Hacker News new | comments | show | ask | jobs | submit login
Sourcegraph: self-hosted Git service with semantic code navigation/search/review (sourcegraph.com)
164 points by sqs on Nov 24, 2015 | hide | past | web | favorite | 132 comments



This looks neat, but the license is fatal. It is not "just like an open-source license."

First, what is a "user"? It is not defined anywhere in the license.

I did not look at the source code, because of the potential IP issues. What would happen if you looked at the source code and then later worked on another open source project and implemented a bit of code that looks similar? The worst case scenario if you did this and the "upstream" was open source is that you'd have to do a bit of re-licensing, the worst case scenario here is that every user of the "downstream" project gets sued by SourceGraph.

Asking for contributions is also problematic, as you're asking for employers to authorize free contributions including a blanket license and patent grant to a proprietary commercial project. And even after that the contributor doesn't have the right to freely use and distribute the software they modified.

I'm all for publishing source code of proprietary projects, but dressing it up as an open source project is not great. I'd suggest adding a license clickwall to avoid accidental IP contamination.


The license is interesting - on their [primary website](https://sourcegraph.com/) (Scroll down to Pricing), the pricing section indicates that teams using the "Core" feature set do not have a set limit. Any number of users can use the core system. Enterprise features appear to revolve around access control and scale.


Accepting contributions with a license like this is a solved problem. You just require the contributors to sign a contributor license agreement. In case the contributor is working somewhere, you also have them sign a corporate contributor license agreement. This is the same process used by companies like Gitlab.

They aren't claiming to be open source. It's similar in certain ways to open source, but different.


> They aren't claiming to be open source.

They are claiming to be essentially identical for small organizations: "The Fair Source License works just like an open-source license when the usage is below the Use Limitation."

This is, however, false given the lack of ability to redistribute modified copies (even under the same license). Its not "just like an open-source license", even before considering the Usage Limitation.


> I did not look at the source code, because of the potential IP issues. What would happen if you looked at the source code and then later worked on another open source project and implemented a bit of code that looks similar?

Could this also be an issue with the GPL? What happens if I look at GPL source code and then author similar code under a non-GPL license? I wonder if a precedent has been set that could be applied to this Fair Source license.


> What happens if I look at GPL source code and then author similar code under a non-GPL license?

In that case it could be argued that your similar code is a "derived work", and hence you are violating the copyright of the original.

Whether that original is GPL'd or not doesn't actually matter from a legal point of view; it could be under a different FOSS licence, or proprietary, the result is the same: if you breach the terms, you're in violation. That's the point of copyleft: it's power comes from exactly the same source as that of proprietary licenses.

In the particular case that your "non-GPL" license just so happens to be similar to the GPL, e.g. it's FOSS, possibly copyleft, etc. then the original author might be feeling generous and be willing to come to some arrangement, e.g. by retroactively granting you permission for your derived work, or by negotiating a licence change with you (changing the license of either your code, theirs or both). Note that this would be orthogonal to the legalities; it's a matter of whether the owner is willing to cooperate. This might be difficult if there are many owners though (e.g. imagine trying to negotiate a license change for the Linux kernel!)


> First, what is a "user"? It is not defined anywhere in the license.

To the extent it is defined, it seems to be defined exclusively as internal users (including commonly-controlled organizations), which might have...interesting...implications if the licensee chose to use their (potentially modified) software in SaaS, rather than internally.


I've been talking to these guys and using their stuff in various forms for over a year now. I worked on developer tooling for years at Twitter, and had been feeling like this space (code discovery / review / nav ) was ripe for an evolutionary leap for a long, long time. I was really excited to meet the team at Sourcegraph and learn they not only had the same vision, they were executing on it at a very high level. I'm really curious to see how the world uses their stuff, and I hope it lights a fire under the asses of all the other people working in this area. :)

The fact that the source is publicly available (with a license that, I think, is just as evolutionary in that space as their product is in its space) is the cherry on top of a really tasty sundae.

(Full disclosure: I invested in their team as soon as I was able to. So I have a financial interest in the company doing well, although my primary interest is in seeing products of this sort continue to evolve and develop in a direction that will give greater leverage to developers everywhere. I am also a total fanboy, but that follows from the above. ;-0)


Out of curiosity, how does sourcegraph compare to something like mozilla's dxr [1][2]. Granted DXR is C++ only, but it is the best tool I know for browsing C++ in a browser while being able to navigate semantically.

[1] https://wiki.mozilla.org/DXR [2] Actual instance on mozilla code https://dxr.mozilla.org/mozilla-central/source/


I hadn't seen this before, so first off thanks for the pointer. I just spent 15 minutes poking through the instance you mentioned and looking at the project roadmap. That wasn't long enough to really get a feel for how easy it would be to extend to other languages. Based on that (brief) exposure, I'd say this lines up nicely with what Sourcegraph does for other languages. The big difference seems to be srclib, which is the underlying library that allows them to support other languages. I will also mention that the UX for Sourcegraph is more Github-inspired (I could use a word like 'modern', but that might not tell you as much) whereas DXR is a little clunkier.


Sourcegraph CEO here. We have large enterprise customers using Sourcegraph and are excited to release it publicly (with source code) so anyone can start using Sourcegraph for their team's code.

Feedback is much appreciated!

More info at the announcement blog post (https://sourcegraph.com/blog/133554180524/announcing-the-sou...) and at https://sourcegraph.com.


It seems to want to take my email address so you can email me 'stuff' - and also I need to use OAuth2 via your site for... something? I'm afraid I've given up on it after about three minutes :-/ Our servers aren't connected to the internet so this kinda fails the 'self hosted' test for us...


Sourcegraph CEO here. Check out https://sourcegraph.com/ for the enterprise capabilities, which include using LDAP for user authentication, etc. Most customers under 50-100 developers prefer the cloud-managed way of storing user accounts in the cloud, but we offer other choices as well.

As for asking for your email address, we want to be able to know who is signing up so we can collect better feedback.


You may be interested in gogs [1]. When I saw the feature list, it sounded a bit like a gogs clone, but it was missing some features.

As for gogs, it is already coming along nicely. It has support for LDAP authentication and has some other nice features.

[1]: https://github.com/gogits/gogs


It also appears to be consistently worked on as the following shows:

http://imgur.com/a/hIest

The last picture shows the commit activity between the various branches. Not sure what the "git" branch, which started to deviate in October, is for though.


From the examples listed @ https://src.sourcegraph.com/sourcegraph I'm struggling to 'get' how this differs from GitHub? E.g. the "Better code reviews" example looks very similar to GH. What am I missing?


Sourcegraph CEO here. Thanks for this feedback. I would recommend watching the demo video at https://sourcegraph.com. The TLDR is that Sourcegraph has the same understanding of your code that an IDE has, and integrates that into every part of the code host experience. After watching the video (or anyone else following along), what could we say to make that clearer in the README?


An idea, maybe it makes sense to cut the key video parts into gifs and put it there to have a visual feedback on what "Code Intelligence" actually means.

Just my opinion. Code Intelligence and smart search are just too vague and a bit buzz sounding so my in-brain buzz-blocker ignored it.

Once you see the video, all is clear. This looks awesome.


Hi, thanks for this - watched the 2-min demo video and was impressed.

I understand that Go and Java are currently supported - that's great, two of my favourite languages. Is there any planned support for a dynamically-typed language like Python in the future?

Thanks again, best wishes for your company/product/service.


(dev here) Hi, thanks for your comments. Python support is in the pipeline (currently at alpha stage). You can learn more about the status of our language support and ways to contribute here:

https://src.sourcegraph.com/sourcegraph/.docs/config/toolcha...


Do you plan to add support for multiple languages in one repo? Or does that already exist?

I tried using it on a project I contribute to (https://sourcegraph.com/github.com/mattermost/platform) and it seems to fail to work.


Thanks for checking out Sourcegraph! The way most people use Sourcegraph is as a self-hosted git host. It takes about 5 minutes to install: https://src.sourcegraph.com/sourcegraph/.docs/getting-starte....

Sourcegraph.com is currently a demo of the product on open-source repositories, and our public code analysis workers are bit backlogged right now due to increased load, though it looks like your project was successfully processed now and it's picking up the Go code: https://sourcegraph.com/github.com/mattermost/platform.


The Fair Source license is an interesting innovation. Will individuals within large companies try out Fair Source software like they do open source software? Will teams adopt it without knowing whether there are other users at the company, opening themselves to violating the license terms? Will anyone look at the source in depth and contribute back?

I’m all for (ethical) innovations that enable companies to be built more efficiently... Ideology aside, it’s often practical matters that attract users and developers to open source software. They've chosen a different point along in the “how much to give away and under what restrictions” space to try out.

Thoughtful experimentation = good. That doesn't mean it will succeed. But failing to try new things will lead to less efficient innovation in the long run for our industry.


>it’s often practical matters that attract users and developers to open source software.

But the (un)Fair Source License is not an Open Source license.


> A glance at fair.io shows an interesting attempt to provide OSS under a proprietary model.

I'm not sure that that is the case: its clearly not Free, but it might be that rare example of a license that meets the OSI Open Source definition but not the FSF Free Software definition. (It clearly violates the spirit of Open Source, and if OSI were to review it, the Open Source definition might be explicitly amended to preclude the kind of use limitation it imposes.)


You might have a look at my discussion with the CEO here, https://news.ycombinator.com/item?id=10622760

It seems they've completely prohibited forks effectively by prohibiting redistribution of modified versions. I'm not sure about the OSI definitions, but that definitely doesn't fit with any idea of open source I have at least.

At best, I view it as a proprietary product, their source release is no more useful than say, JIRA's. At worst, it seems strangely dishonest to try to promote your product as open source using this sort of license but twist it so far that it doesn't resemble open source at all.


I was about to congratulate the CEO for at least being honest about it not being an open source license and castigate the Fair Source License people for deceptively advertising it as open source until I saw that the fair source license was created by sourcegraph, so.. yeah.


I can't speak for the OSI, but this seems in clear violation of the Open Source definition. I'll await their word.


I am an OSI board director. Generally the OSI does not comment on licenses that have not been submitted for approval. FWIW, I reviewed the license and I agree that it is clearly inconsistent with the Open Source Definition (and with generally accepted notions of what free software and open source licenses are).


> I can't speak for the OSI, but this seems in clear violation of the Open Source definition.

The only part of the definition that seems to be close to being violated is criteria 7 on license distribution (since the license is not sublicensable, but allows redistribution), but since the license from the original copyright holder applies to every recipient of the software, including recipients by redistribution, it seems to be met.

EDIT: Actually, I think I may have misread; its not clear that the "Fair Source License" allows redistribution of modified versions (it allows modification and redistribution, but not clearly distribution of modified versions. So that would be fatal.)


Sourcegraph CEO here. Just in case there's any confusion, Fair Source is not intended to be OSI compliant, so I would not be surprised if it does not meet their criteria.


Great stuff. I was hoping somebody would integrate source code cross referencing with Git. Hopefully Github will integrate your tool with all their repos and it will be seamless for end users.


Sourcegraph CEO here. Unfortunately, GitHub makes this impossible. It's closed source and offers limited ways to integrate—primarily via external, rate-limited external API clients on their proprietary platform. It's too bad the most popular code platform is closed.

We believe developers deserve to have a hackable, extensible platform for their code, so it can be more deeply integrated with the best other dev tools. That's why we built Sourcegraph and released Sourcegraph's source code. It's also why we're making it easy to build deep integrations into Sourcegraph (see, e.g., https://src.sourcegraph.com/sourcegraph@master/.tree/platfor...).


Have you considered integrating with Gitlab?


Please let me know if we can help in any way with GitLab integration.


What on earth is that license?


Sourcegraph CEO here. :)

We released Sourcegraph under the Fair Source License (https://fair.io/), which we worked with a well-known open-source lawyer to draft.

TLDR is that it lets us create the best product for developers by having a sustainable business.

Full info at https://fair.io:

> Fair Source allows companies to both share a product’s source code and charge for that product. Releasing a product’s source code makes it more valuable to customers by enhancing extensibility and building trust. With open source, releasing the full source code and charging for the product is virtually impossible. Fair Source makes doing both possible.


That's an interesting license and the first I've seen of what I call open-source proprietary outside the dual-license model. I've been encouraging developments in this area given the problems of proprietary and OSS licenses in isolation. Additionally, people seem to have a false dichotomy where proprietary has to be closed/bad and OSS open/free/good. Wrote here, with security focus, that this wasn't the case:

https://www.schneier.com/blog/archives/2014/05/friday_squid_...

Elaborated briefly on my goal here with an old example:

https://news.ycombinator.com/item?id=10501615

Your license appears to meet many of those requirements. Curious about several things, though, that I figure you could give some straight, English answers to. ;)

How did you come to letting it depend on a user count rather than some other criteria? That's unusual and even reminds me of commercial licenses.

Does the license create a specific amount at that point or allow extortion where locked-in clients are hit with large amounts later?

Is the author able to terminate the project in a way where users are left with a dependency they no longer have access to?

I know you accept modifications under a CLA or something. Let's say, though, you didn't want to distribute some substantial changes. Basically, a fork is in order. How does that work? Do they just assign the whole fork to you where you can optionally offer it to others? Do they keep it onsite? Does it not happen at all? Prior discussions taught me forking is something that should have definitive answers in new OSS licenses.

The ability to make things disappear, get overpriced, or turn to shit arbitrarily are among the largest risks in proprietary OSS projects. So, interested in seeing your company's take on those.


When you go to the source link at https://src.sourcegraph.com/sourcegraph and look at the LICENSE file, it says: "Use Limitation: 15 users" That implies that the project there is the full Enterprise version?

Is there a separate link or some dividing line to the Core source? Or how does one build or access just the core features to abide by the licensing terms if you're a team larger than 15 and want to evaluate Core Sourcegraph?


After comparing the features of Core and Enterprise, it looks like the Core package is not self-hosted à la non-enterprise github. And the source at https://src.sourcegraph.com/sourcegraph seems to be the Enterprise version – minus 24/7 technical support and automatic backups I'd say.


Sourcegraph CTO here. Sourcegraph Core is self-hosted and the source code for it lives at https://src.sourcegraph.com/sourcegraph.

Sourcegraph Enterprise includes the additional features mentioned in the pricing section on https://sourcegraph.com that are specific to very large companies.

Sorry about the confusion. Anything we can do to make that clearer?


Well if the intent is that Sourcegraph Core is "for teams of any size", and the code at https://src.sourcegraph.com/sourcegraph is the Core, then it seems like the LICENCE file in the source should be updated to reflect the intent and not say it's limited.

Inside https://src.sourcegraph.com/sourcegraph@master/.tree/LICENSE it has a line that says:

  "Use Limitation: 15 users"


Sourcegraph CEO here. Thanks for the feedback. We are working on making this smoother/clearer, but the way it works is that the license refers to the posted pricing. The posted pricing on Sourcegraph.com says $0 for teams of any size for the non-enterprise features. When you exceed 15 users, there is also a license you'll receive that explicitly says that, but we wanted to keep it simple when you are just getting started (and not require people to click through a EULA).


I guess I'm still confused on what the website says re: pricing and limitations of Sourcegraph Core, and what the LICENSE file in the source code repository says.

The LICENSE file starts:

Fair Source License, version 0.9

Copyright (c) 2015 Sourcegraph Inc.

Licensor: Sourcegraph Inc.

Software: Sourcegraph Core

Use Limitation: 15 users

...

But I think "Sourcegraph Core" is described as teams of any size on the website.


From other comments, I gather that (to make things as confusing as possible) Sourcegraph Core is released under the Fair Source License with a 15 user limitation, but the fee for > 15 users is $0/user, so its basically a free (gratis, not Free/libre) shared-source model.


Maybe change the README.md file at https://sourcegraph.com/github.com/sourcegraph/srclib Beyang, which says "Sourcegraph is licensed under the MIT License." ... I think you probably mean "The sourcegraph/srclib sub-directory is licensed under the MIT License." ;)


Thanks for flagging! Updated the srclib README.


> If I modify the source code, can I redistribute my modified version under the MIT License? Separate but related question about the Fair Source License: If I modify the source code, can I redistribute my modifications under the MIT License?

The difference being, of course, that one would redistribute the original code under the FSL and so the work as a whole would remain licensed under it.


You would be better off selling services akin to what GitLab does for sustenance.


Completely disagree. Services models seem to very much limit what companies like this can achieve. It also creates a perverse incentive for the company to make a product that needs service contracts to manage. They tend to produce more closed-source "addons" as well.


Exactly. Empirical research I saw showed that most companies in that market don't do so well in either profits or longevity. The majority of them we see here also intend to sell out.


All evidence is to the contrary. The companies making the most profit on software are licensing it somehow while others that are at least successful are using plenty venture capital with SaaS. So, both are the best choices and the use of a proprietary license preserving FOSS-style freedoms is interesting.

Strange how much negativity proprietary OSS gets on HN vs cool, proprietary, closed tech.


> Strange how much negativity proprietary OSS

"Proprietary OSS" is an oxymoron, like "four-sided triangle".


I retract my statement for any given commenter that was purely concerned with my misuse of the OSS phrase, which I'm fixing in future comments. However, there's often an overly-negative reaction to anything that involves payment and shared source w/ OSS-like benefits. If they were reacting to that, then it still stands if they don't do similar for cool, closed-source stuff here. Just seems hypocritical to me. That's where I was going with that comment.


> However, there's often an overly-negative reaction to anything that involves payment and shared source w/ OSS-like benefits.

I think you miss that the biggest and most important benefits of open source are tied to the freedom to fork, which is both the source of the greatest security against divergence in interest between the original copyright holder and the user community and the enabler of community-driven innovation.

Put simply, shared-source does not have "OSS-like benefits".

> If they were reacting to that, then it still stands if they don't do similar for cool, closed-source stuff here.

Unlike shared-source stuff like the Fair Source License here, simple closed-source proprietary software generally doesn't try to pretend to be Open Source-like (and, when it does, it is attacked in the same way.)


"I think you miss that the biggest and most important benefits of open source are tied to the freedom to fork, which is both the source of the greatest security against divergence in interest between the original copyright holder and the user community and the enabler of community-driven innovation."

I agree that's a major benefit. It's why a form of it is on my list. :P

A non-profit maintaining a shared-source software requiring a mere $1 a year wherever it was used would have enough for a full-time developer plus the website by time it hit 20-20k users whether in original or forked form. Plus could take contributions from others while giving them credit and/or a pass on the money. Whereas many OSS projects get used all over the place with about nothing in return and depend on goodwill of occasional volunteers or sponsored developers. So, there's definitely a benefit here with similar innovation, even community driven if a membership fee model.

"Unlike shared-source stuff like the Fair Source License here, simple closed-source proprietary software generally doesn't try to pretend to be Open Source-like (and, when it does, it is attacked in the same way.)"

Nah, shared-source stuff gets attacked more than proprietary or even shoddy OSS when it shows up. I was happy to see some exceptions considering the license a nice evolution in OSS direction from a proprietary angle or just better than most proprietary licenses.


Gitlab graduated from Ycombinator and raised a 4MM series A round. While these are both tremendous accomplishments and important milestones for any startup, it may be a bit premature to declare their business model a success.


As I said in another comment, many of the companies pushing this model are VC-funded with intent to sell out and their operation disappears into a big company (or disappears). We should distinguish between business models that are just to get an acquisition and that support long-term growth. Cheap addons with OSS/FOSS seems mainly to work in the former.


I agree. I was responding to the parent comment suggesting Sourcegraph should adopt a similar business model to GitLab and I was pointing out that perhaps GitLab's business model has not been proven successful yet


Exactly. Way too early.


https://fair.io/

It's made by them as well. It most certainly is not libre/free software. I'm guessing it has minimal legal ability to stand up in court. It is a bastardization of what open source is about... really it's more of a disclosed source setup.


"Insanity?" That's an ideological statement, but it doesn't really hold up to the facts, I think. It has always struck me that the gravamen of the Open Source movement has been to accelerate the improvement of important common libraries by enabling anyone to view and evolve source code, with the 'evolution' taking either the free or a commercial license. The simple fact is that, over the last few decades, there have been good and bad improvements under open licenses and good and bad improvements under commercial licenses. It's the possibility of improvement that is important.

I might go even further, and suggest that if one had to parcel the value created by open source software into two buckets, the one being value created by reason of transparent source code, and the other being value created by reason of no-cost source, the majority of the marginal value creation will have been because of the former, not the latter.


Open source is about the source being open plus certain benefits. Free and open source software, a la Richard Stallman, is a totally different thing with a philosophy akin to how a virus operates.

A glance at fair.io shows an interesting attempt to provide OSS under a proprietary model. Many businesses are fine with whatever gets the job done with main benefits of OSS being reviewing, extending, or just fixing things. A proprietary license allowing that has real value.

Curious, do you write comments like this whenever Google, Amazon, deep learning, etc closed-source tech with benefits are mentioned on HN? How they're insanity and not worth further discussion because the whole stack isn't FOSS?


Additional counterpoint: Even FAQ below their license explicitly states that it is not an Open Source license... So even its creators don't consider it to be one.

from https://fair.io/:

> We invite the entire coding community to adopt our simple, standardized, proprietary license.

> No. Unlike open source, Fair Source has a Use Limitation built into the license


It would just be their opinion on the term. They are probably saying it because they know many potential users will have assumptions about what open source means. They wisely avoided going head-to-head with those assumptions to reduce number of negative reactions like seen here in other comments.

I contend that open-source has always been a mix of philosophies which originally included commercial variants. The reason those disappeared probably had a lot to due with the greed of the dominant companies in IT. More utilitarian owners or charters might have had different results. However, there's still companies doing proprietary w/ source code and dual-licensing of proprietary + OSS.


> Open source is about the source being open plus certain benefits. Free and open source software, a la Richard Stallman, is a totally different thing with a philosophy akin to how a virus operates.

This is all wrong. One: Stallman only advocates Free Software, not Open Source, and not "Free and open source". Open Source Software and Free Software are defined very similar in substance (by the OSI and FSF, respectively), what differs most substantially between the respective organization is the philosophy of why they think those definitions are desirable, not the substance of the definition. Virtually all licenses that have been considered by both the FSF and OSI have either been recognized as meeting both definitions, or have been found to be outside of both; there's almost no inconsistency.

"Free and open source software" is a collective term for the common category of software described by the FSF and OSI definitions, typically used by people who are not interested in (when using it) diverting things into a philosophical debate over preferred terminology between "Free Software" and "Open Source".

The license type sometimes described as "viral" espoused by the Stallman and the FSF is copyleft license, which is a kind of Free Software (and/or Open Source) license which has clauses to assure derivative works are licensed under a similar license; the GPL and AGPL are well-known copyleft licenses.


Another commenter countered me on that and I agreed with the modification here:

https://news.ycombinator.com/item?id=10623006

Any suggestion for what to call (a) software with source included in general that doesn't meet OSI & FSF definitions or (b) paid software w/ key benefits of OSI?


> Any suggestion for what to call (a) software with source included in general that doesn't meet OSI & FSF definitions

"Source disclosed" or "Shared source".

> paid software w/ key benefits of OSI?

Since Open Source (and, for that matter, Free -- which means libre, but not necessarily gratis) software can be paid, if paid software actually has the "key benefits" of Open Source, it is probably because it is Open Source.


"Shared source"

It's a start.

"if paid software actually has the "key benefits" of Open Source, it is probably because it is Open Source."

You got me thinking on it enough to consult the opensource.org requirements. :) Two jumped out at me immediately:

" Free Redistribution"

"License Must Not Be Specific to a Product"

Many forms of paid software with open-source benefits don't allow this or not for all parties. A license might have to be paid on a per-user, per-product, or per-project basis. Other benefits of OSS can remain. So, it's not traditional definition of OSS but still respects freedoms of paying users to various degrees.


> Many forms of paid software with open-source benefits don't allow this or not for all parties.

I think most people who believe that open source has benefits would disagree that there is software that provides "open-source benefits" without providing this. What specific examples can you point to of these "many forms" of paid software, and what "open-source benefits" do they provide without these?


I'm talking about licenses/models rather than specific products which come and go in this space outside dual-licensing or proprietary with source as in embedded scene.

To get more specific, you can read the source, you can modify it to suit your needs, you can submit modifications for redistribution by owner, you can fix problems, port to new hardware, often include it in your proprietary software, optional component of OSS software, and optionally fork it as GPL. (optional used to denote some paid, source-shared don't do this) That's really close to OSS software while still being proprietary to support active development and maintenance by full-time people. The dollar amount w/ associated benefits can be as large or small as one likes, even fixed. Provisions can be made for it to go BSD etc if abandoned or unsupported by original owner.

I'm just curious how far a proprietary model can go into increased OSS-style benefits and reduced proprietary-style risks. I'm sure it's way closer than people think with the dual-licensed stuff being most obvious indicators that hybrid models w/ licensing revenue are achievable.


> Curious, do you write comments like this whenever...

Uh.. I actually often do. I would more, but it generally isn't appreciated and is off topic of the main thread. Here, the software license is a key component of the release seeing as it is a unique component of it.

>Open source is about the source being open plus certain benefits.

It's more than that. The key intent of OSS is the right to study, change, and distribute the software to anyone and for any purpose. The source code is just a prereq for that ability.

I did initially use stallman-esque language, since it's terminology most people are familiar with in this field, but I'll approach it from a different point since I personally have problems with strong copy-left licenses.

The primary thing this license doesn't do is allow distribution in the OSS spirit. This is really just a pervasive license, actually in some ways similar to the Stallman-esque virality except with a corporate intent. It simply masquerades as OSS.


"The key intent of OSS is the right to study, change, and distribute the software to anyone and for any purpose. The source code is just a prereq for that ability."

No, the key intent of open-sourcing software is to let one see the source. That's it. Additional intents are added with licensing terms. This goes back to academic and even proprietary (eg Burrough's 1960's MCP) examples that did this. Many models of it formed with examples ranging from permissive BSD to proprietary OSS like LISP machines (esp Genera) letting customers use the source of OS & supporting libs in applications.

So, OSS is a broader thing than you are describing which supports many models. There is no "spirit" so much as many different ideologies competing and pushing their own licensing schemes with various perceived benefits. Now there's one more.


This is not Open Source, and trying to ignore the historical meaning of the term doesn't make it so.


I just cited history rather than ignored it. That included Burrough's and LISP machines as examples past my linked essay in this thread. However, your side is ignoring all historical examples of proprietary OSS and even how non-proprietary OSS operated then vs now. Old model of academia varied from MIT/BSD-style to paid w/ source model.

So, your rendering of open-source history is false both in academia and commercial sector. It's always been a mix with proprietary favoring closed source due to financial incentives, especially lock-in. Nothing precluded more paid OSS strategies aside from culture of organizations involved. As dual-licensed projects and proprietary w/ OSS benefits like this one show.


You are incorrect. "Open Source" is a well-defined term.

http://opensource.org/osd


The phrase itself originally came from the free software movement. The practice pre-dated it. Former is philosophical meaning with strings attached, the latter is a literal definition with many forms. I'm using the latter.

I'd be up for considering a new term to avoid confusion. Paid, non-profit or for-profit, models allow for most benefits of OSS if structured correctly. So, the new phrase must allow for that. I've been calling it "proprietary OSS" or "paid OSS."


>Former is philosophical meaning with strings attached, the latter is a literal definition with many forms. I'm using the latter.

You can't just change the meaning of the term and expect everyone to know you mean this alternate definition. "Open Source" is as defined by the OSI, and not whatever loose definition that you use that includes proprietary software.

>I've been calling it "proprietary OSS" or "paid OSS."

"Proprietary OSS" does not make sense given the definition of OSS! The phrase you should be using is "proprietary software."


"You can't just change the meaning of the term and expect everyone to know you mean this alternate definition. "Open Source" is as defined by the OSI, and not whatever loose definition that you use that includes proprietary software."

I've already agreed with you and dragonwriter on that. dragonwriter suggested "shared source" as a start. Might go with that temporarily.

""Proprietary OSS" does not make sense given the definition of OSS! The phrase you should be using is "proprietary software.""

Starting now. Proprietary, shared-source software would make sense and can have most benefits of OSS. Just calling it proprietary software, though, instantly conveys the image of something closed source, for money, not allowing modifications, and with tons of risk. So, I can't just call an OSS-like, but paid, model proprietary due to public perception much like I apparently can't use "proprietary OSS" for same reason.

Hence, need for new terms. Especially one that captures the spirit of OSS with change that distribution/use is paid to some degree in some way, either money or code/doc contributions. Will re-write my old essay, though, as you two got to the bottom of one of its problems.


>Especially one that captures the spirit of OSS with change that distribution/use is paid to some degree in some way

This illustrates yet another confusion about FOSS. There's nothing in either the Free Software or Open Source definitions that says that a fee cannot be charged for software. You can charge money for free software!


Both OSI link I was given here and FSF require free redistribution and derivatives. That's contrary to paid, shared-source without qualifiers that ensure flow of money. Reason being, the first to pay for it could give it for free to everyone and leave them with no reason to pay. Defeats the whole concept.

The payment has to be mandatory, done with licensing, and increase with use somehow to maintain few advantages of proprietary software. Open to any models that can leave off one or more of these with consistent effectiveness as my goal is exploration.


>Free and open source software, a la Richard Stallman, is a totally different thing with a philosophy akin to how a virus operates.

Copyleft is not a virus. I'm pretty damn tired of this meme.


It replicates once it attaches to things. This is true even of distributing a large amount of non-free code while someone in organization unknowingly included a tiny amount of copyleft code. Now, FSF etc are usually more reasonable about enforcement and I doubt most would do more than ask it be removed if whole isn't GPL'd.

The image fits the behavior of the code, though. Hence the meme. More accurate description is like an agreement many parties participate in with copyright used to seal the deal for current and future distributions. So, control-freaks enforcing ideology on improvements to what they create rather than virus. ;)


> It replicates once it attaches to things.

No, it doesn't.

> This is true even of distributing a large amount of non-free code while someone in organization unknowingly included a tiny amount of copyleft code.

If a single work is distributed that is based on copyleft code (not a mere aggregation that includes copyleft code and other code), then not licensing the resulting work as specified in the copyleft license is a violation of the license of the copyleft code. But the license doesn't attach on its own to the work.


Now, it's possible my memory is messing me up again or I bought into a false explanation of the legal issues.

To be clear, your saying that my worry was inaccurate and one person including GPL code into a new, released version of a proprietary app doesn't require the whole, linked source of that app be released under GPL? That happening is very virus-like but if it can't then it wouldn't be virus-like.


> To be clear, your saying that my worry was inaccurate and one person including GPL code into a new, released version of a proprietary app doesn't require the whole, linked source of that app be released under GPL?

If the inclusion suffices to make the app as a whole a derivative work under copyright law (the FSF has a particular opinion on linking, but that opinion is not included in the license), then it would require you to offer the app under the GPL, failure to do so would be a violation of the GPL.

There is nothing "virus-like" here. The license doesn't attach without your knowledge. You may face consequences for the breach if you don't comply with the GPL terms, and releasing the whole work under the GPL may be the most convenient way of dealing with that -- then again, it may not.


"The license doesn't attach without your knowledge."

It does if one person on a large team did it without others' knowledge. This doesn't occur for most, non-copyleft code. At that point, if it's a derivative work, then your codebase looses its value as it gets GPL'd just because GPL'd code touched it. Preventing that outcome would require both preventative methods and constant vigilance.

Kind of like avoiding getting sick from a virus and spreading it everywhere.

Note: A former Microsoft employee told me in a prior discussion they identified this exact risk and took steps to prevent it. I never knew if it was paranoia or what could legally happen. Interesting to find last year that my hypothetical scenario actually played out to a degree in FOSS's arch-rival of that period.


> > The license doesn't attach without your knowledge.

> It does if one person on a large team did it without others' knowledge.

No, the license never attaches to your code without a positive decision on your part to offer your code under the license.

Now, if someone does something that makes the code legally a derivative work of GPL code without knowledge of the person releasing the code, the obligation to release the code under the GPL or not at all may be created and breached without knowledge of the person doing the release, but the license still has not attached to your code.

When the breach is detected, you may decide that the best way to deal with the breach is to offer the code under the GPL.

> This doesn't occur for most, non-copyleft code.

Any code, under any license with any obligations attached to redistribution of derivative works -- or which simply prohibits redistributing such works -- can create unexpected breaches when someone includes them in a work without knowledge of the person responsible for the release; copyleft licenses are not at all special in this regard.

> At that point, if it's a derivative work, then your codebase looses its value as it gets GPL'd just because GPL'd code touched it.

No, again, your code base only becomes GPL because you choose to offer it under the GPL. IIRC, the few GPL violation cases (in the US, at least) that have gone to court and not been settled have resulted in fines and injunctions on distributing the GPL-dependent software.

> Note: A former Microsoft employee told me in a prior discussion they identified this exact risk and took steps to prevent it. I never knew if it was paranoia or what could legally happen. Interesting to find last year that my hypothetical scenario actually played out to a degree in FOSS's arch-rival of that period.

The description of the GPL as "viral" was central to Microsoft's PR effort against Free Software in general and Linux in particular.

So, its not really surprising to hear that from that source.


"the obligation to release the code under the GPL or not at all may be created and breached without knowledge of the person doing the release, but the license still has not attached to your code."

This is the specific concern. The name of the license isn't what people call a virus: it's the obligation it attaches to things.

"copyleft licenses are not at all special in this regard."

Damage to most copyright violations is usually a fine/settlement, publishing source of the component (not app), removal, and so on. Not an obligation to loose one's own I.P. entirely. How many common licenses that cut/pasted code or included libraries might be affected by require redistribution of the application's source in full once it gets in a release? I thought it was a non-zero amount that was pretty low for most sources. Whereas, bumbling around on a site with GPL stuff drives it up singificantly specifically due to copyleft.

" the few GPL violation cases (in the US, at least) that have gone to court and not been settled have resulted in fines and injunctions on distributing the GPL-dependent software."

Now we're talking the actual results. The virus metaphor could be dropped if it was clear that this was the worst thing that could happen and that component would just have to be dropped/replaced with non-GPL stuff. Them doing it that way is certainly reassuring. Trick is, could they instead force app using it to go GPL? Guess it hinges on enforceability of that obligation.

"The description of the GPL as "viral" was central to Microsoft's PR effort against Free Software in general and Linux in particular. So, its not really surprising to hear that from that source."

From an ex-employee mocking that source's stance on GPL as paranoid, to be clear. Not surprising, though.


> Damage to most copyright violations is usually a fine/settlement, publishing source of the component (not app), removal, and so on.

Legal damage from GPL violations is generally fine and injunction against further release of the software with the GPL-bound components; release of application code under the GPL is typically something that happens, if at all, in a settlement, because the copyright owner would rather do that than pay damages and restructure the software not to depend on the GPL-bound component.


Good distinction. So, potentially a virus in theory in certain situations but rarely in practice. Might drop the label in the future.


It's definitely not GNU OSS. If that's your ideology, this is not going to appeal to you. IANAL, but my understanding of the license is that it's trying to build a new economic model for OSS contributors. I'm pretty excited to see if it takes off, since I think OSS could use some new thinking in this area.


Okay explain to how forking would work with this license. Forking a project is a huge part of creating a OSS community. Would licensing have to go to both parties? I don't see any explanation of how it would work for this license.


Sourcegraph CEO here. Fair Source is not an open-source license. It is intended to be an improvement over closed source (GitHub, Bitbucket, etc.) and open core (where many important bits are closed source). Fair Source is not intended to support forking and independent redistribution.


AFAIK this is similar to how Microsoft licenses Windows: you get the product, and source is available on request (and an NDA [and perhaps only to select customers]). In this case the fee for source access is waived, and in place of an NDA is the spectre of patent and copyright lawsuits. But essentially the licence is similar, the pricing is different?

Makes me a bit sad in the wake of MS liberating a lot of stuff lately, like Visual Studio.

Of course not many other companies have the benefit of collecting an OS tax on hardware - I still think I'd prefer eg the AGPL to this.


This doesn't sound like an improvement to me. It actually takes (just another) SaaS product, and makes it feel like it intentionally does a disservice to it's users.


"Open source until they want to charge you" is not Open Source.


> It's definitely not GNU OSS.

"GNU OSS" is not a thing. GNU is a project of the Free Software Foundation (FSF), which publishes (and applies) the Free Software Definition.

The Open Source Definition is created (and applied) by the Open Source Initiative (OSI). "GNU OSS" is kind of like "Catholic Protestantism".


Why do think it has not much legal ability to stand up in court?


Is it an unwritten rule that the CEOs of companies focusing on git hosting solutions prefix all their HN posts with "<companyname> CEO here,"

:)


Sourcegraph CEO here. :) I saw the GitLab CEO doing it and liked it a lot! (I hope he doesn't mind.) Of course, I just want to make sure people know I am affiliated with Sourcegraph when I comment on it.


Of course I don't mind! Congrats on the work, there are some awesome idea's in your product. I especially like the create issue from line comments https://gitlab.com/gitlab-org/gitlab-ce/issues/3659


I think it's a unwritten courtesy to make sure you attribute yourself to your company/project to better frame your post in the right perspective.

Bad reply to undisclosed comment: hey dude, maybe you should disclose that you work on X project in that post where you critize the competitors.

Good self: "disclosure I work for X company"


I think 0x0 noticed how @sqs starts his comments with "Sourcegraph CEO here.", just like @sytse nearly always starts his comments with "Gitlab CEO here."


Congrats on launching! I like the idea of code-linked issue tracking and would love to see it taken to the next level, as a reinvention of literate programming.


Regarding the semantic search, does this / could this have the capability to do multi instruction queries?

Example, show me variables that are incremented, not validated (ie. don't appear in an if statement), and used in an allocation?


I think you could do that with srclib, the underlying library that powers the product.


This looks really great, thanks for making it open-source and for releasing https://fair.io as a new license model.

One thing that you should know is that your 'appdash' trace links are publicly available. You can see a screenshot here https://www.dropbox.com/s/vfu2sbz2ctlxwsx/Screenshot%202015-...


So, a question that immediately arose for me out of reading that license: what's the definition of a user? If I wanted to use this to self-host my own projects, is everyone on the internet a user? Am I limited to 15 collaborators on my project unless I pony up? Is that 15 collaborators over all of time, or within some time interval?


I really do not like this license, it prevents usage with other licensing models near completely. Say I want to integrate their code intelligence into gitlab community (MIT licensed), I'm shit out of luck, even if I were to create a relicensed version of gitlab under the Sourcegraph license, it seems as though it'd be unclear who gets what fees and who counts as a "user" in this case. Would it force me as a devleoper who just wants to make something cool to deal with licensing costs? Would I have to be a middleman between Sourcegraph and enterprise customers? Could I say no enterprise customers, too bad, I don't want to deal with it?

What if I, as an individual, fork the project to add some breaking features that not all users may want? Who gets the money from those corporate licensors? Am I even allowed to do so? The fair.io site doesn't make it clear and based on what they do say, I'd be extremely hesitant to make anything more than casual use of software under this license.

It seems to me, based on the information on fair.io that I can simply fork the project, offer enterprise licenses for $0.01, or heck, make a fork for my company which is identical to the original but has my logo on it and charge my company $0 for licensing... is there any prevention of this that I'm missing? IANAL but this legal portion here looks flimsy and lacks important definitions, especially with regards to protections from stuff like that.


I was excited by this project until I saw the license, and then I decided to not touch it at all until lawyers look at the license.


Sourcegraph CEO here. Fair Source is intended to allow companies to distribute both the product and source code, and still charge for the product. Fair Source is not an open-source license. Just as with GPL, there are restrictions around your usage of the code that are intended to produce longer-term benefits (in our case, making sure we can build the best product and have a sustainable business).

We have had it reviewed thoroughly by multiple lawyers in several countries, and it was drafted by Heather Meeker, who is extremely well respected. I am not a lawyer myself, but the "hypothetical loophole" scenario you described would involve you making a derivative work of our code—kind of like photocopying Harry Potter and adding some doodles in the margins, and reselling that. That would not circumvent any license or copyright situation.


> I am not a lawyer myself, but the "hypothetical loophole" scenario you described would involve you making a derivative work of our code—kind of like photocopying Harry Potter and adding some doodles in the margins, and reselling that.

So you're comparing someone who forked your project to add what could be major features, to someone doodling in the margins of Harry Potter? That's a really optimistic view of the open source community there. But I understand what you're saying, I'm just used to forks being a common practice in the FOSS community, so I expected them to be better accounted for.

You still haven't made it clear what would happen in the case of a fork. Even if they kept it under your license, who gets the money? How do they get paid? How are terms agreed to? Can it not be forked at all?

EDIT: This really applies to any modifications, essentially, say I make some modifications to your code, under what terms am I allowed to distribute them? Is the only way I can go to license them back to you without seeing any of this "fair" profit myself? What if you don't like them and decide not to use them can I redistribute them for free or fee on my own? Is there any way to make the forking and distribution of modifications as casual as it is with so many open source projects under other licenses today?


Sourcegraph CEO here. Fair Source is not an open-source license. It is intended to be an improvement over closed source (GitHub, Bitbucket, etc.) and open core (where many important bits are closed source). Fair Source is not intended to support forking and independent redistribution. If you fork a Fair Source-licensed project and try to distribute it, users would have to also acquire a license from the original author.


According to fair.io:

> Fair Source License functions just like an open-source license

with the only restriction being that I can't use it with over X employees in my company.

If what you're saying is true then I'd highly suggest you reword that, in reality it functions just like a proprietary license except that I can look at the source and maybe send patches to you.

More similar to that of the proprietary JIRA (which will give you source when you buy it) than the open source Gitlab.


I mentioned this over on lobste.rs, but I'll mention it here in brief: fair.io does a really bad job of stating this intent. The elevator pitch mentions open source but not proprietary. Please consider rewording fair.io to be clearer about the non-open-source intent here.


Thanks for this suggestion. We want to make it clear that Fair Source is not Open Source. We've updated the summary in the header: https://fair.io. Hope this is clearer!


You still make the false claim that "The Fair Source License works just like an open-source license when the usage is below the Use Limitation."

Fair Source never works like an Open Source license. It works like (because it is) a source-available proprietary license which allows local (but not redistributed) modifications. Below the use limitation, it is also a free-of-cost license. But it never works like an Open Source license, and it doesn't even work more like an Open Source license below the Use Limitation.


I was a bit confused at first, but this explanation makes a lot of sense. Please put it somewhere prominent on the Fair Source page.


>Just as with GPL, there are restrictions around your usage of the code that are intended to produce longer-term benefits (in our case, making sure we can build the best product and have a sustainable business).

GPL benefits humanity, unfair source license benefits your bank account. Got it.


(dev here) thanks for the heads up! :)

I've created an issue[1] so I can fix this soon; it's just a link to the trace served by Appdash[2] and the instance isn't actually public so it's not a security issue (just a broken link). Certainly shouldn't be visible to non-devs who can't access it, though. Really appreciate the feedback, let me know if you have more! :)

[1] https://src.sourcegraph.com/sourcegraph/.tracker/35

[2] https://sourcegraph.com/github.com/sourcegraph/appdash


Yeah I noticed that the link directed you to a login page. If I notice anything else I'll send a follow up.


It's not open source in the traditional sense of the term, though they have published the source code. The license is proprietary.


Congratulations on launching! Excited to play around with this more, especially for the dynamic intelligence element.


I think it's great that there are self-hosted options like this. But what's with the blatant copying of github's design? (Especially the icons... they're not even good icons, just kind of randomly chosen by github for various actions)


Wow, the "Fair Source License" is just terrible. Please, no one use this license!


Well, the Sourcegraph page links to another page describing the benefits of a Fair Source Licence. In the interest of a balanced discussion, would you care to provide a list of points describing the drawbacks of using such a licence?

As it stands, your comment may successfully describe your opinion but it doesn't attempt to contribute to a healthy discourse.


It's a sneaky license, and I think deliberately so. It's meant to look as much like a free license while still being proprietary. When you read the title, the "Fair Source License", it's only natural to think that it's a new FOSS license, and then once you start reading the terms you realize that it's misleading. Sure, the authors say that it isn't a free license, but the comments in this thread show that many people are completely confused about it. Many people don't seem to be familiar with the Open Source definition and think that this license is somehow "open." It's yet another case of open-washing and deliberate corporate confusion around Open Source.


If I'm understanding you correctly, your only issue is the title?


I absolutely love this product!!!!!!! Well done - @sourcegraphCEO


Looks awesome!


Nonfree license. Avoid.




Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: