This passive approach of libxml2 where the software remains community only is just fine and totally fair, but corporate users can pay up if there's a clear offering. What they actually get doesn't need to be much, but if it does need to be clear. Of course this does change the project into hybrid community/corperate open source but there can be a spectrum there where a lot of time and resources is carved out for the community approach and the corperate sponsors are given just enough to keep them happy. In a way some more corperate focussed Linux distributions are also an example of a hybrid approach really given the two worlds are very much linked.
This is an understated but brilliant framing. Oh I know they won't contribute, users will continue to apply pressure through issue threads saying that their clueless security teams are breathing down their necks. But at least you'd hope this gives pause.
The linked issue is worth a read, it's a shame the burden that corporate leeches like apple and google have placed on him. To them this project is simply free labour they have assumed they are entitled to and by extension are subject to their individual security theatrics.
The bug has no actual example of them making demands, "leeching" or acting entitled.
The security issues would be security issues just the same even if the library was only used by Linux desktops. (And if the library is unfit for use in other operating systems like the author suggests, feels like it probably is equally unfit for use in Gnome.)
ratio = (contributions - demands) : earnings
If you contribute nothing, demand nothing, and earn nothing, carry on. “Nothing” is loosely defined as “near enough to zero in the context of a specific project”.
If you contribute nothing, demand nothing, and earn (DL) a million dollars using it somehow, you’re a leecher. Your U/D ratio is 0.0. That should be an uncomfortable realization. One way to cope with that is to raise your ratio to 0.1. If you make a million dollars of revenue using libcurl, how much are you allocating to donate back?
If you contribute nothing and demand security fixes, then you’re not a leecher — you’re a parasite, because your demands exceed your contributions; your sign bit is still negative even if your ratio is 0.0 or NaN. It has been zero days since this workplace had a maintainer injury due to parasitic behavior.
Leechers are demoralizing when the revenue earned would let the author quit their day job to do more fun work instead. Parasites leave a trail of damaged and dead projects in their wake. libxml2’s maintainer made a policy change that cuts off the food supply for parasites; good. They’ll still burnout someday due to the untreated morale damage being done by the billionaire leechers, though.
If an author accepts contributions and you feel like a leecher, do something about it. If they do not accept contributions (including money) or if the anccepted contributions are incompatible (their code is in COBOL and you only know Rust, they only offer “donate bitcoin”, you’re a broke student funding school with your project) then maybe write them a thank you letter? and revisit this if your or their circumstances change someday.
As a former open source maintainer, I don’t mind it when people leech. That’s chill. Go for it. I don’t have a tip jar because I don’t expect a tip. But I mind when people DL a million dollars of revenue using my work and have a UL:DL ratio of 0.0 with me.
Corporations, formally do not care whether users are hobbyists, leechers, or parasites. Maintainers do. The OSI continues to reject as Open Source any licenses attempting to stop the morale impact of millionaire leechers and the time and effort drained by parasites.
Which is more important to the future of open source: the right to be a leecher or a parasite, or the maintainers that they feed upon?
Nobody should be giving Bezos free work.
And you can tell by the way they move, they do not want to hurt each other- a cartel of toe-owners. Otherwise, what happened to gaming with the steam-deck, could have happened with linux to the desktop world years ago. Especially now, where the owner describing his intent, transfers to scripting glue code.
Sharing the result of collaborative efforts liberally makes sense. Wanting to be able to modify software and redistribute modifications makes sense. Allowing software to evolve in a broader eco-system makes sense.
What isn't seeming to make sense is how OSS software is used commercially and the way that skews the culture and priorities of open source projects. What purpose does the lack of commercial restrictions serve?
No restrictions on commercial use at all seems naive (and perhaps plain ideological) at this point. I used to think that things were too embedded to change but it does feel like a major shift is fermenting and has been for a while.
CaptainFever•4h ago
So like, regardless of the user of the software, one should understand that there really is no warranty, or promise of quality or support from FOSS.
If one (whether it be Debian or Apple) needs a feature, bug fix, or security fix, one can ask for it, but don't expect anything.
The best way is to do it themselves, and share their code if they wish to or are obligated to under the GPL. Or commission a programmer or the maintainer to do it. Or buy a support contract from the maintainer. Or encourage it by doing micropatronage and voting for it.