I know I am tooting Sentry's own horn a bit here, and since I was involved it is close to my heart. We struggled at one point with how to build a large company on top of an open source project, and we never liked the idea of simply carving out parts of the codebase and marking them as closed source (open core). At the same time, there was always the latent risk that even if you put 95% of the energy into the product, you were still not fully in control and someone else exploits the economic value without investing.
Our way of dealing with this was delayed open source publication. That led to the FSL [1], and later to bootstrapping the Fair Source initiative [2] to establish an umbrella term that does not conflict with Open Source. What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
I actually still find that surprising. I would like to know whether this is a legitimate concern that two years is not enough, or mostly a perceived one. To me, moving to an Apache 2 or MIT license after a relatively short period is a much stronger statement than a license that risks the project effectively ending if the commercial entity is unwilling to relicense it more openly at the end of its life such as the O'saasy license.
Isn’t the “solution” for Sentry that deploying it is such a pain in the ass that no one bothers to really do this? I haven’t checked in years but that always seemed like the real competitive blocker?
If you need less scale/features go for glitchtip. If you’re not going for k8s, the self-hosted docker-compose version of sentry works fine including proper releases and support by the sentry team etc. Just experimental newly introduced features can be a bit wonky.
They are doing much more than just throwing code over the fence. Also phone home telemetry is optional and there’s a switch for just errors mode. IMHO this really builds trust.
With regards to deployment complexity: well it’s built for handling high volumes of events. I’d reckon this is more a consequence of scaling the project rather than a coordinated plan to push people to their cloud offering.
If you do go for k8s or choose to deploy the stack yourself, you even get access to the full scale solution. But if you’re at that scale, you probably have someone hanging around who knows how to run your clickhouse setup. You still get the full sentry software and SDKs for free in that case. I think this is as fair as it gets with regards to the open source SaaS model.
Agreed. It was easier for me to rebuild parts of it for my own use than to self-host it. At my scale, a single DB works well as a datastore instead of Clickhouse/etc.
But then again I think this only prevents small players from "competing" by self-hosting, so the revenue loss there would be minimal either way. Large enterprises are too incompetent to even self-host a single self-contained binary, so for those the availability of source code and ease of hosting would make no difference, they would still use the SaaS.
> Isn’t the “solution” for Sentry that deploying it is such a pain in the ass that no one bothers to really do this?
That Sentry is a pain to deploy is not really intentional, it just happened over the years. However because it's a pain to deploy it also opens up a market for people that create managed deployments so I would say, that if anything, it made it worse. For self deployed Sentry you do not need to pay cent, the license explicitly allows it.
I'm personally on the fence how much of it is intentional... from the_mitsuhiko's side it probably isn't, but "the purpose of a system is what it does" and all.
Don't believe the salesmen, self hosting Sentry has been the most liberating feeling in a long while. Buy a cheap dedicated server with 64 gigs of RAM from Hetzner, run their install script and it's literally up and running. I'm processing volumes that would bankrupt me on their managed service without breaking a sweat.
The end of life problem can be solved by source code escrow, with a clause putting the code under an open source license and published in case of the demise of the owning cpmpany.
With O'Sassy specifically, the end of life problem solves itself. If the original vendor stops offering the software, a third party offering the software is not competing with the original vendor. Thus, the third party can offer paid hosting for the software if the original vendor does not.
This is the entire point of Fair Source undergoing delayed Open Source publication -- to codify the forward-path into the license itself, without the need for external source code escrow services.
Why not just release the software after your set threshold of time versus opening it up with such a license? To get eyes on it before-hand?
Also how does this work with contributor contributions? Does the owning SaaS get the benefit of contributor work instantly while everyone else has to wait 2 years? What about the contributers themselves?
presumably because a) it still allows the source code to be available and used for the 'permitted purposes' (i.e. anything that's not directly competing), and b) it represents a concrete commitment to open up, not just a pinkie promise (even if they were to have a license or contract which promised it, it would not be as easy to rely on as actually having the source code published. Companies have reneged on such promises before).
And yeah, by my reading essentially people can contribute code or publish patches (with just a plain MIT license in principle), just the original and derivatives still can't be used for non-permitted purposes until the timer is up.
You may want to allow certain uses (self-hosting, etc) even before it transitions to a fully open-source license. Having access to the source code can also help SaaS users debug certain situations.
> you were still not fully in control and someone else exploits the economic value without investing
O'Sassy came up recently in one of the forums I lurk in [0], and as discussed there, I tend to agree with Adam Jacob (SystemInit) and others that FSL is definitely one way out but doesn't totally solve the commercialization aspect, because the code & all that IP is still readily available.
Adam, in this talk [1], argues that like RedHat (and unlike Canonical), Open Source businesses must learn to separate source license from distribution license and if they do so, the money is there to be made (in a b2b setting, at least).
> What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
... if the companies conflate Open Source and business models, rather it being merely a Go-To-Market (like open core).
Especially true for dev/infra upstarts competing with incumbents (PostHog v Amplitude; GitLab v GitHub [2]), and lately for AI labs (DeepSeek/Qwen/Llama v GPT/Gemini/Claude). In a role reversal, BigTech also uses Open Source to commodotize its competition's advantages (Android v iOS; k8s v Swarm; Firefox/Chrome v IE) [3].
It is not open source, it is not free. It’s a term tacked on to the MIT license.
It’s also vague as, what if I run a VPS provider and someone can upload images to a marketplace like thing, does that count as SaaS? How about if someone’s only use of my services is to run that image?
Steer clear unless you want to open yourself up to the copyright owners opinion changing. (See for example the pine email client and the copyright discussions there.)
> It’s also vague as, what if I run a VPS provider and someone can upload images to a marketplace like thing, does that count as SaaS? How about if someone’s only use of my services is to run that image?
This strikes me as somewhat contrived. Like yeah, if you're gonna do some weird button-pushing thing, it's not worth it, steer clear, keep this product off your platform, easy. Is a piece of software really only of value to the open source community if any kind of unscrupulous use of it is allowed?
There's a million ways to get value out of source code that don't involve pushing the envelope. I've accepted every EULA ever without reading and never once worried I would get in trouble with any of them, it's generally pretty easy if you're not trying to invent ways to do so.
> Is a piece of software really only of value to the open source community if any kind of unscrupulous use of it is allowed?
It's not even open source in the first place if any kind of unscrupulous use of it is disallowed, as that would be discriminating on use case. It ultimately doesn't matter much to the open source community, as it effectively can't be used in otherwise open source projects, as the result wouldn't be open source and it is going to be license-incompatible with many projects anyways.
That said, I find it preposterous to accept this notion even ignoring that point. You shouldn't have to take it on faith that what you're doing is allowed by the copyright license—the whole point of the license is to make that clear. Everybody always shrugs off the risk of a malicious owner until Oracle acquires their dependencies.
Very cute but I am pessimistic about the battle tested nature of the second clause. Licenses are like mythical swords in fantasy stories: the famous ones are famous because they are not only objectively well made, but also because they survived in battle. Imagine some blacksmith presenting King X with GoblinsbaneY touting it as the greatest sword ever yet having only a blank face when asked what battles it has won. He’d be laughed out of court.
Or maybe an analogy closer to home (Anduril notwithstanding) would be cryptography code. New ideas are cheap compared to code that has been to hell and back in the wild and remained unbroken.
(I assume this license is novel and untested. I’ve not heard of it before. Happy to hear otherwise, of course.)
I wrote about this recently. If we adopt SAS at the cost of OSS, its gonna make it even more harder to fight against corps which are against users and communities. We need to rally for OSS more than ever IMO.
I used the MIT license for https://github.com/SaynaAI/sayna mainly because the challenge is usually in product velocity and direct sales/distribution. Blocking from SaaS is explicitly entirely redundant.
Making software is getting cheaper, so this kind of license would not protect against someone reverse-engineering the SaaS tool in a week. It is better to be abstracted away from those type of things IMHO
People want to call their software open source, because it attracts customers. They don’t believe in software freedoms or open source, otherwise they’d never try or want to restrict Freedom 0.
If your SaaS can’t compete on the service part, the software part ain’t gonna make or break you.
No the problem is that it cant compete on the hardware part sometimes
Lets face it even if it something is open source, chances are that the most contributions/time are still spent by the person making it or the saas provider in this industry.
Imagine that someone goes ahead and launches a cheaper version of their saas and people go use that, since that person isnt having his time invested in the software as much as the original person and thus is willing to undercut him because his investment/returns expectations are very minimal whereas for the original saas it can be very high (writing good quality software which costs some developers real time and even real money)
> If your SaaS can’t compete on the service part, the software part ain’t gonna make or break you.
Oh, your bootstrapped team can’t simultaneously develop from scratch and support the new open source software project AND outcompete a multi-billion dollar business who decided to offer your service as a below-cost addon to their offering used by millions of people on day one? Tough luck, greedy bastard, you should have stayed in your cubicle.
It's not entitlement, it's the entire purpose of OSS. You are free to modify, distribute, and profit from other people's code. If you can't do any of these things, then the project is NOT OSS. Simple as that.
Entitlement is when you expect that OSS contributors must provide you with a warranty or a certain feature you need for your business activity. They are not.
Given oligopoly cloud corps are the biggest exploiters of OSS (to everyone elses detriment), I'd prefer an OSS license that was simply OSS for everyone under < $1B ARR.
> Given oligopoly cloud corps are the biggest exploiters of OSS
Not exploiters unless they are breaching OSS licenses. Why do you think Cursor exists? The forked and made VS code their own. Why is it exploiting when Amazon or MS is doing the same? Am nowhere close a fan of these corps but we need to be very clear when throwing words around like exploiters.
All the LLMs are probably breaching the OSS license though. We don't care about that cos we need it. How can we complain about something we use daily eh?
What are they exploiting? Are they violating the terms of the license? The point of OSS is that there aren't arbitrary restrictions to its use; you can do what you like with it and the open source maintainer has absolutely zero obligations to continue supporting the software, or implement any of your requests.
This is not a "real" (i.e. GAAP or accounting standards) metric, so that would seem like a bad idea.
The trouble is that lots of even the accounting metrics are gameable, but a comptent auditor(s) probably won't let the metric divulge too much from "reality" (i.e. conformance with accounting standards).
Readit News
Our way of dealing with this was delayed open source publication. That led to the FSL [1], and later to bootstrapping the Fair Source initiative [2] to establish an umbrella term that does not conflict with Open Source. What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
I actually still find that surprising. I would like to know whether this is a legitimate concern that two years is not enough, or mostly a perceived one. To me, moving to an Apache 2 or MIT license after a relatively short period is a much stronger statement than a license that risks the project effectively ending if the commercial entity is unwilling to relicense it more openly at the end of its life such as the O'saasy license.
[1]: https://fsl.software/
[2]: https://fair.io/
But then again I think this only prevents small players from "competing" by self-hosting, so the revenue loss there would be minimal either way. Large enterprises are too incompetent to even self-host a single self-contained binary, so for those the availability of source code and ease of hosting would make no difference, they would still use the SaaS.
That Sentry is a pain to deploy is not really intentional, it just happened over the years. However because it's a pain to deploy it also opens up a market for people that create managed deployments so I would say, that if anything, it made it worse. For self deployed Sentry you do not need to pay cent, the license explicitly allows it.
I'm personally on the fence how much of it is intentional... from the_mitsuhiko's side it probably isn't, but "the purpose of a system is what it does" and all.
Or am I reading it wrong? I am not a lawyer.
Also how does this work with contributor contributions? Does the owning SaaS get the benefit of contributor work instantly while everyone else has to wait 2 years? What about the contributers themselves?
That requires trust that the company will do this. The FSL is irrevocable and comes with a future promise.
> Also how does this work with contributor contributions?
The same way as any other thing with a CLA works. If you don't have a CLA, then you have a bit of a mess.
And yeah, by my reading essentially people can contribute code or publish patches (with just a plain MIT license in principle), just the original and derivatives still can't be used for non-permitted purposes until the timer is up.
You may want to allow certain uses (self-hosting, etc) even before it transitions to a fully open-source license. Having access to the source code can also help SaaS users debug certain situations.
O'Sassy came up recently in one of the forums I lurk in [0], and as discussed there, I tend to agree with Adam Jacob (SystemInit) and others that FSL is definitely one way out but doesn't totally solve the commercialization aspect, because the code & all that IP is still readily available.
Adam, in this talk [1], argues that like RedHat (and unlike Canonical), Open Source businesses must learn to separate source license from distribution license and if they do so, the money is there to be made (in a b2b setting, at least).
> What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
... if the companies conflate Open Source and business models, rather it being merely a Go-To-Market (like open core).
Especially true for dev/infra upstarts competing with incumbents (PostHog v Amplitude; GitLab v GitHub [2]), and lately for AI labs (DeepSeek/Qwen/Llama v GPT/Gemini/Claude). In a role reversal, BigTech also uses Open Source to commodotize its competition's advantages (Android v iOS; k8s v Swarm; Firefox/Chrome v IE) [3].
[0] https://forum.fossunited.org/t/6878
[1] https://www.youtube-nocookie.com/embed/watch?v=rmhYHzJpkuo / Summary: https://gemini.google.com/share/e21cd1bacff6 (mirror: https://archive.vn/Jzhk3)
[2] https://www.heavybit.com/library/video/commercial-open-sourc... / https://archive.vn/jQh27
[3] https://gwern.net/complement / https://archive.vn/QITxC
Whereas, for example, trademark protections have shown to fail easily.
So people can argue it doesn’t work, but so far we only have evidence to the contrary and Sentry is quite successful.
It’s also vague as, what if I run a VPS provider and someone can upload images to a marketplace like thing, does that count as SaaS? How about if someone’s only use of my services is to run that image?
Steer clear unless you want to open yourself up to the copyright owners opinion changing. (See for example the pine email client and the copyright discussions there.)
The restriction is on the redistribution of the software - the same rights must be passed on when redistributing it.
this license places (complicated) restrictions on how the software is used.
This strikes me as somewhat contrived. Like yeah, if you're gonna do some weird button-pushing thing, it's not worth it, steer clear, keep this product off your platform, easy. Is a piece of software really only of value to the open source community if any kind of unscrupulous use of it is allowed?
There's a million ways to get value out of source code that don't involve pushing the envelope. I've accepted every EULA ever without reading and never once worried I would get in trouble with any of them, it's generally pretty easy if you're not trying to invent ways to do so.
It's not even open source in the first place if any kind of unscrupulous use of it is disallowed, as that would be discriminating on use case. It ultimately doesn't matter much to the open source community, as it effectively can't be used in otherwise open source projects, as the result wouldn't be open source and it is going to be license-incompatible with many projects anyways.
That said, I find it preposterous to accept this notion even ignoring that point. You shouldn't have to take it on faith that what you're doing is allowed by the copyright license—the whole point of the license is to make that clear. Everybody always shrugs off the risk of a malicious owner until Oracle acquires their dependencies.
Or maybe an analogy closer to home (Anduril notwithstanding) would be cryptography code. New ideas are cheap compared to code that has been to hell and back in the wild and remained unbroken.
(I assume this license is novel and untested. I’ve not heard of it before. Happy to hear otherwise, of course.)
https://www.unsungnovelty.org/posts/10/2025/oss-and-sas/
Making software is getting cheaper, so this kind of license would not protect against someone reverse-engineering the SaaS tool in a week. It is better to be abstracted away from those type of things IMHO
If your SaaS can’t compete on the service part, the software part ain’t gonna make or break you.
No the problem is that it cant compete on the hardware part sometimes
Lets face it even if it something is open source, chances are that the most contributions/time are still spent by the person making it or the saas provider in this industry.
Imagine that someone goes ahead and launches a cheaper version of their saas and people go use that, since that person isnt having his time invested in the software as much as the original person and thus is willing to undercut him because his investment/returns expectations are very minimal whereas for the original saas it can be very high (writing good quality software which costs some developers real time and even real money)
Oh, your bootstrapped team can’t simultaneously develop from scratch and support the new open source software project AND outcompete a multi-billion dollar business who decided to offer your service as a below-cost addon to their offering used by millions of people on day one? Tough luck, greedy bastard, you should have stayed in your cubicle.
Entitlement is when you expect that OSS contributors must provide you with a warranty or a certain feature you need for your business activity. They are not.
Not exploiters unless they are breaching OSS licenses. Why do you think Cursor exists? The forked and made VS code their own. Why is it exploiting when Amazon or MS is doing the same? Am nowhere close a fan of these corps but we need to be very clear when throwing words around like exploiters.
All the LLMs are probably breaching the OSS license though. We don't care about that cos we need it. How can we complain about something we use daily eh?
This is not a "real" (i.e. GAAP or accounting standards) metric, so that would seem like a bad idea.
The trouble is that lots of even the accounting metrics are gameable, but a comptent auditor(s) probably won't let the metric divulge too much from "reality" (i.e. conformance with accounting standards).
They will find a way of gaming the metric.
For example, they run the software through a subsidiary that makes $900m ARR.