[AmericanChopper]

Personally, if you’re trying to inject advertising scripts into my critical infrastructure, then no, I absolutely don’t trust you. Like many others, I put a lot of effort into trying to sanely manage my dependencies, finding adware in there would be an enormous red flag.

You’re probably a good person, and you seem to be trying to do something good. But I know almost nothing about you, and even if I did, the fact that you think build pipelines are a good place for adware instantaneously eliminates any trust I might ever have in your judgement.

[baq]

so i guess you're mailing a check in return for services provided?

[yjftsjthsd-h]

False dichotomy; the world is not solely consist of adware and paid software.

[baq]

of course. i'm just pointing out that having a 'critical' infrastructure which components have been obtained for free and then complaining about those components asking for money in one way or another is rude; unless the OP already donates and didn't say so, in which case please accept my sincere apologies.

[AmericanChopper]

I contribute to various open source projects in various ways. But that’s really besides the point. I’m not against open source maintainers seeking funding, but in my opinion, this is just a remarkably terrible way of doing that, and undermines the credibility of the work they have done.

I also take issue with your implication that if somebody releases some work for free, that anybody who uses it now owes them something. I’ve released open source work before, and I’ve never even had the audacity to think that the people who use it are somehow indebted to me. Open source projects gaining a community following and then deciding ‘time to pay up’ and changing the license has happened in a few recent high-profile incidents, and it honestly makes reliance on open-source software a risk for anybody doing anything serious with it.

[pferde]

That's a deeply flawed line of thinking.

Those components were obtained at a price of 0 moneys, which at the time of "obtaining" was agreed upon by both sides. In this situation, yes, asking for money later is very rude, in my opinion.

[feross]

Just to make sure I understand you correctly — you believe that because a maintainer releases an open source artifact at a given point in time, you are entitled to dictate the terms that any future artifacts are released under?

You might want to reread the MIT license provided with the software to see which guarantees it actually (doesn’t) provide to you.

[makomk]

In your blog post, you complain about a startup's product that charges $50 per month per developer to check if the open source software they're using is licensed in a way that won't cause them massive legal and financial headaches. This is why that product can exist and make money.

As you point out, the license of open source software provides zero protection against someone creating a snappily-named, heavily promoted open source project, waiting for it to become widely adopted, and then slipping a nasty surprise license change into the next release - and some open source developers think that the idea they shouldn't do this is unfair entitlement. In this low-trust world, providing a way of checking that none of their thousands of little dependencies has done that is far more vital than most of those dependencies, and certainly provides more value than some linter config files.

[pferde]

No, the subthread was discussing paying later for services already provided (quoting: "mailing a check in return for services provided").

Not for any future services, which, obviously and as you correctly point out, are not necessarily subject to the past agreement.