Hmmm. Lets say you have a plumber install a sink at your house, and you're happy with it.
If you later on decide you want something extra done to the sink, and the plumber says "oh, that's easy I can do that for you for free in a few weeks..." that would generally be a positive right?
But lets say you wanted it done Real Soon Now instead. Like tomorrow or the next day.
If the plumber's response was "Well, that can be done but I'll have to charge you our normal rates", that doesn't sound unreasonable does it?
That's what this situation seems like to me. I'm not sure why you're thinking there's attempted extortion involved?
Bad analogy. There is reasonable expectation that security related bugs will be fixed in a reasonable time. And that it won't be a premium feature. Not legally of course as it's free etc. But that's commonly how the world works.
A better analogy would be Microsoft asking for money to fix a security bug in Windows.
This, I think, is the core issue of this thread. It's totally not reasonable to expect anything from people who were kind enough to put their code on the internet for free for others to use. The requester is using the code someone gifted them to make money, and expects the other person continue volunteering their time for free so they can make more money. Moreover, there is no actual security vulnerability here.
Most Free Software projects are not professional. Time is spent on them for personal reasons. Those reasons may not align with users of that project, but that is just too bad. If you don't like it, all you are entitled to is the source code.
> A better analogy would be Microsoft asking for money to fix a security bug in Windows.
Microsoft has the exact same practice. If you want to tell Microsoft how to spend their time, you better be prepared to fork over lots of money.
Firefox is maintained by paid employees. This is not the same thing. There is no talk of making this a paid only release anywhere. Please avoid strawmen.
Windows is a paid product, FOSS is not. Plus you not only cannot, it's also illegal to fix the security bug yourself in Windows. Meanwhile, if someone needs something changed in FOSS they are free to do it themselves (it wasn't even a change, just a stupid rubber stamp)
Extortion implies an illegal abuse of power to obtain property. A cursory glace at the MIT license (which mitmproxy is licensed under) proves you wrong:
> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software [...]
It's all there, black and white, clear as crystal. They knew what they were getting into when they agreed to the license of the software they use. Hell, IBM could fork the project and sell the code back to the original developer, if they wanted. If they disagree with the license, well... caveat emptor:
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
If you later on decide you want something extra done to the sink, and the plumber says "oh, that's easy I can do that for you for free in a few weeks..." that would generally be a positive right?
But lets say you wanted it done Real Soon Now instead. Like tomorrow or the next day.
If the plumber's response was "Well, that can be done but I'll have to charge you our normal rates", that doesn't sound unreasonable does it?
That's what this situation seems like to me. I'm not sure why you're thinking there's attempted extortion involved?