“Source available” is uncool, compared to “open source” or “Free Software”, in substance, not uncool as a term.
The non-ideological value of open source is exactly the commodification that the retreat to source available licensing seeks to end, along with downstream consequences of that commodification.
> Apparently marketing people who want to sell stuff under those new licenses think "source available" is uncool.
It's not that it's uncool, it's just not true and reflective of reality. There's a world of difference between a .zip on an FTP ("source available because GPL says it must be") and everything still happening in public on GitHub and everyone still being able to contribute if they want to. Both are technically "source available".
GPL or any OSS license doesn't require you to accept contributions. Your users are free to do anything with it except distribute derviative software under a different license, but you, the author, don't owe them anything except buildable and runnable (since v3) source code.
That's the point of open source, and free software in a way as well. Copyleft licenses have restrictions, but as long as you follow those restrictions, you can build whatever you want using the software. SSPL, FSL, BUSL licenses outright prevent you from competing in certain commercial ways, no matter what.
Just because most business models don't want to comply with copyleft doesn't mean it's not open source - it just means it doesn't fit your business model.
You can also build whatever you want with SSPL, as long as absolutely everything you use to run a service that supports it is also licensed as SSPL. It's not that different from the AGPL in spirit.
> as long as absolutely everything you use to run a service that supports it is also licensed as SSPL.
There isn't an SPPL-licensed OS available, is there? Is that not included in "absolutely everything you use to run"? I actually don't know, I haven't tried to make sense of the license. Is there a boundary somehow that you are allowed to run it on a non-SSPL OS? Where is the boundary exactly, I might be using many other open source licensed (or even third-party proprietary licensed tools) in my total ops stack -- which of them don't have to be SPPL?
If you simply believe "CLAs are bad", you're missing the point (unless you refuse all legal documents on principle, or something).
The question is: WHO are you signing the CLA over to?
If it's a for-profit company, well, then do you trust that company to follow through?
If it's a non-profit, then look to see (in the US) if they're a 501(c)(3) public charity, which have legal restrictions on their governance, which typically require serving some larger public good. Also look at their history of past governance. I certainly hope (as an ASF peep) that we've shown who we are to be who we plan to be in the future; namely producing software for the public good.
Key reasons the ASF uses a CLA are protecting the org from future IP issues, and partly simply to be able to fix some future typo or legal issue in our license if one ever comes up. But the ASF will always provide all of it's released software under a similar style permissive license to Apache-2.0, as long as the organization is around.
If they're a 501(c)(6), then they're a business league, and might act more like a for-profit corporation, so...
It's important to remember that FOSS contributions are on a voluntary basis. When I have to sign paperwork, things start to feel like unpaid work.
Signing legal documents requires disclosure of personal information. Most CLAs require full legal names and often the names of employers. While Elric is my legal name, I prefer not to disclose my last name for a variety of reasons. Being able to commit to FOSS on a pseudonymous basis is impossible when CLAs are involved, which I think is a real shame.
I understand that orgs want to protect themselves, but CLAs only protect orgs, and can potentially harm contributors. Now, I happen to trust the ASF, and I hope my personal information is safe with them.
There are, roughly speaking, two types of countries when it comes to names. One kind (like the UK) where you decide on your name and the government has to comply with it (after minimal paperwork and minimal expense). And the other kind (where I live) where your name is more or less set in stone after your birth, where it is subject to the whims of the approving official, where it is difficult and expensive to change at best, and sometimes impossible to change.
I'll refrain from going off on a naming tangent, but that stuff is wild.
Which defeats the purpose, because then your pseudonym is legally tied to your IRL identity in a way that may, depending on jurisdiction, be public or semi-public record.
> the ASF will always provide all of it's released software under a similar style permissive license to Apache-2.0, as long as the organization is around.
What makes you think that? What stops a few "evil" people from getting on the board and changing the mission in some way and then changing the license so that it is no longer permissive?
I've never been clear on what stops the above attack. Many people have setup foundations on their death that are now promoting things the person was clearly against in their life. Martin Luther King Jr's "I have a dream" speech is now property of his heirs who milk that copyright for all the dollars they can get - I believe this is not what he would have wanted. There are plenty of other examples.
Personally I know it since I've been volunteering there since 1999 and know how elections work and know most of the membership. But that probably doesn't help much if you don't know me.
Practically, I know it because the ASF is a Membership organization, meaning there are hundreds of individual Members who have been elected by their peers inside the ASF. The Membership is the group who elects the board. The ASF has only individuals as Members (never corporations), and quite a lot of folks have made their careers about their ASF project work, while hopping between multiple jobs at various vendors.
So to mount an attack like that, you'd need to "evil-ise" a over a hundred Members to get them to vote for your hand-picked candidates who would be shunned by basically everyone else involved in the ASF.
Vendor neutrality and our permissive license are baked very, very deeply into everything the ASF does.
A fair number of 501(c)(3) foundations are similarly membership corporations, where the board is elected from the set of people who've been volunteering there for years, so they are unlikely to change direction like that. Some (c)(3)s are not, but still have a good track history. (c)(6) organizations are a mixed bag, since some explicitly allow sponsors to pay for board seats - a very different world.
Naming things is hard, as software engineers know. It's only OCF that's shutting down, not OC, or OCE, or OSC, or even OCNZ (I just found out about that one today).
In any case, there are plenty of other funding models/sites out there, the trick is finding one that really fits how your FOSS project works:
I have a general explainer about the OCF shutdown (not the OC, or OSC, or OSE, or OSNV!) over here, where I include more links to software foundations that might also act as fiscal hosts, like Conservancy, SPI, or NumFocus.
What we really need is a lawyer/accountant/tax person to write a focused guide for collectives and how to move their money. US tax law means that generally, 501(c)(3) public charity organizations can't just transfer the money anywhere - it'll most likely need to be another 501(c)(3) or equivalent. That's going to trip a lot of people up who want to go to OC (for-profit) or OSC (a 501(c)(6) business leage), because neither will qualify for accepting fund transfers (I think).
Also, if you have any offinity for Europe, look at the OCE - they are a charity, and they sound like they're seeing if they could accept fund transfers from OCF for projects that fit their model.
https://opencollective.com/europe/updates/regarding-the-anno...
Hi guys, my law firm Seton & Associates originally assisted in establishing this 501c3 fiscal sponsor Open Collective Foundation many years ago. I have been a law practitioner in the space of advising charitable structures for 25 years. We know the ins & outs of the world of fiscal sponsorship. In addition, I am the CEO, Founder & Chairman of the Edward Charles Foundation which is a 501c3 fiscal sponsor. We are registered in all 41 jurisdictions requiring such registration and also are audited each year by an independent CPA Firm. We can help. We also have relationships with many fiscal sponsors to refer you if we are not the right fit. Feel free to email at kseton@sblservices.com and I will respond promptly.
I've wondered about this for a long time - can't a 501(c)3 non-profit hire open-source developers as employees, or easier, employ or fund them as contractors and pay them through a 1099?
I'm sure that non-profits hire for-profit companies or contract out work in some way, wouldn't that model apply to supporting open source projects through a non-profit?
In a nutshell, yes, but there are very few FOSS nonprofits with funding that allows them to do this. The Linux Foundation pays Linus, and I know the OpenInfra Foundation has a few technical roles on staff, but most simply don't have anywhere close to the money to pay for actual development. It's not a particularly attractive venture for corporate sponsors, or at least hasn't been historically, because they can spend the same money on their own developers and have much more control over what features and bugfixes get prioritized.
It might be hard to justify the need for that software -- I don't think 501(c)3 orgs can do literally anything they want and keep their 501(c)3 status. The things they fund have to go towards a specific mission, and "putting more OSS into the world" might not be a valid mission (?).
The PHP Foundation collects donations to fund maintenance and improvement to the PHP language, which is their charitable goal.
As far as I know, when you start a nonprofit there's no requirement that your nonprofit be particularly efficient or socially useful. You want to run a hospital that pays its CEO handsomely? Build a church in a town that already has plenty of churches? Organise international exchanges of frozen horse semen for a rare breed of horses? Run a college that charges $50k/year tuition? Pay for monks to just kinda hang out and vibe?
The IRS doesn't seem to require and proof those monks are measurably good for your immortal soul, or that there's widespread public support for horse semen exchanges, or that the college would be destroyed if they didn't have a football coach. The charity can just say "yeah we think the football team is, uh, good for student engagement, which serves our charitable goal" and the IRS goes along with it.
If a nonprofit college can pay a football team coach, the PHP foundation can certainly pay developers to work on PHP.
As noted elsethread, there are several 501(c)(3)s that pay for software development, either via having their employees/contractors do it (directly or indirectly), or by providing grants or one-off funding for specific kinds of work. It really depends on the organization what their policies are.
The LF has plenty of employees who help code on their various sub-foundations in one way or another. Python, NumFocus, PHP, and some others have grant programs to help pay developers to work on specific code. And Conservancy and SPI are fiscal hosts that allow their independent projects to fundraise and pay for their own work.
On the other hand, the ASF explicitly does not allow funding to pay for project development, at least not in the context of the ASF itself. The ASF does have a paid infra staff/contractors who do write code, but it's all to run infra, not for project releases.
As noted elsethread, it's all about what the charity was setup to do.
the mission of the 501(c)3 is defined in the original application for status. It is correct that spending has to be documented and related to the mission. There are more than a million 501(c)3 in the USA and the vast majority are small operations that are mission focused, and they do have to document and play by the rules, or face penalties or closure. That said, there is a "one percent" of non-profits who operate completely (mostly secret) structures and have for decades upon decades.
A primary reason to have a fiscal sponsor 501(c)3 -- and pay ten percent or more of income -- is that the paperwork is non-trivial each year.
The OCF shutdown will not affect the OC, OSC, OCE, OCNZ, or Social Change Nest UK operations, so this is only about the 600 collectives at the US public charity OCF.
Important clarifications:
- The announcement is only about technology, there's no "partnership" between the ASF and GitHub. The ASF is vendor-neutral about all of it's operations. In particular, there is an expectation that Apache project communities continue to do much of their community and release management on ASF servers, not solely on GitHub.
- Many Apache projects asked to use GitHub. It took a while, but Apache infra now allows that, as long as the repos are in our organization. Many projects still use our Subversion repo(s) too.
- The ASF hosts it's own Git repos with all auditable history. So GitHub is merely one way that Apache projects can choose to allow users to contribute. If GitHub went away overnight, the ASF would still have all our own code and could keep working with our own build tools and plain old `git`. The ASF didn't decommission it's own git repos, just some of the tooling we used to mirror between our repos and GitHub.
Just to address the last sentence: the Apache Software Foundation would never adopt Commons Clause. It's antithetical to the ASF's entire licensing strategy, which is to give stuff away for the public good, with as few restrictions on users and redistribution as is legally practical.
Personally, people can use whatever license they want for their copyrighted works; that's cool. But the other important issue is: don't call it the "Apache-whatever license", because it is NOT the #Apache-2.0 license. Call it the "Redis License" or whatever else you want, just don't bring the ASF's name into it.
You have to have a license to attract contributors. https://choosealicense.com/ and github make it easy; there's zero excuse to not have a license.
Permissive licenses attract the broadest range of contributors, so if you're looking to build a large community, they are the way to go. GPL tends to have a smaller overall, but very strong pool of contributors, so if copyleft makes sense for your technology, by all means use it.
The chance of a personal project building a large community are quite slim regardless of the license.
Chances are a personal OSS project will only attracts a few dozen users and maybe a handful of contributors (contributing mostly small bug fixes) with the creator as the only real developer/maintainer.
There is also a good chance that the maintainer will only contribute from time to time after the initial "dev sprint", if it doesn't abandon the project all together.
Basically the bus factor for such projects is 0. If you are relying on one of them, you should be aware that you may have to maintain a fork on your own in the future.
Given this state of things, I prefer having permissive licenses (ex: MIT) on my projects. It's a way for me to give complete freedom about what you do/want to do with my piece of code (piece of code that I may have abandon but is still useful to you). You can fork it and keep the fork OSS or you can include it inside the source tree of your product and maintain it that way, the later being generally easier.
And previous posts on the basics and a timeline. It's complicated - both because trademark law is complicated, and because there are clearly personalities involved who have a long history together.
Some folks are working on terminology over here, if you're curious.
https://github.com/softwarecommons/softwarecommons.com/issue...