[phoronixrly]

Developments like this one and the faker.js and colors.js fiasco from last week have made me rethink my position about licensing.

Now it seems to me that releasing code you wrote for free under a permissive open-source license is somewhere between ill-advised and unethical. On one hand it will not benefit you in any way, on the other, it will be incorporated in a company's proprietary project thus lowering the expenses necessary to develop it. In the end, you've contributed to closed source and on top of that you got nothing in return... And that is the best case, as we saw with log4j, you can be held responsible in the court of public opinion in case the project you developed and maintain for free (with no warranty or liability as per license) causes an issue...

[Devasta]

No one except the most credulous buffoons really believed the "MIT is more free" nonsense about the GPL, it is, was, and always will be a push to move away from "Free as in Freedom" to "Free as in Free Tech Support".

Large Corps won't use your code if its AGPL? Thats a feature, code away without worrying about breaking anything!

[aseipp]

It's so funny that if you say that actually the GPL is good because random corporations can't freely utilize it with zero consequence and make money off your labor, you'll get a bunch of bedbugs come out of nowhere saying uhhhhhhhhmmmm, actually you're the one hurting "free" software, somehow, for being so difficult, so cruel, because how dare you prevent others from writing even more computer programs, can't you understand N+1 programs in the world is better than N? And that you are the one who stopped it, you selfish selfish person? And that someone else could have even made money off that? You've practically robbed them pre-emptively with intent. And you wouldn't want to scare away the 9-figure corporation by being mean... would you?

Sorry but I don't consider letting Lucy set up the football and giving it a solid go to be kind and equitable. It's called "being a mark."

[tobywf]

Having a license where "network use is distribution" seems to be a must these days.

I also recently found the European Union Public License (EUPL, e.g. [0]), which seems similar to the AGPL. Might be interesting to Europeans. The translations being available in multiple languages is really nice. It being a less often used license could also be a feature.

[0] https://choosealicense.com/licenses/eupl-1.2/

[anticensor]

EUPL is severable, unlike GPL family. GPL is explicitly non-severable.

[namibj]

Unfortunately it's compatibility clause means it's only as strong as GPL...

[kube-system]

I don't have any problem releasing stuff under permissive licenses like MIT.

What you shouldn't do is have unrealistic expectations about the software you release. If you give stuff away for free, expect that you're giving it away for free. If people ask for free support, and you don't want to give it, be prepared to tell them so. Also, don't expect that there is any unwritten expectation for anything in return.

Your license is your agreement with your users. If it doesn't outline what you want, you picked the wrong one.

I'd use GPL if I wanted to expend the effort trying to force people to contribute to my projects. But that isn't always the case.

[pabs3]

It takes a lot of effort and money to enforce copyleft open source licenses, a lot of companies just violate them regardless. Some companies even violate permissive licenses, for eg my router violates the microhttpd BSD license.

The latest GPL lawsuit I saw was only possible due to a large grant from amateur radio hobbyists.

https://sfconservancy.org/copyleft-compliance/vizio.html https://sfconservancy.org/press/qanda.html

[hda2]

Damages.

Offer two licenses. One GPL and the other commercial. Make the commercial license as costly as possible, even Oracle grade by charging per core. Include language stating that the licensing agreement falls back to the commercial license if the GPL is violated and the violation is not remedied according to the provisions set in the GPL.

Any licensing fees collected get poured back into the open source project.

If another company is stupid enough to ignore these terms, I'm sure you can find someone willing to sue on your behalf for a fraction of the damages owed to you.

[guitarbill]

Is there an easy way of providing commercial licences? Has anybody had experiences with this?

I've seen Super Source (https://supso.org/), which I think used to be called Supported Source (https://supportedsource.org). It seems to make providing commercial licenses easy. But their website is pretty bare. Do people usually just roll their own with Square or Stripe? I've found it hard to get search results on this at all.

[wizzwizz4]

If somebody is going to be paying you more than $1000, they'll contact you about it. You don't need to automate the license payments; you just need to check your email.

[semi-extrinsic]

From my experience, RLM is one option that is widely used for this. FlexLM is another one.

https://en.wikipedia.org/wiki/Reprise_License_Manager

https://en.wikipedia.org/wiki/FlexNet_Publisher

[pabs3]

Most GPL projects aim for a diverse copyright holder base, with the code solely licensed under the GPL, so that no one entity can escape their GPL obligations by paying money. In that scenario it becomes harder to enforce the GPL, unless you have a principled copyright holder base with deep pockets. Hopefully the Software Freedom Conservancy lawsuit mentioned upthread will change that, they aim to set the precedent that anyone who receives GPL violating binaries can file GPL violation lawsuits.

[vipa123]

Do you have a real-world example of what a license like this looks like?

[lolinder]

Even so, I'd assume that a company that knowingly infringes on the GPL is much less likely to demand free support, lest they draw attention to their violation. So at the very least it should free maintainers from having to deal with bug reports/feature requests/entitled demands from corporate entities that refuse to give back.

[pabs3]

None of the Apache PLC4X users asking for free support on behalf of their companies mentioned the company name nor used a company email address. I expect it would be pretty easy to keep the gratis support requests and GPL violations fairly separate.

[ghoward]

Not GP, but I hadn't thought of this! That would be a great side effect of using the GPL now that I think about it.

[oblio]

It's not unethical, it's more like being a "fellow traveler" or in clearer terms, a useful idiot.

People with money (corporations) were always the ones to benefit most from permissive open source, they're best placed for it.

Permissive open source only really makes sense as charity[1], or for libraries you as a developer want to be able to use at future companies[2] or as a component for a corporation's grand strategy.

[1] "Here, have this, I built it and I want to share it so that it doesn't go to waste sitting on my storage."

[2] Only the case if you accept outside contributions with no copyright assignment, since otherwise you have the power to relicense your own code.

[LaGrange]

> It's not unethical, it's more like being a "fellow traveler" or in clearer terms, a useful idiot.

I mean, the line between a useful idiot and a scab is so thin it barely exists.

> Permissive open source only really makes sense as charity[1], or for libraries you as a developer want to be able to use at future companies[2] or as a component for a corporation's grand strategy.

Edit: nah, I think "as charity" it's bad (takes away from others, corporations don't need your charity), case 2 is at best misguided (just charge them, don't do this for free, please), and only 3 makes sense, as in "language bindings for our product are permissive."

[prmoustache]

I don't see where it is not ethical.

At any point you can decide to pursue or stop maintaining the code and anyone can decide to fork and take over. It is just naive to think you will always find fun in working on it or pretend you might make a living out of it unless you have a strong business plan.

[ReleaseCandidat]

> I don't see where it is not ethical.

And that's the problem.

Many people like the idea of 'helping' other people for free, even if these users never 'give something back' (because they can't program, don't have the time to translate something, ...). But helping other people (companies) make money for free that already have not only enough but way more than you, and you even do the less rewarding work like fixing bugs is not what moste people thought of when making OSS.

[sitkack]

To explain it a different way, I think, is that releasing code under a permissive license where the end user is a large corp, doesn't make the world a better place, it just reduces the labor needed to achieve an end.

OSS saves on headcount.

[mring33621]

At my company, a huge bank, where we use a ton of open source code, we were explicitly told that working on (contributing to) open source was a terminal offense.

[Tostino]

Name and shame them.

[wizzwizz4]

I don't think it's fair to expect this user to do that. (However, if somebody else knows of a bank like that…)

[Tostino]

I mean throwaway accounts just pop up all over. I would never expect GP to answer and put themselves at risk ;).

[lumost]

In the case of industrial control, database tech, and other high cost fields it would be dubious to pitch an open source product and then abandon it.

Getting a high adoption OSS project takes more than putting a repo on GitHub. In some cases like this one, it’s possible that the underlying cost of these activities is much closer to the licensed proprietary software than the OSS variant (aka free)

[zozbot234]

> In the case of industrial control, database tech, and other high cost fields it would be dubious to pitch an open source product and then abandon it.

Why? Open source projects are released with "NO WARRANTY", which includes the possibility of dropping maintenance at any time. If you want continued support you either fork the project and DIY, or pay someone to support you.

[mason55]

And that is not something the companies using the software are interested in.

This isn’t like a software company taking over some abandonware tool that they rely on. Building and maintaining software is not in the wheelhouse of these companies. They’d rather spend more or have fewer features in exchange for lowering risk.

[prmoustache]

It is the ethical problem of those companies, not of the people writing the original code.

[prmoustache]

So Google liberated kubernetes under the Apache License 2.0. Many companies are now relying on it for their workload and we see contribution from other big companies as well.

Are you saying that it would be unethical if Google find out they'd now rather work on something newer/better, and stop having engineers contributing to it?

[KSteffensen]

The guy has been working on this almost 25 years. That's not pitching and abandoning.

[phoronixrly]

The unethical part is that you've contributed (for free!) to the development of closed-source proprietary software.

[akerl_]

What is unethical about contributing (for free!) to the development of closed-source software?

And if you’ve decided that making open-source software inherently contributes to the development of closed-source software, what’s your recommendation?

If it’s unethical to work on closed-source and open-source, do we all just go home and stop writing code?

[chrisdutz]

When I started to work on PLC4X I was hoping people would be using it to build commercial applications and either making money with it, saving money or building better products. That's why I stronly believe in the Apache License and am not a GPL advocate.

However I would never have expected that allmost nothing is returned by anyone.

I mean, I'm an IT consultant and I was doing consulting with other projects that I work on and I'm fine with that. I love doing that, I love giving training, mentoring people and companies to become open-source contributors. I saw that the effort-to-improvement-ratio open-source could bring to the automation industry was just incredible 5 years ago. That's why I put so much work into the project and I continue doing so ... just differently ;-)

[phoronixrly]

We're getting into technicalities here, but in my opinion the ethical thing to do is to share your code freely for everyone else to use, however at the same time use a license that requires them to do the same with any code they derive from yours. This is absolutely nothing new, ref. the GPL.

[akerl_]

It’s clear that your preference is that people do that. What’s not clear is why the MIT license and closed source software are unethical.

Not everything we dislike is a violation of ethics.

[rbanffy]

> What’s not clear is why the MIT license and closed source software are unethical.

Is it ethical to allow unethical behavior?

[FpUser]

Stupid it may be but it is not unethical. We live in supposedly free world and one has full right to decide how their work is to be used. Don't like it, just use GPL or whatever license you might want to concoct to prevent / limit corporate use.

[jcelerier]

as usual when it's about free software licenses, https://www.reddit.com/r/stallmanwasright

> In the end, you've contributed to closed source

yes, that's exactly what using the GPL is supposed to prevent

[SloopJon]

> it will be incorporated in a company's proprietary project thus lowering the expenses necessary to develop it

Without necessarily taking a position on the ethics, I would point to macOS and its derivatives as a clear example of this. Apple invested significant resources into a successor to System 7 called Copland, abandoning it in 1996. While the purchase of NeXT in 1997 hugely influenced the design of OS X, look at all of the free and open source projects that accelerated its development: Mach, Clang/LLVM (and GCC before it), KHTML, KJS, CUPS, much of the BSD and GNU userland, and the list goes on.

macOS, and by extension iOS, would not be where it is today without its open source core. Put a little spit and polish on it (no small thing, of course), add a kernel extension named Don't Steal Mac OS X.kext, and voila: new O/S.

[favorited]

The flip side (of this specific example) is that several of those projects were either started or nearly exclusively funded by Apple.

- Mach's primary architect, Avie Tevanian, was hired by NeXT to productize it, and he continued that work at Apple with XNU and the OS X strategy to replace the classic MacOS

- Apple hired Chris Lattner after he finished his PhD (where LLVM was started) and then created Clang and open-sourced it, as well as other LLVM tools like libcxx

- Apple hired Michael Sweet (creator and maintainer of CUPS) and paid him to maintain it for several years

As you say, Apple's software wouldn't be where it is today without open source. But major open source projects either wouldn't exist at all (e.g., Clang) or would have needed someone else to pay for their maintenance (e.g., CUPS) without Apple.

[keewee7]

>code you wrote for free

>for free

How much open source code is actually written by hobbyists working for free? Most of the Linux code is written by paid engineers employed by big tech companies.

[drran]

Yes, it's because of GPL restrictions: if you use my code, then I can use your (to some extent), so proprietary developers are forced to cooperate, which everyone job easier.

Linux is used by whole planet, but it's not a burden for Linus Torvalds.

Same for KHTML -> WebKit/WebCore -> Blink (LGPL), which is used even by such GPL haters as Apple and M$.

[trasz]

Same for Postgres and multitude of other liberally-licensed software.

[ReleaseCandidat]

> How much open source code is actually written by hobbyists working for free?

Initially, almost all of it.

> Most of the Linux code is written by paid engineers employed by big tech companies.

Nowadays. It didn't start this way.

[charcircuit]

What's wrong with lowering the time it takes to develop closed source software? Closed source software solves people's problems. By making it easier to make, more of people's problems can be solved. There can be less time spent where multiple people remake the same exact thing over and over again.

[glogla]

Maybe. Or maybe you are just helping the rich get richer and the poor get poorer. Whether proprietary software is a force for good or just another mechanism of exploitation is a matter of opinion, and the GP might not share yours.

[charcircuit]

As a child starting from $0 I built up almost all of the money I have now doing contract work by making closed source software using open source software. Being able to quickly make things without even having to spend any money is great for someone with no money. It didn't make me poorer as someone with $0, it made me much richer. I know my software was a positive to the lives of many people even if it is closed source.

[eropple]

Are you giving back to the people who enabled you to do so?

[charcircuit]

Honestly, no. They released their software for free, so that's what I will pay.

[rbanffy]

If you are making money using open source software, it's always nice to support the creators of the software you use.

[stjohnswarts]

There are 10s of thousands of open source projects out there going smoothly, please don't make any drastic decisions based on anecdotal evidence.