> We form companies centered around open source software projects with commercial applications. Rather than founders pitching us for investments, OCV identifies open source projects with traction and potential and seeks out builders and technologists to launch our ideas. OCV Fund I invests the personal capital of Sid Sijbrandij who serves as the General Partner of the firm.
So, this company takes the hard work of creator(s) who have been generous with their licensing terms, and in the name of "preventing them from using a more restrictive license" tries curtails their business opportunities by offering a legal structure with more favorable terms to end-users, thereby destroying the innovator's chance to make money off their invention.
To me, it seems like, if it offers no business opportunities, then people just won't offer innovations using permissive licenses for open core in the first place? If I'm going to give money to someone, I'd prefer it to be the innovator.
> To me, it seems like, if it offers no business opportunities, then people just won't offer innovations using permissive licenses for open core in the first place
I consider this a far better scenario than the current bait-and-switch culture.
The Free Software (and Open Source) community has put a lot of effort and volunteering work into constructing its world and gaining its reputation - based on putting the needs of the users first. Now a for-profit organization comes around, and wants to get all the credit for being "open source" without actually being open source?
They're poseurs. I'd say good riddance to them. Innovation is not a goal by itself - the purpose of innovation is to benefit people in general.
> Innovation is not a goal by itself - the purpose of innovation is to benefit people in general.
Which is already happening under permissive licenses.
> Innovation is not a goal by itself
I'm having trouble understanding this point of view. You have enough interest in this software to debate it, while not caring at all whether software continues to be made?
> Which is already happening under permissive licenses.
Sure, nobody claimed otherwise.
But putting "innovation" as an ideal is a red herring, designed to misdirect attention from the fact that "innovation" in proprietary technologies in general does not benefit the general population, and in some cases even stifles their freedom. Innovation, in order to be a worthy goal for a society, must serve the society in its whole, not just a couple of businessmen.
> You have enough interest in this software to debate it, while not caring at all whether software continues to be made?
I care about whether software continues to be made, but that's beyond the point, since the Free Software has succeeded in being developed even without support from for-profit companies (and sometimes even despite their sabotage - remember "Linux is a cancer"?).
Implying that software will somehow "not be made" without for-profit corporations employing programmers for peanuts is an old and tired argument, proven false by the very existence and triumph of the GNU system over most commercial systems.
> Implying that software will somehow "not be made" without for-profit corporations employing programmers for peanuts is an old and tired argument, proven false by the very existence and triumph of the GNU system over most commercial systems.
I'm saying that certain classes of open source software won't be created, and you're building a straw man to pretend I'm saying that no open source software will be created. Your argument here seems disingenuous.
> I'm having trouble understanding this point of view. You have enough interest in this software to debate it, while not caring at all whether software continues to be made?
This question is implying that, if I do not consider an innovation a goal by itself - and therefore don't consider open-core "good", morally speaking - then I don't care whether software continues to be made. The phrase "continues to be made" is all-or-nothing - software can either continue to be made, or not continue to be made, i.e. disappear. So:
> I'm saying that certain classes of open source software won't be created
It is certainly not what you said, as per above explanation. Perhaps it's what you intended to say, in which case please feel free to express your thoughts more precisely, so we can continue from there.
You could always say no. In general, copyleft has always prioritized freedom for the users over freedom for the developers and clearly this new initiative is based on that same philosophy.
How much more freedom than a permissive license does anyone need?
The term rug-pull is wildly misleading.
Let's describe the problem this is setting out to solve better--end users who have gotten something for free are upset that they no longer will continue getting updated somethings for free.
The old open source versions are still out there. If they want to use it, they can fork off.
Let's describe the problem this is setting out to solve better--end users who have gotten something for free are upset that they no longer will continue getting updated somethings for free.
Something for free? That had never been the point of FOSS. The developers are not obliged to provide free update to users.
The old open source versions are still out there. If they want to use it, they can fork off.
Of course, if the users have the relevant expertise/money. In reality, there's always limitations.
Disclaimer: I’ve been paid to write and do experiments/devrel for OCV and portfolio companies in the past
People seem to be complaining about the business model here, but that can be tweaked or changed literally at will (and by negotiation for maintainers). As for intent, at this point I don’t think it makes sense to consider Sid’s intent nefarious —- look at how Gitlab is run.
Speaking of the disclaimer, we tried to lay out the reasoning and background on how people make money in open source:
On the spectrum of how people make money with open source, open core with investment has been proven to work and produce large sustainable companies that can compete with VC backed closed source (I say this as someone who has benefitted from Gitlab’s free tier massively).
There’s a trade off here. What number should the investor get, and what number should the maintainers get? How we get to an equitable number (pun intended) is discourse and negotiation.
Open source is unsustainable right now —- Github Sponsors will not save the maintainers with software used by Fortune 500s expecting business level support. That shouldn’t be the situation, but it is.
At the very least, the open core model encourages maintainers of F/OSS software to do enough business to help themselves, while spending some of Sid’s money.
We need F/OSS maintainers that know how to business, just like the beautiful conception of F/OSS by nerds that knew how to lawyer.
> Open source is unsustainable right now —- Github Sponsors will not save the maintainers with software used by Fortune 500s expecting business level support. That shouldn’t be the situation, but it is.
I was actually thinking along exactly these lines this morning.
That's why I was disappointed in particular because of who's name was on it, because to me it reads poorly. That's why my reaction was so visceral. I'm glad to hear that in actuality it has really been benefiting those OSS maintainers, but I stand by at least my suggestion that some of the explainer/marketing copy on that site needs to change. It in my honest opinion does not read to the same level of positivity that you or lbotos below put it to.
> I was actually thinking along exactly these lines this morning.
Oh here’s another thought, what if Github (Microsoft) started doing this as well. That actually seems less and less of a stretch the more I think about it.
Certain former C level execs of Github are rolling around free these days…
> That's why I was disappointed in particular because of who's name was on it, because to me it reads poorly. That's why my reaction was so visceral. I'm glad to hear that in actuality it has really been benefiting those OSS maintainers, but I stand by at least my suggestion that some of the explainer/marketing copy on that site needs to change. It in my honest opinion does not read to the same level of positivity that you or lbotos below put it to.
Thanks for pointing this out this gap. Even the chance to prevent causing this kind of reaction is massive.
I positive it’s a writing/conveyance problem , but I can only think this because of my direct dealings with OCV. Just a bit of tweaking on this page and a better layout of the vision is probably whats needed.
I mean I’m not even the person who should be commenting — the voices that need to be heard are maintainers that made the choice to trust OCV. They’re on disparate timezones but hopefully more chime in.
> Open source is unsustainable right now —- Github Sponsors will not save the maintainers with software used by Fortune 500s expecting business level support.
If Fortune 500 companies are expecting "business level support" from FLOSS maintainers and developers, they should be paying for that. This is how things have always worked. GitHub Sponsors is neither here nor there; its purpose, as with any crowdfunding, is to help everyone else fund development of FLOSS.
> at this point I don’t think it makes sense to consider Sid’s intent nefarious
Why not? He's spouting a bunch of ridiculous bullshit about licensing without any consensus among people who are experts in licensing and ethical questions and business questions, eg: the FSF, the OSI licensing list, the FSFE Legal Network, and all so he can make money. Looks nefarious enough to me, at least if you believe in free software.
Edit: HN won't let me post. Heather Meeker wrote the SSPL for MongoDB, then she helped write this which is all about protecting against the SSPL. If you cite a person as the licensing expert for credibility when the thing is completely contradictory to what that person has written in the past should result in loss of credibility, not gaining it. She's a lawyer for her client, wrapping up their chosen business model in novel legal bullshit to help sell it.
> Why not? He's spouting a bunch of ridiculous bullshit about licensing without bothering to ask or cite the opinion of people who are experts in licensing and ethical questions and business questions, eg: the FSF, the OSI licensing list, the FSFE Legal Network, and all so he can make money. Looks pretty nefarious to me.
This is quite the spicy comment -- I'm not a licensing expert (note that there was a licensing specialist involved) so I can't speak to OCV's interpretation of licenses, but which idea is the ridiculous bullshit? The PBC charter? The idea that preventing changing license being good? Do you think OCV is making deals that exploit maintainers?
This isn't a particularly new business model, so I figure it's not there -- people like/dislike open core, but I don't think people go as far as to call it nefarious.
Is the primary concern that the other organizations weren't contacted?
> and all so he can make money. Looks pretty nefarious to me.
Is the idea here that he'll make money somehow from people choosing to start public benefit corporations? Or from a lot of maintainers choosing to take his investment?
This does not seem like a "nefarious" (generally defined as "extremely wicked") thing -- what should it look like to be not nefarious?
> Edit: HN won't let me post. Heather Meeker wrote the SSPL for MongoDB, then she helped write this which is all about protecting against the SSPL. If you cite a person as the licensing expert for credibility when the thing is completely contradictory to what that person has written in the past should result in loss of credibility, not gaining it.
Thanks for noting this, I did not know this.
That said, I don’t think that’s an indicator that the ideas or legal stuff in the article cannot be trusted.
Unless your claim is that it’s been backdoored somehow, what people have done in the past (or who they worked for) is not the sole indicator of their intentions.
I would love to see your line of questioning put to her though.
Mongo choosing to go the SSPL route was Mongo’s decision.
> She's a lawyer for her client, wrapping up their chosen business model in novel legal bullshit to help sell it.
Lawyers work for their clients and so do programmers. It’s perfectly reasonable to do closed source work and also work on open source.
Are you implying that she’s
Not everyone is Stallman, and that’s OK as long as there are enough Stallmans.
“Wrapping up their business model in novel legal bullshit” is exactly what made copyleft work.
Would you mind stating the parts of the biz model you hate? Is it just that you’d prefer if companies chose a straight dual-license approach for example(or something else)? Or a foundation?
FTA quoting an expert in licensing: "It’s important not to orphan a community codebase,” said open source software licensing specialist Heather Meeker, General Partner at OSS Capital. “It can be hard to define what that means, but it’s disruptive to withdraw code from a public repository and then change the license. The challenge is to ensure a commitment to the community as ownership interests change over time. You need protective provisions, so companies don’t abandon their open source roots.”
"At OCV, we start and invest in open core companies. We identify open source projects with traction and recruit CTO/CEOs to build a commercial application and company around it. Our vision is that open core will eventually replace proprietary software as the default. Preventing a “bait and switch” from open source to proprietary is central to our model. It is for this reason we think open source is more than a license—it’s the base of all software companies."
I was with it until this, big oof. How about contact the maintainers and try to interest them in this arrangement?
Also looking at their operating model, fuck that. There are more favorable arrangements to be had. YC is one of them. If you're going to build a company you should definitely capture more of the upside.
"The operating team" <-- notable lack of the word owner.
This makes me even more unlikely to open source ANY of my work now, especially with this type of predatory bs running around. I'd rather make the money from my work thanks.
I'd expect a better, less predatory, model from the CEO of GitLab.
That's good to see. He may want to change the wording then. It comes off much more of recruiting around the maintainers. I'd be curious what happens if they say no. But so far from what you just posted, the actions seem to speak more charitably than I read it.
The entire thing read to me like a typical venture studio model that will wind up screwing OSS maintainers out of the value they have created. I'd really consider reworking the marketing copy.
I was super disappointed to see it from the CEO of GitLab because generally speaking I love your product and because I think you guys have been THE model for how to properly monetize open core while walking a good line for the open source part.
Disclaimer: Cofounder/CEO of Ahana here, which provides a managed service of open source PrestoDB for fast, reliable SQL Lakehouses and analytics.
I wanted to add nuance to the conversation: While most open source projects these days are licensed with Apache 2.0, there are two categories that projects fall into: community-controlled and vendor-controlled. The difference is the control. If a project is governed by a gold-standard hosting organization like the Linux Foundation and have organizationally diverse committers, then it's community controlled and open forever. However if the project is mostly owned by one company then it's easy to move to a non-compete license. For example, Linux Foundation hosts Presto and the license cannot be changed to a non-compete. This is guaranteed by the Linux Foundation charter. The fork of Presto (named Trino) however, turned into a company controlled open source project. In my experience, the distinctions between open forever vs. possibly more closed with a non-competitive license tends to be overlooked in choosing which to use.
I commend Sid on his efforts to keep open source, open forever. Donating your project to Linux Foundation like Facebook/Meta did with Presto is one path to achieving that, this new approach is another. Bravo!
SugarCRM, CFEngine2/3, Chef, Heroku, grsec, Tripwire, ... there are countless examples in the dustbin of history who ceased giving back, rested on their laurels, and became FOSS-washed commercial ventures who faded into the past.
Docker maybe next given the way they're going.
Provide value at a constant rate to things rather than bait to gain users and switch to exploiting them.
The same could be said for too-good-to-be-true pricing.
If a project needs to lock-up code and service to survive OR large companies use it widely without supporting it monetarily or with fixes, then maybe it shouldn't be open source to begin with?
OTOH, if you don't want anyone to use your software and if you want to stay poor, use a radioactive license like AGPL.
> OTOH, if you don't want anyone to use your software and if you want to stay poor, use a radioactive license like AGPL
Lol, business HN look on the AGPL is truly funny,
Because its made to stop people from using the code without contributing, which is exactly what you want to do.
Also the biggest on-prem cloud system Nextcloud is under the AGPL, which has its own commercial company Nextcloud GmbH.
I am always amused when people complain about the restriction not to be a d**k.
Every time you see someone call something like AGPL something like radioactive, you just saw someone out themselves as a theif.
Copyleft: "You can have this for free. You can use it for personal use, you can use it for making mony, you can even redistribute it, you can even sell copies of it itself! The only things you can't do are deny access to that which you were given for free from the next guy, or scrub the existing credits to pretend you wrote it."
What you wrote matches the MIT license, not the AGPL, say.
With AGPL, users have to immediately give away derivative works, and there are many business circumstances when that won't do. Hence dual licensing by the vendor - but alas dual licensing sets up the possibility of bait and switch, or can.
Those are the terms. If you can't tolerate having to re-share that which you were given, then great news, you don't have to. You can write your own software or buy software that has some other license.
Derivative works are just a form of giving the next guy that which you were given. It's not stealing anything from you even though the derivative is more than the origi al. It's only "radioactive" if what you wish to do is take and enjoy and profit from without paying back or forward in the same manner which you benefitted from, which implies more than merely the MIT style original still existing out there somewhere.
It's only radioactive to someone who wants to steal. It's incompatible or unusable in a purely traditional commercial business model, but that isn't "radioactive" any more than a commercial library is "radioactive" if you don't want to pay it's fee. It just means the terms aren't a fit for what you want to do, but they are not in any way bad or unreasonable terms.
Those are not the terms of the AGPL, etc - the terms you actually cited fit MIT, instead.
In any case, you're happy about leaving most businesses out - but that limits how much open source there is out there, and the quality. It forces, again and again, billions of dollars and scarce programming resources to be spent recreating software under one license to be replicated under, say, MIT. Witness the Android libraries replacing GNU libraries, Chromium replacing Webkit, and on and on and on. Absurdly wasteful, and in the end you get at least as much freeloading, which is the theft you're worrying about. That's what you're being happy about.
Copyleft is a genius idea, a wonderful idea (without the patent grab) but it can't fit all cases. A law that restricted code copyrights to four years (and forced code to be revealed or put into escrow) would perhaps be a better solution.
> Those are not the terms of the AGPL, etc - the terms you actually cited fit MIT, instead.
No they dont.
MIT doesn't make sure that derived works are still FOSS, which is why it's one of the most favorite licenses for companies.
> In any case, you're happy about leaving most businesses out - but that limits how much open source there is out there, and the quality. It forces, again and again, billions of dollars and scarce programming resources to be spent recreating software under one license to be replicated under, say, MIT. Witness the Android libraries replacing GNU libraries, Chromium replacing Webkit, and on and on and on. Absurdly wasteful, and in the end you get at least as much freeloading, which is the theft you're worrying about. That's what you're being happy about.
Yes, that's great.
Its Googles problem that they wanted to create a closed source version from Android.
No body forced them to do that.
They 'wasted' billion of dollars just to avoid giving back.
You might say the Android is still open source so google has given back.
Partially, because full android has many features and many DRM services that aren't included in AOSP.
What you said earlier doesn't imply anything about derived works; just that the original goes on: "The only things you can't do are deny access to that which you were given for free from the next guy, or scrub the existing credits to pretend you wrote it." Now you're saying you can't keep private what you added, which is a change.
Google paid billions for the duplicated Nix library and then gave it away under a more permissive license. (That can't be said of all of Android, we agree, but I didn't mention all of Android.) You can't give everything to competitors all the time in business, in every circumstance.
IANAL and would love to be corrected, but the chart in this article may confuse many.
Permissive licenses cannot be relicensed any easier than non-permissive licenses. Permissive licenses can be incorporated into larger works with minimal consequences, whereas with AGPL, the consequence is that the rest of the software must be AGPL. Arguably incorporating permissive licensed code into a closed source work is a form of open core, which is what this site is advocating for!
Only the copyright holder can relicense the software. A CLA is often used to assign the copyright of any contribution to the company operating the open source project. This ensures the company can relicense the project, regardless of the current license of the code. A DCO is an extra acknowledgement by the developer about their contribution, but does not change the copyright assignment, and thus has no effect on relicensing.
I don't believe this is true: the MIT license requires maintaining the MIT license disclaimer in the derived work. AFAICT, you cannot actually relicense MIT code (unless you hold the copyright). You can create a new derived work that contains it, and distribute that work as a whole with a new license, but the MIT code portion of that work will always maintain its license and require distributing the MIT license disclaimer.
With that being said, for the purposes of the article we are discussing, this distinction may not be meaningful because one can still take an MIT code base proprietary even if the original code doesn't actually get re-licensed.
I read that and thought: this is ridiculous. First of all, assigning copyright to FSF or SFC is way way better protection. Also DCO has nothing to do with protecting, the protection is from "inbound = outbound" contributions are under the same license as the project, this is the standard. A DCO is just something a few Linux Foundation lawyers dreamed up in order to help give companies faith in using Linux and is basically irrelevant. More info https://www.fsf.org/blogs/licensing/FSF-copyright-handling .
Inbound = outbound was the standard in the 1990s but CLAs and such have risen since then. I assume most COSS companies are using CLAs or full copyright assignment.
The current system is broken. I don't think I agree with everything in the post, but I'm excited to see movement in this space given that this is a space I spend a lot of time thinking about. (I'll expand on that below)
Even if I disagree with parts of this, this is still one of the most interesting things that I've read around OSS licensing in a minute! Having actual VC money behind this movement is awesome.
For context: I run an Open Source company that's YC + VC-backed. We use a hybrid of Apache and Business Source License (BSL, a "non-compete" license that converts to Apache in 2-3 years). Our license file[0] has context about my thought process around this, but I still am not totally happy with it. (BSL isn't an "OSI-Compatible" license, but feels like the "best compromise" license out there currently.)
To come to that conclusion, I've read both Heather Meeker's book, "Open (Source) for Business"[1], multiple times now and I've also blogged about this topic[2] before. (She helped write the BSL license.)
All of that is to say, it's complicated and there are some perverse incentives that can prevent you from always "doing the right thing".
Problem #1: You lose control. You may begin with Apache but, as OP states, you eventually end up with the incentive to "rug pull" by switching the license because of market forces/VC influence. (I'm the founder of my company and I would resist it, but eventually our investors might control the board and make that happen anyway by firing me.)
Problem #2: The hardest part of building a company is getting traction. Just getting anybody to care about you takes a ton of effort and having a permissive license makes it way easier to get that early adoption. And, by the time you have adoption and you decide to go raise VC money, you now end up with Problem #1.
Problem #3: If you start with a copyleft license like GPL/AGPL then you make Problem #2 (adoption) harder. Many companies simply won't use your software if you're using a copyleft license (like Google). (Linux is a notable exception here, while companies like MongoDB switched from AGPL. It's crazy.)
We are using BSL because it feels like the best compromise (it becomes Apache 2.0 eventually). I do still think a lot about switching to Apache though. I just really hate the idea of "rug pulling" and I'd rather be honest from the beginning with a license like BSL, even if it is more difficult to get that initial momentum.
Does anybody else have thoughts to share about this?
I had separately come to the conclusion some years ago that what I privately termed a "lag-license" (eventually goes to open source) is probably the right solution. I thought maybe four years.
To my mind, the essential problem is that code "copyrights" (copyright is really for artistic value) ought to have been for maybe four years, not more than a century, to begin with. The government hasn't done this (AOC, are you listening?) so business is fumbling toward the optimal solution, slowly.
But I had been thinking of a delayed release with a very permissive license such as MIT (duplicating the change in law I'd like to see.) But in that case, I wondered, should one have a clause that insists that derived works also go into the public domain after a lag? I.E. be lagged licensed as well. Only that creates the same situation as a law providing four years of copyright protection.
Releasing to Apace 2.0, as you do, addresses that, but might scare off some businesses.
Re release to MIT, I can see allowing code to be put in Escrow (Trust in other legal systems) rather than exposed immediately.
I do also wonder however if there's a case to allow companies to hold onto code that reveals, or reveals information about, trade secrets. Which likely doesn't apply in your case. But likely such information could be finagled into a data file rather than code.
> Does anybody else have thoughts to share about this?
Yes, a couple.
1. Put your software into a foundation before you take VC money. This will force you to adopt a business model that does not depend on establishing what amounts to a proprietary monopoly on the software. It may also reduce your valuation in the eyes of many VCs.
2. Use a different funding model. Revenue-based financing [0] is a good alternative for any business that has ARR. It works well for rapidly growing SaaS businesses. You will pay credit card levels of interest but you keep control of the company which means that you can do what you want.
I'm not saying that either of these options is easy. Both oblige you to figure out how to operate profitably or close to it from the start. That's hard to impossible for capital-intensive businesses. But it is far easier to be virtuous with respect to licenses if you are making money.
My company currently uses revenue-based financing.
> We’re launching our first OPBC company, Authentik Security, in November. Authentik Security is a cyber security company that provides identity management solutions around single-sign-on, user enrollment, and other access control features.
> We form companies centered around open source software projects with commercial applications. Rather than founders pitching us for investments, OCV identifies open source projects with traction and potential and seeks out builders and technologists to launch our ideas. OCV Fund I invests the personal capital of Sid Sijbrandij who serves as the General Partner of the firm.
So, this company takes the hard work of creator(s) who have been generous with their licensing terms, and in the name of "preventing them from using a more restrictive license" tries curtails their business opportunities by offering a legal structure with more favorable terms to end-users, thereby destroying the innovator's chance to make money off their invention.
To me, it seems like, if it offers no business opportunities, then people just won't offer innovations using permissive licenses for open core in the first place? If I'm going to give money to someone, I'd prefer it to be the innovator.