• davel [he/him]@lemmy.ml
    ·
    7 months ago

    Seriously, don't sign a CLA

    A contributor license agreement, or CLA, usually (but not always) includes an important clause: a copyright assignment.

    This is a strategy employed by commercial companies with one purpose only: to place a rug under the project, so that they can pull at the first sign of a bad quarter. This strategy exists to subvert the open source social contract. These companies wish to enjoy the market appeal of open source and the free labor of their community to improve their product, but do not want to secure these contributors any rights over their work.

    List of some companies that use CLAs: https://en.wikipedia.org/wiki/Contributor_License_Agreement#Users

    • lemmyreader@lemmy.ml
      ·
      7 months ago

      First link gives an SSL warning for me. Here's the WayBackMachine link https://web.archive.org/web/20240425192244/https://drewdevault.com/2023/07/04/Dont-sign-a-CLA-2.html

  • Nakoichi [they/them]
    ·
    7 months ago

    Corporate

    Open source

    Pick one. Capitalism cannot abide anything not being commodified. "Corporate open source" is an inherently contradictory term.

    • davel [he/him]@lemmy.ml
      ·
      7 months ago

      I’m not here to defend capitalism, only to say that capitalism and open source have had a more complicated relationship than that.

      The Apache HTTP Server was the preeminent dot-com era open source project. It’s hard to imagine the dot-com boom without it. People seem to forget that it was corporate open source. It was “a patchy server” developed (from NCSA HTTPd) and maintained largely by internet startups like Organic, Inc. Many other critical components of the dot-com tech stack were similarly developed.

      • Nakoichi [they/them]
        ·
        7 months ago

        The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation.

        This is what I mean though. Most groundbreaking development is done voluntarily or with public funds. It is antithetical to capitalism.

        Capital comes in AFTER it is proven useful and/or profitable.

    • frezik@midwest.social
      ·
      7 months ago

      Open Source has been historically tied to corporations. It kicked off with Netscape opening their browser. Eric S Raymond was a major player behind the term, and he's explicitly right-Libertarian.

      Free Software, OTOH, is a different matter. I think the two are overdue for a divorce.

  • JuxtaposedJaguar@lemmy.ml
    ·
    7 months ago

    I'm surprised that other people are surprised that for-profit companies constantly try to increase their profits; such companies only contribute to FOSS when that's more profitable than the alternative. The Linux kernel, AMDGPU, Steam, etc only exist because some part of the software/hardware stack is proprietary (which becomes a more attractive product as the FOSS portion of the stack improves).

    I'm definitely not justifying the "rug-pulling", but people need to stop supporting projects with no potential for long-term profitability unless those projects can survive without any support from for-profit companies. Anything else is destined to fail.

    • Nakoichi [they/them]
      ·
      7 months ago

      people need to stop supporting projects with no potential for long-term profitability unless those projects can survive without any support from for-profit companies.

      You see the contradiction here right?

        • Nakoichi [they/them]
          ·
          7 months ago

          Open source projects have no potential for long term profitability unless those projects get support from for profit companies, thus compromising the nature of open source.

          • JuxtaposedJaguar@lemmy.ml
            ·
            7 months ago

            Not all FOSS projects need to be profitable to survive. IOW if a project cannot survive without being profitable and it cannot be profitable long-term, then it cannot survive long-term.

  • hertg@infosec.pub
    ·
    7 months ago

    Great video. I actually bought the domain opensource.rip a few weeks ago, just to list the affected projects and explain exactly what jeff geerling did here. Haven't started it yet, and I'm mostly commenting just to make myself commit to the idea.

    Intending to create a static site with Zola, lmk if you wanna contribute. Submitting information like I asked for in the following post would already help me out :)

    https://infosec.exchange/@hertg/112196322254411560

  • Sean Tilley@lemmy.ml
    ·
    edit-2
    7 months ago

    Sentry also did this by embracing the Business Source License. Technically, you can still get an MIT-licensed version, but it has to be more than two years old.

    As a former employee that worked there during the days that Sentry really promoted itself being Open Source, it was disappointing to see. VC Funding and a growth obsession basically poisoned the well.

  • umami_wasabi@lemmy.ml
    ·
    edit-2
    7 months ago

    I just found out some softwares around infrastructures also uses CLA, including:

    • Kubernetes (hosted by CNCF)
    • Istio (hosted by CNCF)
    • Grafana
    • All projects under Apache Software Foundation (e.g. HTTP server)
    • OpenStack (hosted by OpenInfra)

    To my surprise, even Golang core uses CLA too.

    EDIT: Add more to the list

    EDIT 2: Envoy Proxy also hosted by CNCF uses DCO instead of CLA. Interesting.


    It looks like very difficult to bulid an infra without some components uses CLA.