I tried to grep the code for `api.` to get a sense for all the vendors this codebase is using, and which you'd need to have relationships with to run the code. Here's what I found:
Most of those are probably indirect. Same here: Stripe doesn’t issue credit cards or even process transactions itself. It partners with a half-dozen or so credit card networks, and each network partners with thousands of banks around the world.
No, I'm comparing to what you see on the average cookie consent banner [1]. If you dive into the 'manage' option, most e-commerce sites will literally have hundreds of third-parties listed that your data might be shared with. As far as I understand these are all direct integrations, either in the frontend or backend, not indirect - you don't have to ask for permission for companies downstream of your own providers.
[1] we don't get to see most companies codebases, so this is a good indicator of the amount of integrations
Gumroad became my cautionary tale for startup equity for early engineers.
I remember excitedly following the story from start. It was fun to follow along. Then around 2015 things weren’t working well, so they laid off most of the team. Investors sold the company back to the founder at a steep discount. As I recall, a major investor sold their ownership for $1.
Just like that, the founding engineers who worked so hard lost their jobs and saw their equity valued down to nothing.
It happens! However, the strange thing in this case was that the company kept going. They had laid (almost) everyone off and declared their equity worthless, yet the company was still making money and growing. My younger self struggled to understand how the founding engineers could have gone from working so hard on something to being laid off and seeing their equity wiped out while the business itself continued right on working and generating revenue.
A lot has been written to put positive spin on those events. The founder claims to have helped out some of the early engineers in vague ways. However, I’ll never forget being a young, aspiring startup engineer and watching an entire startup team get wiped out of the business they helped create and then the business just kept on trucking for the founder who walked away with ownership of the company.
I was one of them! Joined on August 5, 2012, got 0.5% of equity (I think?), it all went to more-or-less zero monetarily. I don't think most of us really hold any grudges against Sahil here. It was a very fun place to work, and I met some of my closest friends and made some of my strongest professional connections there. It was net-very-positive to my life and career, and I think we were all adults when we were opting-in to the experience.
As for Sahil/Gumroad making money and growing. Meh. He's worked on it for 13 years and showing dedication beyond what I would have for most things. It's fine.
A friend built a startup for years and progress was not looking good.
Eventually the entire development team quit and left without equities.
The founder was then acquired for millions.
Another case: startup running out of money after a series B or C and a history of questionable expenses. Everybody but a few left.
The founders sold their main product for cheap to some private equity firm, focused on a crappy internal tool they built and they used their last money to hire a literal army of sales people.
These sales guys were apparently amazing and somehow managed to sell the tool to a bunch of fortune 500 companies and are now making bank.
The main product they sold? It's still on life support, the original buyer just sold it to another holding.
How did lose all their equity? You can’t declare equity is worthless. You can raise new rounds with different valuations and dilute previous investors/employees but they would also dilute themselves.
Even if they don't "lose" their equity, it might just turn essentially worthless. Very often "equity" founding staff receives is in the form of (V)ESOP s = (virtual) employee stock options, or other equity grants that only materialize in the case of an "exit event". Depending on how the exit events are specified in the contract, the founder taking the company private (/ divestment from the investors) might have resulted in an exit event with $1 value of the company.
Yeah so pure grift : if it was really dying then just keep your worthless-percent forever, or get emotionally manipulated into selling for $1 like a sucker
> You can’t declare equity is worthless. You can raise new rounds with different valuations and dilute previous investors/employees but they would also dilute themselves.
The investors sold the company back to the founder for $1. That's as close as it gets to declaring equity as worthless.
Equity for pre-IPO companies is often tied to an expiration. If there is no qualifying liquidity event before the expiration then your equity disappears unless the company takes action to reissue your equity. That sometimes happens for people who are still employed with the company, but almost never for former employees.
Interesting discussion on the merits of the initial plan of a paid link shortening service and the opposite approach (easy-to-setup paid access to links).They were discussing adding Bitcoin as a payment method when it was 0.7 cents a pop.
> At the current ~$0.70 / bitcoin, this means that every American will be able to have ~$0.05 in his or her electronic wallet, once all bitcoins are generated. Assuming that the rest of the world does not participate at all and that bitcoins are evenly distributed.
> Sure, you could imagine an instant dollar-to-bitcoin-to-dollar conversion at the point of payment. Or you could imagine a bitcoin2.org that generates more coins. Or you could hope for a massive surge in the value of the bitcoin.
> I'd put my money on Paypal sticking around, though.
Even back that people pointed out the obvious flaw of Bitcoin remaining at $0.70. But I wonder if any of them believed it would be at $100,000 in 14 years
Some might not be aware: It wasn't always smooth sailing for Sahil (could have had a much comfortable life if he stayed put at Pinterest). https://news.ycombinator.com/item?id=37059594
I'm reading a lot of complaints here but let's recognize some interesting aspects that Sahil is talking about: 1. It's the 5th largest rails codebase open to AI ingestion. 2. They are offering bounties for issues. Not large bounties but whatever, it's something.
I personally like rails and would love to see AI tools improve with it. No idea if this code base will really help that, and when but it can't hurt. In my experience I can get next apps up in a jiffy but rails is much more of a struggle. If anyone has any tips here, please post.
I'm always curious about how well bounties work especially now in an AI age. I wonder what the arbitrage on AI spend vs. bounty will be for people that take a run at them.
I run a bounties platform (https://algora.io) and I've seen people who create bounties try to use some AI like Devin to solve them (@seveibar livestreamed trying it) just for fun and in all cases AI failed to solve the bounties.
A Rust project that rewarded 300+ bounties ($37k) is now building an AI coding agent with the aim to solve bounties on Algora - it's an interesting benchmark I guess.
Curious myself what the next years might look like, but from everything I've seen so far we're definitely not there yet.
It's not a mistake because someone doesn't subscribe to the same definition as you. There are 2 widely competing definitions that are both perfectly valid, if you want to be more specific you can say "not OSI approved" to more accurately reflect what you're talking about, if you don't want to do that then you can understand how others feel.
I used to make a bigger deal about this, but now I think that whether something calls itself Open Source is less relevant than if bait and switches are being done.
Teasing a release on X is less bothersome than what Matrix is doing by relicensing from Apache to AGPL and making what was billed as a vendor neutral communication platform not so vendor neutral. The people working at Element certainly don't want to use Matrix/Element under the AGPL, so why should they expect earlier users and members of their community like me to want to use it under the AGPL?
There was a time when saying Open Source meant something by itself. Now you have to include details like the license, what exactly is under the license, and the leadership.
> You may use the software under this license only if (1) your company has less than 1 million USD (2024) total revenue in the prior tax year, and less than 10 million USD (2024) GMV (Gross Merchandise Value), or (2) you are a non-profit organization or government entity. Adjust the revenue threshold for inflation according to the United States Bureau of Labor Statistics' consumer price index for all urban consumers, U.S. city average, for all items, not seasonally adjusted, 1982–1984=100 reference base.
>You may use the software under this license only if (1) your company has less than 1 million USD (2024) total revenue in the prior tax year, and less than 10 million USD (2024) GMV (Gross Merchandise Value), or (2) you are a non-profit organization or government entity.
So if it someone uses this software to build a $10M GMV per annum business, it's completely unclear the pounds of flesh Gumroad et. al will want as their cut.
By the time licensing becomes relevant, your business is built around the platform and this gives Gumroad an unreasonable advantage in any negotiations. Imagine what they could say:
- You're now a competitor. Stop using our software (you can still sell on gumroad.com, hint hint)
- Give us 20% for 1 year (next year, who knows...)
- We won't give you a license, but we'll buy you out for next to nothing.
Web app works fine. I'm an Android user, I sell through Gumroad and it's never occurred to me to download a native app that offers no functionality beyond what's already on the website. Sale notifications go to my email, as they should.
It's pretty cool that this license allows you to make up to $1mm revenue, at which point you can pivot and rebuild the stack. This is going to be a game changer for anybody who wants to MVP an app similar to Gumroad. MIT would be ideal, but I prefer this to GPL's force release model.
Gumroad's journey has been interesting:
https://sahillavingia.com/reflecting -> Billion dollar journey with VC backing to Kleiner selling back their stake to Gumroad for $1, which enabled Sahil to steer the company in a different direction.
Can't help but notice he's basically knowingly "donating" the code to multi-billion corporations to train their LLMs on (while in general those same corporations source their training data in ethically questionable ways), while mere mortal human individuals and small businesses are bound by a non-free license. An interesting decision to say the least.
Sahil anticipates AI will significantly commoditize software. Especially following DeepSeek's impact. He has promoted Devin via twitter and likely aims to position Gumroad as the leading creator-focused alternative to traditional Open Source e-commerce platforms.
I looked for a blog post announcing this, and couldn't find it. But Antiwork's Github profile mentions:
> Antiwork emerged from Gumroad's mission to automate repetitive tasks. In 2025, we're taking a bold step by open-sourcing our entire suite of tools that helped run and scale Gumroad. We believe in making powerful automation accessible to everyone.
That's pretty wild! I've always loved Gumroad's simplicity for creators and buyers. Now I guess people will have a pretty compelling option when searching "Gumroad open source alternative"
Most of the VC open-source projects use open-source as a lead magnet/marketing tactic only, with no intention or desire of wanting people to actually use the software.
There is a distinction between those companies who actually license their stuff under FOSS licenses, but use it to get more marketing/contributors/whatever, and what companies like Meta are doing today, which is calling something "open source" in their marketing material, but if you read the terms and conditions, they call it "proprietary" instead and comes with lots of restrictions that aren't compatible with FOSS.
One is a marketing tactic, the other one is outright misleading.
The licensor grants you a copyright license for the software to do everything you might do with the software that would otherwise infringe the licensor's copyright, but only as long as you meet all the conditions below.
Am I going insane, or is there a reading of this that seems to imply you can use the software, to infringe on ANY work Gumroad has created? "...grants you a copyright license for the software" seems to imply it's talking about this software license only, but the second part mentions "licensor's copyright" which seems to not be defined, nor bounded. There's no mention of a copyright *for the software*... just the copyright license to use the software that allows you to infringe all copyrights from Gumroad.
I think they probably meant
The licensor grants you a copyright license for the software to do everything you might do with the software that would otherwise infringe the licensor's copyright [to the software], but only as long as you meet all the conditions below.
I wonder if you can just reuse text or images from their corporate website as long as you personally make less than 1M$ a year, use their software and don't infringe their trademarks.
I think this reaction is misdirected. Yes, the license is restrictive, but Gumroad doesn't seem to be claiming themselves that the code is open source. I think OP made a mistake out of ignorance and said that it was open source.
I don’t get the point on going open source aside from a tiny boost in marketing. What is the objective and proposition here? Considering as others have said is not really open source. If I were the founder I would not do that. It’s like if Airbnb went open source or something
I haven't followed Gumroad much, but I remember them being very pro freedom and having some interesting hiring practices. IIRC they were all being paid equally (based on position and hours of work) and had no meetings. Now I see a Code of Conduct.
-----
"These DOGE operatives appear to have no work experience that’s remotely close to the VA in terms of its scale or complexity. The VA administers all the government benefits afforded to veterans and their families for roughly 10 million people, including education, loans, disability payments, and health care. Lavingia is the CEO of Gumroad, a platform that helps creatives sell their work and takes a cut of each sale. More recently, according to his blog, Lavingia launched Flexile, a tool to manage and pay contractors. According to his LinkedIn profile, Lavingia was the second employee at Pinterest, which he left in 2011 to found Gumroad. Lavingia is also an angel investor in other startups via SHL Capital, which backed Clubhouse and Lambda School, among others."
The license is actually pretty restrictive: you can only use this if you own a small company or work for government / non-profit.
Most average human's (including myself) can't use the source code in any way:
> You may use the software under this license only if (1) your company has less than 1 million USD (2024) total revenue in the prior tax year, and less than 10 million USD (2024) GMV (Gross Merchandise Value), or (2) you are a non-profit organization or government entity.
The way it's been phrased, it seems like if you want to use the code to run a small webshop for some goods, you can use it, but if you're actively trying to run a resale platform, that's when you get in trouble.
I don't think not being open source is that big of a deal in this situation, they aren't the only player in this space anyway. (Woocommerce to my knowledge still dominates the "small business webshop" market and probably always will for as long as the typical shared webhost webstack is still an AMP stack.)
It's risky if you have any chance of ever crossing $1M in company revenue because the license will terminate as soon as you reach that and you'll have to rewrite everything.
> The licensor grants you a copyright license for the software to do everything you might do with the software that would otherwise infringe the licensor's copyright, but only as long as you meet all the conditions below.
> You may use the software under this license only if (1) your company has less than 1 million USD (2024) total revenue in the prior tax year, and less than 10 million USD (2024) GMV (Gross Merchandise Value), or (2) you are a non-profit organization or government entity.
To be fair, getting a platform for free that can potentially bring you to $1M is a very good deal, I'm quite sure you ll figure out a strategy before you get to $1M, and perhaps even get a good deal on the license from them. However I do think they should've been more upfront about the licensing.
1M revenue isn't that high a bar to clear in retail, just takes one popular/meme product. After all the COGS/fixed costs are tallied up, that could leave you with significantly less with which to contemplate custom development or platform changes.
You are not required to rewrite everything if you exceed $1million in annual revenue. You are required to get a commercial license from them, which costs money.
That's not the same thing. And quite frankly, if you're making over $1 million in annual revenue you should be able to afford the license fee for the most important part of your company.
There's no guarantee that a commercial license will be available at a reasonable fee, or available at all. You'll have nothing to negotiate with because the alternative is to rewrite or shut down immediately.
It's your FX-converted revenue, meaning, whatever currency you use converted to USD. The license doesn't bother to state this because they assume basic common sense on the part of the licensee.
If that's not enough, they have the backing of several decades of industry practice[1] and several centuries of law.
[1] For example, take a look at the Steam and Epic creator agreements, which also use USD for financial thresholds even though their stores operate in dozens of countries and accept dozens of currencies.
So true. A very misleading title. This license is far away of any approved OSI or FSF Foss license.
Gumroad is a great service, the value is imho not in the software. But in the execution of it’s mission and the very simple way to lower the bar to sell digital goods without upfront costs.
The Readme goes right to how to install it, and other than the logo saying "sell your stuff, see what sticks" there is 0 information about what it does. Sure I can Google, but I think it should be right there, at the top of the Readme.
god we are so spoiled. this is a successful, pretty well known commercial project. it's now source available. you have plenty of resources to get context in 2 minutes. lets appreciate the big stuff, have some agency for the rest.
usually if the project comes with a big lengthy beautiful readme thats actually a contra indicator that the thing is a production repo
Is it really "spoiled" to say it'd be convenient for maybe a one-liner at the top of the file that's supposed to explain stuff about the project?
>you have plenty of resources to get context in 2 minutes.
I always laugh a little bit at this line of thinking. Whoever wrote the readme can spend 2 minutes to write a line or two about the project, or the potentially thousands of people who want information about the project can spend 2 minutes to look it up. It makes a lot more sense to spend 2 minutes vs. 2000 minutes.
In the end, for me, it's not a big deal to spend the 2 minutes. But sometimes I like to think a little bit bigger than just myself.
pretty much sums up the contents of the repo. If someone can't be bothered to check out gumroad.com there's no amount of documentation that will help them.
gumroad.com does not say what it does. It's a list of products being sold. You have to navigate to the About page, then scroll about 1/4 of the way until you can get an idea of what it is.
Is it hard? No, of course not. It's like a minute or two. But it's a minute or two for lots of people vs. a minute or two for one person, once.
But yeah, I totally get it, why would I waste 2 minutes of my time when I can have a bunch of other people waste 2 minutes of their time instead.
I was also wondering what this was about. Should I care and why?
It's not only that I don't want to, but literally can't use extra 2 minutes for _every_ link I open while browsing news sites. And that attention span window is only getting shorter.
It's definitely not the first or last time for github repo not using the best real estate they have in "selling" their product.
> but literally can't use extra 2 minutes for _every_ link I open while browsing news sites
The expectation to open every link may be the real issue. If the title and Readme don't speak to you, just let it be. You will always miss out on most things on the Internet.
“I can’t afford to spend 2 extra minutes for every link I open on news sites” does not mean “I expect to open every link that exists on the news sites I visit”.
I had no idea, and I've been a "Rails guy" for 15 years, and keenly interested in high-profile successful Ruby projects for a long time. Even clicking through to their actual site from the source repo page, I had to surmise what it was.
I don't think they do intend that. I think they intend to get free contributions from keen people who think erroneously they're contributing to a public good.
I wouldn't really call it a traditional online shop, more like a file shop. They don't sell anything physical, only digital. If you've created a file on your computer that other people want, you can sell it on Gumroad. Depending on what you're trying to sell, there might be a better platform for the purpose (like Bandcamp for music), but Gumroad is the only one I'm aware of that's intentionally generic to fit many purposes (even if imperfectly).
They also don't do shit like putting DRM on ebooks and you can set the minimum price to zero to turn it into a tipping platform (free download, but with an optional payment).
It's only a copyright issue if I know what the original source code looks like. If I don't know what it looks like, and my autocomplete writes it, how could I possibly know it's stolen?
I think the line b/w derivative work and new work might be different.
I mean if llms are trained on it ... and a lot of other things and then LLM can output the source code from a input ... then wouldn't it be open source / public domain
I don't think that's true. When chatgpt generates something that infringes (even on something not in the training data) it is still infringement and the output cannot be used by the user for anything they couldn't use the original for.
But that's the point he tries to make. When you "teach" LLM with some knowledge, you teach it a set of patterns. It won't necessarily drop the code that infringes copyright. Say you load Gumroad code into Gemini Pro context and say something like: "Check this app. Analyze the implementation of feature XY... I need you to help me implement feature XY... but in Go". Then, you can recreate an entire platform that will look nothing like the original but will have the same features and open source it.
payments:
tax stuff: for iOS app (?): AI stuff: other: