[KronisLV]

> But with Open WebUI’s rapid growth and success, we started seeing a pattern we couldn’t ignore: bad actors taking our work, stripping the branding, selling it as their own, and giving nothing back.

I recently wrote a blog post on software licensing and this more or less feels like the reasoning behind some of the source available licenses like SSPL or the Elastic License.

What sometimes ends up happening is that forks are created (see Redis and Elasticsearch for examples) due to the community being quite upset and that can make it worse for the original project that was trying to protect itself from typically hyperscalers but sometimes just actors that aren’t aligned with the project's goals (that give nothing back and profit themselves).

If you never intend to make money from a project, license it permissively, like MIT or BSD or Apache 2.0 or similar licenses.

If you'd like to make money from the project at some point, consider dual licensing: AGPL or even something like SSPL, alongside commercial licenses for people with different requirements (commercial, proprietary software etc.), maybe with waivers for stuff like companies smaller than X employees or Y global revenue per year.

[pabs3]

https://blog.kronis.dev/blog/software-licenses-and-hyperscal...

[pabs3]

I note that the GPL does not require publishing the source code, only distributing it to users of the binary code.

[Disposal8433]

You're right, but it's equivalent to publishing because all users can have the source code AND can then distribute it freely once at least one user has it.

[pabs3]

There are some potential scenarios where they aren't necessarily equivalent:

Your users don't know what source code is.

Your users don't bother to look at what they downloaded to find the code therein.

Your users aren't developers and they don't know any devs, so having the source isn't useful to them, so even if they see the code they won't redistribute.

Your users find the code a competitive advantage and don't want to spread that around. Its also too expensive for most organisations to obtain the code too.

You deliver binary and source, but then disincentivise redistribution by cutting off access to something else, like updates. This is what grsecurity and RedHat do. There was one leak of grsec, but that quickly became obsolete.

[KronisLV]

Thanks for the note! To be honest, I didn’t link/submit the post myself, because it’s far too casual and like a stream of consciousness for the most part.

That said, aside from helping with writer’s block, I guess the distilled conclusions are more or less the ones in my comment above: permissive licenses for non-commercial stuff, dual licensing if you intend to make money.