
Sourcegraph: self-hosted Git service with semantic code navigation/search/review - sqs
https://src.sourcegraph.com/sourcegraph@b1af2ab4761618930f6f7e44eb775e08fac3f38e/.tree/README.md
======
Titanous
This looks neat, but the license is fatal. It is not "just like an open-source
license."

First, what is a "user"? It is not defined anywhere in the license.

I did not look at the source code, because of the potential IP issues. What
would happen if you looked at the source code and then later worked on another
open source project and implemented a bit of code that looks similar? The
worst case scenario if you did this and the "upstream" was open source is that
you'd have to do a bit of re-licensing, the worst case scenario here is that
every user of the "downstream" project gets sued by SourceGraph.

Asking for contributions is also problematic, as you're asking for employers
to authorize free contributions including a blanket license and patent grant
to a proprietary commercial project. And even after that the contributor
doesn't have the right to freely use and distribute the software they
modified.

I'm all for publishing source code of proprietary projects, but dressing it up
as an open source project is not great. I'd suggest adding a license clickwall
to avoid accidental IP contamination.

~~~
jrpt
Accepting contributions with a license like this is a solved problem. You just
require the contributors to sign a contributor license agreement. In case the
contributor is working somewhere, you also have them sign a corporate
contributor license agreement. This is the same process used by companies like
Gitlab.

They aren't claiming to be open source. It's similar in certain ways to open
source, but different.

~~~
dragonwriter
> They aren't claiming to be open source.

They are claiming to be essentially identical for small organizations: "The
Fair Source License works just like an open-source license when the usage is
below the Use Limitation."

This is, however, false given the lack of ability to redistribute modified
copies (even under the same license). Its not "just like an open-source
license", even before considering the Usage Limitation.

------
sulam
I've been talking to these guys and using their stuff in various forms for
over a year now. I worked on developer tooling for years at Twitter, and had
been feeling like this space (code discovery / review / nav ) was ripe for an
evolutionary leap for a long, long time. I was _really_ excited to meet the
team at Sourcegraph and learn they not only had the same vision, they were
executing on it at a very high level. I'm really curious to see how the world
uses their stuff, and I hope it lights a fire under the asses of all the other
people working in this area. :)

The fact that the source is publicly available (with a license that, I think,
is just as evolutionary in that space as their product is in its space) is the
cherry on top of a really tasty sundae.

(Full disclosure: I invested in their team as soon as I was able to. So I have
a financial interest in the company doing well, although my primary interest
is in seeing products of this sort continue to evolve and develop in a
direction that will give greater leverage to developers everywhere. I am also
a total fanboy, but that follows from the above. ;-0)

~~~
nsm
Out of curiosity, how does sourcegraph compare to something like mozilla's dxr
[1][2]. Granted DXR is C++ only, but it is the best tool I know for browsing
C++ in a browser while being able to navigate semantically.

[1] [https://wiki.mozilla.org/DXR](https://wiki.mozilla.org/DXR) [2] Actual
instance on mozilla code [https://dxr.mozilla.org/mozilla-
central/source/](https://dxr.mozilla.org/mozilla-central/source/)

~~~
sulam
I hadn't seen this before, so first off thanks for the pointer. I just spent
15 minutes poking through the instance you mentioned and looking at the
project roadmap. That wasn't long enough to really get a feel for how easy it
would be to extend to other languages. Based on that (brief) exposure, I'd say
this lines up nicely with what Sourcegraph does for other languages. The big
difference seems to be srclib, which is the underlying library that allows
them to support other languages. I will also mention that the UX for
Sourcegraph is more Github-inspired (I could use a word like 'modern', but
that might not tell you as much) whereas DXR is a little clunkier.

------
sqs
Sourcegraph CEO here. We have large enterprise customers using Sourcegraph and
are excited to release it publicly (with source code) so anyone can start
using Sourcegraph for their team's code.

Feedback is much appreciated!

More info at the announcement blog post
([https://sourcegraph.com/blog/133554180524/announcing-the-
sou...](https://sourcegraph.com/blog/133554180524/announcing-the-sourcegraph-
developer-release-an)) and at
[https://sourcegraph.com](https://sourcegraph.com).

~~~
billybofh
It seems to want to take my email address so you can email me 'stuff' \- and
also I need to use OAuth2 via your site for... something? I'm afraid I've
given up on it after about three minutes :-/ Our servers aren't connected to
the internet so this kinda fails the 'self hosted' test for us...

~~~
Gibheer
You may be interested in gogs [1]. When I saw the feature list, it sounded a
bit like a gogs clone, but it was missing some features.

As for gogs, it is already coming along nicely. It has support for LDAP
authentication and has some other nice features.

[1]: [https://github.com/gogits/gogs](https://github.com/gogits/gogs)

~~~
sdesol
It also appears to be consistently worked on as the following shows:

[http://imgur.com/a/hIest](http://imgur.com/a/hIest)

The last picture shows the commit activity between the various branches. Not
sure what the "git" branch, which started to deviate in October, is for
though.

------
achou
The Fair Source license is an interesting innovation. Will individuals within
large companies try out Fair Source software like they do open source
software? Will teams adopt it without knowing whether there are other users at
the company, opening themselves to violating the license terms? Will anyone
look at the source in depth and contribute back?

I’m all for (ethical) innovations that enable companies to be built more
efficiently... Ideology aside, it’s often practical matters that attract users
and developers to open source software. They've chosen a different point along
in the “how much to give away and under what restrictions” space to try out.

Thoughtful experimentation = good. That doesn't mean it will succeed. But
failing to try new things will lead to less efficient innovation in the long
run for our industry.

~~~
davexunit
>it’s often practical matters that attract users and developers to open source
software.

But the (un)Fair Source License is not an Open Source license.

~~~
dragonwriter
> A glance at fair.io shows an interesting attempt to provide OSS under a
> proprietary model.

I'm not sure that that is the case: its clearly not Free, but it might be that
rare example of a license that meets the OSI Open Source definition but not
the FSF Free Software definition. (It clearly violates the _spirit_ of Open
Source, and if OSI were to review it, the Open Source definition might be
_explicitly_ amended to preclude the kind of use limitation it imposes.)

~~~
davexunit
I can't speak for the OSI, but this seems in clear violation of the Open
Source definition. I'll await their word.

~~~
richardfontana
I am an OSI board director. Generally the OSI does not comment on licenses
that have not been submitted for approval. FWIW, I reviewed the license and I
agree that it is clearly inconsistent with the Open Source Definition (and
with generally accepted notions of what free software and open source licenses
are).

------
jayeshsalvi
Great stuff. I was hoping somebody would integrate source code cross
referencing with Git. Hopefully Github will integrate your tool with all their
repos and it will be seamless for end users.

~~~
sqs
Sourcegraph CEO here. Unfortunately, GitHub makes this impossible. It's closed
source and offers limited ways to integrate—primarily via external, rate-
limited external API clients on their proprietary platform. It's too bad the
most popular code platform is closed.

We believe developers deserve to have a hackable, extensible platform for
their code, so it can be more deeply integrated with the best other dev tools.
That's why we built Sourcegraph and released Sourcegraph's source code. It's
also why we're making it easy to build deep integrations into Sourcegraph
(see, e.g.,
[https://src.sourcegraph.com/sourcegraph@master/.tree/platfor...](https://src.sourcegraph.com/sourcegraph@master/.tree/platform/apps)).

~~~
trashcan
Have you considered integrating with Gitlab?

~~~
sytse
Please let me know if we can help in any way with GitLab integration.

------
Somasis
What on earth is that license?

~~~
sqs
Sourcegraph CEO here. :)

We released Sourcegraph under the Fair Source License
([https://fair.io/](https://fair.io/)), which we worked with a well-known
open-source lawyer to draft.

TLDR is that it lets us create the best product for developers by having a
sustainable business.

Full info at [https://fair.io](https://fair.io):

> Fair Source allows companies to both share a product’s source code and
> charge for that product. Releasing a product’s source code makes it more
> valuable to customers by enhancing extensibility and building trust. With
> open source, releasing the full source code and charging for the product is
> virtually impossible. Fair Source makes doing both possible.

~~~
Somasis
You would be better off selling services akin to what GitLab does for
sustenance.

~~~
sulam
Completely disagree. Services models seem to very much limit what companies
like this can achieve. It also creates a perverse incentive for the company to
make a product that needs service contracts to manage. They tend to produce
more closed-source "addons" as well.

~~~
nickpsecurity
Exactly. Empirical research I saw showed that most companies in that market
don't do so well in either profits or longevity. The majority of them we see
here also intend to sell out.

------
0x0
Is it an unwritten rule that the CEOs of companies focusing on git hosting
solutions prefix all their HN posts with "<companyname> CEO here,"

:)

~~~
sqs
Sourcegraph CEO here. :) I saw the GitLab CEO doing it and liked it a lot! (I
hope he doesn't mind.) Of course, I just want to make sure people know I am
affiliated with Sourcegraph when I comment on it.

~~~
sytse
Of course I don't mind! Congrats on the work, there are some awesome idea's in
your product. I especially like the create issue from line comments
[https://gitlab.com/gitlab-org/gitlab-
ce/issues/3659](https://gitlab.com/gitlab-org/gitlab-ce/issues/3659)

------
porker
Congrats on launching! I like the idea of code-linked issue tracking and would
love to see it taken to the next level, as a reinvention of literate
programming.

------
TACIXAT
Regarding the semantic search, does this / could this have the capability to
do multi instruction queries?

Example, show me variables that are incremented, not validated (ie. don't
appear in an if statement), and used in an allocation?

~~~
sulam
I think you could do that with srclib, the underlying library that powers the
product.

------
Dangeranger
This looks really great, thanks for making it open-source and for releasing
[https://fair.io](https://fair.io) as a new license model.

One thing that you should know is that your 'appdash' trace links are publicly
available. You can see a screenshot here
[https://www.dropbox.com/s/vfu2sbz2ctlxwsx/Screenshot%202015-...](https://www.dropbox.com/s/vfu2sbz2ctlxwsx/Screenshot%202015-11-24%2013.15.11.png?dl=0)

~~~
durin42
So, a question that immediately arose for me out of reading that license:
what's the definition of a user? If I wanted to use this to self-host my own
projects, is everyone on the internet a user? Am I limited to 15 collaborators
on my project unless I pony up? Is that 15 collaborators over all of time, or
within some time interval?

~~~
ultramancool
I really do not like this license, it prevents usage with other licensing
models near completely. Say I want to integrate their code intelligence into
gitlab community (MIT licensed), I'm shit out of luck, even if I were to
create a relicensed version of gitlab under the Sourcegraph license, it seems
as though it'd be unclear who gets what fees and who counts as a "user" in
this case. Would it force me as a devleoper who just wants to make something
cool to deal with licensing costs? Would I have to be a middleman between
Sourcegraph and enterprise customers? Could I say no enterprise customers, too
bad, I don't want to deal with it?

What if I, as an individual, fork the project to add some breaking features
that not all users may want? Who gets the money from those corporate
licensors? Am I even allowed to do so? The fair.io site doesn't make it clear
and based on what they do say, I'd be extremely hesitant to make anything more
than casual use of software under this license.

It seems to me, based on the information on fair.io that I can simply fork the
project, offer enterprise licenses for $0.01, or heck, make a fork for my
company which is identical to the original but has my logo on it and charge my
company $0 for licensing... is there any prevention of this that I'm missing?
IANAL but this legal portion here looks flimsy and lacks important
definitions, especially with regards to protections from stuff like that.

~~~
sqs
Sourcegraph CEO here. Fair Source is intended to allow companies to distribute
_both_ the product and source code, and still charge for the product. Fair
Source is not an open-source license. Just as with GPL, there are restrictions
around your usage of the code that are intended to produce longer-term
benefits (in our case, making sure we can build the best product and have a
sustainable business).

We have had it reviewed thoroughly by multiple lawyers in several countries,
and it was drafted by Heather Meeker, who is extremely well respected. I am
not a lawyer myself, but the "hypothetical loophole" scenario you described
would involve you making a derivative work of our code—kind of like
photocopying Harry Potter and adding some doodles in the margins, and
reselling that. That would not circumvent any license or copyright situation.

~~~
ultramancool
> I am not a lawyer myself, but the "hypothetical loophole" scenario you
> described would involve you making a derivative work of our code—kind of
> like photocopying Harry Potter and adding some doodles in the margins, and
> reselling that.

So you're comparing someone who forked your project to add what could be major
features, to someone doodling in the margins of Harry Potter? That's a really
optimistic view of the open source community there. But I understand what
you're saying, I'm just used to forks being a common practice in the FOSS
community, so I expected them to be better accounted for.

You still haven't made it clear what would happen in the case of a fork. Even
if they kept it under your license, who gets the money? How do they get paid?
How are terms agreed to? Can it not be forked at all?

EDIT: This really applies to any modifications, essentially, say I make some
modifications to your code, under what terms am I allowed to distribute them?
Is the only way I can go to license them back to you without seeing any of
this "fair" profit myself? What if you don't like them and decide not to use
them can I redistribute them for free or fee on my own? Is there any way to
make the forking and distribution of modifications as casual as it is with so
many open source projects under other licenses today?

~~~
sqs
Sourcegraph CEO here. Fair Source is not an open-source license. It is
intended to be an improvement over closed source (GitHub, Bitbucket, etc.) and
open core (where many important bits are closed source). Fair Source is not
intended to support forking and independent redistribution. If you fork a Fair
Source-licensed project and try to distribute it, users would have to also
acquire a license from the original author.

~~~
durin42
I mentioned this over on lobste.rs, but I'll mention it here in brief: fair.io
does a _really_ bad job of stating this intent. The elevator pitch mentions
open source but not proprietary. Please consider rewording fair.io to be
clearer about the non-open-source intent here.

~~~
beliu
Thanks for this suggestion. We want to make it clear that Fair Source is not
Open Source. We've updated the summary in the header:
[https://fair.io](https://fair.io). Hope this is clearer!

~~~
dragonwriter
You still make the false claim that "The Fair Source License works just like
an open-source license when the usage is below the Use Limitation."

Fair Source never works like an Open Source license. It works like (because it
is) a source-available proprietary license which allows local (but not
redistributed) modifications. Below the use limitation, it is also a free-of-
cost license. But it never works like an Open Source license, and it doesn't
even work _more_ like an Open Source license below the Use Limitation.

------
mfburnett
Congratulations on launching! Excited to play around with this more,
especially for the dynamic intelligence element.

------
jordanlev
I think it's great that there are self-hosted options like this. But what's
with the blatant copying of github's design? (Especially the icons... they're
not even good icons, just kind of randomly chosen by github for various
actions)

------
davexunit
Wow, the "Fair Source License" is just terrible. Please, no one use this
license!

~~~
coherentpony
Well, the Sourcegraph page links to another page describing the benefits of a
Fair Source Licence. In the interest of a balanced discussion, would you care
to provide a list of points describing the drawbacks of using such a licence?

As it stands, your comment may successfully describe your opinion but it
doesn't attempt to contribute to a healthy discourse.

~~~
davexunit
It's a sneaky license, and I think deliberately so. It's meant to look as much
like a free license while still being proprietary. When you read the title,
the "Fair Source License", it's only natural to think that it's a new FOSS
license, and then once you start reading the terms you realize that it's
misleading. Sure, the authors say that it isn't a free license, but the
comments in this thread show that many people are completely confused about
it. Many people don't seem to be familiar with the Open Source definition and
think that this license is somehow "open." It's yet another case of open-
washing and deliberate corporate confusion around Open Source.

~~~
coherentpony
If I'm understanding you correctly, your only issue is the title?

------
andrewpriceau
I absolutely love this product!!!!!!! Well done - @sourcegraphCEO

------
haosdent
Looks awesome!

------
yarrel
Nonfree license. Avoid.

