Our way of dealing with this was delayed open source publication. That led to the FSL [1], and later to bootstrapping the Fair Source initiative [2] to establish an umbrella term that does not conflict with Open Source. What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
I actually still find that surprising. I would like to know whether this is a legitimate concern that two years is not enough, or mostly a perceived one. To me, moving to an Apache 2 or MIT license after a relatively short period is a much stronger statement than a license that risks the project effectively ending if the commercial entity is unwilling to relicense it more openly at the end of its life such as the O'saasy license.
[2]: https://fair.io/
But then again I think this only prevents small players from "competing" by self-hosting, so the revenue loss there would be minimal either way. Large enterprises are too incompetent to even self-host a single self-contained binary, so for those the availability of source code and ease of hosting would make no difference, they would still use the SaaS.
That Sentry is a pain to deploy is not really intentional, it just happened over the years. However because it's a pain to deploy it also opens up a market for people that create managed deployments so I would say, that if anything, it made it worse. For self deployed Sentry you do not need to pay cent, the license explicitly allows it.
Also how does this work with contributor contributions? Does the owning SaaS get the benefit of contributor work instantly while everyone else has to wait 2 years? What about the contributers themselves?
You may want to allow certain uses (self-hosting, etc) even before it transitions to a fully open-source license. Having access to the source code can also help SaaS users debug certain situations.
And yeah, by my reading essentially people can contribute code or publish patches (with just a plain MIT license in principle), just the original and derivatives still can't be used for non-permitted purposes until the timer is up.
That requires trust that the company will do this. The FSL is irrevocable and comes with a future promise.
> Also how does this work with contributor contributions?
The same way as any other thing with a CLA works. If you don't have a CLA, then you have a bit of a mess.
O'Sassy came up recently in one of the forums I lurk in [0], and as discussed there, I tend to agree with Adam Jacob (SystemInit) and others that FSL is definitely one way out but doesn't totally solve the commercialization aspect, because the code & all that IP is still readily available.
Adam, in this talk [1], argues that like RedHat (and unlike Canonical), Open Source businesses must learn to separate source license from distribution license and if they do so, the money is there to be made (in a b2b setting, at least).
> What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
... if the companies conflate Open Source and business models, rather it being merely a Go-To-Market (like open core).
Especially true for dev/infra upstarts competing with incumbents (PostHog v Amplitude; GitLab v GitHub [2]), and lately for AI labs (DeepSeek/Qwen/Llama v GPT/Gemini/Claude). In a role reversal, BigTech also uses Open Source to commodotize its competition's advantages (Android v iOS; k8s v Swarm; Firefox/Chrome v IE) [3].
[0] https://forum.fossunited.org/t/6878
[1] https://www.youtube-nocookie.com/embed/watch?v=rmhYHzJpkuo / Summary: https://gemini.google.com/share/e21cd1bacff6 (mirror: https://archive.vn/Jzhk3)
[2] https://www.heavybit.com/library/video/commercial-open-sourc... / https://archive.vn/jQh27
I think that if you are short on cash, open source is the way to go to get adoption faster. If you have endless money, then there is really no reason to open source it (except edge cases, like shared protocols, libraries, etc...)
Even though it may seem harsh to apache 2.0 the code, no one will steal it since you are maintaing it, essentially paying to keep it on your turf. Reasons for not stealing: 1) Security CVEs and patches. No serious company will use it without these. 2) Bugs, if I take it I will have to fix it. 3) Merging changes. If the source is branched, I will have to get people to move to my project. Otherwise, I will have to employ people just to merge the changes all day. 4) Authority. I would argue that if you do not control the narrative of the project it is essentially similar to abandonware of the project. What would a customer/client prefer more? to use the original product or some copy of it? If you are the Authority that inspire people, they will not go to the competition.
I remember in the past the open source were thought of as communists. I think that we are far from that, and big capitalist companies knows how to profit from open source (even Apache 2.0 and MIT).
But that's evidently not true. Amazon has co-opted plenty of open source projects and put the squeeze on the original maintainer's SaaS offering.
Of course, this is explicitly permitted and even encouraged by FOSS licenses, so calling it "stealing" is quite absurd. But it is also a real problem for a company trying to make money by selling its FOSS software.
Essentially, it's pretty clear that you can't make a successful company out of selling free software. You either create a consulting company and push yourself as the expert on some free software that people want to use (what RedHat did, and to a much lesser degree of success, MySQL) or the free software has to be some enabler for your real business (like Linux is to Amazon, Google, Microsoft, and all of these other cloud companies and most of the internet, or like Java was to Sun).
If that is so the case, what about source available licenses similar to O'saasy.
Do they work?
Because personally, although I love foss, its a compromise and I am willing to make it for some of my projects if it means that I can get enough funding to work on it full time basically.
they (AWS) profitted so hard from redis and elasticsearch that they had to literally change their licenses similar to O'sassy's
and even then people forked redis to create valkey and AWS engineers started working on it
Both redis and elasticsearch got so much backlash because "not open source" when in reality, they were trying to make ends meet but also since it allowed external contributions, people who contributed felt rug pulled
In the end, both of these had to revert switching to AGPL licenses.
Technically I am sure that people are still competing against these servers even with AGPL because it does have freedom 0 but I think that they kind of realized that backlash was very high
My opinion on the matter personally is, I value source code because I can work around it, I can see the code and audit it/ have a peace of mind.
But even now, open source is severely underfunded and I think we should do something about it. We cant really expect developers to write code in any license that you want, its their code and their wish (originally) and I think these are just means where someone wants to open source but he also wants to profit from his creation just enough so that he/she can maybe work full time on it/have more employees working on it and just have it grow better which for the end users does feel better.
AGPL seems like the most battle tested solution here, though.
You'd need a CLA from day 1, but if you have that then you can sell commercial licenses to people who won't meet the criteria for the real license.
So I think it's important to differentiate between open source and free software, here.
Of course I am taking the stance of the company not the users here :) The table have turned, I believe in 2025 the users should insist on using AGPL3 without signing CLA. But again, with enough cash, the code can be recreated with genAI, it is just a matter of resources.
Can it though? Most interesting things (for my values of interesting at least), cannot be re-created with generative AI.
Every time I try to do anything a little bit out of distribution, they fall apart (and they're not great at in-distribution stuff either).
> I believe AGPL3 with CLA is the worst in 2025
I think that you mean best, as with both of these one can sell commercial licenses while remaining open.
Again, from the company's point of view you get both nerd-cred and a viable business (this is what MySQL did, I believe).
You don't get that with BSD/MIT.
On the Rust subreddit you can see people make arguments that can essentially be paraphrased as "Get a real job".
Somehow the people selling primary energy, food and raw materials are allowed to make money, the hardware manufacturers to run the code on are allowed to make money, cloud providers to run code on are allowed to make money, people using your software in their business are allowed to make money and even people who have been hired at a company to submit patches and pull requests to contribute to your project are allowed to make money but you, the original maintainer/developer who kick-started the project and paid the initial investment? Suddenly you're no longer allowed to make money. You're expected to work a "real job" (see list above). You're supposed to spend time not working on the project to earn enough money so you can donate your time and money to work on the project to people who most likely couldn't care less about you and your sacrifice and since it is just plain business sense to minimize costs, you should do the same and stop working on the project.
The strangest part by far is that if you'd you made your code proprietary from the get go, there wouldn't be any complaints about your GPL code not being free enough. It's a surprisingly pro proprietary code stance.
If your SaaS can’t compete on the service part, the software part ain’t gonna make or break you.
No the problem is that it cant compete on the hardware part sometimes
Lets face it even if it something is open source, chances are that the most contributions/time are still spent by the person making it or the saas provider in this industry.
Imagine that someone goes ahead and launches a cheaper version of their saas and people go use that, since that person isnt having his time invested in the software as much as the original person and thus is willing to undercut him because his investment/returns expectations are very minimal whereas for the original saas it can be very high (writing good quality software which costs some developers real time and even real money)
Entitlement is when you expect that OSS contributors must provide you with a warranty or a certain feature you need for your business activity. They are not.
This is an incredibly misleading comparison. The subsequent clause is a complete contradiction, not a subtle clarification.
Oh, your bootstrapped team can’t simultaneously develop from scratch and support the new open source software project AND outcompete a multi-billion dollar business who decided to offer your service as a below-cost addon to their offering used by millions of people on day one? Tough luck, greedy bastard, you should have stayed in your cubicle.
Or maybe an analogy closer to home (Anduril notwithstanding) would be cryptography code. New ideas are cheap compared to code that has been to hell and back in the wild and remained unbroken.
(I assume this license is novel and untested. I’ve not heard of it before. Happy to hear otherwise, of course.)
Making software is getting cheaper, so this kind of license would not protect against someone reverse-engineering the SaaS tool in a week. It is better to be abstracted away from those type of things IMHO
This is not a "real" (i.e. GAAP or accounting standards) metric, so that would seem like a bad idea.
The trouble is that lots of even the accounting metrics are gameable, but a comptent auditor(s) probably won't let the metric divulge too much from "reality" (i.e. conformance with accounting standards).
Not exploiters unless they are breaching OSS licenses. Why do you think Cursor exists? The forked and made VS code their own. Why is it exploiting when Amazon or MS is doing the same? Am nowhere close a fan of these corps but we need to be very clear when throwing words around like exploiters.
All the LLMs are probably breaching the OSS license though. We don't care about that cos we need it. How can we complain about something we use daily eh?
They will find a way of gaming the metric.
For example, they run the software through a subsidiary that makes $900m ARR.
dontdoxxme•8h ago
It’s also vague as, what if I run a VPS provider and someone can upload images to a marketplace like thing, does that count as SaaS? How about if someone’s only use of my services is to run that image?
Steer clear unless you want to open yourself up to the copyright owners opinion changing. (See for example the pine email client and the copyright discussions there.)
jrowen•7h ago
This strikes me as somewhat contrived. Like yeah, if you're gonna do some weird button-pushing thing, it's not worth it, steer clear, keep this product off your platform, easy. Is a piece of software really only of value to the open source community if any kind of unscrupulous use of it is allowed?
There's a million ways to get value out of source code that don't involve pushing the envelope. I've accepted every EULA ever without reading and never once worried I would get in trouble with any of them, it's generally pretty easy if you're not trying to invent ways to do so.
jchw•7h ago
It's not even open source in the first place if any kind of unscrupulous use of it is disallowed, as that would be discriminating on use case. It ultimately doesn't matter much to the open source community, as it effectively can't be used in otherwise open source projects, as the result wouldn't be open source and it is going to be license-incompatible with many projects anyways.
That said, I find it preposterous to accept this notion even ignoring that point. You shouldn't have to take it on faith that what you're doing is allowed by the copyright license—the whole point of the license is to make that clear. Everybody always shrugs off the risk of a malicious owner until Oracle acquires their dependencies.
jrowen•7h ago
jchw•1h ago
But anyway, my problem with a license like this is indeed the existence of gray areas. Open source licenses are in some ways clever attempts to make a social contract into a legal obligation. It isn't perfect, but the side effect is that you don't have to take it on faith that people will follow it: people can be sued for violating it, and depending on how that Vizio case goes, it's not just the copyright holders who are eligible.
But that's a two way street. In return, I shouldn't have to take in on faith that my use case is legal according to the copyright license: it should be clear as day with no room for interpretation. If it's not, then my best hope is to simply never get sued. That is not good. Hope is not a strategy here, not for individuals and not for corporate users.
Business/"fair" licenses seem to offer a good compromise, but it's a mirage: the software still has to be treated a bit like toxic waste in Linux packaging, won't be compatible with strong copyleft licenses, and ultimately, presents an uneven playing field for contributors.
There isn't much to be excited about from a hacking PoV.
With projects like these, you're probably already going to be submitting your code under an unconditional CLA, which essentially forfeits your rights as a contributor, then if it's this license, you also are giving the original copyright owner more rights to use your contribution than you even have.
I don't think this is a good or healthy status quo at all.
The only upside of this is that it protects someone's business model from competition. Well good for them.
But making the license look like MIT is just a bit of cosplay, yet another attempt to try to push something as being open source when it's not. This cognitive dissonance can't go unnoticed; it really does trick people if they don't fully think through the consequences. You're better off going with a license that makes no attempt to pass itself off as open source.