| I've tried it. I've failed at it. Halite is a libsodium wrapper for PHP projects that emphasizes ease-of-use and difficulty to misuse: https://github.com/paragonie/halite CMS Airship is a secure-by-default content management system (think WordPress, Drupal, Joomla, etc.): https://github.com/paragonie/airship Both projects are released under GPL but offer commercial licenses. In two years, I've only had one person ever inquire about a commercial license, and they backed out. One of the libraries I wrote has an installed base of (not counting WordPress) over 28 million, yet I rarely hear from its users: https://packagist.org/packages/paragonie/random_compat The barrier isn't legal or philosophical, it's that a lot of very useful open source software (especially libraries that developers interface with) are infrastructure rather than window dressing, which is largely invisible to organizations. If you only develop window-dressing libraries, then the stuff 'patio11 has said here over the years might hold true. But if you're trying to build a more secure Internet by giving developers better tools, nobody wants to pay you for that. |
that's not necessarily a bad thing. Those sound like libs with pretty simple responsibilities, so if they work great there may just not be any real opportunity for feature requests​ or feedback.
With a backported shim (like at least one of those), I'd honestly take a silent userbase as a sign of success if you know there are downloads/installs.