Matthew Miller
The Redis thing underscores a key point: _open source is not enough_. We need _community built software_ -- free and open source licenses are just one aspect of that.
If a company requires you to assign copyright (or equivalent re-licensing rights) in an asymmetrical way, they will inevitably eventually decide to take that option once they want to cash in on the goodwill you've built for them (let alone the code).
Rick :swift: 6x💉😷🇺🇦
@bignose Thank you! I just started a project recently that relies on Redis. :(
bignose
The #FreeSoftware fork of #Redis is already up: https://codeberg.org/redict/redict
bignose
Rick :swift: 6x💉😷🇺🇦
@mattdm I lack context here. What is the “Redis thing?”
Shane Curcuru
Indeed, there are four levels of open:
- Open source - under an OSI license
- Open community - may accept contributions
- Open governance - adds contributors to become maintainers
- Open brand - trademark is owned by a nonprofit foundation
Thomas A Caswell :python:
@mattdm I come back to https://www.coiled.io/blog/stages-of-openness by @mrocklin a lot.
I think a lot of the discussion gets twisted because people have different levels in their heads talk past each other.
If a project is at level 6 (multi-institution engagement) this can not happen.
If it is at 2 or 3 (licensed for reuse or accepting contributions) I don't have it in me to get angry about this sort of re-licensing. If anything it makes clearer what the stage of the project is (internal roadmaps run the show).
clacke
@shanecurcuru Right! They map somewhat to levels 2, 3, 5 and 6 here:
coiled.io/blog/stages-of-openn…
/by @mrocklin
/via fosstodon.org/@tacaswell/11214… @tacaswell
Concerns about multi-institution engagement also overlap with thoughts by @webmink on the counter-"rights ratchet" checklist[0], as well as the C4[1] and the Cooperative Technology manifesto[2] (f.k.a. "Communal Software").
There is an awareness in Open Source and Free Software that the license is nothing more than a legal-technical tool and the bare minimum, and the governance around the software development matters, but there is no singular named focus point and vision yet, the way Free Software was in the 80s and 90s, and Open Source was in the 00s and 10s.
Maybe we'll have one in the 20s if the MongoDB etc pattern keeps repeating.
[0] e.g. meshedinsights.com/2021/03/02/…
[1] zguide.zeromq.org/docs/chapter…
[2] cooperativetechnology.codeberg…
Shane Curcuru
Explicitly using level instead of aspect to show the common progression.
Open community is a project that actually accepts contributions from the community, based on value to project. Unlike some corporate open source projects that simply don't ever merge outside PRs or the like. Hence, the community of regular contributors might grow, rather than being static.
Matthew Miller
I'm not really fond of that list.
Particularly:
* I don't think these are "levels", but rather some (but not all) aspects of openness.
* I don't see how "may accept contributions" relates to "open community" — I mean, they seem unrelated, not just a framing I would put differently
Matthew Miller
I know the change to source code publishing for RHEL y-streams went over _poorly_, but I'm proud of this:
Red Hat doesn't pull this "open source obligations for you, but none for us!" trick.
There is _nothing_ that gives Red Hat special rights that other organizations or individuals don't get -- if we want special influence, we have to do it by doing the work, just like anyone else.
Matthew Miller
In this latest, they say: "Redis has been sponsoring the bulk of development alongside a dynamic community of developers eager to contribute".
I was just talking to @quaid about this, and he made an excellent point: if your company-sponsored open source project is still 95% company-developed, _you messed up several years ago_.
Lars Marowsky-Brée 😷
@mattdm I concur. We really need the equivalent of a "B Corp/Fairtrade"-equivalent seal (or something else) to reward such "good community citizen" behavior.
*Then* get it into the government procurement standards across the globe. And get ESG/SRI funds to consider this as part of the criteria of the businesses they invest in.
That'll weed out those business models from being hugely successful real quick.
Jason Bowen 🇺🇦
@mattdm
> it's better than the CLA squeeze.
That's a very low bar to clear.
Matthew Miller
Every change to RHEL, with the exception of short-lived branch patches, goes into CentOS Stream (and then future RHEL).
There is plenty to argue about in details (so I won't), but the big picture is that Red Hat's approach funds engineering which all ultimately goes to open source available to everyone (even when the licenses are permissive), and does not require contributors to grant Red Hat any special power.
I don't think it's perfect — but it's better than the CLA squeeze.
Jason Bowen 🇺🇦
@mattdm Please do not trot out Red Hat's very narrow interpretation of the GPL as an example to follow.
Jason Bowen 🇺🇦
@vwbusguy @mattdm I pushed back against the CentOS/RHEL source stuff being a *good* example for other to emulate.
I wouldn't argue that what they did is similar to the other "business license" examples you mentioned, because it's not. RH didn't change any licenses.
No one did anything legally "wrong," and what the others did is worse than what RH did, but, IMO, they all acted in bad faith w.r.t. the FLOSS community.
Scott Williams 🐧
@jbowen @mattdm Matt is right though. You're holding Red Hat to a higher standard than Mongo, Elastic, Hashicorp, and Redis. Comparing the RHEL change to what Hashicorp, Redis, etc did is a false equivalency. I'm saying this as someone who was critical of all of these things.
Shane Curcuru
Sure, but I find "four levels of open" a simple and easy way to explain to newcomers why just the license isn't enough; the word 'open' is already overloaded so 🤷
And it's *possible* that for-profits can manage trademarks for the greater good - it's just much less likely to work well over time. There are few assurances, even with public charity governance restrictions in tax law, but they certainly help greatly.
Shane Curcuru
Iceweasel has zero to do with the ASF, so not a useful example.
"Open brands" is not the perfect word, I agree, since "open" really can't apply to trademarks (well, at least not for long!). But "Open" hints at brand governance for the community itself, not for a single for-profit corporation.
Is there a bigger argument, or just terminology here?
Trademarks can't really be open the same way code is, but they can be managed for the public good, not for profit.
Matthew Miller
> Trademarks can't really be open the same way code is, but they can be managed for the public good, not for profit.
That's exactly my point. I don't think that's related to openness _per se_.
Also, I think that it is possible for entities other than non-profit to mange trademarks in this way.
Shane Curcuru
How so? Or rather: what are you getting at, since I'm not following.
Reference: https://apache.org/foundation/marks/responsibility
Matthew Miller
It's not *bad* — it's just not _open_.
https://apache.org/foundation/marks/faq/#products
(See also the "iceweasel" thing.)
Matthew Miller
"Apache" is another prominent example of non-open trademark control by a non-profit foundation.
Matthew Miller
Also: "adds contributors to become maintainers" doesn't make sense to me. Can you explain what that means and how it relates to governance?
And: a nonprofit foundation could own a brand and use and license it in a non-open way (and indeed, this is common — see Mozilla and LibreOffice). Conversely, a for-profit corporation or government entity could own a brand but have some form of open licensing or governance.
Shane Curcuru
ASF Model: contributors become committers. Committers can get elected to PMC, which then gives them a vote in governance over releases and future committers on that project. I.e. a project that includes new contributors in actual governance. "Maintainers" is an overloaded word, for sure.
And yes: nonprofits can be evil just like for-profits; however it tends in some ways to be harder, since they're not exposed to as many "chase the money" ideas as for-profit usually is.
clacke
@mattdm Who gets to be a maintainer has everything to do with governance. From the C4 governance specification:
> A “Contributor” is a person who wishes to provide a patch, being a set of commits that solve some clearly identified problem.
[ . . . ]
clacke
@mattdm @shanecurcuru Oh right. Yes.
Maintainer in an upstream project and package maintainer in a distro are two very different roles.
Matthew Miller
Thanks — it makes sense using those definitions. (It isn't the definitions we use in Fedora.)
clacke
@witchescauldron Where is that documented?
witchescauldron
Shane Curcuru
Anyone have a list of the many definitions of "maintainer"?
Is there any better place to start looking than here?
Matthew Miller
And I don't think all upstream projects use that exact definition consistently.
clacke
witchescauldron
@clacke @mattdm The is a lot of stuff spread around the web, you can find a home here https://unite.openworlds.info/Open-Media-Network/4opens/wiki this needs someone to do a nicely formatted page, or for a more messy look just click on the hashtag #4opens
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.