I'm really glad that they've made a conscious effort to be transparent in the fact that this is not open source. That said, I'm less sure how I feel about the movement as a whole. I admire the desire to make source code transparently available, and let people use it for free, but I think strict open source is the best net good for the world we live in. I can run apps on Linux in any cloud I want to because every cloud is free to run it. And so I benefit from getting to choose among competitors (including self hosting) where that doesn't exist in a world where competition is forbidden.
It's also ironic to me that this software is being built on top of git, and thus is a business model entirely dependent upon FOSS, while wanting to differentiate and build a business on top of it with a moat but still sharing the code in a way that protects them. It just seems like an uncomfortable position straddling the fence between two paradigms.
Maybe I'm privileged in the fact that I've always lived comfortably enough in my career to feel like I can write and release OSS under the most permissive terms (whether it's used or not). But that feels like the best way to give back to the movement that effectively led me into this career for free, and lets me pick from offerings that are forced to differentiate on price or other features rather than whether they can license the software.
If I'm using an open source product, I'm generally very happy to spend long hours debugging edge cases, writing detailed bug reports, pushing fixes, suggesting and adding enhancements and generally being involved in the community, knowing that I'm doing my share and improving the experience for everyone.
Nowadays it is increasingly likely that my effort is eventually going to be relicensed and repackaged into non-free software without my consent, and no one (not even me myself) will be allowed to continue to benefit from my work.
IMO the issue really lies with the VC funding model. Every single one of these projects that has done a license bait and switch has taken outside funding, and these investors want to see an exponential return, which simply cannot be attained by keeping the software free. Stewardship by a reputed open source foundation is the only possible future for such projects if they want to actually stay open and do right by their community.
> Nowadays it is increasingly likely that my effort is eventually going to be relicensed and repackaged into non-free software without my consent, and no one (not even me myself) will be allowed to continue to benefit from my work.
I disagree with the conclusion you have drawn here. In the scenario you describe, you (and everyone else) can continue to benefit from your work. The original project is still there, it's still just as useful and open as the day you made your contribution. How then is anyone prevented from continuing to benefit?
> these investors want to see an exponential return
Don't think this is the reason, at least for Sentry. They've been in business for more than a decade.
The bigger reason is that it would take AWS 2 weeks to offer a version of their product. It would be API compatible because it would be exactly the same code. AWS would offer an introductory price of $0 for the first year. Not all Sentry customers would switch, but many would. Sentry would continue to develop their product, while AWS maintained a skeleton crew to deploy their changes and make most of the money off it.
While it may be easier to assume the worst of people, ascribing all kinds of intentions to them, just listen to them. They say "we don't want AWS to deploy our product and take all our customers". They say it because it's what they're really worried about.
Open core is a tried and true business model. It’s essentially just freemium, which businesses have done forever. If a healthy proprietary product can be built on the open source base, that’s a win-win. The company gets revenue and a sustainable business; the community gets free open source software with a highly motivated steward. There’s no reason to relicense if it works.
Things can go wrong in various ways of course, and drawing the line in the right place is a challenge, but that doesn’t mean that every VC-backed open core product is doomed to relicense. There are many examples of it working out well for both the company and community.
> Nowadays it is increasingly likely that my effort is eventually going to be relicensed and repackaged into non-free software without my consent, and no one (not even me myself) will be allowed to continue to benefit from my work.
The curious thing (and developers have the right) is that permissive licenses, like MIT, are growing every year while copyleft licenses like the GPL are decreasing in popularity. According to a loose Statista graph, ~41% of OSS projects used permissive licenses in 2012. By 2021, it was ~78%.
Personally, if I was making a solo OSS project, I completely get it. If Google wants to use it, even if they never gave back, I would be honored and quite possibly get a job from that. Using GPL just means my software will only be useful to GPL-loving compatriots, which is to say, almost nowhere outside the Linux communities. It's also not fair when my company (like most companies) benefitted immensely from various bits of MIT/Apache licensed software, so to give back to the community as a whole with the GPL feels unfair.
> but I think strict open source is the best net good for the world we live in.
Hard disagree. I think, importantly, that it is case-dependent.
I don't think it's "the best net good" that essentially the only companies that are able to make a profit from certain types of open-source products are Google, Amazon and Microsoft. It took quite a long time to determine if it would be possible for companies to build business models off open source, and so now that (again, for certain types of software) those business models basically evaporated due to the hyperscalers, I love this "fair source" movement.
Like you said, I think it's great that they are not trying to confuse this with open source. I think each has its place, and I think it's good that they sound like they're not trying to "compete" with open source, they're just trying to build a model where companies can be permissive with their source code but not have all their profits sucked up by giant tech companies.
> It's also ironic to me that this software is being built on top of git, and thus is a business model entirely dependent upon FOSS, while wanting to differentiate and build a business on top of it with a moat but still sharing the code in a way that protects them
To be fair (no pun intended), they could build it on top of two-year-old Git just the same. I rather fear that two years of DOSP are too short to be attractive for many companies that might otherwise adopt that license model.
When we really think about it, what's the real fear behind 2-year vs 4-year DOSP? Is it that users will choose the 2-year OSS version over the latest version, or that it encourages more viable competition? The former sounds like a value problem, and the latter sounds like an adoption problem, and those share a root problem.
The BUSL with a 4-year delay has shown to work, so why wouldn't the FSL with a 2-year delay also work? I personally feel like 2 years is a good enough head start i.r.t. competition, while providing users with more viable options to recover a lost or sunken ship.
This will probably be the biggest weakness with the FSL.
Some companies will say, "it's FSL 1.1, but three years." Or, "it's FSL 1.1, but four years." Or, "it's FSL 1.1, but only if we go bankrupt." And on and on.
Considering GitHub created their own implementation of git to dance around the gray areas of the GPL, it doesn't really come as a surprise that the new product from the same people are also shying away from copyleft or permissible licensing.
Obviously that's likely a pretty uncharitable interpretation of something a lot more nuanced, but it's really frustrating to watch companies increasingly benefit from GPL'd software while simultaneously taking their ball and going home when it's convenient.
Many business models are entirely dependent on FOSS. It's not really an argument either way. If it weren't for those businesses, a lot of FOSS work would not happen...
> I admire the desire to make source code transparently available, and let people use it for free, but I think strict open source is the best net good for the world we live in.
Genuinely open source is also a better defense against lawsuits.
If the code is open source, some big company can sue, but the end users have rights as well as the code copyright holder. They're going to have to prove what code is being used and someone is likely to write code around the issue immediately. Sure, lots of people could get sued, but it's either not going to be worth it or someone with a big wallet is going to get involved which puts an immediate stop to things.
If the code isn't completely open source, then a lawsuit from a big company to a small one demanding a pulldown has a LOT more force since end users have no rights in that case at all (see what happened to Our Machinery).
> I think strict open source is the best net good for the world we live in.
I agree BUT we've also seen through decades that this model is not working. While there are plenty of notable exceptions, it is difficult to make a living developing code transparently and making it available to the public. We've seen that large companies will build around these tools and pressure developers but not return compensation. We've seen that many of these projects become integral in our infrastructure (though often hidden several layers deep). We've seen that code quality is degraded as things are rushed and the reality is only a few people work on these projects. We've simply learned that we can't really rely on donations and corporations will find it difficult to justify funding even if they highly depend on it (even when it is in their best interest). Because charity is "charity".
The real best thing would be to ensure we have an economy where we compensate people for work that others find beneficial. As in, work is work. If you're developing tools that others are using and monetarily benefiting from, you should be compensated for that work. The world I want to see is where you can make a living as a full time open source dev. And not just for gigantic projects that are easily recognizable as critical, but anything that is critical. Anything that is useful.
I really want to live in that OSS world, but I think we should also have a serious conversation about the issues we face. That we need to question if the incentives align like we think they align. And consider time, as they might have in the past but no longer do. I'll ask a proxy question: Could you research and invent a (Star Trek style) replicator in this environment? Replace with some other device if you will, but such a thing like this would upend many businesses and likely the cannibalize itself. But such a tool would fundamentally change peoples lives for the better, making post scarcity not only possible, but trivial (there are other easier ways to get post scarcity). Fwiw, when I ask the economists[0] they give a two letter answer.
It is undeniable that the way we've done things has been successful. But past performance is no guarantee of future performance. The burden of advancement is that you have to get more nuanced over time. Essentially, we can do well with a low order approximation, but that only goes so far. As you progress, you need to account for more and more higher order terms. So the question is if we've advanced enough where these matter.
[0] I only explain what the device does. Having the ability to assemble things from the atomic level. Like a 3d printer but for atoms. They are smart enough to figure out the rest and I do confirm this. (My partner is an economist, so I pester them about things like this and they do others in reverse. It's good fun)
This new "functional" license is interesting, in that it converts to MIT or Apache 2.0 automatically after 2 years.
I'm all for open source (and free!) software, however I hope these new licenses move more service-level businesses to follow suit and at least open up their source code in some way or another.
That's the first time I've heard about the fair source license. From what I understand it's slightly more restrictive than FOSS, but it aims to prevent hyperscalers from basically running your software in their cloud while you can't make a dime from it.
Is there anyone who can break down the advantage of something like this over a typical open source model? I read through the page and FAQ for fair source and still don't quite grasp the angle here other than making software less free for a temporary amount of time.
An increasingly common situation for open source projects is:
1. The FooLabs company creates the Foo open source software, which gets popular
2. FooLabs offers FooCloud, a paid, hosted, managed version of Foo for those who don't want to run Foo themselves.
3. AWS sees that Foo is popular and creates a competing paid, hosted, managed version of Foo (say, "AwsFoo").
4. FooLabs' hosted version doesn't really have much advantage over AWS and AWS has a huge base of existing customers, so it outcompetes FooLabs.
5. FooLabs perceives this as unfair. They did all the work creating + maintaining this software, but are unable to reap any rewards.
Different people have different opinions on #5, ranging from "Hell yeah, screw AWS!" to "What did you expect when you made this open source?"
As a result, there have been a wave of not-quite-open-source licenses aimed at preventing #3, often with a clause like "This license doesn't let you run a paid, hosted, managed version". GitButler's license is aimed at doing exactly that. People have been calling that "source available." Some people are trying to rebrand that as the cooler-sounding "Fair Source."
Some of these have caused huge community upsets because Foo is often popular because it's open source, and it feels like a bait-and-switch to suddenly yank that away once Foo reaches a certain point of growth. ElasticSearch is the biggest example that comes to mind: https://www.elastic.co/blog/licensing-change. GitButler, thankfully, is being much more up-front about it!
> 2. FooLabs offers FooCloud, a paid, hosted, managed version of Foo for those who don't want to run Foo themselves.
> 4. FooLabs' hosted version doesn't really have much advantage over AWS and AWS has a huge base of existing customers, so it outcompetes FooLabs.
FooCloud is often run with what is perceived as excessive costs/margins, so 1. they get really poor uptake, and 2. it's really easy for AWS to undercut them.
I’m trying to find a clear distinction between “Source Available” and “Fair Source”. Sounds like there isn’t any common definition for source available other than that you are allowed to read the code.
You forgot 1.1 – FooLabs takes hundreds of millions of dollars in VC funding and these VCs want to see a 10x return on their investment, which is incompatible with keeping the software free and open source.
The main benefit is you get a rolling two years where no one else can use your code to compete with you. It’s a lot like a patent which gives you a window of time where you have an exclusive right to benefit from your creation.
Fair Source licenses place restrictions on how code can be used (for a "limited" time) in order to prevent others from using the code to compete with the corporate sponsors of the Fair Source code.
It isn't clear what restrictions will be allowed and still qualify as a "Fair Source" license. The first Fair Source license is the Functional Source License, which converts to Open Source after 2 years. It places restrictions on using the code to offer any commercial product or service that competes with the corporate sponsor.
If you choose to adopt such software, you will be unable to switch vendors for hosting, technical support or assistance, or any other service which the corporate sponsor offers in any way. The corporate sponsor can raise rates, offer terrible service, or otherwise do a bad job of supporting your business and the only alternative you will have is to adopt a different product (with all of the integration and development efforts that takes) or to self host and self support the product. You will be unable to engage a new vendor, at least for two years from the release of the version you are reliant on.
Also, if you contribute to a Fair Source product you will likely be forced to sign a CLA that grants rights to the corporate sponsor ponsor that go beyond the rights that you recieve under the license.
As you can see, I feel that Open Source is a much better model that better protects users, contributors, and community members of software.
All of the points you raise would be too if the project were simply a proprietary product, too. We're not worse off for having to deal with them for two years instead of forever.
> As you can see, I feel that Open Source is a much better model that better protects users, contributors, and community members of software.
Assuming that said vendor was even going to open-source in the first place. I would take Windows, Affinity, macOS, Adobe, literally any major software project under the FSL any day. Realistically, the companies that FSL appeals to, were never going to consider open-sourcing to begin with.
Simple - the standard open source business model sucks. Nobody donates, you’re in competition with the lowest common denominator when offering hosting services, and you might get ElasticSearched.
The entire purpose of Fair Source is to allow companies to open up the code when they would have never considered it an option otherwise. It’s a more open license for companies that would’ve otherwise been proprietary without apology.
Having grappled with this dillemma myself as a founder, interested to see this FS model gain traction towards a middle ground. Knowledge is shared not closed off. And the company that is keeping the tech progressing can stay competitive.
If the intent is to ban any commercial use (without acquiring a separate license), it’s dishonest not to say so outright instead of hiding behind legalese.
I fear that clearly defining what does it mean to compete in the context of this license is going to be a bitch.
Was it Unity recently that they had to do this ridiculous back-and-forth, issuing multiple statements to clarify whether this or that edge case is a violation or not? Or was it Redis? I don’t remember which product it was, but the turmoil I remember quite well.
Does anyone know why companies don’t release under AGPL for everyone and then under a proprietary commercial license to themselves? Essentially dual-license it.
AGPL would dissuade Google and AWS from using it, and the commercial license would allow the licensee (themselves) to commercialize it?
I thought so too and argued it in another thread a while ago. Others commented that apparently AGPL wasn't working to dissuade cloud providers enough for MongoDB and that is why they switched away from the model you described to a source available model.
One big reason we don't use AGPL at Sentry is that we want companies to be able to self-host individually (just not start a competing SaaS), and many have a blanket ban on AGPL.
I expect we will soon start to see blanket bans on fair use licenses also. At least the functional software license referenced here. There is just too much great area and potential legal risk.
Readit News
It's also ironic to me that this software is being built on top of git, and thus is a business model entirely dependent upon FOSS, while wanting to differentiate and build a business on top of it with a moat but still sharing the code in a way that protects them. It just seems like an uncomfortable position straddling the fence between two paradigms.
Maybe I'm privileged in the fact that I've always lived comfortably enough in my career to feel like I can write and release OSS under the most permissive terms (whether it's used or not). But that feels like the best way to give back to the movement that effectively led me into this career for free, and lets me pick from offerings that are forced to differentiate on price or other features rather than whether they can license the software.
If I'm using an open source product, I'm generally very happy to spend long hours debugging edge cases, writing detailed bug reports, pushing fixes, suggesting and adding enhancements and generally being involved in the community, knowing that I'm doing my share and improving the experience for everyone.
Nowadays it is increasingly likely that my effort is eventually going to be relicensed and repackaged into non-free software without my consent, and no one (not even me myself) will be allowed to continue to benefit from my work.
IMO the issue really lies with the VC funding model. Every single one of these projects that has done a license bait and switch has taken outside funding, and these investors want to see an exponential return, which simply cannot be attained by keeping the software free. Stewardship by a reputed open source foundation is the only possible future for such projects if they want to actually stay open and do right by their community.
I disagree with the conclusion you have drawn here. In the scenario you describe, you (and everyone else) can continue to benefit from your work. The original project is still there, it's still just as useful and open as the day you made your contribution. How then is anyone prevented from continuing to benefit?
Don't think this is the reason, at least for Sentry. They've been in business for more than a decade.
The bigger reason is that it would take AWS 2 weeks to offer a version of their product. It would be API compatible because it would be exactly the same code. AWS would offer an introductory price of $0 for the first year. Not all Sentry customers would switch, but many would. Sentry would continue to develop their product, while AWS maintained a skeleton crew to deploy their changes and make most of the money off it.
While it may be easier to assume the worst of people, ascribing all kinds of intentions to them, just listen to them. They say "we don't want AWS to deploy our product and take all our customers". They say it because it's what they're really worried about.
Things can go wrong in various ways of course, and drawing the line in the right place is a challenge, but that doesn’t mean that every VC-backed open core product is doomed to relicense. There are many examples of it working out well for both the company and community.
The curious thing (and developers have the right) is that permissive licenses, like MIT, are growing every year while copyleft licenses like the GPL are decreasing in popularity. According to a loose Statista graph, ~41% of OSS projects used permissive licenses in 2012. By 2021, it was ~78%.
The Register has also noted this phenomenon. Copyleft is completely out of fashion. https://www.theregister.com/2020/01/17/mit_apache_versus_gpl...
Personally, if I was making a solo OSS project, I completely get it. If Google wants to use it, even if they never gave back, I would be honored and quite possibly get a job from that. Using GPL just means my software will only be useful to GPL-loving compatriots, which is to say, almost nowhere outside the Linux communities. It's also not fair when my company (like most companies) benefitted immensely from various bits of MIT/Apache licensed software, so to give back to the community as a whole with the GPL feels unfair.
Hard disagree. I think, importantly, that it is case-dependent.
I don't think it's "the best net good" that essentially the only companies that are able to make a profit from certain types of open-source products are Google, Amazon and Microsoft. It took quite a long time to determine if it would be possible for companies to build business models off open source, and so now that (again, for certain types of software) those business models basically evaporated due to the hyperscalers, I love this "fair source" movement.
Like you said, I think it's great that they are not trying to confuse this with open source. I think each has its place, and I think it's good that they sound like they're not trying to "compete" with open source, they're just trying to build a model where companies can be permissive with their source code but not have all their profits sucked up by giant tech companies.
To be fair (no pun intended), they could build it on top of two-year-old Git just the same. I rather fear that two years of DOSP are too short to be attractive for many companies that might otherwise adopt that license model.
The BUSL with a 4-year delay has shown to work, so why wouldn't the FSL with a 2-year delay also work? I personally feel like 2 years is a good enough head start i.r.t. competition, while providing users with more viable options to recover a lost or sunken ship.
Some companies will say, "it's FSL 1.1, but three years." Or, "it's FSL 1.1, but four years." Or, "it's FSL 1.1, but only if we go bankrupt." And on and on.
RMS gets a lot of flack, but he's pretty good about defining terms like this precisely.
Free software has no restrictions on USE, the restrictions are on redistribution.
Open source is ambiguous can mean all the way from "you can see the source" to being public domain.
Fair source is not free software. They are restricting how it is used.
Obviously that's likely a pretty uncharitable interpretation of something a lot more nuanced, but it's really frustrating to watch companies increasingly benefit from GPL'd software while simultaneously taking their ball and going home when it's convenient.
Genuinely open source is also a better defense against lawsuits.
If the code is open source, some big company can sue, but the end users have rights as well as the code copyright holder. They're going to have to prove what code is being used and someone is likely to write code around the issue immediately. Sure, lots of people could get sued, but it's either not going to be worth it or someone with a big wallet is going to get involved which puts an immediate stop to things.
If the code isn't completely open source, then a lawsuit from a big company to a small one demanding a pulldown has a LOT more force since end users have no rights in that case at all (see what happened to Our Machinery).
The real best thing would be to ensure we have an economy where we compensate people for work that others find beneficial. As in, work is work. If you're developing tools that others are using and monetarily benefiting from, you should be compensated for that work. The world I want to see is where you can make a living as a full time open source dev. And not just for gigantic projects that are easily recognizable as critical, but anything that is critical. Anything that is useful.
I really want to live in that OSS world, but I think we should also have a serious conversation about the issues we face. That we need to question if the incentives align like we think they align. And consider time, as they might have in the past but no longer do. I'll ask a proxy question: Could you research and invent a (Star Trek style) replicator in this environment? Replace with some other device if you will, but such a thing like this would upend many businesses and likely the cannibalize itself. But such a tool would fundamentally change peoples lives for the better, making post scarcity not only possible, but trivial (there are other easier ways to get post scarcity). Fwiw, when I ask the economists[0] they give a two letter answer.
It is undeniable that the way we've done things has been successful. But past performance is no guarantee of future performance. The burden of advancement is that you have to get more nuanced over time. Essentially, we can do well with a low order approximation, but that only goes so far. As you progress, you need to account for more and more higher order terms. So the question is if we've advanced enough where these matter.
[0] I only explain what the device does. Having the ability to assemble things from the atomic level. Like a 3d printer but for atoms. They are smart enough to figure out the rest and I do confirm this. (My partner is an economist, so I pester them about things like this and they do others in reverse. It's good fun)
This new "functional" license is interesting, in that it converts to MIT or Apache 2.0 automatically after 2 years.
I'm all for open source (and free!) software, however I hope these new licenses move more service-level businesses to follow suit and at least open up their source code in some way or another.
https://blog.sentry.io/sentry-is-now-fair-source/
1. The FooLabs company creates the Foo open source software, which gets popular
2. FooLabs offers FooCloud, a paid, hosted, managed version of Foo for those who don't want to run Foo themselves.
3. AWS sees that Foo is popular and creates a competing paid, hosted, managed version of Foo (say, "AwsFoo").
4. FooLabs' hosted version doesn't really have much advantage over AWS and AWS has a huge base of existing customers, so it outcompetes FooLabs.
5. FooLabs perceives this as unfair. They did all the work creating + maintaining this software, but are unable to reap any rewards.
Different people have different opinions on #5, ranging from "Hell yeah, screw AWS!" to "What did you expect when you made this open source?"
As a result, there have been a wave of not-quite-open-source licenses aimed at preventing #3, often with a clause like "This license doesn't let you run a paid, hosted, managed version". GitButler's license is aimed at doing exactly that. People have been calling that "source available." Some people are trying to rebrand that as the cooler-sounding "Fair Source."
Some of these have caused huge community upsets because Foo is often popular because it's open source, and it feels like a bait-and-switch to suddenly yank that away once Foo reaches a certain point of growth. ElasticSearch is the biggest example that comes to mind: https://www.elastic.co/blog/licensing-change. GitButler, thankfully, is being much more up-front about it!
> 2. FooLabs offers FooCloud, a paid, hosted, managed version of Foo for those who don't want to run Foo themselves.
> 4. FooLabs' hosted version doesn't really have much advantage over AWS and AWS has a huge base of existing customers, so it outcompetes FooLabs.
FooCloud is often run with what is perceived as excessive costs/margins, so 1. they get really poor uptake, and 2. it's really easy for AWS to undercut them.
It isn't clear what restrictions will be allowed and still qualify as a "Fair Source" license. The first Fair Source license is the Functional Source License, which converts to Open Source after 2 years. It places restrictions on using the code to offer any commercial product or service that competes with the corporate sponsor.
If you choose to adopt such software, you will be unable to switch vendors for hosting, technical support or assistance, or any other service which the corporate sponsor offers in any way. The corporate sponsor can raise rates, offer terrible service, or otherwise do a bad job of supporting your business and the only alternative you will have is to adopt a different product (with all of the integration and development efforts that takes) or to self host and self support the product. You will be unable to engage a new vendor, at least for two years from the release of the version you are reliant on.
Also, if you contribute to a Fair Source product you will likely be forced to sign a CLA that grants rights to the corporate sponsor ponsor that go beyond the rights that you recieve under the license.
As you can see, I feel that Open Source is a much better model that better protects users, contributors, and community members of software.
We called that out on the website though:
Fair Source Software (FSS):
* is publicly available to read;
* allows use, modification, and redistribution with minimal restrictions to protect the producer’s business model; and
* undergoes delayed Open Source publication (DOSP).
The delayed open source publication part is explicit.
Assuming that said vendor was even going to open-source in the first place. I would take Windows, Affinity, macOS, Adobe, literally any major software project under the FSL any day. Realistically, the companies that FSL appeals to, were never going to consider open-sourcing to begin with.
The entire purpose of Fair Source is to allow companies to open up the code when they would have never considered it an option otherwise. It’s a more open license for companies that would’ve otherwise been proprietary without apology.
Was it Unity recently that they had to do this ridiculous back-and-forth, issuing multiple statements to clarify whether this or that edge case is a violation or not? Or was it Redis? I don’t remember which product it was, but the turmoil I remember quite well.
AGPL would dissuade Google and AWS from using it, and the commercial license would allow the licensee (themselves) to commercialize it?
Another possibility is to make it available under several licenses: AGPL + free but restricted licence.
Sounds like their own self-created problem.