[mitchellh]

Yep!

To be more specific, Open Source only promises the four fundamental freedoms (https://en.wikipedia.org/wiki/The_Free_Software_Definition).

It promises literally NOTHING else, including zero cost. Free and open source software can and should cost money! (The "free" in "free and open source" is not about money, people!)

I'm actually very enthusiastic about these OSS "supply chain" attacks that have been happening in various communities. Because optimistically I hope it'll help people realize that OSS _is not a supply chain_ (more details here: https://lobste.rs/s/cxwidw/no_one_owes_you_supply_chain_secu...). Unless you're paying your vendor AND/OR have a contract in place with them with certain guarantees, you do not have a supply chain.

One term thats in almost every FOSS license is "this software is provided with no warranty." A supply chain implies a warranty. Therefore, FOSS is not a supply chain.

[_ZeD_]

>>> To be more specific, Open Source only promises the four fundamental freedoms (https://en.wikipedia.org/wiki/The_Free_Software_Definition).

no, that is FSF's free software.

I'm sick of coming here and see "open source" as something with "moral values" - stealing it from the free software with "the magic" of conflating the two concepts.

Open source is just big software companies stealing from innumerable volunteers

[grahamlee]

If you look at the Open Source Definition, you see the four freedoms: https://opensource.org/osd

That’s unsurprising because the OSD is based on the Debian social contract, and Debian is a GNU distribution.

[cassianoleal]

I'd invite you to read It's Time to Talk About Free Software Again [0] by one of the authors of both the DFSG and co-founder of the OSI.

[0] https://lists.debian.org/debian-devel/1999/02/msg01641.html

[engeljohnb]

> Open source is just big software companies stealing from innumerable volunteers

Whether you think this is true or not, MIT and BSD licenses still guarantee the four freedoms.

[em-bee]

only if you already have the source, the GPL also guarantees that you can get the source even if you don't have it.

[engeljohnb]

I guess that's a pretty good point I never thought about. I've never come across software released under a permissive license that didn't either come with the source code, or host it somewhere convenient like github.

[SAI_Peregrinus]

Haven't you? There's quite a bit of closed-source software based on permissively-licensed code. You can get the upstream source for the permissively-licensed code, but not the modifications made to it. Windows (used to) use some BSD-licensed code for a few network utilities like nslookup.

[engeljohnb]

I guess I considered that completely separate from open source. For instance, I've heard that MacOS is "based on BSD," but since MacOS itself is obviously not open source, it's not an example of open source software that doesn't provide the Four Freedoms.

[iamnothere]

Real world examples would often be embedded devices powered by open source that don’t distribute any code, preventing users from maintaining or modifying the devices.

Of course, vendors will often do this with GPLed code too, and lawsuits are relatively few and far between. (Many thanks to SFC/SFLC for putting scarce resources towards this when possible.)

Because of this, although I appreciate the open-endedness of the MIT/BSD licenses for end user software, I do prefer the GPL for anything that may become infrastructure.