[debarshri]

Around 2019, a lot of kubernetes distributions started popping up. They often bundle various open source solutions into one platform/PaaS and sell it to the end users. I wonder,

- What are the consequences for these companies?

- Do they share revenue with the open source projects?

- Can they simply distribute these services without any consequences?

- If not, When and How does a small open source project org enforce track and their license?

[rvnx]

The consequences is that these companies get very rich and they eventually take-over the open-source project.

See Redis for example, two Israeli dudes took the open-source Redis, made tons of money.

Everyone is happy: the two founders became rich, the VCs became rich.

What about the authors and contributors of Redis ? Well thank you for the gift. As a present you can have the privilege to work for us to keep maintaining your bugs. Don't complain too much.

Then you can rewrite the history to make it sound like you created Redis and it's a win, while it's actually just a very smart dude in Italy who wrote most of the software using his own sweat and support from his employer (Pivotal).

[rsstack]

> What about the authors and contributors of Redis ? Well thank you for the gift.

He was eventually hired by Redis-the-company, allowed them to use the trademark (originally they were Redis Labs which was a compromise with him), went to their conferences, trained their Redis developers (who contributed to Redis-the-open-source), etc.. I assume he was happy with the deal as he spoke positively about them and chose to spend a lot of time with them, and eventually retired after I presume getting a nice amount of money from the decade-long adventure.

[toomuchtodo]

Indeed, this is the ideal outcome for all involved. Everyone makes some money, everyone spent the time doing what they enjoyed doing, nobody got shafted, and contributors were able to integrate their contributions while being able to pull the whole app back down for their own (free) use.

[api]

These days liberal OSS licenses are really just free labor for this kind of thing. If you use a very liberal OSS license just make sure you are 100% OK with your work being appropriated this way, including having your name stripped from it and some hustler taking credit.

In the long term I think this kind of behavior is going to kill open source for things beyond libraries and building blocks.

Everything open on the Internet is destroyed by exploitation of one form or another: appropriation, spam, scams, etc. I've become fond of saying "the Internet is a dark forest."

[xadhominemx]

If he didn’t want someone commercializing his software, he should used a different license. His own employer is is a commercial wrapper on an open source Project.

[kdmytro]

Did the two Israeli dudes violate the Redis license?

[d3nj4l]

Is it possible to do something legal, yet morally wrong?

[bad416f1f5a2]

“By selecting this license I give anyone permission to do X, Y, and Z with my software - provided they do A as well.”

“I’m going to chose to do Z and A with your software.”

“Moral hazard! Moral hazard!”

Picking a license indicates what you are willing to have others do with your work. If you don’t want people to be able to monetize it, pick a different license.

[mananaysiempre]

> Picking a license indicates what you are willing to have others do with your work.

Picking a license indicates what you are willing to have others do with your work without going after them with a threat of handcuffs and prison bars. I might not be willing to do or threaten (government-mediated) violence to someone for being an arsehole, and yet consider them an arsehole.

[ahepp]

This seems pretty silly. It's a civil matter, isn't it? Has anyone ever gone to jail for violating an open source license?

You could simply choose to not pursue legal action against license violators. Choosing a permissive license and then complaining when people do what you gave them permission to do is just ridiculous.

[xadhominemx]

Clearly there was demand for a commercial offering. What should they have done differently?

[anonymousiam]

Are you referring to Microsoft's business model?

[seqizz]

It's possible. But there is nothing immoral here.

[rvnx]

External impression, not facts, but intuition seeing how some VCs and startups are acting:

He didn't seem to have a real choice, maybe an illusion of choice since (from an external point of view) as he was pinned against the wall.

They were using his software commercially and even using the trademark of Salvatore (he was complaining about such uses occasionally). He was broke, I guess that's why he didn't register the trademark. Literally while they raised 40M USD, he was explaining struggling on this board:

https://news.ycombinator.com/item?id=12506743

This is actually one year after the first Redis Labs deal :/ Totally not the speech of someone with a multi-million exit in sight.

Fast-forward several years later: https://news.ycombinator.com/item?id=19203596 (with already >1B valuation)

If Salvatore just got 10% of the company he would get 100M+ USD. 1%: 10M+ USD.

Something must have happened.

If I'm wrong and he is super rich, then it's my mistake, but in general it's incredibly easy to get screwed up in a hostile shareholding / corporate environment when in front of you you have experienced lawyers and bankers.

[bonzini]

As long as the stock is illiquid you aren't really settled, are you?

[chris_wot]

It is, but did they?

[ghaff]

Note that projects in the cloud native space are mostly Apache-licensed. (For example, the CNCF only approves other licenses on an exception basis I believe.) In that case, so long as attributions/trademarks are honored (which oddly seems to not have been the case here), projects licensed in that way can be freely used with Kubernetes without other restrictions.

[debarshri]

Could you elaborate what free distribution mean? Often these platforms have enterprise license. Does that mean it is not free?

[bad416f1f5a2]

> Often these platforms have enterprise license. Does that mean it is not free?

There’s way too much nuance to give a clear answer without something being wrong. Give an example?

[debarshri]

For instance, let say there is a platform xyz platform that is an abstraction on rancher to deploy kubernetes, that also deploys the grafana, prometheus, loki, cilium etc. But now, the owners of platform xyz says it is 5k a month for enterprise license of this abstraction. But users may or may not realise that they are using all the tools I have listed. Does that mean, the owners of the platform to have to pay the other platforms?

Another question is, can anyone just decide to offer commercial version of any opensource project? Is there any kind of license that protects the interest of opensource developers.

[ghaff]

The whole Apache license isn't very long but this is mostly the extent of your obligations: "You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Work."

Apache is a non-copyleft license. Copyleft licenses like the GPL also require that any code changes, derivative works code, etc. needs to be made available if the software is distributed.

However, you can absolutely charge for support, etc. (But I can't assert copyright over code I didn't actually write.)

>Is there any kind of license that protects the interest of opensource developers

If by "protects the interest" you mean forces consumers of the code to pay them or allows them to restrict who uses their code, then pretty much no. The Open Source Definition as it stands pretty much excludes those kind of restrictions. The developers could of course just choose a proprietary license instead if they want to control how their code is used.

[bad416f1f5a2]

I think ghaff gave a pretty good answer as well, but here's some more nuance:

> Does that mean, the owners of the platform to have to pay the other platforms?

No.

Tons of "value-add platforms" exist like this: wrap a bunch of open source up, add a UX layer on top and offer support. As long as you comply with the terms of the license, you can do just that. And many licenses (MIT/BSD/friends) are often complied with by merely redisplaying that software's license in the documentation or on a LICENSES file somewhere.

But there are licenses that are less permissive. The GPL is the one most people think of. If you modify and distribute GPL licensed software to others, you have to share your source. How do you dodge this? SaaS: change the GPL licensed software as much as you want, never distribute it, but instead allow users to interact with it over the network. Totally compliant.

Hence, we got AGPLv3, with this big provision:

> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.

Now, if your bundled SaaS solution includes AGPLv3 software, you have to make its code available.

There are interesting questions here ... if you take an AGPLv3 software and slap a nice GUI under it, is that "linking" under AGPLv3? Possibly. There's at least an argument to be made.

> Is there any kind of license that protects the interest of opensource developers.

If your interest is building software and releasing it openly while keeping it away from people who want to monetize it, traditionally the use of AGPL does just that. Google, Facebook, Amazon – I have first or second-hand knowledge that any attempt to bring AGPL into those ecosystems is a hard no without exception.

But, what "interest" are you trying to protect? I have released software under the BSD license that has been adopted in commercial applications. I'm fine with that; it was in my interest to release it under the BSD license, that's all.

Licenses matter. Pick the one that encodes what you'd like to achieve.

[debarshri]

Thanks for such an elaborate and informative answer. This is really helpful.

[ngc248]

Companies are not doing anything wrong when they are profiting off a permissive license. Its only a problem if they do something which is not in line with the license.

If people want to make money off open source, then dual licensing is a good way.

Permissively licensing code and then when companies use it as they wish (due to the permissive license), complaining about it does not look good.