[sqs]

Sourcegraph CEO here. :)

We released Sourcegraph under the Fair Source License (https://fair.io/), which we worked with a well-known open-source lawyer to draft.

TLDR is that it lets us create the best product for developers by having a sustainable business.

Full info at https://fair.io:

> Fair Source allows companies to both share a product’s source code and charge for that product. Releasing a product’s source code makes it more valuable to customers by enhancing extensibility and building trust. With open source, releasing the full source code and charging for the product is virtually impossible. Fair Source makes doing both possible.

[nickpsecurity]

That's an interesting license and the first I've seen of what I call open-source proprietary outside the dual-license model. I've been encouraging developments in this area given the problems of proprietary and OSS licenses in isolation. Additionally, people seem to have a false dichotomy where proprietary has to be closed/bad and OSS open/free/good. Wrote here, with security focus, that this wasn't the case:

https://www.schneier.com/blog/archives/2014/05/friday_squid_...

Elaborated briefly on my goal here with an old example:

https://news.ycombinator.com/item?id=10501615

Your license appears to meet many of those requirements. Curious about several things, though, that I figure you could give some straight, English answers to. ;)

How did you come to letting it depend on a user count rather than some other criteria? That's unusual and even reminds me of commercial licenses.

Does the license create a specific amount at that point or allow extortion where locked-in clients are hit with large amounts later?

Is the author able to terminate the project in a way where users are left with a dependency they no longer have access to?

I know you accept modifications under a CLA or something. Let's say, though, you didn't want to distribute some substantial changes. Basically, a fork is in order. How does that work? Do they just assign the whole fork to you where you can optionally offer it to others? Do they keep it onsite? Does it not happen at all? Prior discussions taught me forking is something that should have definitive answers in new OSS licenses.

The ability to make things disappear, get overpriced, or turn to shit arbitrarily are among the largest risks in proprietary OSS projects. So, interested in seeing your company's take on those.

[digikata]

When you go to the source link at https://src.sourcegraph.com/sourcegraph and look at the LICENSE file, it says: "Use Limitation: 15 users" That implies that the project there is the full Enterprise version?

Is there a separate link or some dividing line to the Core source? Or how does one build or access just the core features to abide by the licensing terms if you're a team larger than 15 and want to evaluate Core Sourcegraph?

[3ot]

After comparing the features of Core and Enterprise, it looks like the Core package is not self-hosted à la non-enterprise github. And the source at https://src.sourcegraph.com/sourcegraph seems to be the Enterprise version – minus 24/7 technical support and automatic backups I'd say.

[beliu]

Sourcegraph CTO here. Sourcegraph Core is self-hosted and the source code for it lives at https://src.sourcegraph.com/sourcegraph.

Sourcegraph Enterprise includes the additional features mentioned in the pricing section on https://sourcegraph.com that are specific to very large companies.

Sorry about the confusion. Anything we can do to make that clearer?

[digikata]

Well if the intent is that Sourcegraph Core is "for teams of any size", and the code at https://src.sourcegraph.com/sourcegraph is the Core, then it seems like the LICENCE file in the source should be updated to reflect the intent and not say it's limited.

Inside https://src.sourcegraph.com/sourcegraph@master/.tree/LICENSE it has a line that says:

  "Use Limitation: 15 users"

[sqs]

Sourcegraph CEO here. Thanks for the feedback. We are working on making this smoother/clearer, but the way it works is that the license refers to the posted pricing. The posted pricing on Sourcegraph.com says $0 for teams of any size for the non-enterprise features. When you exceed 15 users, there is also a license you'll receive that explicitly says that, but we wanted to keep it simple when you are just getting started (and not require people to click through a EULA).

[digikata]

I guess I'm still confused on what the website says re: pricing and limitations of Sourcegraph Core, and what the LICENSE file in the source code repository says.

The LICENSE file starts:

Fair Source License, version 0.9

Copyright (c) 2015 Sourcegraph Inc.

Licensor: Sourcegraph Inc.

Software: Sourcegraph Core

Use Limitation: 15 users

...

But I think "Sourcegraph Core" is described as teams of any size on the website.

[thegeneral]

Maybe change the README.md file at https://sourcegraph.com/github.com/sourcegraph/srclib Beyang, which says "Sourcegraph is licensed under the MIT License." ... I think you probably mean "The sourcegraph/srclib sub-directory is licensed under the MIT License." ;)

[beliu]

Thanks for flagging! Updated the srclib README.

[koko775]

> If I modify the source code, can I redistribute my modified version under the MIT License? Separate but related question about the Fair Source License: If I modify the source code, can I redistribute my modifications under the MIT License?

The difference being, of course, that one would redistribute the original code under the FSL and so the work as a whole would remain licensed under it.

[Somasis]

You would be better off selling services akin to what GitLab does for sustenance.

[sulam]

Completely disagree. Services models seem to very much limit what companies like this can achieve. It also creates a perverse incentive for the company to make a product that needs service contracts to manage. They tend to produce more closed-source "addons" as well.

[nickpsecurity]

Exactly. Empirical research I saw showed that most companies in that market don't do so well in either profits or longevity. The majority of them we see here also intend to sell out.

[nickpsecurity]

All evidence is to the contrary. The companies making the most profit on software are licensing it somehow while others that are at least successful are using plenty venture capital with SaaS. So, both are the best choices and the use of a proprietary license preserving FOSS-style freedoms is interesting.

Strange how much negativity proprietary OSS gets on HN vs cool, proprietary, closed tech.

[dragonwriter]

> Strange how much negativity proprietary OSS

"Proprietary OSS" is an oxymoron, like "four-sided triangle".

[nickpsecurity]

I retract my statement for any given commenter that was purely concerned with my misuse of the OSS phrase, which I'm fixing in future comments. However, there's often an overly-negative reaction to anything that involves payment and shared source w/ OSS-like benefits. If they were reacting to that, then it still stands if they don't do similar for cool, closed-source stuff here. Just seems hypocritical to me. That's where I was going with that comment.

[dragonwriter]

> However, there's often an overly-negative reaction to anything that involves payment and shared source w/ OSS-like benefits.

I think you miss that the biggest and most important benefits of open source are tied to the freedom to fork, which is both the source of the greatest security against divergence in interest between the original copyright holder and the user community and the enabler of community-driven innovation.

Put simply, shared-source does not have "OSS-like benefits".

> If they were reacting to that, then it still stands if they don't do similar for cool, closed-source stuff here.

Unlike shared-source stuff like the Fair Source License here, simple closed-source proprietary software generally doesn't try to pretend to be Open Source-like (and, when it does, it is attacked in the same way.)

[nickpsecurity]

"I think you miss that the biggest and most important benefits of open source are tied to the freedom to fork, which is both the source of the greatest security against divergence in interest between the original copyright holder and the user community and the enabler of community-driven innovation."

I agree that's a major benefit. It's why a form of it is on my list. :P

A non-profit maintaining a shared-source software requiring a mere $1 a year wherever it was used would have enough for a full-time developer plus the website by time it hit 20-20k users whether in original or forked form. Plus could take contributions from others while giving them credit and/or a pass on the money. Whereas many OSS projects get used all over the place with about nothing in return and depend on goodwill of occasional volunteers or sponsored developers. So, there's definitely a benefit here with similar innovation, even community driven if a membership fee model.

"Unlike shared-source stuff like the Fair Source License here, simple closed-source proprietary software generally doesn't try to pretend to be Open Source-like (and, when it does, it is attacked in the same way.)"

Nah, shared-source stuff gets attacked more than proprietary or even shoddy OSS when it shows up. I was happy to see some exceptions considering the license a nice evolution in OSS direction from a proprietary angle or just better than most proprietary licenses.

[bradrydzewski]

Gitlab graduated from Ycombinator and raised a 4MM series A round. While these are both tremendous accomplishments and important milestones for any startup, it may be a bit premature to declare their business model a success.

[nickpsecurity]

As I said in another comment, many of the companies pushing this model are VC-funded with intent to sell out and their operation disappears into a big company (or disappears). We should distinguish between business models that are just to get an acquisition and that support long-term growth. Cheap addons with OSS/FOSS seems mainly to work in the former.

[bradrydzewski]

I agree. I was responding to the parent comment suggesting Sourcegraph should adopt a similar business model to GitLab and I was pointing out that perhaps GitLab's business model has not been proven successful yet

[nickpsecurity]

Exactly. Way too early.