I don’t see how this is fair. The license can be summed up as: “Contribute your work, I keep the money. Forever.”
It is basically a source view license, similar to many used by Microsoft. (https://en.wikipedia.org/wiki/Shared_source)
Sourcegraph CTO here. Our goal with Fair Source is NOT to have people in the community write 90% of the code and then profit off their hard work. Rather, it’s to make the code that we’ve written for Sourcegraph publicly available for all to view (rather than keep it closed off). If a user notices an issue or wants to create a small enhancement or plugin, they can do so, instead of filing an issue and waiting for a response. But we are also glad to receive issues and will resolve them as quickly as we can. Retaining the ability to sell the core product means we’re incentivized to make the core product as good as possible, all while having the source code publicly available.
That’s precisely what I am saying: it’s for viewing. That’s okay, but not novel and was heavily criticized when Microsoft did it - for good reasons. The software doesn’t contribute to the commons.
That’s all okay and you are perfectly within your rights to do this.
There’s one thing I find rather ugly though: the appropriation of the term “fair”. You’re on a high horse there.
With all the recent open source authors losing it and quitting open source, are they really on a high horse?
We place too much burden on open source authors. I think your summary, “Contribute your work, I keep the money. Forever.” is unfair. In reality they will be producing the vast majority of the work. How many people actually contribute to someone else’s open source project, enough that they could feel entitled to money for their contributions?
All of this complaining is the same bullshit people cite when leaving open source. These  posts are even highly upvoted here on lobste.rs, and yet when someone tries to solve this problem for themselves our reaction is to bitch about it? For fuck’s sake.
By picking the term “fair” for them? Yes. “public source viewing licence” (PSVL) would been a much tamer term.
That is okay, but the result is not open source and not free. It cannot be reused. Even the FAQ for the license says so. As I said: I am fine with the terms of the license, but it should not pose as an open source or free license. Contributing to the commons is an important part of open source. A problematic funding situation that needs to be solved comes with it and I don’t want to question that.
I’m sorry, but I don’t see how we are even discussing the same thing. Handwaving that everyone is “bullshitting” when they don’t agree with certain solutions isn’t helping either.
So, users are free to contribute fixes to their own problems, but can still pay full-price for the privilege!
More seriously, why not dual-license under a viral copyleft (say, AGPL3) and a normal commercial license? That’s what id did.
I want to reiterate the fact that we don’t expect users to fix bugs or issues on their own. Our team is fully committed to responding to feedback and making Sourcegraph into the best code host possible.
The reason we didn’t do a dual-license model is because we wanted to retain the ability to sell the core product to companies. This preserves the incentive for us to invest in improving the core product and technology.
You can still sell the dual-licensed product…especially if it’s with a super-viral copyleft license. You just explain “Hey, if you don’t want to be legally liable to disclose your entire product’s code, buy our commercial license”.
The people that would ignore that and not pay would do the same under the proposed license.
There are many examples of dual-licensed software which work exactly this way. Sidekiq is a recent example, which makes the core functionality, which is good enough for a large percentage of users, free under the LGPL, and has a “Pro” and now an “Enterprise” version which adds significant feature improvements to the library and is “commercially” licensed.
MySQL is, of course, another major example of this.
Indeed, MongoDB uses dual-licensing to what seems like a great success!
It seems fine to me, but more as a way to encode business practices in the license. It seems like what I’d want if I were writing software that I was perfectly cool with hobbyists and small shops using, but would want enterprises to be explicitly on the hook for payment.
What I’m interested in is whether or not any enterprises will actually touch software licensed in it.
Well, but one of the core ideas of open source and free software is contribution and collaboration.
I would see no reason to contribute to such a project.
The license however does allow you to make your own changes to the software, which is a huge reason why big companies prefer FOSS, they can change stuff to their own means as they need to for their own needs.
How frequently does that actually happen, though? For companies that are not in the software business, I would say just about never.
I don’t know how often it happens in general, but I’ve seen companies make changes to OSS code quite a bit. It usually only gets publicized when they are caught violating licenses, or contribute back a huge amount of code.
In my experience, most companies make relatively small changes and obey licenses, so they don’t raise much interest.
For example, if a company has an internal application with a custom logging system, they might modify the OSS libraries they’re using to use their logging system. Since it’s an internal app, the GPL doesn’t require making the modified source available, and other licenses are even less restrictive.
I guess some kind of bounty system that would allow you to target individual bugs could be a good way for companies of paying for work. Or whatever money received from commercial licences going on bounties
I find this tweet chain to be a bit more illuminating than @taoeffect’s rant https://twitter.com/__apf__/status/668843620204605440
Chris Palmer wrote a post in relation to this discussion that does a good job describing this situation: https://noncombatant.org/2015/11/24/what-is-hpkp-for/
I think it’s a great intro to his point-of-view. Not the only POV. IMO, the attack surface is unacceptably large, and it’s a fact that it can be reduced.
Some parts are also unclear:
All the same, people seem to wish that servers could say to clients, “Here are my expected keys, and you should fail to connect to me even if the person who owns the computer wants to connect anyway.”
I think that part intends to say something along the lines of, “Here are my expected keys. Make sure not to use any other keys to connect to me.”
That is how it should work, and that was the point of HPKP. Alas, some minor use cases end up compromising the whole thing.
Computers should do what their owners want, or at least give the owner priority over the desires of a remote server operator.
That sounds “nice”, and I’d normally agree with that sort of thinking, except I understand that what he’s really saying there is that “we should destroy hope of ever establishing secure connections over the Internet”.
If computers “should do what their owners want”, then they should establish secure Internet connections (since that is what most owners want). That means Google Chrome has to respect the keys that are sent. If people want to “debug TLS connections”, they can still do that in a special “debug mode” that the user never sees. It doesn’t require breaking HPKP for everyone.
I read this less how I think the author meant it and more as “When you run free, unrestricted things on the internet, they become public infrastructure.”
(which is entirely why I have run an open bittorrent tracker for like 7 or 8 years.)