Why not make Cloudron fully open source again?
-
Thanks for your elaborate post, we will answer in more detail, but till that, maybe the reversed question could also be asked to add more context your question: What are the hoped for benefits for users to have Cloudron under some open source license?
Please note that the code as such is source available, so there is no benefit from an introspection and code verification point of view at least. -
Thanks @nebulon for the quick response, looking forward to the more detailed one
I was going to add more details about why I'd love Cloudron to be fully open source, but I figured the post was too long already!
I'll similarly answer in more detail when I get the chance...
-
@nebulon If I understand the dynamics introduced by an open source licence like AGPL, someone having the access to the source code, and in fact having the source code, does not make them a "user" of Cloudron. They simply have the software and can install it and do whatever. But when they have problems, as they surely will because of Docker, where will they turn to? Most likely the original creators of the software... and when you and @girish can't help because of other time constraints, I can imagine the complaints and badmouthing that would follow. This would potentially have the effect of Cloudron (the subscription service) getting a bad name, losing customers, and eventually going out of business. So it makes sense to me that you've tightened up the licence so that the amazing user experience can remain intact and manageable.
I am not an open source purist, starting from the fact that I have no control over the VPS I rent on which I run Cloudron. It is, as someone in your chats said, a compromise for a purist. For the rest of us who don't want to pay an opaque behemoth company anything, Cloudron is simply the best. And it has the open source spirit, if not the correct licence on every bit of code. And importantly, the software actually works, a theme that I've repeated a few times on different threads. I applaud the Cloudron team for making decisions to enable them to keep the software open AND working.
-
ryangorleywrote on Jul 17, 2020, 10:14 PM last edited by ryangorley Jul 17, 2020, 10:32 PM
@nebulon I can't speak for @jdaviescoates, but I would point out just 4 benefits:
- Greater Contributions. With a source available, but proprietary license, anyone who contributes a bug fix or feature immediately loses license to their own work, or at least would have to in order for Cloudron to be able to enforce its license and copyright. Aside from the potential legal mess, this is almost certainly a deterrent to substantial outside contributions. An open source license makes Cloudron much more enticing to contribute to.
- Benefits of Broad Adoption. Those willing to do the work to run their own Cloudron instance from the source code may have been loud, but they weren't likely customers to begin with. While not paying, these potential users do offer some benefits. They're more likely to provide good bug reports, patches, and answers to community questions. Even while promoting the free use of Cloudron, they are reaching an audience you would otherwise have to pay to reach. Even if the vast majority of users were to use Cloudron for free, as I suspect the majority of Nextcloud users do, in volume it really becomes a net benefit to Cloudron.
- Long-Term Assurance. The choice to self-host one's own infrastructure can be stressful. It becomes less stressful when you know that the software your using is open source and will be viable as long as there is a community willing to keep it going. This is one reason open source users become such loud advocates. They want that thriving community to live on forever, in a way they can't necessarily ensure a company will.
- Part of a Bigger Cause. I like you @nebulon and @girish. I like what you have made, and I hope you succeed, probably more so than most companies I buy products/services from. But at the end of the day you are a company. People like companies, they support causes. It's hard for me to express how when Cloudron went from open source to proprietary it changed my feelings. I still tell people about it and have tried to make important strategic introductions. But I don't donate my time to Cloudron like I do Inkscape. I don't extol the virtues of Cloudron over all other proprietary solutions, like I do Nextcloud. Supporting a company selling a proprietary solution is just not the same as supporting a company that is part of a bigger cause. Cloudron has the potential to be part of that cause. I want it to be open source.
Addendum: This is all said with full awareness that you need and deserve to get paid. Don't listen to anyone who expects anything otherwise. For the reasons stated above, and others, I think you can still make a living and perhaps even a better living releasing software with an open source license.
-
I'm a fan of open source and certainly encourage it with my team - but it comes with overhead and responsibilities beyond working on the actual product, so it's not something to take on lightly or without expectation for the time-costs in managing that.
On the flip-side open-source is infinite almost free referral marketing.
From a business point of view, I would think that hosts themselves should be the primary target for sponsorship since the more that can offer Cloudron, the broader their potential customer-base and those customers subscription to their resources.
If Cloudron.io were able to Terraform the Cloudron instances to popular hosts and then the cloudron.io site was the only way to manage multiple hosts with a subscription, I could see value in that because the subscription costs is still less than the time-costs being saved.
I'm fine with hybrid models, we can hire developers to fix issues if they have a higher priority for us than you guys but also it is important to me that the platform commitments we make have a sustainable business model to remain motivated and evolving as needs arise.
Your work, your choice, either way big kudos for what you've already done and thanks for saving me a ton of time and money already!
-
We are all a pretty tight community at this point, but putting aside the reddit and mastodon "external" comments for a minute... Ive been a cloudron user, customer & supporter since the beta & was mainly drawn to the platform for its Open Source solution....when that changed I understood the reasoning, calculated the positives & they simply outweighed the negatives. Has that move been "BAD" ? maybe in terms of some "adoption" but my point is that I would have and always will pay for the value @girish & @nebulon are providing!! So, YES it would be ideal for Cloudron to be fully open source...For me its a matter of "Principal"... The amount of people who would actually roll out their own implementation without support are far and in-between. Myself & others I am sure are literally going out of our way to sell this platform/solution for both of our sake... Personally I would prefer that we go with the Red Hat model over the SFDC model. Regardless I'm here for the ride & appreciate everything ya'll are doing. +1
-
Some notes to add on this:
- GPL v3 covers commercial interests nicely and ensure any additions or modifications must also remain open and therefore available back to yourself to choose to include or not as you wish without cost or consequence.
- Include your website link and email in your copyright notice, since the licence specifies that the copyright notice must always remain in-tact and included, to make sure every copy and version links back to yourselves as the originator.
-
@marcusquinn said in Why not make Cloudron fully open source again?:
GPL v3 covers commercial interests nicely
Yes, but only when the other party offers downloads of the product. Not when it's only hosted publicly (the installed product). In the latter case agpl would ensure that code is being made available.
But usually and honesty a lot people (if they contribute or not) only care about the freedom aspect, and there gpl or agpl are not sufficient enough for some people.
In essence, the type of license should also be dependent on the audience of developers you want to attract by at.
-
The value of Cloudron and why we pay a license is the appstore. So my naive person think that changing the platform code back to free software wouldn't affect negatively Cloudron business model.
It seems to me part of the reasoning to the license change was there wasn't much contribution to the platform anyway. I believe the same argument can be used to change it back to free software.
I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.Moving Cloudron back to free software would bring much needed positivity to 2020.
-
@ruihildt said in Why not make Cloudron fully open source again?:
I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.I totally agree with this part. More than that, I would never have picked up Cloudron at all at the beginning if it weren't open source.
And as to contributions, I am the author of one of these rare contributions ^^ (to make the platform compatible with the OpenVPN app), and I would definitely not have contributed if it were not open source.
TLDR: I am 100% in favor of switching back to an open source licence.
(As for the precise licence, I do not really care, be it MIT, Apache, GPL, AGPL ... whatever.)
-
Given the nature of the responsibility of the Cloudron system, security is the biggest aspiration for me from open-source, along with a security reporting process that allows for private communication of any issues found.
I recommend including this somewhere on your site:
https://www.zerodayinitiative.com/advisories/disclosure_policy/
My page own open-source on our own platform (WP&Woo stack) for interest:
https://brandlight.org/i/transparency/proudly-open-source/
Although we haven't open-sourced that whole stack yet, it's planned.
-
As for security issues to have a private conversation, please see https://cloudron.io/security.html
Also as mentioned earlier, we do share the view that it is useful to introspect the code to see what is happening on your server, this is already achieved by our source-available policy, so feel free to audit that in the git repo.
-
As could probably be gleaned from my previous posts, I’d love to contribute to the code. Adding an option for disabling unsafe backup notifications, adding support for inter-app network communication (so my OpenVPN Client Cloudron app I’m building’s network can be used by any Cloudron app with a quick restart of the app), adding multiple domains for Wordpress Multisite, etc.
I do feel a little bound to the main developers roadmap when I’m loving Cloudron more and more with each update. Some fixes are just mere nice-to-have (the option to disable unsafe backup notifications), but some are necessary features I need. I’m no stranger to building what I need for myself and then letting others benefit from it. But a pull request for these features is impossible if it’s now closed / proprietary. Which, by the way, I totally understand. I just wish I could contribute to the project my main features so the developers don’t have to do so (eventually) and I can get what I need as soon as I need it.
I honestly didn’t know there was a GIT somewhere for Cloudron so I can at least start browsing the code to get familiar with it.
-
@Lonk Here's the code : https://git.cloudron.io/cloudron/box
I think the cloudron team still accepts Merge Requests, even if it's not Open Source, as long as you sign a contributor's agreement (https://cla.cloudron.io/)
-
marcusquinnwrote on Sep 21, 2020, 6:04 PM last edited by marcusquinn Sep 21, 2020, 6:04 PM
Everyone contributing in the forums, codebase and apps are heroes!
I wish I could get more involved on that side but the next best I can do is keep telling every developer I work with and know online about it to try it, and get you more developer users — because I think we all can see the value in both the platform and this community.
I shudder to think of doing all that Cloudron does any other way now, and have been through pretty much every way of doing Sys Admin in 20+ years of tech.
-
@marcusquinn I love being a developer user myself. Contributing to the code that I'm using to run my web apps (custom or otherwise) I find very fulfilling. I followed @mehdi's advice and submitted the contributors agreement so I hope to contribute to Cloudron in a meaningful way. ️
-
@Lonk Nice. I work with a team of 10 devs, mostly WP & Woo but inevitably the full stack & dev-ops. They have a good 1,000+ ticket backlog from me on feature development but I've been introducing Cloudron for peripherals apps for now, like Bitwarden, PrivateBin, NextCloud, Email etc.
We'll definitely be getting more involved, the incentive I always try to work with is that all our team owns the codebase, so everyone benefits from the collective. I always try to make what we do portable, so anyone could fork & run with it at any time but the greater incentive to collaborate is in the experience of the team.
As a separate project I'm looking at starting an open-source tech fund looking to invest in things like this directly or indirectly with sponsored development. Just matching investors to their tech appetites, returns expectations, and overall business models we have as users of the stuff we develop among our team and with other communities.
Recommend following Sahil, on Twitter the creator of Gumroad, he has lots of experience and commentary on this subject.
-
Just a thought for the business-model side of open-source because as much as I love and promote open-source, I always look at what the business model is behind it. Any software choice is a long-term commitment and I want to know that progress is motivated and sustainable.
Partner programs / subscription levels. Odoo has a good example of this. The return on investment for the Partners being implementation referrals.
Sponsored development.
Affiliate deals
Hosts referral revenue share
Hosting service
Many of the FOSS apps included with Cloudron use this model.As I say, just thoughts, with the utmost respect for all that the team here do and it's their work to do with as they see best and whatever works for the schedules they have and generously share with us.
-
The replies seem to be coming more from developers lately, people who have skills enough to contribute, who also hold strong beliefs about open source. This is good, and by and large it is pleasant to see an overall positive approach to Cloudron.
I am a non-developer, but am also someone who likes the idea and principle of open source. I want to get away from proprietary apps and data lock-in. From my perspective, Cloudron has been an incredible way for me to learn about and access a plethora of open source apps, the delivery of which just works! I hope the various principled devs out there can appreciate a users perspective like mine, and just how radical Cloudron is. I've tried other open source attempts, and frankly they are all lacking in deliverability; checking out their forums reveals not even the devs can figure out what went wrong when something does; and rarely it seems are the project heads in the forums, like the Cloudron Team is, since the resolution of any problem relies on the upstream devs pushing fixes that may or may not come in time. What a mess for a user like myself, and I think there are many many users like myself. I think we are one mid-layer that will help make open source more understandable, reachable, and friendly, to all our non-techy families and friends, they who think only of Skype, Word, Facebook, but themselves are increasingly becoming disgruntled. They will never read certain /r/ nor news.ycombinator.com articles, but they will listen to me when I set up an open source chat instance, using a vanity domain, with email, on Cloudron, and it just works!
Another positive aspect of Cloudron's approach is that they don't try to cloak the open sources apps they offer as though they are something the Cloudron team created. I've come across a few such endeavours, and it worries me when I think there are regions and countries that think ****blog, *****forms, *****pad are all made by *****soft! It verges on deception, even though, after some digging, a user can find out that the software is actually made by other open source efforts. I hope this means that as more people hear about Mastodon, or Element, or booktype, etc., and look for options, they will be led to Cloudron. I for one came because I couldn't for the life of me get Rocket.Chat, Taiga and SOGo all running on the same server, by hand. Not a problem for Cloudron!!
Keep it up!!