I ask this because I think of the recent switch of Ubuntu to the Rust recode of the GNU core utils, which use an MIT license. There are many Rust recodes of GPL software that re-license it as a pushover MIT or Apache licenses. I worry these relicensing efforts this will significantly harm the FOSS ecosystem. Is this reason to start worrying or is it not that bad?
IMO, if the FOSS world makes something public, with extensive liberties, then the only thing that should be asked in return is that people preserve these liberties, like the GPL successfully enforces. These pushover licenses preserve nothing.
It is concerning, yeah. I usually license my own software with MIT, but, not all of it, and I think GPL is very important for Linux.
A little bit.
A lot of the Rust remakes are being made by morons who have no problem using weak licenses that favor corporations.
We should hold them accountable and avoid using/contributing to their projects until they switch to a free license.
Coreutils has little commercial value to take can create a proprietary fork of. There is little value that can be added to it to make it worthwhile. The same is for sudo - which has had a permissive licence from the start. In all that time no one has cared enough to fork it for profit.
Not saying that is true of every project. But at the same time even GPL software has issues with large companies profiting off it and not contributing back. Since unless you are distributing binaries the GPL does not force you to do anything really. See mongodb and their move to even more restrictive licences.
The GPL is not the only thing that stops companies from taking open software. Nor does it fully protect against that.
Not does everything need to be GPL. It makes sense for some projects and less sense for others. Especially libraries as that basically forces no company from using them for anything. Which is also not what you want from a library.
Okay then; what licence can we use to force any entity using a library to make their project open-source?
EDIT: clarification
None. The closest you can get is the AGPLv3.
If you go further, it will no longer be open source. This is the case for the Server Side Public License (SSPL) for example. It requires the entire system configuration to be released under the same license*. This sounds “open source friendly” but it’s actually just a proprietary license because it’s not realistically possible to legally comply with it. You cannot run standard hardware without proprietary firmware, which means you cannot run SSPLed software on it legally.
*This only applies if you host the software as a service but the result is the same. It basically violates the freedom to use the work for any purpose.
I don’t think there is a good license for that. The ones MongoDB used turned the open source community against them. But that is not really my point. I just mean that some projects using MIT won’t suddenly mean every company will start stealing and closing that software. Some things like coreutils and sudo just don’t have the commercial value to make that worth the effort. So there is no real need to worry about these two projects IMO. Other projects are a different story altogether though. Each project needs to make its own decision on what licence best suits it. The GPL is not the one and only license that is worth using.
Compare Ubuntu and MacOS. MacOS ships ancient version of Bash because its GPL2 which allows for coexistence with proprietary software on sold machines.
So if Ubuntu gets rid of GNU coreutils and sudo what else stays GPL3 on a barebones system? You can swap Bash with Zsh like Apple did. And just like that you got yourself a corpo friendly distro to ship proprietary software. Just like Android, and look where that got us.
sudo is not GPL3. It is not even GPL2. It is an old license that is just as permissive as the MIT license. It has never had any big problems with that being the case. I don’t think that coreutils being GPL has really done anything to force companies to contribute back to it. It is mostly fixed in its function and does not really have much room for companies taking and modifying it to a point where others will favor the closed version over the open on. And what it provides is fairly trivial functions overall that if someone did want to take part of it then it is not terribly hard to rewrite it from scratch.
GNU Coreutils is not the only implementation of those POSIX features - just the most popular one. FreeBSD has its own, there is busybox, the rust ports and loads of other rewrites of the same functionality to various degrees. None of that really matters though as they dont really add much if any value to what coreutils provides as there is just not that much more value to add to these utilities now.
And it is not like the GPL license of coreutils affects other binaries on the system. So if you dont need to modify it and it does not infect other things there is little point in trying to take it over or use an alternative.
MacOS does not use a later version because they cannot. But also they don’t care enough to even try to maintain their own.
GPL is important on other larger/more complex bits of software. But on coreutils/sudo IMO it does not matter nearly as much as people think it does.
GPLv2 vs GPLv3 matters. At least to corpos. You can’t just brush this away when they have a clear position on this.
I was not trying to brush away the differences for GPL 2 vs 3. My point was just that I don’t think a more permissive license on Coreutils would have caused every company to want to steal the code, get everyone using it and force out the GPLed version. But a more restrictive license (say one that infects other binaries on the system) would have meant fewer companies using it and thus fewer distros and everyone else using it.
But for other projects the balance is different and a more permissive license would cause issues. There are some projects that even the GPLv2 or even v3 is too permissive for.
Yeah, Ubuntu actually isn’t the first distro without GNU coreutils. Beyond Android and Busybox, there’s also stuff like Talos, which is something like … Kubernetes/Linux.
IME something like Kubernetes/Linux running “distroless” containers have a huge potential to displace traditional GNU/Linux in the server market, and I wouldn’t be surprised if someone manages to build a desktop out of it, either.
Given the current world we live in I do not want anything that I create or contribute to itself contributed to an exploitative corporation’s bottom line (at best) without my consent or their assuredly begrudging reciprocation. This should not be controversial. The GPL accomplishes this. Nothing more lax or permissive does or will. You are not a cool or chill guy because you don’t care what someone does with the code you write. You are handing all of those who would sack you the keys to the castle, ushering them inside. That is not abstaining, it’s letting your opponents win. No thanks.
without my consent or their assuredly begrudging reciprocation. This should not be controversial. The GPL accomplishes this
In legal theory. In corporate practice, MIT and similar “pushover” licensed software, especially FOSS libraries, is more readily adopted by corporate users - and through this adoption it is exercised, tested, bug reported - sometimes the corporate trolls even crawl out from under their rocks and publish bug fixes and extensions for it. By comparison, GPL stuff is radioactive, therefore less used.
Then we can talk about how successful you are likely to be in enforcing GPT on any large entity, particularly those in foreign countries.
If it’s radioactive, that’s because of a fundamental assumptive imbalance in the contract between the author, the community, the users, the stakeholders, and the parasitic lawyers and their overlords.
If they don’t like it, pay/license and/or contribute.
In the corporate world, they have a lot to lose. So, they have lawyers - expensive lawyers - who, in theory, protect them from expensive lawsuits. One of the easiest ways to stay out of lawsuits over GPL and friends is to not use GPL software, so… that’s why it’s radioactive. Just having the parasitic lawyers review possible exposure is hellishly expensive, better to re-develop in-house than pay lawyers or even begin to think about the implications of entering into an agreement with a bunch of radical FOSS types.
It sucks, but it’s also how it is. Some corporations (like Intel) do heavily support and contribute to FOSS, when they feel like it.
Yeah this happens when the wrong kind of professional reviews exposure, which happens a lot.
Lawyers reviewing the licence terms will absolutely flag stuff that’s realistically a non-issue.
People that do threat risk assessment, (insurance type of thing) can view FOSS and other open standards as a reduction in risk across the board, and when these kind of professionals are tendering the creation of systems they specify open APIs and access to stuff. (At least in the projects that I’ve worked on, security systems in Toronto.)
This isn’t a hard rule, kinda a spectrum.
The whole legal/courts system is pretty dysfunctional at the low end of the economic spectrum (like: license fees that a group of 10s of developers might charge…) We have a shared well with our neighbor, put there by the previous owner of both properties. When he tried to sell to a previous potential buyer, they tried to hammer out a legal agreement around the shared well, and it just wasn’t feasible. The cost of anything approaching a legal agreement about sharing maintenance of the well cost more than putting in two new wells.
Your opponents. You do not get to decide who my allies and opponents are.
I agree with everything you are saying “for you”. It sounds like the GPL is the perfect choice for code that you wrote (assuming you wrote any).
But stop telling me what to think and do. Or, at least stop using the word “freedom” while you peddle your authoritarianism.
My philosophy is single. Those that wrote the code should get to choose the license. Many people prefer the collaboration that permissive licences allow. I do not oppose that.
The switch to permissive licensing is terrible for end-user software freedom given that corporations like Apple and Sony have leeched off of FreeBSD in the past to make their proprietary locked-down OSes that took over the market. Not sure what would happen if RedoxOS became usable in production, but if it turns out to function better than Linux enough to motivate corporations to shift their focus to it, open source versions for servers would probably still exist, but hardware compatibility on end-user devices would be at higher risk than before as vendors switch their support and stop open sourcing stuff. Or they keep focusing on Linux for server stuff due to the GPL license and the fact that their infrastructure is already on it.
I gotta say I’m a bit concerned about this whole corporate takeover thing goin on in FOSS land. If companies start slapdin’ MIT or Apache licenses on GPL software that’s supposed to be all about freedom and whatnot, it does seem like a bit of a cop-out and it could have some pretty serious consequences for the community.
Here’s solution to problem https://lemmy.ml/comment/22277779
Permissive license offer greater freedom to users of the code that already exists. The only benefit of copyleft is that it lets you demand future code that you did not write and that the authors do not want to Open Source. It is about restricting their freedom, not enhancing yours.
Permissive licenses provide all of the “4 freedoms” that the Free Software Foundation talks about. You cannot really talk about the differences between cooyleft and permissive as a “freedom” because they are not.
The name “permissive” kind of gives it away that permissive licenses offer more freedoms about what you can do with the code you were given.
Developers should choose a different license if they don’t want to free their code or go work on a project that’s inline with their values then. Poor them, I could care less. The GPL is made for YOUR freedom. Anything that allows a developer to not release their code because they don’t want to, well, that software becomes proprietary, which invades your freedom. Of course the GPL “restricts” those types of developers freedom to do whatever they want, how else would the software stay free? Don’t really understand what your arguement is here.
The GPL does nothing for MY freedom.
Freedom to have sex with somebody against their will is not a “freedom” for me. It is subjugation for them. Something does not become a “freedom” simply because it benefits me.
The right to eat crops grown by others is not a “freedom”. It is an entitlement.
That said, there is nothing immoral, unethical, or wrong about me growing crops and providing seeds to others on the condition that they share the resulting crops with me or even with everyone. This is a contract and hopefully a mutually beneficial one. All good as long as the terms are known up-front and all parties consent.
In my view, that last paragraph is the GPL. There is nothing wrong with it at all. However, it does not make either party to the contact “more free”. In fact, you a bit less free in the future when you agree to a contact, because you have to abide by its terms. But at least you got there freely.
Permissive licenses are not a contract. They are a gift. They make no demands. They take away no freedom at all.
Both are valid choices. I have no quarrel with somebody choosing the GPL.
I do not agree that permissive licenses are less free or that the GPL is moreso.
If it was truly about MY freedom, choosing a permissive license would not upset you.
Let’s see how this goes then revisit the question.
I’m going to continue releasing my software with a license that I deem appropriate.
For things I’m building only for myself or that I have no interest in building a community around, I couldn’t give a shit what people do with it or if they contribute back. My efforts have nothing to do with them. I’m releasing it for the remote chance someone finds it useful, either commercially or personally. Partially because I’ve benefited from others doing the same thing.
I’m not anti-copyleft, but the only time I actually care to use something like the GPL is for projects that would be obviously beneficial to have community contributions. Things that require more effort than I can put in, or that needs diverse points of views.
I use permissive licenses not because I’m a pushover, but because I really don’t care what you do with it.
I use permissive licenses not because I’m a pushover, but because I really don’t care what you do with it.
The point of all of this is that you really should, no matter what it is. I’m sure there is something you would object to having been a part of; protecting your labor from contributing to that only makes sense. If you really have no problems with that, then that is simply terrifying.
The point of all of this is that you really should, no matter what it is.
That’s like saying: I have a pecan orchard, I like my trees and I don’t mind if people collect the nuts as they walk by. Oh, but the point is: you really should, those are your nuts, you pay the taxes on the land, you care for the trees, YOU should be the one to sell them, not give them away to some randos passing by.
Yeah, sure. You do you.
Headline 1: mangocats supports local drug dealers by providing free-to-use property under the guise of free pecans to hide young adults that indulge in drug use, promiscuity, and other acts on mangocats pecan orchard.
That’s the most obvious and potentially PC way that predators can overreach on someone’s generosity and turn a “awwe” thing (the free pecans) into people getting in trouble or hurt.
The worst is some legal jujitsu of your signage “free pecans” implying tacit and potentially unrestricted use and/or terms of use to the orchard. Now some asshole subsumes your free pecans into the bottom line of their criminal enterprise, and you’re the longest running connection providing a financial bedrock for their blah blah. Now you’re in Rico. Pecans to uncle without even hitting the blunt.
I don’t speak from experience. But I was a young adult, I do by the book things, and I also developed an imagination of what can and could happen.
Then I tried magic cigarettes and got paranoid and now all I do is cross my Ts because therenare real good people to become better from. And there’s the other kind too and they love slipping people up.
“Free nuts”
Of course, shit-for-neighbors can make all kinds of trouble out of anything. I was thinking more along the lines of MIT free nuts, take 'em, eat 'em, sell 'em, just don’t sue me over 'em. As opposed to GPL “free nuts,” must be consumed on the property. If you take a dump while you’re here be sure to bury it at least 3" deep along with any TP used. Bring your own privacy screening.
My labor is done. I’ve already made the product. I have nothing to protect it from. Someone copying the product deprives me of nothing.
Also, you seem to be moving into another topic of controlling how software is used which is rarely ever addressed in licenses.
There is a reason nearly every software corporation out there is allergic to GPL code, and similarly why they love MIT/BSD/Apache code. I urge you to consider why that is. Licenses do affect how software is used, that is literally the purpose of them.
There is a reason nearly every software corporation out there is allergic to GPL code, and similarly why they love MIT/BSD/Apache code. I urge you to consider why that is.
I’m well aware. Are you assuming that people using permissive licenses are somehow incapable of understanding the implication of their license choice?
Licenses do affect how software is used, that is literally the purpose of them.
You implied that I would be “contributing to something” I would object to. I’m left to fill in the gaps. Maybe be more direct in your comments.
Most Open Source software is written by corporations. The Open Source licenses are an advantage to them.
The biggest source of GPL software is probably Red Hat (IBM). They maintain most of what people think of when they think of GNU software and they wrote many of the newer GPL projects that everybody uses (like systemd).
The trend has been towards permissive licenses for a long time. The have led to more Open Source software, not less.
Look at Clang vs GCC. Clang attracts a greater diversity of corporate contribution and generates greater Open Source diversity. Zig and Rust appeared on LLVM for a reason.
What we should be worried about is the cloud. It allows big companies to outsell the little companies writing Open Source software. Neither permissive nor copyleft licenses prevent this.
Why are they pushover licenses? Because they don’t force people to contribute back? Because a lot of companies aren’t doing that for GPL licensed software either.
Also not really sure how this would allow a takeover, because control of the project is not related to the license.
It’s not so much about forcing to contribute, but rather keeping companies from selling commercial forks/having checks against profiting from work that happens to be freely available.
You can profit from GPL software. The only restriction is if you distribute it you also need to distribute modifications under the GPL.
GPL also does nothing for software as a service since it is never distributed.
GPL even explicitly allows selling GPL software. This is effectively what redhat do. They just need to distribute the source to those that they sell it to.
I’m thinking of the Apache project, and all the important projects it covers that are under an Apache license and I’m not sure where the sudden worry comes from.
HTTPD and Nginx have had very permissive licensing for years and seem to do fine.
The GPL doesn’t force to contribute. But if you make changes to it, you need to have these changes reflect the liberties you yourself received. Megacorporations use the so-called “Explore, Expand, Exterminate” model, the GPL stops this from happening.
You can just wrap the software in a binary and interact with the binary and you will likely elude the GPL terms. This is kinda grey area but it would be hard to win against it in court. (I am not a lawyer)
I mean that broadly because nobody will make proprietary Coreutils or sudo as someone already pointed out.
You should look into the origins of OS X and CellOS.
Your pathetic rhetoric actively contributes to making people richer than you even richer.
Stop selling yourself out just because it’s easy.
Funny you say that because OS X shipped (and probably still ships) plenty of copyleft licensed software such as Bash. The Linux kernel is used in Android and ChromeOS.
If you want to stop corporations from profiting off your work, putting a GPL on it isn’t gonna do it. In fact no free software license will do it, because by definition they allow anyone to use and ship your software.
You don’t understand.
It’s not a problem if corporations profit off of it. It’s a problem when they extend a program without giving the public access to those changes.
Sure it’s a problem when that happens. It’s not the only problem, and honestly in the case of coreutils it’s not really the most relevant one.
Do you think it’s likely that corporations will take over UNIX-likes with proprietary coreutils extensions forked from uutils? Because that’s the one thing that is legal to do with an MIT/BSD licensed coreutils but not with GPL licensed ones.
Also on that topic, very interesting read:
One side community wants total GPL take over and one side they don’t support total GPLv3 licenced Operating system like
deleted by creator
Removed by mod
Code complete is arguably a myth when talking about security. You need to update when vulnerabilities are found at minimum. Sometimes, the changing software environment changes and so the software has to start adding features again or get replaced. Rarely old features are the vulnerability, and have to be removed.
What does security have to do with open-source projects succumbing to “corporate takeover”, which isn’t even possible?
If the code is of such a restrictive license that you aren’t able to fork and re-release it with changes, then it isn’t open-source to begin with.
To your last point about removing “old features”, this is done all the time, and this is why things use semantic versioning. Nobody wants to be forced to maintain old code into perpetuity when they can just drop large portions of it, and then just release new versions with deprecated backends when needed
Sorry, I didn’t explain what I was talking about.
The problem is that in the modern software environment there’s a constant need for updating and patching, and if a proprietary fork provides those updates and a free original can’t keep up for whatever reason, the proprietary fork (that could have contributed otherwise) gains inertia until the free original dies. This is admittedly harder to pull off in a mature and well maintained free software ecosystem, but I think you’d be surprised how many important free software projects lack needed manpower. It doesn’t help that MIT practically encourages people not to publish code, compared to GPL.
People make out forking like it’s a big protection against proprietisation, and it is, but it’s not foolproof. Good forks are usually founded by community members that already understand and contribute to the code, most forks actually die quickly. The fewer contributors relative to the project’s size and complexity, the more realistic it is to either be overtaken by a more competitive proprietary fork, or for the maintainers to sell out and relicense without anybody to fork it.
Realistically, I don’t know how likely this would happen to anything decently important, but it has happened at least a few times. I remember using Paint .NET while it was still MIT licensed years back, but nobody forked it. Since we’re on Lemmy, Reddit used to use a Free software license.
There’s a few different things getting wrapped in here together, so let me break down my take:
-
Licensing - if you intend to only use FOSS software, it wouldn’t matter if a corporate/proprietary version of something exists or not. If you intend to release something and make it free, you would need to include only license-compatible libraries. I don’t see why Microsoft having a proprietary version of something that is better would be a problem, because that’s not the focus of your goal of releasing something for free. Similarly if you start a company and bootstrap a product off of open libraries, you will steer towards projects that are license-compatible. Whether there is a better version is irrelevant.
-
Scope of license - Your comments seem to focus on larger product-complete projects. You mentioned Paint.net as an example. So say Adobe forks GIMP, and drops a bunch of proprietary Photoshop libraries into it to make it beefier or whatever. Similar to the above, people who intend to only use FOSS software still wouldn’t adopt it.
-
Death by license - there have been some cases where FOSS project maintainers get picked up by corporate sponsors and sort of “acquired”. This is on the maintainers to make that choice of course, not the community, and contributing members of that community have every right to be pissed about that. Those contributing members also have the right to immediately fork that project, and release their own as a competitive product. Redis vs Valkey, and Terraform vs OpenTofu, are examples. Some people flock away, some people don’t, but in most cases ts a guaranteed way to turn the community against you, and towards a fork of said project. Happens a lot.
I think what you’re not seeing here is that these companies buying out projects really don’t intend to put a lot of money back into them after they get their bags of money. Whether or not people continue to use the originals is less important than the forks being available and supported. If companies believe in the project, they kick in PRs to keep things rolling along because they need that particular part of their stack. I myself am a maintainer in multiple public projects, and also work with companies that contributed to dozens of different public projects because the products they make revolve around them: everything from ffmpeg, to the torch ecosystem. You find a bug you can fix, you submit a PR. That’s what keeps this ecosystem going.
Smaller scale startups to mid-sized companies contribute all the time to public projects, though it may not be apparent. Larger corporations do as well, but it’s more of legal thing than an obligation to the community. Rewriting entire batches of libraries isn’t feasible for these larger companies unless there is a monetary reward on the backend, because paying dev teams millions of dollars to rewrite something like, I don’t know, memcache doesn’t make sense unless they can sell it, and keeping an internal fork of an open project downstream is a huge mess that no engineer wants to be saddled with.
Once a public project or library is adopted, it’s very unlikely to be taken over by corporate interests, and it’s been that way for almost fifty years now (if we’re going back to Bell and Xerox Labs). Don’t see that changing anytime soon based on the above, and being in the space and seeing it all work in action. Though there are scant cases, there’s no trend of this becoming more prevalent at the moment. The biggest threat I see to this model is the dumbing down of engineers by “AI” and loss of will and independent thought to keep producing new and novel code out in the world.
I suppose you’re right that copyleft is not the primary motivator for contributions.
I’m aware that forks happen often when a takeover is attempted. There are many big success stories in FOSS. However, my point was that most FOSS software isn’t that successful. There are plenty of projects out there with very few contributors, and it is those I’m saying are easy for taking over. Perhaps they get taken over because most of the community doesn’t care, but it still happens from time to time. I originally commented because you seemed to make out that proprietisation was impossible.
I get your point that it’s incredibly unlikely for anything that matters however.
Edit: I think I misremembered an example I gave of a successful fork after an attempted takeover, but it was something Oracle.
Just based on experience in the community and professional experience, I can solidly say that your take on FOSS not being successful is just wrong, and I don’t mean that like you’re stupid or I’m shooting you down, you just wouldn’t realize how huge contributions are unless you know where to look.
Here’s a big example: look how many companies hire for engineers writing Python, Ruby, Rust, Go, Node…whatever. ALL OPEN SOURCE LANGUAGES. You bootstrap a project in any of these, and you’re already looped into the FOSS community. 100% of the companies I have personally worked with and for write everything based on FOSS software, and I can tell you hands down as a fact: never met a single person writing in any closed source IDEs or languages, because very few exist.
If you want to see where all the community stuff happens, find any project on GitHub and look at the “Issues” section for closed tickets with PRs attached. You’ll see just how many people write quick little fixes to nags or bugs, not just on their own behalf, but on behalf of the companies paying them. That’s sort of the beauty of the FOSS community in general in that if you want to build on community projects, you’ll be giving back in one form another simply because, as my last comment said, NOBODY wants to maintain a private fork. Submodules exist for a reason, and even then people don’t want to mess with that, they’d rather just commit fixes and give back. Companies are paying engineers for their time, and engineers committing PR fixes is defacto those companies putting back into the community.
To your Oracle point, I think the biggest thing there you may have been Java. That one is tricky. Java existed long before it was ever open sources by Sun Microsystems, and was available for everyone sometime in the early '00s (not bothering to look that up). Even though it was created by an engineer at Sun, it was always out there and available for use, it just wasn’t “officially” licensed as Open Source for contributions until some time. Sun still technically owned the trademarks and all of that though, and Oracle acquired them at some point, bringing the trademarks under their ownership. There wete a number of immediate forks, but I think the OpenJDK crew was further out in front and sort of won that battle. To this day I don’t know a single Java project using Oracle’s official SDK and tools for that language aside from Oracle devs, which is a pretty small community in comparison, but you’re right in that was essentially a corporate takeover of a FOSS project. How successful it was in bringing people to bear that engagement I think is up for discussion, but I’m sure the community would rightly say “Fuck, Oracle” and not engage with their tooling.
Well, you certainly made me feel much more optimistic, thank you.
-
I suppose it’s true that neither would have been called feature complete by its authors, proprietisation is much more likely when there is still a lot missing. But I would still caution against thinking that having all the features you need means you’re immune to it.
You’re the only user catching downvotes
Check the rest of the thread 🤣
People in here don’t work in the space, and are clearly not knowledgeable about the subject. They can downvote me all they want.
I did, twice
