
Ask HN: Why aren't we penalising companies for not contributing to open source? - Ws32ok
Companies often complain about taxation and various costs of doing business eg salaries. Yet they also use open source software and don&#x27;t contribute back. A lot are making source code changes and aren&#x27;t passing them back either. Often in violation of the license (gpl) or even simply the spirit in which they received the code (open source in general).<p>Why don&#x27;t we change the social landscape so that companies that don&#x27;t contribute <i>something</i> back are seen as unethical?<p>Eg A for-profit organisation providing web services using a host of open source software can afford to support those projects.<p>The license associated with the project shouldn&#x27;t matter. Even if it&#x27;s been released bsd, mit etc and there&#x27;s no explicit obligation.<p>Maybe penalising is wrong approach. Perhaps incentivising would be better? Or is this all a bad idea?<p>Thoughts?
======
quickthrower2
I don't agree that we should make companies pay for open source or contribute
towards it or whatever.

(I'll put the "open source" vs. "free" thing to one side for a minute, but I
will assume you mean anything on Github (etc.) with a permissive license and
is free of charge.)

Also there is no reason individuals should produce open source code for free.
If you want to, then that is fine, but remember you don't have to.

It would be a lot better for developers if fewer people created open source
software. Paid software (perhaps with exceptions for destitute people) would
be better and more developers could make a living in such a way. The stuff
that is good to have open source is the frameworks and toolchains like React
and NPM, which big companies can bankroll for PR purposes.

------
krapp
It would be unreasonable to expect every company that uses open source
software to have a PR accepted for every such software they use.. most
companies using open source software are not software companies and don't
employ programmers.

It also goes against the spirit of the free software ethos. The end user has
the right to use their software as they see fit, which includes not
contributing back. If you don't find that acceptable, _write it in the
license._ If they violate the license, _sue them._

------
i_phish_cats
We sort of are. My company does anti-spam and email security for over half the
fortune 500 with 3000+ employees. We use FOSS everywhere. We contribute
absolutely nothing back afaict.

We are trying to recruit people who use these open source tools/languages and
literally no one has ever heard of us. Forget college graduates -- I've been
to an industry conference which I think we create, and even there, the
majority of people have never heard of us, which is imho an accomplishment.

------
buboard
First offenders are governments. There should be provisions for (non-security)
software build by the government or publicly-owned corporations to become open
source. The UK does some of that i believe.

Private corporations pay taxes, which should be enough to be their fair share.
They are not obliged to otherwise contribute back to public infrastructure,
even if they use it.

------
bigiain
It's starting to happen, with things like the recent Redis labs and MongoDB
license updates.

But it seems to me there's at least a couple of different categories of "open
source" that have quite different backgrounds and motivations.

Things like Linux, Perl, Python, PHP, Apache, all of GNUs code - I guess much
of the well known "old-school" open source software - was very much the "some
developer 'scratching their own itch'" and then choosing to share their work,
with some more or less onerous obligation that others who use it also share
their work.

Lately we're hearing about "company backed" open source projects like Redis
and Mongo (and I'm not claiming this model hasn't existed for a long time,
just that it's making noise in the tech news sphere a lot recently), where
there are founders/employees/staff getting paid to work on open source
software - which is then being used and significantly monetised by other
companies (mostly cloud providers) who are benefiting from the work without
needing to give anything back - either time/effort or money.

The first category of projects don't seem to have much problem at all with
FAANG or other businesses using their code - either incidentally (Facebook
being built on PHP) or directly (every web hosting company and ISP in the
world effectively just selling Apache). These projects all wrote or
popularised the common/established open source licenses, and they're mostly
optimised for how these projects run. Often this is one person of a small core
who're either self funded or supported by the business they work for, and a
few or a huge number of contributors who are effectively "volunteers", at
least from the point of view that they are not looking to be financially
compensated for the time they spend on the project by the project itself. They
either work on the project in their own time for their own reasons, or they've
got agreement with their boss that working on the project is beneficial enough
to their business that they can do it on company time.

The second category though, are actually spending money running companies and
paying staff - funding it either through selling consulting services, burning
VC money, or upselling freemium versions, or whatever else they can think of
to bring in revenue. I think this part of the open source eco system is still
trying to explore new avenues for generating sustainable revenue to pay for
software development while still being "open source". The "old school"
licenses were not written with this model in mind, and so are not really
working well for some of these projects. For the same sorts of reasons that
some of the more permissive old-school licenses spun out from the GPL, giving
us things like Perl's Artistic License and the Apache License, these
contemporary "business owned/funded open source projects" are experimenting -
with more or less success and with more or less publicity backlash - with new
licenses or new clauses added to existing licenses.

I think the "penalising users who're not contributing back" isn't the right
way to think about how to create a new open source model, even if only because
of the negativity inherent in that way of expressing it. I don't though, have
a good alternative to offer. I hope somebody hits on a good solution, because
I genuinely think it's possible that company-funded projects (like Redis and
Mongo for example) might be able to tackle difficult problems in different
ways to the "bazaar" model of open source.

------
tinktank
How do you propose to enforce such laws?

