41 comments

[ 0.18 ms ] story [ 96.6 ms ] thread
> Some rabid open-source wonks accused Redis Labs of trying to trick the community into thinking that modules were open source, because they used the word “Apache.” (They were reported to be foaming at the mouth while making these accusations, but in fairness it could have been just drool.)

What an incredibly uncivil article. How can one say this when, in basically every HN thread on this subject, it had to be explained to at least one person that this is not an Apache license?

They have done a poor job communicating this license to the community, and this continues the tradition :(

I would like to see the discussion move from the messenger to the idea (now that hopefully everyone actually understand it!). This is a very important topic to figure out.

This is a very important topic to figure out.

IANAL I think there is a very simple solution: use the 'Notice clause' of the Apache 2 License to require cloud users to put some unflattering notice in their documentation:

If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear.

Offer the option to purchase a license to the software without the requirement to display the notice.

Cloud providers aren't actually distributing open source software though unless it is AGPL. So I think this is a good idea, but you also need a better AGPL license too.
I agree that (again IANAL) the clause would have to be extended to something like 'distribute or perform' rather than purely focusing on distribution. But I think it could be a compromise where software can still be fully open source, while calling out cloud providers that are not contributing back (well, actually, they'd have to call out themselves by putting the notice somewhere visibly ;)).

But I don't think they are really listening to other suggestions. This seems to be an effort backed by some VCs with the goal of getting the benefits of open source ('it's just like open source, so please contribute'), while having an exclusive opportunity to monetize 'the commons'.

Thinking about this more, this approach is innovative but awkward. The point of licenses is that they provide a legal basis. "Calling out cloud providers" has no legal basis, but is instead an attempt at societal shaming. Shaming should be achievable without using licenses.

But I would rather have legal licenses than a shaming system. If we want contributions back, lets make a better AGPL. If we don't want cloud providers to sell the software, lets have the Commons Clause (but just don't annoy everyone by prepending Apache).

This was my main takeaway from this article. Very hostile, one-sided review on the issues.
He also avoids mentioning the more common criticism about the name: that it confuses people by sounding like Creative Commons.
This is the part that stuck with me too. After the completely unnecessary parenthetical, I not only think the author is wrong, but also that he is a tone-deaf asshole - and that the group of CEOs (cowardly anonymous for the most part) who worked with him to bring this clause into existence likely exhibit the same trait.
Shared source has existed for a long time. I don't think anyone would have cared if they just modified the Apache license and gave it a new name...

No one should be surprised that programmers react negatively to misleading names and namespace pollution.

Yea it's definitely dismissive of criticism.
When open source became popular, it was designed for practitioners to experiment with and build on, while contributing back to the community. [...] open-source software was never intended for cloud infrastructure companies to take and sell.

Uhm no. If you are using the BSD license or the Apache license, you are explicitly saying: you can use this software as you want, just give me credit, and don't sue me if it does not work. Many companies have used the BSD TCP/IP stack and included it in proprietary software, including the BSD projects. This is something that the non-copyleft open source licenses explicitly permit and has been encouraged by a lot of projects. Using open source software in the cloud is a modern variant of it.

When it comes to copyleft licensing, the goal is that the user of a program or service (in the case of AGPL) can obtain the source code of a program and redistribute it under the same terms.

The goal of open source was never to protect (VC-backed) companies that want to pretent to do open source, but then object when other people earn money with their software.

What you are looking for is a non-open source license, optionally with the possibility to make the source available. That's fine. But please stop hijacking the history of open source and diluting the reputation of open source licenses by calling it Apache 2 License + Commons Clause.

Commons Clause is not open source and had nothing to do with it.

Some rabid open-source wonks accused Redis Labs of trying to trick the community into thinking that modules were open source, because they used the word “Apache.” (They were reported to be foaming at the mouth while making these accusations, but in fairness it could have been just drool.)

What does this poison even do on Hacker News?

I think its useful to have a name of "Apache 2 License + Commons Clause" because 99% of the users will use it as Apache-2.0 rather than sell it as a cloud service.
> 99% of the users will use it as Apache-2.0 rather than sell it as a cloud service.

No, that's the fundamental problem: 0% of the users will “use it as Apache 2.0”; this is not a dual license with Apache 2.0 license and some other license as options, it's a single license which is more restrictive than Apache 2.0.

Practically speaking, how is that different than shipping Apache 2.0 with a NOTICE file? Having to include a notice is more restrictive than Apache 2.0 without a notice. For a cloud provider, there is a real difference, but for a non-cloud provider the NOTICE version is more restrictive.

A question I don't see addressed is: what licensing compatibility issues (for non-cloud providers) are presented by the commons clause?

It's incompatible with all open source licences.
For compatibility with Open Source licenses the Commons Clause is like any other proprietary license: some (e.g. MIT) allow combination, and the result is proprietary, others (e.g. GPL) are entirely incompatible.
Note that representatives of the Apache Foundation have repeatedly requested to not use this misleading naming scheme, which has seemingly been totally ignored.
it is telling that he opens with a factually wrong "fact":

"I have invested in the companies behind many open-source projects: [...] Redis" (linking to RedisLabs' website)

except RedisLabs is NOT "the company behind Redis"

Well, the confusion sure seems intentional.

"On July 15, 2015, the creator of Redis and lead developer, Salvatore Sanfilippo, joined Redis Labs to lead open source development, and Redis Labs became the official sponsor of the open source project."

https://en.wikipedia.org/wiki/Redis_Labs

The author downplays the critical feedback, and raves about the small pieces of positive feedback he got. The feedback on previous HN posts was largely negative though
In my opinion if a company makes software they want to get contributions back there are licenses such as GPL and AGPL, the commons clause just infringes on user freedoms. Thus I think the title is a bit too absolute and thus should be changed to something else.
We've changed the title above to reflect more specifically what the article says. If someone can suggest a better (i.e. more accurate and neutral) title, we can change it again.
I would really like to see some revised approaches to the AGPL (actually open source) that doesn't freak everyone out. Some of the purpose of their commons clause is just because big company lawyers ban AGPL software in large part due to their interpretation of the license which may not even be correct.
The author of the article has invested in Redis Labs.

https://techcrunch.com/author/salil-deshpande/

The author of the article (overtly, as described in the article) organized the Commons Clause effort and the dishonest propaganda of selling it as a rider attached to an open source license by open source firms rather than a proprietary license by firms abandoning open source.
The Commons Clause is a cancer to open source. It is as much as saying: You can use our software however you like, unless you charge someone to host and maintain an environment that runs our software.

In other words, it stifles one of the most powerful tools for increasing the market penetration of open source.

(comment deleted)
In other other words, it isn't free software at all. It's commercial software with source code access and a limited right to free use.
EDIT: You were agreeing with me. Sorry for the misunderstanding. I don't delete my goofups, so I'll let the below remain and take the karma hit.

---

Nonsense. Open Source does not mean, and has never meant, that you get everything for free.

For example, a company wishing to use Postgres in some project has a choice: Setup and manage it themselves, or pay someone to do it for them. That someone may be Amazon in the form of an RDS instance. Or maybe they hire me to setup and manage a traditional VM for them on Amazon's infrastructure. Or maybe they host it themselves, but contract with me to do all of the setup and maintenance so they don't have to. (Please note that despite having the skills for this, I don't do this for anyone but my own company.)

By your logic, any of those options turns Postgres into commercial software that ceases to be free.

By your logic, you are literally telling anyone who wishes to use Postgres: That's great. Just don't you dare to pay someone to do this for you.

How about comparing the cost difference for paying for SQL Server RDS vs. Postgres RDS. For an m4.large instance, the former is $0.977/hr. and the latter is $0.189/hr. Why do you suppose that is?

I feel like duskwuff was violently agreeing with you about the Commons Clause, not arguing against you.
Open source abuse would be complaining someone made money from open source work. DRM is the solution for people who wish to arbitrarily restrict how others use IP.
I can’t read articles from TC - when I scroll, the content disappears and I see like an another article or page. i’m on iOS 12. What is it?
While, I understand the sentiment of not liking companies basically reselling open source software. It does restrict the rights of users on what they can do.

However, I have also never consider GPL entirely open source it restricts someones right to not publish changes they make. It's also definitely a reason some people choose not to use the GPL.

If we want to get philosophical the only true open source license is release code to the public domain. No restrictions/requirements at all.

However, there is one big issue with this "Commons Clause". This section here "whose value derives, entirely or substantially, from the functionality of the Software". Your not allowed to sell services even if you modify it to add some unique features. If those depend substantially on the software. If it just said "entirely" instead also including "substantially". The problem is the word "substantially" is quite vague, and if changes or additions you make can't run without their software which is pretty much any software modifications/modules, scripts ect... that have software licensed under this as a dependency.

Let's say someone licensed an operating system under this license. You develop an application which uses the OS's system calls. Your application does something useful, so you wish to sell it as a service, but because your application can't run without calling those system calls. It may be legally counted as "substantially" deriving value from the licensed software, and you can't sell your own work.

While, I understand some licenses are a compromise of the only license that ensures all freedoms which is public domain. These compromises either tend to try help open source or just ensure that software is free for everyone using it. Since something in public domain can be resold, and the secondary users of that may never know the source code exists. Some just prevent someone else from claiming that they made the software.

However, as I mentioned at the start, I understand why some people do not like the idea of company just taking an open source project and selling it. However, this license goes way too far. It places what I call unreasonable restrictions on the users. It's in need of a major rework.

> No restrictions/requirements at all.

It’s been tried. Unix vendors would take publically available code (MIT’s X Windows), close it off, and prevent system administrators from touching it, or only release it under NDA.

Freedom for the vendors, not for the users.

I did say the following above: "Since something in public domain can be resold, and the secondary users of that may never know the source code exists."

I am quite aware of that issue. All I was saying any license other than public domain puts some sort restriction/requirement on users. Vendors are users too, and ideally they would not try close off open source code. So a good OSS license should unobtrusive, and reasonable to users who are not trying engage in shenanigans. These are obviously restrictions since the license tries to prevent underhanded behavior, but I woulds say a reasonable compromises since we don't live in a perfect world where everyone is honest.

Despite it's confusing name I would say this "commons license" was attempt to stop what they see has underhanded behavior. However, as I said before it's a comprise too large since really does have the potential limit a lot of freedoms. I would say it's anything but unobtrusive.

However, the OP author of the article also appears dismissive or closed to any criticism.

From the article > First, AGPL makes it inconvenient but does not prevent cloud infrastructure providers from engaging in the abusive behavior described above. It simply says that they must release any modifications they make while engaging in such behavior.

Thats the point of Open Source... You can compete right back with all their changes, and your likely to be the most knowledgable about the product.