted certain exclusive rights over their work
| and re-licensing is one of the rights. If the license grants
| sub-licensing, a licensee can pass on some or all of the
| rights in the license to a third party. Of the three licenses
| you mentioned, only the MIT license allows sub-licensing.
|
| The license terms for a sub-license must be consistent with
| the original license terms, although not necessarily the
| same. The sub-licensor can use different words as in the
| original license, but they cannot override the terms and
| conditions that are required by that license. The sub-
| licensor cannot sub-license more rights than have been
| granted by the original license.
|
| Works released under the Apache, BSD, and MIT license can be
| included in a larger work with a more restrictive license or
| modifications can be put under such a restrictive license,
| but the original license must remain intact.
|
| If you are getting your information on re-licensing from the
| Wikipedia page below, it is wrong.
|
| https://en.wikipedia.org/wiki/Permissive_software_license
| pwdisswordfish0 wrote:
| Mostly true, but only up to an extent: without a CLA, they
| can't just update LICENSE.txt to replace the contents with
| the text of the new license and be on their merry way without
| any trace of the old one.
|
| They can't hide the fact that it was once MIT/BSD/Apache
| licensed, and they still have to include copies of that
| original license (and any notices) even after the switch, as
| that is one of the conditions that contributors make their
| work available under, and failure to do so would mean the org
| is in violation if they haven't otherwise received approval.
| pritambarhate wrote:
| Even if one has to include the original license and notices
| with the new version, the original license and notices
| apply to the portions which were present in the older
| versions. The new portions added to the software after the
| license change must be used only as per the new license.
| MIT, BSD and Apache licenses don't forbid you to use a new
| license to your own derivative work.
| chrisseaton wrote:
| As long as the licence wasn't copyleft, they can still
| incorporate your code in their closed project without a CLA.
| tpush wrote:
| A bit off topic, but is there some consensus about what the best
| way to license software so that non-commercial use = MIT,
| commercial use = 'proprietary, please negotiate a license' is?
|
| Like, some standardized legalese or something.
| wmf wrote:
| There isn't any consensus. Right now there's a whole variety of
| licenses like BSL, SSPL, etc.
| geofft wrote:
| The problem is this is kind of ill-defined.
|
| If I, an open-source hobbyist, am thinking about incorporating
| some code from your software into my project which _I_ want to
| allow unrestricted commercial use of (i.e., which I want to put
| under a standard F /OSS license), even though I am not making
| any money from it, are you okay with that?
|
| If you're not okay with that, then the open-source-like
| properties of allowing derivatives / incorporation into other
| works probably just aren't appealing to you at all, and what
| you probably want is a simple "Non-commercial use is permitted"
| statement. But it won't actually be the MIT license, which
| permits unrestricted use, modification, and redistribution.
|
| If you are okay with me incorporating your code, then how do
| you define how much of your code I can use? If I build a GUI
| around your program and I tell AWS that they can freely build a
| GUI, is that still okay with you? That's going to have to be a
| case-by-case thing, probably.
|
| Another question is what you expect to do about contributions.
| If I, an open-source hobbyist, contribute some useful feature
| to your code, am I entitled to get paid a portion of what
| commercial users pay you? The simplest answer here might be to
| not accept contributions.
|
| Some practical options, depending on what you're really trying
| to do, might be:
|
| - licensing under the AGPL, on the assumption that many
| companies are scared by it even though it isn't a restriction
| on use (just a compliance headache for potential external use),
| and maybe clearly advertising a less restrictive commercial
| license (which could be MIT, or could be a super long
| contract/EULA) for money
|
| - licensing a previous version of your code under the MIT
| license, but keeping the current version as just source-
| available
|
| - marking commercial features as proprietary and source-
| available (what GitLab does, and what Elasticsearch used to do)
|
| - capitalizing on the fact that you know the software really
| well, and selling consulting / support but using a free
| software license (what Red Hat, Canonical, etc. do)
|
| - capitalizing on the fact that you know the software really
| well, and running it as SaaS (what Google does with Kubernetes,
| for instance)
|
| - giving your software a simple "Non-commercial use permitted"
| statement, but saying that open source developers who are
| interested in parts of your code are free to contact you and
| you're willing to relicense limited parts of the code as MIT on
| request
|
| Finally, what's your goal? Is it to prevent commercial use? Is
| it to make money from commercial users? Commercial software
| houses are, sort of by definition, good at writing software in-
| house - if your software is a really good idea as opposed to a
| really good implementation of an old idea, chances are that a
| motivated commercial developer will just make their own version
| of it.
| tpush wrote:
| Thanks for the very informative post!
|
| Really, the licensing I envision would be:
|
| 1) Any entity that does/wants to derive commercial value from
| the software should compensate the copyright holder. Example
| entities here are both "I want to sell software that
| includes/is derived from your software" and "I'm a
| company/freelancer using your product as part of my business
| operations".
|
| 2) Any other entity can use the software in any way they see
| fit (like e.g. MIT) _except_ that 1) applies transitively to
| any derived software.
|
| The situation here is less "This is an open source thing
| where I take all your contributions and profit off it" but
| more "This is a commercial for-profit thing that would
| normally be proprietary closed-source, but everyone can
| copy/inspect/modify the source as long as they do not profit
| from it".
|
| Contributions would either be disallowed, or under a CLA if
| for some reason someone wants to contribute to it (with the
| clear expectation that someone else is going to profit from
| it).
| wongarsu wrote:
| If you're just sharing binaries then CC-BY-NC-SA (or some other
| variant of the creative commons licenses). For open source
| projects there isn't really an agreed upon equivalent. The most
| popular version is probably "AGPL, or talk to us for a more
| permissive licence". Most companies would rather pay you than
| use something under AGPL license terms, but for hobby use AGPL
| works just fine.
| luhn wrote:
| > In response to this pressure, many open-core or dual-license
| companies, including Confluent, MongoDB, Cockroach Labs, Redis
| Labs, Timescale, and Graylog moved away from OSI-approved
| licenses to licenses that are not 'open source.'
|
| Redis Labs gets undeserved flack for their licensing changes.
| Redis remains fully open source under the BSD 3-Clause License.
| The relicensing only applied to the modules that are part of
| Redis Labs' paid offerings. So it's the open core model, but even
| better because the non-core offerings are source-available.
| [deleted]
| scottrogowski wrote:
| This article takes a purist stance driven by a rigid adherence to
| ideology. Let's look at this another way...
|
| Open-source and proprietary licenses are at two ends of the
| software development spectrum. The open-source model maximizes
| ease-of-adoption but doesn't provide much incentive for the
| developers. Proprietary software provides a lot of incentive but
| adoption can be slow and burdensome.
|
| Let's assume that a good goal for society is to maximize the rate
| of innovation in software. To do that, you need a mix of BOTH
| ease of adoption and suitable development incentives. Source-
| available licenses are an attempt to accomplish this.
|
| Is this a perfect solution? Probably not. I think better
| licensing models are still waiting to be discovered.
|
| However, my sense is that these new licenses will accelerate the
| development of software with limited downside for the user. After
| all, they are designed only to impact companies attempting to
| sell a SaaS.
|
| In addition, they have the potential to weaken the tech
| monopolies which, in my mind, is a Very Good Thing.
| pullmn wrote:
| I disagree. I personally would prefer to license the code I
| write myself with a GPL copyleft or a 'no commercial use' type
| of license. However, I license it instead under MIT,
| specifically to make sure that your average corporate user will
| be ok using it because:
|
| 1. I would prefer that it be widely used. Not because I am
| seeking clout or advancement, but because that's why I share
| it. 2. Sharing benefits everyone, including me. Fragmentation
| and bureaucracy harms everyone, including me. 3. I don't
| support monopolistic practices by large tech, but this is not
| the way to stop them. What we had before widespread free
| software was worse than it is now, arguably held back human
| progress for years, and didn't stop Microsoft one bit.
| dragonwriter wrote:
| > After all, they are designed only to impact companies
| attempting to sell a SaaS.
|
| Well, that's the PR message associated with the new wave of
| source-available licenses (source-available licensing is not,
| itself, new; its long been an established form of proprietary
| licensing.) But it doesn't hold up: you can't harm competing
| services providers without harming end users. There is a reason
| why the very different ideologies of the Free Software Movement
| and the Open Source Community nevertheless have stably settled
| on definitions which are virtually identical in practical
| applications (and even though those communities have very
| different preferences for licenses _within_ the scope meeting
| their similar definitions.) It is because the space is _not_ a
| continuum, and there is a minimum needed in each of a number of
| axes of liberty for the whole structure not to collapse into
| something which either community prefers free /open licensing.
| Particularly, without robust freedom that protects what other
| people can do with it (including there ability to sell you
| services built around the software that the original maker
| might also want to sell), you are not insulated against future
| actions of the copyright owner restricting the software or its
| or others services around it.
|
| And this isn't opaque to the people issuing these licenses; the
| overt motive is to enhance monetization by preventing licensees
| from competing with them to sell services: it is to create a
| moat enabling monopolization and monopoly rents. That's the
| explicit idea: to create lock-in that free/open licenses would
| not support.
|
| The benefit that the licensors seek directly depends on the
| harms that extend beyond competitors to end users.
| dantheman wrote:
| The problem with these licenses is that they're not open source
| and they're pretending to be. I doubt you could start a new
| project and get adoption if you start with these licenses.
|
| There were problems with some OS projects keeping security / auth
| stuff out of the main project so that it could be used to drive
| commercial sales.
|
| You can compete on hosting (very hard), support, customization,
| advanced / narrow features. But it needs to be in alignment with
| the users / contributors.
| move-on-by wrote:
| Would you say that GNU GPL is not open source? Maybe I don't
| understand the nuances, but I really don't see how these
| licenses are not much different then a more modern GNU GPL
| license?
| cardanome wrote:
| So open source means only licenses that are most favourable to
| the big tech monopolists now?
|
| As a user, I can use Elasticsearch just fine with the new
| license. I can read the code, modify it and use in my own
| projects.
|
| So it is more difficult for Amazon to use their monopolistic
| power to build a competing service to the one that is financing
| Elasticsearch development? Yeah, good stuff.
|
| If the big tech monopolists need something under a permissive
| license they should pay for its development.
| pydry wrote:
| I genuinely wonder what all the people defending infringements
| on Bezos's "right" to profit from elastic (for instance) are
| thinking.
|
| If it's open for you but not for him what's your problem?
| yellowapple wrote:
| > If it's open for you but not for him what's your problem?
|
| How do I know it'll _stay_ open for me? How am I supposed to
| make that determination on whether or not it even _is_ open
| for me in the first place?
|
| With a standard OSI or FSF approved license, I don't have to
| be a lawyer to have at least some idea of what the license
| entails, because their lawyers - and plenty of others - have
| already combed through them and put together layman-
| accessible descriptions of their stipulations - and further,
| by the very nature of their approval as "open source" or
| "free software" licenses, I know with reasonable certainty
| that even something as restrictive as the AGPLv3 will always
| permit me to use, modify, and redistribute that software, no
| matter what.
|
| Contrast with these bespoke "source available" licenses,
| which are specific to certain products/companies and can
| change at any time. One might call it "FUD" to be skeptical
| of 'em, but they certainly seem to leave a lot of room for
| fear, uncertainty, and doubt given the legal pitfalls around,
| say, maintaining an independent fork.
|
| Still, at least the software itself is transparent (i.e. it
| can be independently audited at any time, by anyone with the
| requisite knowledge, for any reason), so for most cases I
| would certainly pick such software over anything opaque /
| closed source any day. The lack of contingencies should the
| developers inevitably go out of business (whether from buyout
| or bankruptcy) still pushes me to prefer, you know, _actual_
| free and open source software.
|
| Transparency is a dependency of trust, but it ain't the only
| one.
| geofft wrote:
| We're thinking the exact same thing we've been thinking since
| the Debian Free Software Guidelines were written a quarter
| century ago:
|
| > _The license must not restrict anyone from making use of
| the program in a specific field of endeavor. For example, it
| may not restrict the program from being used in a business,
| or from being used for genetic research._
|
| > _The license must not discriminate against any person or
| group of persons._
|
| Was the DFSG misguided when it was written, or has something
| changed since then such that it's a good idea to restrict
| certain people from making use of the program?
| ThrowawayR2 wrote:
| > " _If it 's open for you but not for him what's your
| problem?_"
|
| Now we have to deal with examining and getting approval for
| umpteen oddball custom software licenses instead of just the
| standard FOSS ones and, yeah, that _is_ a problem. The pain
| of dealing with licenses was part of what drove adoption of
| FOSS in the first place.
|
| The original spirit of open source was scratching an itch and
| sharing your code in hopes others found it useful. The
| current squabbles are about large for-profit corporations
| trying to extract money from other large for-profit
| corporations, so let's call these new licenses what they are:
| proprietary licenses with source availability.
| rightbyte wrote:
| Teaser license?
| 838812052807016 wrote:
| It's not open for me to set it up and sell as a service
| either.
|
| I'm trying to think of a good analogy. Does anyone have a
| good one?
|
| How about, the software is analogous to a floor plan. I come
| up with a great floor plan, and allow anyone to use it for
| their buildings. But I add a restriction that no one is
| allowed to sell buildings using this floor plan except me.
| scj wrote:
| Rational self-interest of wanting commodity software for
| infrastructure / tooling.
|
| A clear winner means more companies use it, increasing demand
| for it. Which makes it more valuable to master.
|
| If the commodity software is open source, I can learn it at
| home for a low cost. Then use it at work, again for a low
| cost. Employers have an interest in using it, as do I.
|
| So I want to encourage Amazon, and other tech companies, to
| use as much open source as possible! Please increase demand
| for my skillset!
|
| Of course, the eternal problem is how the software gets
| developed in the first place. But I really don't want
| software that bifurcates organizations vs. individuals to
| become a cultural norm. Even if the impact of any single case
| is minimal.
| sparrc wrote:
| Because ultimately you are drawing a line between two for-
| profit corporations and asserting that one of them is
| exploitative and selfish (Amazon) and one of them is not
| (Elastic).
|
| In my opinion, Elastic is being just as selfish and
| exploitative as Amazon is, which is just as much as any other
| private for-profit company is.
|
| What I don't like is Elastic putting out PR and pretending as
| if they are some sort of divine for-profit corporation that
| doesn't do things out of their own self-interest, but is
| somehow only interested in open software.
|
| In other words, Elastic is clearly not the same thing as the
| Apache Foundation, but they seem to want everyone to think
| that they are.
| cardanome wrote:
| > Because ultimately you are drawing a line between two
| for-profit corporations and asserting that one of them is
| exploitative and selfish (Amazon) and one of them is not
| (Elastic).
|
| There is obviously a difference between a monopolistic
| corporations like Amazon that is actively crushing any
| competition with its control of the market and a bigger
| tech company like Elastic that is mostly driven by
| technological innovation (for now).
|
| Does not mean that one is more morally evil than the other.
| In fact monopolistic corporations can offer their workers
| much better working conditions because of the extra profits
| they make from abusing their position. Well Amazon is not
| exactly known for that but in general they do. I guess
| Developer are treated pretty well at least.
|
| So again, the point is not a moral failure but the economic
| position and the system that creates such a situation.
| While the creation of big monopolies is more or less
| inevitable it is still a good idea to be critical of the
| social and economic dangers.
| cycloptic wrote:
| To the contrary, if Amazon is providing a good hiring funnel
| for the developers/maintainers, regularly contributing
| patches back upstream, providing funding to the project's
| non-profit, and generally respecting the license, then what's
| the problem? I'm no fan of Amazon but how can I complain
| about them having a right to profit in cases where they
| actually are being good open source citizens? Are they really
| any different from any other cloud provider in that respect?
| eeZah7Ux wrote:
| Amazon is well known for having a very restrictive policy
| for contributing to FOSS
| phd514 wrote:
| Case in point -- an AWS enhancement to PostgreSQL's
| connection pooler that could have been released as OSS
| with essentially no impact on RDS Postgres and yet:
| https://github.com/awslabs/pgbouncer-rr-patch/issues/3
| autarch wrote:
| > So open source means only licenses that are most favourable
| to the big tech monopolists now?
|
| No, open source means the same thing it's always meant since
| the term was first coined. See the Open Source Initiative's
| Open Source Definition: https://opensource.org/osd.
|
| Now someone will respond "why does OSI get to decide the
| meaning of the term?" Well, they don't have any _legal_ right
| to do so, but if you don't accept their definition, does that
| mean every person gets to come up with their own definition?
| And if they do, what's the point of using the term?
|
| So it makes sense to take OSI's definition as canonical, the
| same way the Free Software Foundation's definition of Free
| Software is generally considered canonical
| (https://www.gnu.org/philosophy/free-sw.html).
|
| Also, to forestall another common reply, I'm not defending
| Amazon or attacking Elastic. I'm simply trying to define a term
| that's at the center of this discussion. If we can't agree on
| the definition, then any discussion of whether a license is
| open source is moot. The same goes for discussing the impact
| and value of open source vs non-open licenses.
| amelius wrote:
| > "why does OSI get to decide the meaning of the term?"
|
| They don't. "Open source" is, foremost, a word and not a
| definition. Just as in any language, the people get to decide
| how language is used.
|
| If you want to be specific about the meaning of open source,
| just say "OSI open source" or something.
| anoncake wrote:
| The people have decided that "open source" means OSI open
| source. Therefore that is its effective definition. Which
| means
|
| > If you want to be specific about the meaning of open
| source, just say "OSI open source" or something.
|
| is wrong. "OSI open source" and "open source" are synonyms.
| mindcrime wrote:
| _The people have decided that "open source" means OSI
| open source. Therefore that is its effective definition.
| Which means_
|
| Exactly. In common, everyday usage, when people talk
| about "Open Source" this is what the majority mean. It's
| not a "de jure" definition, but it is a "de facto"
| definition. Open Source means compliance with the OSD.
| There are terms for those other licenses - "shared
| source", "source available", etc. Use them if that's what
| you mean.
| kube-system wrote:
| Are you sure the FSF's definition of Free Software is a good
| example of your point here? That definition is almost
| entirely only respected by western software developers who
| support the FSF's cause. Just type "free software" into your
| favorite search engine and see how commonly that definition
| is followed in practice.
|
| Honestly, I think we should just say OSI-licensed if we mean
| OSI-licensed. Words are only as good as they can be used to
| communicate with others. If people misunderstand me, it's my
| fault.
| Symbiote wrote:
| Many other languages have an unambiguous word for "libre",
| and can translate "libre software" directly.
| kube-system wrote:
| I think this is a good solution. English is not a
| prescriptive language; loanwords are perfectly valid.
|
| Of course, 'OSI-license' is more accurate still, as they
| don't have a monopoly on 'libre' either. Many would say
| the WTFPL is accurately described as libre, even if OSI
| doesn't.
| chrisseaton wrote:
| The OSI should have picked their own term that they could
| have trademarked, not an existing simply descriptive term,
| then we wouldn't have this problem.
| kube-system wrote:
| They did. "OSI" and "Open Source Initiative" are their
| trademarks. Which is why people should use these words
| instead. These _do_ only have one clear meaning.
| autarch wrote:
| As far as I know, the term "open source" was coined by
| the same people who were involved in founding OSI (though
| the OSI founders were a subset of the people who first
| used the term). I'd be very curious to see examples of
| widespread use before 1997 or so.
|
| See the Wikipedia entry:
| https://en.wikipedia.org/wiki/Open_source
| chrisseaton wrote:
| > As far as I know, the term "open source" was coined by
| the same people who were involved in founding OSI
|
| I think this has been shown to be a bit of a myth.
|
| They claim to have coined it in 1998 but there's evidence
| of it in use in context without even needing to explain
| the idea by other people as far back as 1993.
|
| https://groups.google.com/forum/#!msg/comp.os.ms-
| windows.pro...
|
| Also, the fact is the USPTO wouldn't allow them to
| trademark it because it has a simple existing descriptive
| term.
| kube-system wrote:
| It was a descriptive term used for intelligence (i.e.
| OSINT) well before 1998. Here's a book from 1976 using
| the term several times:
|
| https://www.google.com/books/edition/Human_intelligence/V
| E9s...
| EarlKing wrote:
| You are misinformed. The term "open source" has a history
| that predates the OSI by at least eight years, possibly
| longer (but I can only provide cites going back eight
| years). Please see my full reply here:
| https://news.ycombinator.com/item?id=26507460
| kube-system wrote:
| For example, read the last line of this:
|
| http://www.catb.org/~esr/open-source.html
| cmeacham98 wrote:
| Unfortunately the word "free" has a dual meaning between
| "with no/few limitations" and "zero cost". Sometimes,
| people use the latter definition - using context clues to
| determine which version of the word is in use is needed
| similar to other English words with dual meanings.
| kube-system wrote:
| So does "open" and "open-source" which both predate their
| use for software.
| pessimizer wrote:
| So does "Windows," "Apple" or "Facebook."
| kube-system wrote:
| Yes, and those are all proper nouns as far as the English
| language is concerned and registered trademarks as far as
| their use in trade is concerned.
| autarch wrote:
| If we're talking about "free software" in the context of
| licensing the FSF's definition is the only one that
| matters.
|
| Obviously there is free (no cost) software as well, at
| least in English where we have one word for both meanings.
| This can be easily disambiguated in a discussion by the
| "free as in speech, not free as in beer" phrase, or if
| people are familiar with the term, using "libre software"
| to clarify.
| sjwright wrote:
| Actually English does have a perfectly serviceable word,
| but for some reason no one is interested in calling at
| _freedom software._ yes it is grammatically awkward, but
| that's a less worse problem than being semantically
| awkward, IMHO.
| chc wrote:
| "Freedom software" sounds like word salad to my American
| ear, so I'm not sure how you see that as serviceable. If
| you showed me the phrase and put a gun to my head to
| guess what it meant, I'd probably guess it was a jokey
| way of talking about software written in France.
| m463 wrote:
| from "Words to Avoid (or Use with Care) Because They Are
| Loaded or Confusing"
|
| _"Open"
|
| Please avoid using the term "open" or "open source" as a
| substitute for "free software." Those terms refer to a
| different set of views[1] based on different values. The free
| software movement campaigns for your freedom in your
| computing, as a matter of justice. The open source non-
| movement does not campaign for anything in this way.
|
| When referring to the open source views, it's correct to use
| that name, but please do not use that term when talking about
| us, our software, or our views--that leads people to suppose
| our views are similar to theirs.
|
| Instead of open source, we say, free software or free (libre)
| software._
|
| https://www.gnu.org/philosophy/words-to-avoid.html#Open
|
| [1] "Why Open Source misses the point of Free Software"
|
| https://www.gnu.org/philosophy/open-source-misses-the-
| point....
| wizzwizz4 wrote:
| I don't see how this is relevant.
| ForHackernews wrote:
| The OSI was always an attempt to rebrand free software, get
| it away from its hippie roots, and make it palatable to big
| corporations.
|
| As far as I'm concerned, if they can play these language
| games, so can Elastic.
| EarlKing wrote:
| > No, open source means the same thing it's always meant
| since the term was first coined. See the Open Source
| Initiative's Open Source Definition:
| https://opensource.org/osd.
|
| Problem: The OSI did not coin the term 'open source'. OSI
| partisans claim that Christine Peterson coined the term at a
| strategy meeting in Palo Alto on 3 February 1998. However,
| the term and the concept was well known prior to that. Martin
| Tournoij does a decent enough job of collecting prior
| citations [1] that go all the way back to 1990. All the OSI
| did was take an existing philosophy, scribble some new
| restrictions in crayon, and called it Open Source(tm)(c)(pat.
| pending).
|
| Honestly, though, I do love it when this comes up. It gives
| me the opportunity to irk new guys telling them that Lyle
| Ball, head of public relations at Caldera, has an earlier
| citation than the OSI in the form of a press-release
| announcing Caldera OpenDOS[2][3]. :D
|
| [1] https://www.arp242.net/open-source.html
|
| [2] http://www.xent.com/FoRK-archive/fall96/0269.html
|
| [3] http://ftp.uni-
| bayreuth.de/pc/caldera/OpenDOS.701/license.tx...
| autarch wrote:
| What do you hope to achieve with this? Ok, you win, the
| term "open source" predates the OSI. So what?
|
| Using the term "open source" without any definition is
| useless. If we can't agree on a definition, it's impossible
| to know if we're actually talking about the same thing.
|
| I want people to use the OSI definition in order to elevate
| debates. I'd prefer to skip past definitions to more
| substantial matters, like whether "open source" (per OSI)
| is useful. Is it somehow better than closed source code? Is
| it _ethically_ valuable? Is there some subset of the OSI
| definition that provides more value than the rest? These
| are interesting discussions worth having.
|
| Endless debating the meaning of "open source" is a huge
| waste of time.
|
| Given that OSI is the only body I know of with a clear
| definition, let's use theirs and move on to more
| substantial topics.
| markdown wrote:
| > Using the term "open source" without any definition is
| useless. If we can't agree on a definition, it's
| impossible to know if we're actually talking about the
| same thing.
|
| Get with the program, dude. It's 2021, and the prevailing
| sentiment is that all definitions are now fluid.
| #GoForWoke #GoWokeOrGoHome
| _jal wrote:
| > Given that OSI is the only body I know of with a clear
| definition
|
| If this is the only definition you're aware of, then
| apologies, but you're not the right person to be
| attempting to drive this discussion.
|
| If you're aware of the many others but do not consider
| them 'clear', then there is something else going on here,
| and I am starting to wander about agenda.
| yesenadam wrote:
| Ok, could you give the other (clear) definitions you are
| aware of? That might be actually useful here. Thanks.
| kube-system wrote:
| > Using the term "open source" without any definition is
| useless. If we can't agree on a definition, it's
| impossible to know if we're actually talking about the
| same thing.
|
| Which is why you should call them "OSI Licenses" if you
| are referring to OSI licenses.
|
| > let's use theirs and move on to more substantial
| topics.
|
| This just isn't how English works. It isn't prescriptive.
| English is descriptive by nature and permits multiple
| uses, which have been around before OSI ever existed and
| are still valid.
| phd514 wrote:
| AWS, Google, and MSFT are among the top sponsors of OSI*.
| They are not neutral arbiters in the OSS space.
|
| [0] https://opensource.org/sponsors
| samat wrote:
| Do we really need a 'legally clear' definition of open
| source and free software? Both look like a common term.
| Want something you could claim ownership over and exact
| your specific meaning -- pick some proper name like
| 'Apache license' or 'lgpl license' -- pretty unambiguous.
| pessimizer wrote:
| The Apache are a group of culturally related Native
| American tribes in the Southwestern United States. I'm
| pretty sure none of their tribal authorities have given
| you a license for your software.
| chc wrote:
| Talking about categories of things are useful. This is
| like saying "Do we really need a term for two-wheeled
| vehicles driven by pedals? Just say you have a Cannondale
| or a Schwinn."
| dataflow wrote:
| > Given that OSI is the only body I know of with a clear
| definition
|
| No, you can also use the common definition of "open
| source" = "not closed-source" = "not (source
| unavailable)". Nobody has branded this definition but
| that doesn't make it any less legitimate. See definition
| #1 on dictionary.com for "closed-source", or #2 for
| "open-source". [1] [2]
|
| > I want people to use the OSI definition in order to
| elevate debates.
|
| This is... obviously biased? Other people prefer to use
| other definitions to elevate debates. You can't claim
| only the definition you like is able to elevate debates.
|
| And the parent is putting so much effort into arguing
| about the definition for the same reason you did in your
| comment. If it was so inconsequential, nobody would care.
| But evidently people find it a powerful thing, hence they
| argue about it. You can't simultaneously do that and then
| claim it's irrelevant.
|
| [1] https://www.dictionary.com/browse/closed-source
|
| [2] https://www.dictionary.com/browse/open-source
| ZephyrBlu wrote:
| I think this is the most sensible and inclusive
| definition, otherwise you have a lot of situations where
| it's not technically OSI "Open Source" but the source is
| literally open.
|
| I've seen people use "source available" (?) in these
| situations, but I don't think it really makes sense
| because a lot of the time the only thing holding it back
| from being OSI "Open Source" is that their license has
| not been recognized by OSI.
| chc wrote:
| But now we need a new term to mean what "open-source" has
| meant for two decades, just because for some reason we
| wanted to be inclusive of licenses where the source is
| viewable but not open for use. And once we've redefined
| it, we've rendered all discussion of open-source
| deceptive for the period where it had its traditional
| meaning. I don't see any benefit to this inclusion.
| jcheng wrote:
| I would like a term that is inclusive of CC0.
| ZephyrBlu wrote:
| > _just because for some reason we wanted to be inclusive
| of licenses where the source is viewable but not open for
| use_
|
| This is not true. Recent licenses trying to protect the
| business built on the open source code are in general,
| open for use:
|
| - Sentry: https://news.ycombinator.com/item?id=21466967
|
| - Elastic: https://news.ycombinator.com/item?id=25833781
|
| I see these sorts of licenses becoming increasingly
| common in the future, which is why I think it's silly to
| continue excluding them from being called open source.
| chc wrote:
| The primary distinction in those licenses is that they're
| not generally open for use -- they allow a carefully
| chosen, _closed_ set of use cases. As an analogy, when a
| bar has a TV showing some preselected channel at a
| preselected volume, I don 't consider that TV open to my
| use, even though I can use it for the use case the bar
| specifically chose to enable.
|
| I do agree that licenses like this will become more
| common in the future, and that's why I think it's useful
| to have an identifying term for them rather than making
| "open-source" less precise to include them. Different
| words for different things is good, in my opinion.
| ZephyrBlu wrote:
| > _they allow a carefully chosen, closed set of use
| cases_
|
| I would argue that they prohibit far less use cases than
| they are open for.
|
| In any case, how would you describe these licenses? I
| don't feel like "source available" is an accurate
| descriptor in this case.
| chc wrote:
| I agree. My personal term for this sort of "We're OK with
| little people using the software but we don't want any
| competition" arrangement is "private-use source license,"
| but I wouldn't be so bold as to argue that's The Best
| Name. My point is just that I don't think broadening
| "open-source" is a good answer, because all that does is
| make it harder to talk about the differences in licenses.
| EarlKing wrote:
| > What do you hope to achieve with this? Ok, you win, the
| term "open source" predates the OSI. So what?
|
| The point is to demonstrate that the term predates the
| OSI's alleged coinage thereof. They don't get to dictate
| language. This usage pre-exists them and obviously
| persists to this day.
|
| > Using the term "open source" without any definition is
| useless. If we can't agree on a definition, it's
| impossible to know if we're actually talking about the
| same thing.
|
| Really? It seemed quite useful to the people cited in
| each of those earlier prior references. They seemed to
| know exactly what they were talking about in context. You
| have only to read the messages to see that.
|
| > I want people to use the OSI definition in order to
| elevate debates.
|
| No, I think you want people to use the OSI definition
| because that conveniently includes certain clauses that
| have nothing to do with being open source, much like the
| FSF's definition of free software has nothing to do with
| freedom.
|
| > Endless debating the meaning of "open source" is a huge
| waste of time.
|
| You're right. Equally useless is attempting to privilege
| the OSI's definition over others.
|
| > Given that OSI is the only body I know of with a clear
| definition, let's use theirs and move on to more
| substantial topics.
|
| The numerous citations you are now aware of make you
| aware of others with a clear definition, so... No.
| mindcrime wrote:
| _Equally useless is attempting to privilege the OSI 's
| definition over others._
|
| The OSI definition was elevated over others (to the
| extent that there even _are_ any others) by usage. You
| can dislike that all you want, but it doesn 't change
| anything. Maybe, in time, usage will flip the meaning to
| something else... English has a way of doing that. But
| let's not stick our heads in the sand and pretend that
| current reality is anything other than what it is.
| EarlKing wrote:
| Language is not a popularity contest. Words and phrases
| can mean different things in different contexts. That the
| OSI came along and proffered its own definition does not
| mean we have to forget what came before and, moreover, is
| still current today. The OSI is an organization that co-
| opted a movement for their own business purposes... much
| like Eric Raymond co-opted the MIT Jargon File.
| pessimizer wrote:
| The important thing to take away from those references is
| that the term "open source" (not followed by the word
| "code") wasn't ever used in a consistent way, and that a
| bunch of people putting the word "open" to in front of
| "source code" is not the same thing. Open Source is
| something invented by and defined by the OSI, and I always
| capitalize it to sidestep the argument.
|
| If you were talking about "opening your source code," or
| developing new versions of your product with "open source
| code," no one would be confused, or if they were confused,
| they'd ask a follow up. The claim isn't that "open" and
| "source" were not words with meanings, the claim is that
| "open source" didn't describe anything specific until OSI
| made it. This argument is like complaining that people had
| windows in their houses before MS Windows.
| EarlKing wrote:
| > the claim is that "open source" didn't describe
| anything specific until OSI made it.
|
| Yes, and that claim is wrong. Each of Usenet posts cited
| in Martin Tournoij's blog make reference to open source
| (code) in one manner or another... like this one, for
| example: https://groups.google.com/d/msg/comp.os.linux/06
| y4cr6wr7o/fZ...
|
| Quoting from the above:
|
| > The GPL and the open source code have made Linux the
| success that it is.
|
| That post is from 27 February 1993.
|
| I don't think you can seriously continue claiming it
| didn't mean anything specific.
| [deleted]
| jrochkind1 wrote:
| As a developer acting on behalf of an organization using open
| source, I benefit from being able to pay the vendor of my
| choice to host a given piece of software.
|
| If only the single-source author can host it as a service, or
| you need the permission of the single source author to host it
| as a service, then my choices are either self-hosting, or
| paying whatever price the single legal-as-a-service-host wants
| to charge, at whatever service quality they provide. (The fact
| they can choose to allow other licensed hosts, perhaps for a
| free if they want, does not change their monopoly control). It
| is a form of vendor lock-in, and avoiding vendor lock-in is one
| popular motivation for using open source.
|
| So yes, this restriction makes something not open source. This
| restriction also is not favourable to me as a user of the open
| source software. Open source was always about avoiding monopoly
| control of who is allowed to do what with the software.
| Monopoly control of who is allowed to host it as a service is
| such, and it is more favourable to me as a consumer when there
| is not that monopoly control.
|
| Now, meanwhile, there are various market battles going on
| between various big tech cloud providers and other companies
| providing (previously) open source software. This is also true.
| Both things can be true.
|
| For the consumer, as the OP suggests, your best bet is when
| there is software that can be produced sustainably by _multiple
| entities_ collaborating, instead of a single company.
|
| Now, if that's not sustainable, that's a problem. It's possible
| that open source is facing sustainability problems due to
| current conditions.
|
| But that doesn't change the fact that monopolizing legal right
| to host software as a service is not open source, is rightly
| not approved by OSI, and is making consumers locked in to that
| single vendor (or their licencees), which is indeed contrary to
| intention of open source.
| kodah wrote:
| > It is a form of vendor lock-in, and avoiding vendor lock-in
| is one popular motivation for using open source.
|
| Likely also a false one. For example, if you use WordPress
| guess who your vendor is? WordPress. More vexing, if you use
| Kubernetes provided by a cloud provider guess who your vendor
| is? The cloud provider, because of all those non-free doodads
| they put into their managed service.
|
| It is possible for a company like AWS to continue to offer a
| managed service for things like elastic, but I suspect
| elastic wants the nature of the agreement to change; which as
| far as I can tell we're not privy to.
| jrochkind1 wrote:
| I can pay for a hosted wordpress on BlueHost, FlyWheel,
| GoDaddy (don't do it!), linode as a "marketplace app", and
| many many others.
|
| None of these sites need any agreement with the wordpress
| authors at all, because wordpress is open source, anyone
| can run it. wordpress owners can't withdraw permission to
| offer hosted wordpress or make them pay for the right to
| host, because it's open source.
|
| if I don't like the pricing or service on wordpress.com, I
| have many options for wordpress-as-a-service. If
| wordpress.com is the best price/quality, it's because
| they've done a good job, sure perhaps because they have the
| most expertise with the software since they write it -- not
| because they have a license that gives them a monopoly on
| wordpress hosting.
| kodah wrote:
| My point was that the term "vendor lock-in" is loaded.
| Your point is valid simultaneously.
|
| Expanding on my point, I do think it's possible that AWS
| can provide services that continue to make software easy
| to run (like fully managed services). The way I see this
| is if AWS becomes the primary contributor and the
| dominant service provider, then the same situation you
| described happens in reverse. I think the solution here
| is probably about connecting the success of managed open
| source based services on AWS to keeping the companies
| that power them funded. If you balance contributions and
| money, it keeps the ecosystem in a better state.
| mfer wrote:
| > As a user, I can use Elasticsearch just fine with the new
| license. I can read the code, modify it and use in my own
| projects.
|
| This illustrates just one kind of user. And only in some
| situations. For example, lets say Elastic.co goes under. Under
| the license another company couldn't setup a replacement. So,
| the end user is screwed just as if a proprietary vendor had
| gone under.
|
| What the companies behind the new licenses are attempting to do
| is have their cake and eat it, too. They want open source for
| all the cred and for one type of user. The want proprietary for
| the complete control of the stack right through some types of
| hosting situations.
|
| It's hard to produce something completely open and yet monetize
| it in way that meets VC grown desires. That's why so many
| companies open source the common stuff but keep the special
| sauce proprietary.
| bramblerose wrote:
| > Under the license another company couldn't setup a
| replacement.
|
| I'm confused here -- the new 'open core' is available under
| the SSPL, which clearly allows this, as long as you provide
| the source code of any management layers as well. The non-
| open parts already weren't available under the Apache
| license, so nothing has really changed there.
|
| And, yes, this does mean Elastic is the only company able to
| build proprietary components on top of the code base, which
| means there isn't an even playing field with competitors. But
| once Elastic goes bankrupt this is no longer an issue.
| growse wrote:
| > > Under the license another company couldn't setup a
| replacement.
|
| > I'm confused here -- the new 'open core' is available
| under the SSPL, which clearly allows this, as long as you
| provide the source code of any management layers as well.
| The non-open parts already weren't available under the
| Apache license, so nothing has really changed there.
|
| This is essentially a legal "gotcha", given that
| "management layers" is not defined anywhere. The purpose of
| the clause is not to encourage companies to "open source
| everything" (what does that even mean? Do they need to open
| source their IPMI firmware?), it's to prevent anyone from
| going anywhere near it.
|
| Do elastic.co open source all the management layers in
| their stack?
| ryukafalz wrote:
| > The purpose of the clause is not to encourage companies
| to "open source everything" (what does that even mean? Do
| they need to open source their IPMI firmware?), it's to
| prevent anyone from going anywhere near it.
|
| Right. To make matters worse: it doesn't just require
| that all of the software used to run the service is open
| source, it requires that it be released _under the SSPL_.
| This immediately rules out using anything which you do
| not have the legal authority to relicense. So, for
| example, Linux.
|
| Quoting the SSPL (emphasis mine):
|
| > If you make the functionality of the Program or a
| modified version available to third parties as a service,
| you must make the Service Source Code available via
| network download to everyone at no charge, _under the
| terms of this License._
|
| ...
|
| > "Service Source Code" means the Corresponding Source
| for the Program or the modified version, and the
| Corresponding Source for _all programs that you use to
| make the Program or modified version available as a
| service_ , including, without limitation, management
| software, user interfaces, application program
| interfaces, automation software, monitoring software,
| backup software, storage software and hosting software,
| all such that a user could run an instance of the service
| using the Service Source Code you make available.
| tsimionescu wrote:
| > I can read the code, modify it and use in my own projects.
|
| That isn't clear. The license language can be read as requiring
| you to provide the source code for any software that interacts
| with ES (e.g., the Linux kernel that you are using to deploy ES
| over) under the terms of the SSPL to your own users, which you
| literally can't do.
|
| Elastic claims in their FAQ that this is not the intention, and
| that may be enough, but it is debatable. Regardless, the SSPL
| is a bad license for having this ambiguity in the first place.
| dfox wrote:
| Similar kind of ambiguity is even in GPLv2. ie. what does
| "anything that is normally distributed with..." in section 3
| mean and how all that interacts with notionally GPL licensed
| software which depends on 3rd party components with GPL-
| incompatible licenses (on Unix-like systems the issue is
| typically only with OpenSSL but for GPL licensed Windows-only
| software this is giant can of worms).
|
| What makes SSPL and similar freedom-0 ignoring licenses
| problematic is that you have to care about these kinds of
| license ambiguities even if you are just using the software.
| musicale wrote:
| > So open source means only licenses that are most favourable
| to the big tech monopolists now?
|
| The article explains its point of view in the first paragraph:
|
| "I've been asked repeatedly about a two-year trend in the open
| source ecosystem: 'single source' open source companies
| scrapping their Open Source Initiative-approved open source
| license for a 'source available' license."
| retrac wrote:
| The GPL family is not permissive (as the term is usually meant)
| and is certainly FLOSS.
| api wrote:
| > So open source means only licenses that are most favourable
| to the big tech monopolists now?
|
| Open source originated in the 1980s and 1990s in largely
| academic circles. It gained mainstream popularity as an
| alternative to closed source "shrink wrap" software and closed
| shareware.
|
| Back then the legitimate fear was that closed-source vendors
| would lock everyone in and end up effectively owning the entire
| computing ecosystem and the Internet. By the mid-late 1990s
| Microsoft was well on its way to having a total OS monopoly on
| PCs and increasingly servers, and were it not for Linux and
| many other projects this likely would have come to pass.
|
| Good news: open source mostly won! We now have a fairly open
| compute ecosystem. Even Windows was dragged into adopting more
| Posix-like standards, and the Mac is just a proprietary GUI and
| set of system services running on top of a mostly open BSD
| kernel. It's borderline trivial to port most software between
| Windows, Mac, BSD, and Linux, so we avoided OS lock-in!
|
| Then along came the SaaS business model and closed Internet
| silos.
|
| Cloud-hosted SaaS just totally upends everything. Now open
| source doesn't really matter from a freedom perspective. The
| cloud has all your data, and by keeping select bits of code (or
| even just the system configuration) secret and locked inside
| cloud servers vendors can achieve DRM that is effectively
| impossible to circumvent.
|
| You _can 't even run the software_ yourself, and even if you
| could your data isn't yours. Having the source is meaningless.
| It's a model that's more closed than closed, and not only is it
| compatible with classical open source but is actually fed and
| sustained by it. Open source is free labor for closed cloud
| SaaS.
|
| The OSI is fully industry captured and isn't interested in
| challenging this, which is why large projects are adopting non-
| OSI-compliant licenses.
| chc wrote:
| I don't think your conclusion follows. Elastic effectively
| saying "Nobody can provide our software as a service" doesn't
| increase the openness of the overall system -- it _reduces_
| the openness of the system in order to benefit Elastic, which
| would like a monopoly on providing Elasticsearch as a
| service.
| vorpalhex wrote:
| No, open source means they aren't user hostile. Contractual
| landmines and restrictions on running the software are user
| hostile.
| dannyw wrote:
| Amazon isn't an user. They are an exploiter.
|
| Users aren't affected by any of the relicenses.
| spijdar wrote:
| How do you draw the line between "user" and "exploiter"?
| Was there any point in the past Amazon wasn't an
| "exploiter"? What if a user becomes an exploiter? Can an
| exploiter become a user through repentance? Where's the
| legal boundary?
| drdeca wrote:
| legal boundary or moral boundary? (Not that I have an
| answer in either case, but my impression was that
| "exploiter" was an expression of moral judgement, not a
| legal judgement)
| luckylion wrote:
| Not OP and not really invested. You can probably replace
| "exploiter" with provider. A user uses the software
| directly, a provider provides it to users. Amazon can be
| both simultaneously, they can run ES to analyze sales and
| find out what products of third party sellers are worth
| copying, and they can also offer ES as a service to other
| users.
|
| That kind of difference is pretty common in non-source-
| related things, e.g. you can use the API for your
| business, but you can't resell access to the API.
| aaomidi wrote:
| Are you able to, in your head, draw a difference between
| Amazon and Amin running some application in their home-
| built system?
|
| That's how you draw the line.
| samat wrote:
| 1) who is the user?
|
| 2) let's give some love to BSD, since GPL is hostile to my
| intention of selling modified software
| eeZah7Ux wrote:
| This is plain false: tivoization is the best example.
| heavyset_go wrote:
| > _So open source means only licenses that are most favourable
| to the big tech monopolists now?_
|
| AGPLv3 is open source and isn't exactly favorable to tech
| monopolists, either.
| pydry wrote:
| That's another license that gets a disproportionate level of
| flak.
| mfer wrote:
| Big companies or those with lawyers notice that the AGPLv3
| says the software used to make something a service must be
| licensed under the same license. Much of that software
| isn't something a company controls. For example, you put
| the AGPLv3 software behind a load balancer. Does that
| software need to be AGPLv3? Some would say so and how often
| can a company control that license.
|
| Companies with more are conservative on their risk.
|
| Not a lawyer and this is not legal advice
| pydry wrote:
| >Does that software need to be AGPLv3?
|
| No. It doesn't "infect" the load balancer. There's zero
| ambiguity about this.
|
| A lot of companies have bad lawyers who try to eliminate
| rather than mitigate risk and who try to grab every scrap
| of IP for the company. This is the kind of company you're
| talking about.
|
| This is also why many try to get you to sign away every
| profitable idea you've ever dreamed up in the shower: a
| combination of extreme risk aversion and flagrant greed.
|
| I'd even venture as far as to say it's a feature not a
| bug if this type of company were forced to use expensive
| proprietary software or older, shittier versions.
| ghaff wrote:
| Yeah. The boundaries of the GPL are mostly clear because
| they're essentially tied to Unix linking behavior. There
| are some edge case--I know people who don't think you
| shouldn't be able to load binary blobs for example--but
| mostly. There doesn't seem to be the same sort of clear
| consensus over how broadly the AGPL interacts with other
| code on the network.
| glsdfgkjsklfj wrote:
| AGPLv3 get the exact same level of flak as GPL got. And
| will lose (lost?) in exactly the same way.
|
| GPL was the fight against device manufacturers using linux
| et al and not giving back/selling closed source linux
| devices.
|
| We completely lost with tainted kernel and such, as they
| corrupted the only software that they couldn't live without
| and was promoting an open source license. Case in point:
| you cannot build 1% of your android phone software, proving
| GPL code (android, linux kernel) is as useless for open
| software as MIT (ios, darwin)
|
| Now the fight moved from OEM manufacturers vs GPL to cloud
| providers vs AGPLv3. And source-available licenses are the
| tainted-kernel compromise all over again: get the thing you
| cannot live without but is fighting you with a pro-
| opensource license, and offer a carrot so they change, and
| they all changed.
|
| Without the change the article talks about, cloud providers
| would have people using the AGPLv3 code in their derivative
| work of projectX. while they paid the closed source version
| from the company dual licensing it. With this new
| arrangement, they can use all derivative work at will with
| zero consequence, for the same low price.
|
| Just like tainted kernel was a hard blow in the face of
| everyone who contributed to linux (heh, specially the GNU
| folks porting their stuff) with open source in mind. This
| is nothing but a greedy bait and switch on the community.
| mschuetz wrote:
| AGPLv3 doesn't solve the problem of projects being used as
| components SaaS services, as far as I understand? So
| companies can still use the projects just fine without the
| need to contribute anything back.
| lrem wrote:
| https://opensource.google/docs/using/agpl-policy/
| heavyset_go wrote:
| AGPLv3 stipulates that network communication counts as
| linking, so that putting AGPv3 software behind a SaaS
| requires that the software's source must be made available
| to the users of the SaaS.
|
| _edit_ : thanks to pydry for pointing out that this
| interpretation isn't correct. It is more correct to say
| that if a user interacts with AGPL software over the
| network, they have a right to its source.
| pydry wrote:
| Where does it say this? Every interpretation I've ever
| read says otherwise. E. G.
|
| https://medium.com/swlh/understanding-the-agpl-the-most-
| misu...
| heavyset_go wrote:
| From here[1]:
|
| > _13. Remote Network Interaction; Use with the GNU
| General Public License._
|
| > _Notwithstanding any other provision of this License,
| if you modify the Program, your modified version must
| prominently offer all users interacting with it remotely
| through a computer network (if your version supports such
| interaction) an opportunity to receive the Corresponding
| Source of your version by providing access to the
| Corresponding Source from a network server at no charge,
| through some standard or customary means of facilitating
| copying of software._
|
| I'm not a lawyer, but that's my interpretation of this
| section.
|
| Reading it again, it was wrong of me to say that network
| communications count as linking, though. It's more
| correct to say that if a user interacts with AGPL
| software via network communication, then its source must
| be made available to them.
|
| [1] https://www.gnu.org/licenses/agpl-3.0.en.html
| chc wrote:
| I think the problem is just slightly wrong terminology.
| In GPL terms, a network connection under the AGPL is
| treated as _distribution_ , not _linking_. If it counted
| as linking, that would mean that any software that makes
| a network connection to an AGPL service has to be AGPL as
| well.
| armandososa wrote:
| In spanish* we have a word: "emparejado" which means a door is
| not open but not quite closed. It appears closed, but it's not.
| Maybe we should use "emparejado-source" :)
|
| * Maybe it's just a mexicanism, IDK.
| vincent-manis wrote:
| So in English, we can call these faux-open-source licences
| "ajar-source"?
| pkamb wrote:
| > Open source-licensed projects with a non-profit home, *neutral
| trademark ownership*, and multiple significant contributors are
| less likely to face pressures to relicense.
|
| What does "neutral trademark ownership" mean?
| fritzo wrote:
| Maybe "ownership by a foundation" like Apache or Linux
| Foundation? Projects I've worked on for corporations have
| sometimes been donated to foundations for neutral ownership.
| ghaff wrote:
| That's certainly how I would read it. Although it's not just
| about the trademark but governance more broadly.
| pwdisswordfish0 wrote:
| Presumably something like "Linux", where although it's owned by
| Linus Torvalds, there is no single bully organization that gets
| to use it to the exclusion of others. So, the opposite of
| something like Mozilla, where Mozilla Foundation owns the
| trademark, but there's a for-profit vendor that also gets to
| use it in exchange for kickbacks to the Mozilla Foundation, no
| one else in the community can operate under that banner, and
| they have to make it abundantly clear that their work is not
| endorsed by Mozilla.
| imwillofficial wrote:
| I see this movement as a necessary evolution. Open source isn't
| for everyone, however, source available could be.
| choeger wrote:
| These companies should come up with a practical version of the
| AGPL or, if they don't find a need, just use it directly.
|
| Cooking up your own license ala Mongo is _not_ going to help you
| amongst the professional users. Companies that take their legal
| obligations seriously are not going to use your not-so-open-
| source offerings on the basis of interpreting your weird anti-
| amazon clause.
| wmf wrote:
| Every license has to start somewhere. SSPL is intended to be a
| practical version of the AGPL; it's not intended to be a weird
| Mongo-only license.
| [deleted]
| andmarios wrote:
| An important component that seems many people miss, is that both
| open source and free software licenses include a business
| model[1] in the definition: other people are free to sell
| services for the licensed software.
|
| Some people claim _I can download the software and use it for
| free, so it is ok that Amazon should not make money out of it and
| allow ElasticSearch to have a cloud monopoly_.
|
| This sounds like Tesla selling you a car that you are allowed to
| service yourself, but you cannot have a professional service it
| for you except for Tesla.
|
| I don't have a strong opinion towards the practice (I'm also
| working for a company that does closed source after all), but I
| do believe it is important to show respect to the freedoms that
| both free software and open source try to protect.
|
| [1] https://www.gnu.org/philosophy/selling.en.html
| Pfhreak wrote:
| There's a famous essay about the Tragedy of the Commons -- the
| high level idea is that if there is a resource that is commonly
| available for free then some users will exploit it for their own
| gain. It originally referred to ranchers who would overuse
| communal grazing lands, but I think the lessons apply equally
| well to open source as well.
|
| In my opinion, a healthy open source ecosystem relies on people
| using and contributing back, supporting the distributed creators
| that make the ecosystem possible. This historically has been
| something of a gift economy or social contract, but it's become
| wildly distorted by companies (e.g. Amazon/AWS) attempting to
| overuse the commons resource and make profit from it.
|
| So it comes as no surprise that when one rancher comes in and
| overgrazes the common resource, the other participants might want
| to make some changes in rules. These new licenses aren't "just
| because", they come from lived experience of entities like Amazon
| coming in an exploiting a shared resource.
|
| And I get it, the letter of the law says, "Do whatever you want
| with this shared resource". And there are plenty of folks who
| believe that Amazon has done nothing wrong -- the rules allowed
| for overgrazing, so naturally the right thing for Amazon to do
| was to overgraze.
|
| I personally see it differently -- Amazon is hiding behind the
| letter of the licenses and totally distorting a community,
| exploiting the gifts of the engineers' labor, and getting us to
| point our fingers at one another over the "one true definition of
| 'Open Source'" rather than constructively figuring out ways to
| protect the community of open development and reward the
| individual workers who volunteer their time.
| x0x0 wrote:
| I also find it befuddling that people here appear to be very
| opposed to their dependencies monetizing. We should be in favor
| of our deps being well monetized; we get high quality features,
| good engineering, fast (and ideally proactive) security, etc.
| Our eng teams are making multi-million dollar investments into
| our dependencies and having to port away is extremely costly,
| both in dollars and opportunity cost.
| guerrilla wrote:
| > There's a famous essay
|
| An essay famously refuted by the work of the first woman to win
| a Nobel prize in economics. She spent half her life collecting
| evidence showing that in reality what you describe is more
| often not what actually happens and outlining the conditions
| (derived emperically) under which commons resource management
| works. [1]
|
| 1. https://en.m.wikipedia.org/wiki/Elinor_Ostrom#Research
| 838812052807016 wrote:
| I'm not sure the tragedy of the commons applies here since
| there is no scarce resource. How does a big company profiting
| from open source code hurt the open source project?
___________________________________________________________________
(page generated 2021-03-18 23:00 UTC)