TECH

Some startups are going ‘fair source’ to avoid the pitfalls of open source licensing

With the perennial tensions between proprietary and open source software (OSS) unlikely to end anytime soon, a $3 billion startup is throwing its weight behind a new licensing paradigm — one that’s designed to bridge the open and proprietary worlds, replete with new definition, terminology, and governance model.

Developer software company Sentry recently introduced a new license category dubbed “fair source.” Sentry is an initial adopter, as are some half dozen others, including GitButler, a developer tooling company from one of GitHub’s founders

The fair source concept is designed to help companies align themselves with the “open” software development sphere, without encroaching into existing licensing landscapes, be that open source, open core, or source-available, and while avoiding any negative associations that exist with “proprietary.”

However, fair source is also a response to the growing sense that open source isn’t working out commercially.

“Open source isn’t a business model — open source is a distribution model, it’s a software development model, primarily,” Chad Whitacre, Sentry’s head of open source, told TechCrunch. “And in fact, it places severe limits on what business models are available, because of the licensing terms.”

Sure, there are hugely successful open source projects, but they are generally components of larger proprietary products. Businesses that have flown the open source flag have mostly retreated to protect their hard work, moving either from fully permissive to a more restrictive “copyleft” license, as the likes of Element did last year and Grafana before it, or ditched open source altogether as HashiCorp did with Terraform.

“Most of the world’s software is still closed source,” Whitacre added. “Kubernetes is open source, but Google Search is closed. React is open source, but Facebook Newsfeed is closed. With fair source, we’re carving a space for companies to safely share not just these lower-level infrastructure components, but share access to their core product.”

Sentry's head of open source Chad Whitacre
Sentry’s head of open source Chad Whitacre.
Image Credits: Sentry

Fair play

Sentry, an app performance monitoring platform that helps companies such as Microsoft and Disney detect and diagnose buggy software, was initially available under a permissive BSD 3-Clause open source license. But in 2019, the product transitioned to a business source license (BUSL), a more restrictive source-available license initially created by MariaDB. This move was to counter what co-founder and CTO David Cramer called “funded businesses plagiarizing or copying our work to directly compete with Sentry.”

Fast forward to last August, and Sentry announced that it was making a recently acquired developer tool called Codecov “open source.” This was to the chagrin of many, who questioned whether the company could really call it “open source” given that it was being released under BUSL — a license that isn’t compatible with the Open Source Initiative’s (OSI) definition of “open source.”

Cramer swiftly issued an apology, of sorts, explaining that while it had erroneously used the descriptor, the BUSL license adheres to the spirit of what many open source licenses are about: Users can self-host and modify the code without paying the creator a dime. They just can’t commercialize the product as a competing service.

But the fact is, BUSL isn’t open source.

“We sort of stuck our foot in it, stirred the hornet’s next,” Whitacre said. “But it was during the debate that followed where we realized that we need a new term. Because we’re not proprietary; and clearly, the community does not accept that we’re open source. And we’re not open core, either.”

Those who follow the open source world know that terminology is everything, and Sentry is far from the first company to fall in its (mis)use of the established nomenclature. Nonetheless, the episode sparked Adam Jacob, CEO and co-founder of DevOps startup System Initiative, to challenge someone to develop a brand and manifesto to cover the type of licenses that Sentry wanted to align itself with — similar to what the OSI has been doing for the past quarter century with open source, but with a more commercially attractive gradient.

And that was what led Sentry to fair source.

For now, the main recommended fair source license is the Functional Source License (FSL), which Sentry itself launched last year as a simpler alternative to BUSL. However, BUSL itself has also now been designated fair source, as has another new Sentry-created license called the Fair Core License (FCL), both of which are included to support the needs of different projects.

Companies are welcome to submit their own license for consideration, though all fair source licenses should have three core stipulations: It [the code] should be publicly available to read; allow third parties to use, modify, and redistribute with “minimal restrictions“; and have a delayed open source publication (DOSP) stipulation, meaning it converts to a true open source license after a predefined period of time. With Sentry’s FSL license, that period is two years; for BUSL, the default period is four years.

The concept of “delaying” publication of source code under a true open source license is a key defining element of a fair source license, separating it from other models such as open core. The DOSP protects a company’s commercial interests in the short term, before the code becomes fully open source.

However, a definition that uses vague subjectives such as “minimal restrictions” can surely cause problems. What is meant by that, exactly, and what kinds of restrictions are acceptable?

“We just launched this a month ago — this is a long play,” Whitacre said. “Open source [the OSI definition] has been around for 25-plus years. So some of this is open for conversation; we want to see what emerges and pin it down over time.”

The flagship fair source license follows a similar path to that of “source available” licenses before it, insofar as it has noncompete stipulations that prohibit commercial use in competing products. This includes any product that offers “the same or substantially similar functionality” as the original software. And this is one of the core problems of such licenses, according to Thierry Carrez, general manager at the Open Infrastructure Foundation and board member at the Open Source Initiative: Much is open to interpretation and can be “legally fuzzy.”

“Fair source licenses are not open source licenses because the freedoms they grant do not apply to everyone; they discriminate based on legally fuzzy noncompete rules,” Carrez said. “So, widespread adoption of those licenses would not only create legal uncertainty, it would also significantly reduce innovation going forward.”

Moreover, Carrez added that there is nothing preventing the terms in fair source licenses from changing in the future, highlighting the problem of a license controlled by a single entity.

“There are two approaches to software development: You can have a proprietary approach, with a single entity producing the software and monetizing it; or you can have a commons approach, where an open ecosystem gathers around producing software and sharing the benefits of it,” Carrez said. “In the proprietary approach, nothing prevents the single copyright-holder from changing the terms of the deal going forward. So the exact terms of the license they happen to currently use do not matter as much as the trust you put in those companies to not change them.”

In many ways, fair source is simply an exercise in branding — one that allows companies to cherry-pick parts of an established open source ethos that they cherish, while getting to avoid calling themselves “proprietary” or some other variant.

Amanda Brock, CEO of U.K. open source advocacy body OpenUK, said that while it’s “great to see people simply being honest that [their software] is not open source,” she suggested that this new category of license might just complicate matters — particularly as there are already well-established names for this kind of software.

“We must shift thinking to consider three categories of software not two; OpenUK has been advocating for some time that we do this,” Brock told TechCrunch. “Within open source, we call the category that is proprietary with source that is public, as ‘source available’ or ‘public source.’ It is any code that makes [the] source [code] available, and which is distributed on a license that does not meet the open source definition.”

Git commit

Scott Chacon
Scott Chacon
Image Credits: Scott Chacon (opens in a new window)

Scott Chacon, who lays claim to being one of GitHub’s four founders and served as its chief information officer before his departure in 2016, launched a new Git-focused startup called GitButler at the start of 2023. He went through a whole gamut of licensing considerations, including fully proprietary, before settling on FSL and publicly proclaiming his support of the fair source movement.

“We are still somewhat unsure what our final business model will be, exactly, and want to retain our options,” Chacon told TechCrunch. “We know that if a company releases under an OSS license and then needs to relicense under something more restrictive in order to make their business work, there is an understandable outcry from the community.”

And that gets to the crux of the issue for many businesses today. Sure, everyone loves open source, but with all the backpedaling, startups today are hesitant to go all in and then risk the ire of the global community by having to change course.

“We liked the fact that it [BUSL / FSL-style license] is eventually open source, under an MIT license, but it gives us some air cover while we’re investing so heavily in it,” Chacon said. “We want to be able to protect our employees and our investors while giving our users as much access and freedom as possible.”

GitHub is actually a good jumping-off point for discussing the fair source movement. The Microsoft-owned code-hosting platform is central to open source software, and GitHub has open-sourced several of its own internal tools through the years. However, GitHub itself isn’t open source. Former GitHub CEO Tom Preston-Werner wrote about this very matter back in 2011, waxing lyrical about the virtues of open source while describing things that should be kept back. “Don’t open source anything that represents core business value,” he wrote.

And it’s this approach that Chacon is taking into his latest venture.

“My philosophy is to open source everything that you don’t mind, or even prefer, for your competitors to use,” he said. “I think that if fair source was a thing 15 years ago, we may have made the GitHub source public then under a license like that.”

Other businesses to join the early fair source fervor include YC-alum CodeCrafters; PowerSync; Ptah.sh; and Keygen, whose founder Zeke Gabrielse is actually partnering with Whitacre to handle governance around new fair source applications.

“Our governance at this point is scaled to the size of the initiative, so it’s myself and Zeke, our decision-making is public on GitHub, and anybody’s free to jump in,” Whitacre said, adding that there could be scope to set up independent oversight in the future — though it’s not a priority right now.

“We’re really just planting the seed, and seeing where it goes,” Whitacre said. “It’s a long play, so we’ll evolve the structure along the movement.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *