back to article San Francisco billboards call out tech firms for not paying for open source

Drivers passing through San Francisco have a new roadside distraction to consider: billboards calling out businesses that don't cough up for the open source code that they use. The signs are the work of the Open Source Pledge – a group that launched earlier this month. It asks businesses that make use of open source code to …

  1. Grogan Silver badge

    Sorry, but if they don't have to, they aren't going to. Don't release something under a permissive license and then complain when people/companies make use of it. Especially if you use a BSD-like license... you asked for it.

    1. karlkarl Silver badge

      Exactly. This is ridiculous. Open-sources licenses are free for everyone.

      The open-source community is really getting quite confused recently.

      1. Jellied Eel Silver badge

        The open-source community is really getting quite confused recently.

        I don't think so. It's just confusing any moral obligation with the cold, harsh reality of capitalism. Developers have to eat, just less lavishly than CEOs. Situations like WP don't help either that try to force the issue of making people pay for open-source 'free' software.

        1. MachDiamond Silver badge

          "Developers have to eat, just less lavishly than CEOs. "

          Easy enough, just log into copyright.gov, fill out the form, pay the fee and submit the code for a registered copyright. You can give it away, sell it, license it and put any sort of restriction on it you like all backed by the US Federal court system. Rather go the Creative Commons route? Good luck with that. Other countries that are signatories to the Berne Convention are often very similar when it comes to copyright, but citizenship isn't a requirement to register in the US.

        2. Conor Stewart

          Yes developers need to eat, so they should get jobs or charge for their code rather than just release it for free. They could also offer additional services like support or hosting. If their project is large enough then maybe they can sustain themselves on donations but that only happens with the largest projects and it shouldn't be expected for every project or piece of open source code.

          Why do people release code as open source? It shouldn't be so that they can make money on it.

          Relying on donations for your open source project to sustain yourself is not a great idea anyway. What if someone else releases something better or even just forks yours and improves it? What happens if a company releases closed source software that is much better? Realistically your project could become obsolete very quickly and then the donations will drastically decline.

          1. wraith404

            Idiocracy

            Liberals are so f-ing stupid that it's not even funny anymore. Absolutely zero comprehension of economic systems.

            These oxygen starved brains actually seem to think the fantasy moneyless startrek economy is achievable.. so naive.

            If you want to make money, get a job, or start a company and sell a product. Plain and simple. A caveman could do it.

            Expecting to make even a dime on donations by way of open source contributions is pure fantasy.

            1. anonymous boring coward Silver badge

              Re: Idiocracy

              Of course. "Liberals".. That's for sure what this is about. And guns.

            2. collinsl Silver badge

              Re: Idiocracy

              > Liberals are so f-ing stupid that it's not even funny anymore.

              So you're saying you're not a free market liberal then?

        3. TheMeerkat Silver badge

          > moral obligation

          There are no moral obligation.

          By releasing your software under free licence you undercut those who wanted to make money out of their work by selling their software. So don’t complain when nobody pays you.

          1. Mobster

            Just as companies are under no obligation to pay, similarly this organization is under no obligation to take their billboard down ...

      2. NoneSuch Silver badge
        Mushroom

        Sorry, no.

        "Open-sources licenses are free for everyone. The open-source community is really getting quite confused recently."

        The GNU General Public License (GPL) requires that any modifications made to the software must be released under the same GPL license. This means corporations cannot take the work of open-source authors, modify it, and distribute it as proprietary closed-source software for profit. If they do, they are legally liable.

        Corporations should not sell any software based on the work of Open Source GPL software. Period.

        Common open-source licenses include:

        GPL (GNU General Public License): This license requires that any modifications to the software must also be released under the GPL. This ensures that the software remains open-source.

        MIT License: This license is more permissive, allowing users to modify and distribute the software, even in closed-source projects.

        Apache License 2.0: This license is also permissive, allowing users to use, modify, and distribute the software, even in commercial products.

        1. cornetman Silver badge

          Re: Sorry, no.

          > Corporations should not profit from the work of Open Source software. Period.

          Firstly, even RMS does not object to companies making money from free software. Making money is not even in the equation. It is about freedom. Otherwise, the likes of Red Hat would never have existed. That is just nonsense.

          Secondly, most of these companies are actually making money from providing infrastructure, not the software itself. This is why the WP Engine debacle is such a nothing burger. They are selling hosting, not software. The software is just a means to and end.

          1. Jamesit

            Re: Sorry, no.

            A better term is "software libre" think free as in free speech, not free beer.

            1. Always Right Mostly

              Re: Sorry, no.

              Libre is misused. That Spanish word "libre" only applies to freedom, as in "Un hombre libre", a free man. If it's a thing, it is gratis, so "Libre Office" would correctly be "Office Gratis".

              As a Hispanic, it's massively insulting that nobody ever did even a Google Translate before launching software or writing about freeware.

              1. doublelayer Silver badge

                Re: Sorry, no.

                That was the point. They were trying to make a distinction between free as in you don't have to pay and free as in you have rights to do certain things with it. They specifically wanted to choose "libre" because it is a different word from "gratis" and they wanted to make it very clear that it wasn't just "gratis". Their original choice of name was far too often seen as "here is software, and you don't have to pay me for it". See also the often-repeated and misunderstood "free speech, not free beer", or "no cerveza gratis, sino libertad de expresión" (I suppose you don't need it in Spanish), which is another way that point has been made.

                Also, libre is also a word in French and Galician and has cognates in most of the romance languages. So even if you still maintain that the Spanish usage is incorrect, and as a Spanish speaker myself I don't think it is, they can easily claim that they were only working on the French definition.

              2. rmallins

                Re: Sorry, no.

                Why do you imagine he was using the Spanish word? IIRC Mr Stallman was borrowing from French, not Spanish. Though I'm sure the word has the same original roots as the Spanish version I'm not aware of French having any similar usage restrictions so AFAICT both your "correction" and personal affront are both misguided.

                In the GPL sense, free software means free to use and modify (with restrictions). It expressly does *not* mean zero cost.

        2. Grogan Silver badge

          Re: Sorry, no.

          I didn't mention the GPL (it doesn't speak about money) but that's what I meant when speaking about permissive licenses, as in BSD-like. At least with the GPL, you may get something back in the form of contributions.

          1. Doctor Syntax Silver badge

            Re: Sorry, no.

            The licence is very unlikely to be selected at random. If somebody is putting it out under a permissive licence it's going to be for a reason. A reason that they know and you don't.

            1. Jamie Jones Silver badge
              Happy

              Re: Sorry, no.

              Well, that's what we think! And for most cases, it's true (I remember with the original BSD IP stack, they wanted a decent, working stack to be ubiquitous. Fast adoption was more preferable to the than money. It was pointed out that early windows used that stack, and if It wasn't for BSD, Windows users would have had to suffer an inferior experience)

              However, recent articles (such as this one) seem to show otherwise!

              I remember a while back someone complaining on slash-overload about how some company was making money using his software. When asked why he had used the GPL, he said "that's what everyone uses"

            2. mvilain

              Re: Sorry, no.

              When I worked as an Intel Contractor, I had to take a class on Software Licensing. It only took 60 minutes to go through the various licensing options for someone else's code I might use in a project, but it made it very clear. Ultimately, if I used or modify GPL code for a project, even for an internal tool, I'd likely be fired. Other licenses usually defaulted to "let the lawyers look at it". But still, it's the first time any company took the time to ensure this sort thing didn't happen.

              And while the WP Engine stuff may be a "nothingburger" to some, having a CEO of a company go that apeshit over "someone is using our FOSS product and we're not making any money off of it" is gonna make that company seriously toxic. I hope some judge gives that guy an attitude adjustment across the face into next Tuesday. And WP Engine gets $$$$$$ from the suit.

        3. karlkarl Silver badge

          Re: Sorry, no.

          > Corporations should not sell any software based on the work of Open Source GPL software. Period

          This is completely wrong. You are not doing the open-source community any good peddling this nonsense.

        4. Conor Stewart

          Re: Sorry, no.

          As far as I know it is only modifications to the open source code that needs to be open sourced, any other code doesn't. So if a company uses some GPL licensed code in their software they only need to release any modifications to the GPL code, not their whole code.

          "Corporations should not sell any software based on the work of Open Source GPL software. Period.", why? Because you say so? If you want to stop something like that then put it in the license but as it is just now companies are allowed and able to use GPL licensed code

          1. Anonymous Coward
            Anonymous Coward

            Re: Sorry, no.

            > As far as I know it is only modifications to the open source code that needs to be open sourced, any other code doesn't. So if a company uses some GPL licensed code in their software they only need to release any modifications to the GPL code, not their whole code.

            Not quite. If a company modifies GPL code and uses it internally then they don't have to release anything. But if they then decide to sell, give away, or otherwise distribute that software as a product then they have to release the whole product's source code as GPL, whether they made changes or not.

            https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.en.html#GPLInProprietarySystem

        5. TheMeerkat Silver badge

          Re: Sorry, no.

          > GPL (GNU General Public License)

          And most companies would ban the use of such software,while happily using the software released under Apache 2 or MIT licence.

        6. Anonymous Coward
          Anonymous Coward

          Re: Sorry, no.

          Yes, they are legally liable if they take the GPL product, modify it, distribute it as proprietary closed-source.

          But if it's just used unmodified as part of a larger assembly (e.g. create a library that's just the FOSS code and the commercial closed-source stuff talks to the library) then this is fine. They just need to give proper attribution.

          GPL does not mean 'this can never go into a commercial product'.

      3. ThatOne Silver badge
        Facepalm

        > Exactly. This is ridiculous. Open-sources licenses are free for everyone.

        This is really basic greed and rabid opportunism.

        Isn't it in the best interest of companies using open source projects to make sure those are well staffed, and their developers can focus entirely on improving whatever they are doing? What will happen to a company building its business on some FOSS project if that project is abandoned due to the maintainer(s) having a hard time to make ends meet? Won't they be forced to shell out lots of money to save what can be saved, assuming they aren't forced to quit too?

        Yes, yes, cows give milk away for free, who said you're obliged to feed them? Milk is "free for everyone"...

        1. Jamie Jones Silver badge

          Yes, your reply is completely logical... But then, you're not a bean-counter, or out of touch CEO.

          - "Our competitors use that software. We're not paying to help them!"

          - "It's free, right? Well, I'm not giving away money for nothing! If there are problems, the geeks can fix them"

          - "Far too expensive. If push comes to shove, our own geeks can knock up a [efficient and reliable multitasking OS and important complicated software] in a few hours. Hell, I'll even throw in a free pizza for them"

          - "It's working, right? Why pay people to work on something that already works?"

        2. TheMeerkat Silver badge

          > Isn't it in the best interest of companies using open source projects to make sure those are well staffed

          No, it is not. By supporting development they would also support their competitors, not just themselves.

          Anyway I am opposed to paying for Open Source. You decided to undercut your competition by releasing your software free of charge, you should not then be able to make money on it.

          1. anonymous boring coward Silver badge

            "You decided to undercut your competition by releasing your software free of charge"

            This is a BS argument, and you probably know it?

      4. doublelayer Silver badge

        Some parts are, but I contend that these people are not. This is an entirely voluntary pledge, backed up by nothing more than the shame felt by people who know what the billboard means and the confusion felt by everyone else who tries to understand the request. They are not trying to make demands they have no right to demand, the way that some open source owners (often not authors, but the companies that once employed them) have tried. Their request is not outlandish, the way that, for instance, Bruce Perens's 1% of revenue every year no matter how little "post-open" software you use is. They aren't harpooning long-held principles of open source like the right to fork, modify, and distribute without anyone's permission.

        I support businesses making voluntary donations to open source they rely on. I don't expect many companies to actually do it, but it is logical from the companies' perspective as well as from the projects'. I have been in a position before where an employer wanted to use some piece of open source software, and when we wanted new things added to it, they paid me to add them. Eventually, I was also doing some maintenance work, though in these cases never the central maintainer, on the time my employer pays for. That was helpful to them and to the project, and it doesn't hurt to ask more companies to do that and to increase the amount they give back. I'm not sure advertisements on signs is going to help with that, but the thing they're trying with this campaign is something I would support.

      5. midgepad

        So is the atmosphere

        ...but it is in everyone's interest to maintain that.

        1. Jamie Jones Silver badge

          Re: So is the atmosphere

          You really just supported his point.

          Countries only tackle local pollution when there are noticeable ill effects on the local people, which is a cost.

          Any global initiatives simply try to shame countries into acting.

          Everyone knows global warming is a ticking time bomb, but no-one is going to react seriously because "no-one else does".

          You won't get global agreement on anything until the alternative means literal death for everyone in an hours time.

    2. Glen 1

      I think the problem lies in that xkcd.

      The big companies are betting the farm on (say) openSSL (either knowingly or unknowingly) and seem to think it's someone else's problem when there's a zero day.

      Given such libraries levels of importance to the underpinning of modern society, you've thought there would be a commensurate amount of investment in the the care and maintenance.

      Sadly, in many cases this is not true. Not only is it turtles all the way down, they're someone else's turtles.

      1. fromxyzzy

        Ultimately, the point is that you can base your entire company infrastructure on an open source software tool or library, but there's no obligation for the maintainers to actually fix it when it's broken. If there's a zero day, they aren't obligated to do anything about it, especially not on anyone else's expected timeline. It is the perfect example of 'a lack of planning on your part does not constitute an emergency on my part'.

        The people who are advocating for this kind of financial support for open source developers to maintain the software recognize this and are trying to provide an incentive, not because of a moral obligation but because to not do so leaves them totally at the mercy of the maintainers, who may consider that maintenance a low life priority. If that software is mission critical for your business, it's a smart business decision to convince those devs that it should be a much higher life priority for them, perhaps even their full time job.

        1. wraith404

          But you can fork it and have your own developers fix it so that your competitors don't get product.

          Herein lies the whole problem with open source, why the f would any company want to share or contribute to the gain of other companies?

          Leftist utopia is a fairy tale..

          1. anonymous boring coward Silver badge

            "But you can fork it and have your own developers fix it "

            You can try. Quite often this fails. Have you ever been in a development environment? Developers skills vary vastly. Some (most?) will make things worse.

            And your "leftist" nonsense invalidates your argument anyway. Common sense isn't "leftist".

    3. S O

      What makes you think "requirement" it's the point? Sorry but shaming corporations into ethical measures it's a good thing.

  2. elsergiovolador Silver badge

    Fools

    Nah it's just foolish and privileged young developers who think they'll pay rent with GitHub stars once their parents kick them out from the basement.

    1. Doctor Syntax Silver badge

      Re: Fools

      Count the assumptions being made here.

      1. Nifty

        Re: Fools

        "Count the assumptions being made here"

        or the downvotes

    2. anonymous boring coward Silver badge

      Re: Fools

      Lived under a rock for 30 years?

    3. awomanmanhasaname

      Re: Fools

      Most of these developers are seniors

  3. cornetman Silver badge

    > 'Chad, you're asking me to spend ten million on maintainers.'

    That there might be part of the problem. If just a few companies would be willing to cough up a fairly modest amount of money to support projects that they rely on, it would be enough.

    I do worry that some companies might be put off by the potential fallout if they contribute some smaller amount of money and are publicly called out for it. I mean, why run the risk of some bad publicity over what for many companies would be a trivial amount. Better perhaps to be one of many that contribute nothing and avoid criticism.

    Much of those donations could help fund infrastructure. Many coders are doing what they do because they enjoy it as a hobby: that would include me. Paying people like me would just complicate our tax situations and I have a full-time job anyway.

    1. Yankee Doodle Doofus Bronze badge

      < "Paying people like me would just complicate our tax situations..."

      I wish some large company would complicate my tax situation. (No, I'm not an open source developer, just making a joke.)

    2. Phil O'Sophical Silver badge

      Many large companies do contribute to FOSS maintenance, though it's more in the area of 100k than 10m per year.

    3. anonymous boring coward Silver badge

      You aren't required to take money if you don't want it.

  4. Doctor Syntax Silver badge

    One issue is where does the money actually go. I was happy to donate to LibreOffice until it turned out that donations weren't actually going to support coding.

    1. elsergiovolador Silver badge

      You need to look at contributors list. Find the one you like or pick a random person. Contact them and ask them for bank details because you have a large sum of monies to transfer. Just don't use any funny accent.

      1. Catkin Silver badge

        They always ignore me when I ask for the industry standard wealth transfer fee.

    2. doublelayer Silver badge

      This requires some research to find the best way to benefit the projects you rely on, and it's not always obvious. In some cases, it's something a group like this could help with, identifying an organization that provably directs donations to actual maintenance work. The other approach that companies can use is paying an employee or contractor to do maintenance work on a project.

    3. anonymous boring coward Silver badge

      If they are an organisation hiring someone to run it (a CEO), then it's time to not donate.

      I don't donate to wining beggars like wikipedia either.

  5. rgjnk Bronze badge
    Devil

    If they want paying...

    ...can I send them a bill for all the times I find something broken and have to invest time in identifying the bug, working around it then raising an adequately detailed issue & solution in the vague hope it'll eventually make it out into a release?

    The costs & benefits of using OSS aren't all on one side of the aisle. If we're getting into a proper commercial relationship for your product it's a different game with different expectations.

    1. doublelayer Silver badge

      Re: If they want paying...

      And that is why I disapprove of any mandatory payment system for open source software. Well that, and about ten other reasons, some of them bigger, but it's in the list. However, this is not that. This is a voluntary payment to a project you rely on. They're asking for that voluntary payment to be increased, but they're not mandating that any payment happens or taking away rights if they don't get one.

      Since the payments are voluntary, not having support is easily justified. If you find that the project is such a buggy mess that you are wasting time and money finding and reporting bugs, then maybe this isn't good enough software for you to use. I've had that experience with open source software before, software where I decided I had to do significant maintenance on it to get it into workable condition, start a similar project from scratch, find another option that can do the task, or not have this functionality. I don't get to bill the provider of software in that case, although I'm much less likely to donate anything.

      Even if you had paid for software, you usually don't get to do anything like this. I've had lots of bugs in software I purchased, and in none of those cases did I get to charge the authors for the existence of them. In one case, I did report so many of them that the author returned my money, but that was it.

      1. S O

        Re: If they want paying...

        This isn't mandatory payment, it's public shaming. Paying for open source development is a public good, an ethical consideration. Stop confusing these things.

        1. doublelayer Silver badge

          Re: If they want paying...

          That is what I think I said:

          "that is why I disapprove of any mandatory payment [...] However, this is not that. This is a voluntary payment to a project you rely on."

          As I said in my first comment here, I support this effort. I support businesses and individuals making voluntary donations, and if someone wants to encourage more people to give, I'm usually fine with it unless they're doing something so horrible that it is likely to put people off, and I don't think this group are anywhere close to that.

  6. David 132 Silver badge

    While I am sympathetic to their cause...

    ...am I the only one who thinks that the billboard design looks like something a 12-year-old might come up with?

    Is it an appeal to the better nature of CTOs, or a political cartoon in a lowbrow tabloid, or a Heavy Metal album cover?

    I "get" the need to have something short and snappy that will grab people's attention at 55mph (yes, knowing San Fran traffic, that is optimistic), but I think they could have done better.

    Off the top of my head:

    a) a simplified version of the XKCD "developers" cartoon mentioned in TFA, with a big arrow pointing to the guy at the bottom of the stack and the caption "He needs to eat too :)"

    b) Text along the lines of "Build your Billion-Dollar business with Open Source bricks. Spare some change for the people who make those bricks."

    As you can tell, I am not in Marketing, but I'm sure some of you could do better!

  7. Anonymous Coward
    Anonymous Coward

    Eh?...Is n't that billboard in Oakland?

    Could be wrong but that looks remarkably like Emeryville in the background. Which would place the billboard somewhere on the south side of the Bay Bridge lanes heading towards the toll-plaza. Which is basically the Port of Oakland. San Francisco a.k.a "The City" is at the other end of the bridge. About 5 miles away. This is sort of important to the locals. Not only is "there no there there" in Oakland there is no "where" either. At least in recent decades.

    Someone who has driven bother eastern sections of the Bay Bridge way too often over the last five decades. And still prefers the old bridge. Not the Jerry Brown $15+ Billion ego trip. By the time all the bonds have been payed off. Hopefully after the next Big One collapses the "Signature" part of the bridge. Which it will.

    1. Throatwarbler Mangrove Silver badge
      Thumb Down

      Re: Eh?...Is n't that billboard in Oakland?

      The picture is in Oakland, but there have been equivalent billboards throughout SF.

      Everything else about your post is idiotic, hence the downvote.

  8. cjcox

    This is a bit confused.

    I say that, as someone that does have some GPL licensed code that I have contributed to in major and minor ways.

    You see, you come up something "great" for the Linux kernel (for example) and you don't have a "sponsor" (that could read, "supportive employer") then what you are trying to contribute may never make it into the git for the kernel. Why? Just trying to keep out special interest projects without commitment.

    So, are you "not paying" if you allow and support your employees contributions to open source development and support?

    The motivations for open source developers isn't about the almighty dollar, but we do appreciate it when somebody backs the fact that we are developers and tries not to squash us like a bug.

    So, my recommendation would be, "support open source". In all the ways that means to you.

    Paying? If you're allowing your employees to engage in open source development and support, you are "paying". Keep it up.

    If you are strictly leveraging open source software, I do recommend you consider what you can give, and for many, they only thing they can think of is money... and that's fine. But it's not a requirement. To say that is about money goes against the principles of open source software.

    So, I do like to ask non-contributors and "strict users only" of free software.... ask yourself, would it be ok for "insert free software here" to go away? That might suggest "money", but might also suggest closer collaboration, development and support, etc. Anyway, just ideas for how you can help preserve open source. Not a requirement, just ideas.

    1. Handy Plough

      Re: This is a bit confused.

      Came here to say something similar. Surely employing people to work on the FOSS projects that the company uses is a good thing? I'm sure there are plenty of those die-hard fossers that will complain about "special interests" or something, but isn't this one of the models that was first proposed?

  9. DS999 Silver badge
    Stop

    What about companies that are contributing to open source?

    Should they be "paying up" at the same rate as companies that just use open source tools in the background to develop closed source software? What about companies that are already paying, by virtue of licensing RHEL or another Linux distro?

    They seem to be equating everyone, regardless of how they utilize open source, whether or how much they contribute in the form of patches or complete new projects, whether or not they are already paying for licenses for what they are using, and whether they are using GPL or BSD code.

    And why are THEY the one collecting and handling the money? Why should they be trusted with that, did I miss when there a vote of the entire open source world and they were anointed, or are they just self appointed and we're supposed to trust however much money they take off the top for "administrative costs" is fair?

    1. Natewrench

      Re: What about companies that are contributing to open source?

      And then you had the first company Netscape create their own asymmetrical license that allowed contributors code to be used in their proprietary product without reciprocating I think the same might come of you know corporations and companies that will take code and not reciprocate even if the license is a copy left license and then you had a you know freebie or that license winamp used sound like a freeloader license that any contributions you made to the project you couldn't use anywhere else so it benefited winamp and not you

      1. S O

        Re: What about companies that are contributing to open source?

        This is incoherent, separate your ideas into complete thoughts. Yes corporations abuse {X} to make money, that's why they exist. This discussion is largely confusing a shame campaign with the idea of forcing payment for open source projects. Shame can work because company don't like bad press and regulating some kind of cooperative behaviour is constantly fought by lobbyists.

        Open source licences do not require payment, they require sharing.

  10. Anonymous Coward
    Anonymous Coward

    Pay people for their effort?

    My god!

    Where would it all end?

  11. Bebu
    Windows

    If you don't have to...

    doesn't mean you shouldn't.

    In the US people are neither compelled to go to church nor to vote but a significant number choose to do so any way.

    (In AU we are compelled to vote and 99+% do but hardly anyone goes to church.;)

    One would like to think that in the interest of fairness (equity) and justice that if one were to substantially benefit from the exertions of another person one would feel some obligation to compense that person in proportion the benefit accrued.

    That many don't speaks volumes of their hypocrisy, cupidity and fundamental dishonesty but I suppost that is the US in a nutshell.

    The idea that anyone would do what is right, kind and just, even without incuring any cost or facing the least impediment, seems to be an anathema.

    1. anonymous boring coward Silver badge

      Re: If you don't have to...

      Now you're just talking "liberal" nonsense! [Sarcasm]

  12. Chairman of the Bored

    Time equity

    I've worked for companies that allowed engineers to spend up to 10pct of their time on personal or team "passion" projects outside of the normal product churn. This is great for morale and quite a few products have come out of this.

    If we would allow our software developers to work Open Source efforts using the same model, I think we'd have some progress + skin in the game

  13. Bitsminer Silver badge

    The trouble with money

    The trouble with money is the power it provides over a formerly independent developer.

    "Nice project you have there, that $20k last year was very helpful, right? This year we want you do add these backdoors otherwise we won't be giving you anything."

    1. doublelayer Silver badge

      Re: The trouble with money

      Offering to pay someone to put in backdoors is not aided in any way by paying them for normal maintenance. If you offer me donations for the project, thank you very much. If you offer me payments to add a feature, then I'll consider it but chances are you'll get your feature and I'll take the money. If you offer me money to insert something malicious, I will refuse, or maybe I'll consider accepting the money and not giving you what you asked for because what you asked for is illegal anyway, but chances are the risk is high enough that I just won't bother. If I'm evil enough to add a backdoor just because someone will pay me to do it, I'm not going to care whether they donated last year; I'm just going to ask how much they'll give me for access to the users.

      The fact that they received a donation before getting the bribe to add malware to the code doesn't make them any more beholden to the donor. In fact, having that donation makes them less desperate for funds, so they are less likely to accept such an offer. I see no reason to expect any connection between the two things.

    2. Conor Stewart

      Re: The trouble with money

      Not even going as far as backdoors just companies expecting the developers to do what the company wants and using money like you described to try and force the developer to do what they want.

      1. doublelayer Silver badge

        Re: The trouble with money

        That's probably true, but I don't mind that. If a company wants to pay me to build in a feature, as long as that feature doesn't harm other users, I don't have a problem raising it in the list. Sure, it may not be the most commonly requested feature, but the chances are that, even with the extra development, the funding is going to provide users with more maintenance and features they used. If they tried to use the funding to break things, that would be different, but as long as it's something like fixing the bug that affects what they want to do more quickly, I am fine with it. In the same way, if they pay one of their employees to contribute to it and that employee mostly contributes things that company wants, that also works for me.

        1. Conor Stewart

          Re: The trouble with money

          For the most part I agree with you, but I do still believe it could be used badly. Even just a project being taken in a direction that isn't beneficial for most people or in the original purpose of the project just because a company is giving the developer money. At what point does it just become writing code for the company?

          It all depends on the integrity, stability and judgement of the developer. I could see it happen quite easily, a company threatens to pull funding that the developer needs to continue or sustain themselves if the developer doesn't do what the company wants.

          I can also see it turning into a competition between companies. They each try to donate more than the others to try and get priority on their requests. If could be very good money for the developer but it may not be worth it.

          1. doublelayer Silver badge

            Re: The trouble with money

            I don't have problems with any of those things. For example:

            "At what point does it just become writing code for the company?"

            At the point where the code is no longer available to everyone without added restrictions, or in other words if it stops being open source. Otherwise, yes, its development is being driven by the company, but I can still take any bits that are useful to me. Of course, they could make something where I no longer value what they've made, but that's not only the case for company-supported open source. There are lots of projects that I find completely useless, but they're still useful to someone else.

            "a company threatens to pull funding that the developer needs to continue or sustain themselves if the developer doesn't do what the company wants."

            Absolutely that can happen, and it could be a problem. However, being open source, this is when I fork, tell the developer that they've messed up horribly and won't get any donations, and tell everyone about it. The company will get their version and most people will run something else. If it was a proprietary project in the same condition, I couldn't do that. Also, I've seen that happen several times and, if the company is paying for development, then it's less likely. The times I've seen it are when an open source developer has grown tired of maintaining their project for little or no money so they just sell the name and copyright and the buyer does something bad to it. Nearly every time, that ends in a fork about five days later. But if the original developer had been paid to write something, they probably wouldn't have sold it.

            "I can also see it turning into a competition between companies. They each try to donate more than the others to try and get priority on their requests. If could be very good money for the developer but it may not be worth it."

            This sounds like the dream to me. You can pick features based on your concept of how much you want the feature and how much they're paying. If there are so many people eager to pay people to develop, you could find others to get familiar with the code, either people who are interested in earning some money as an open source maintainer or an employee. If that keeps up, that project is likely to be pretty healthy unless the changes they're paying for are detrimental in themselves. In most of the cases we're talking about, they're asking for a feature they want to run, which means at least they think it's a good idea. If I, as an author, decide that it is a bad idea but I want the money, then I can design the feature to be easily disabled. They use one compiler switch and get the feature, so they can have it and I get paid. You can omit the switch and build a version without the feature so you don't have to use it. It's always possible for someone to try to sabotage a project like that, but it is an expensive way of going about it and easily thwarted, so I doubt it's very common.

    3. anonymous boring coward Silver badge

      Re: The trouble with money

      Well, it's open source...

      If you want to add backdoors, you better not do it in open source,

  14. Bitsminer Silver badge

    Bug bounties yes, code bounties no?

    Some big companies will pay very big dollars as bug bounties for open source software.

    Other than Google Summer of Code, is there anybody else paying for actual working code from independent developers? (And no, RedHat employees don't count.)

  15. MSArm

    Open source confusion yet again

    The open source license is so badly thought out and worded, no wonder people get confused

    1. David 132 Silver badge
      Facepalm

      Re: Open source confusion yet again

      Yes, you're absolutely right. There is only one "Open Source license" in existence, no more than that, and it is so carelessly written that it has been ripped to shreds time and again even by concussed paralegals.

      Oh, wait, no.

      There are dozens of open source / FOSS / software libre licences, of which the GPL is merely the best known.

      And in its 35 years of existence, it has survived all legal challenges and the slings and arrows of the finest FUD that closed-source interests can throw at it.

      Look, if you're going to troll - and everyone needs a hobby - at least try to be a little more creative and subtle.

    2. anonymous boring coward Silver badge

      Re: Open source confusion yet again

      May I suggest not commenting on things you know nothing about?

  16. Geoff Campbell Silver badge
    Windows

    ROFL!

    So the FOSS community (or, y'know, some small subset of it, anyway) just became Bill Gates c.1976? https://en.wikipedia.org/wiki/An_Open_Letter_to_Hobbyists

    It's open source. If you don't want it to be used commercially, pick a non-commercial licence. If you want to be paid for writing it, well, I've got some bad news for you...

    I quite regularly pay for FOSS stuff that I use, because I feel it is right to do so, I should add. No doubt that won't stop the unthinking down-votes that are about to rain down on me.

    GJC

  17. xyz123 Silver badge

    if your open source VITAL LIBRARY maintainer is short on cash, they may sell their account to Russia or Chinese interests......

    So make sure they don't need to.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like