Why not make Cloudron fully open source again?
-
I've been blown away by how totally awesome Cloudron is (both in terms of how great the platform is, but also how great the community is, and how incredibly productive and responsive @girish and @nebulon are) since I first decided to give a try just 6 months ago. Thank you for creating something wonderful.
Given this incredibly positive experience, I have understandably been actively promoting Cloudron whenever an opportunity to do so presents itself (I've already generated
915 referrals ).However, recently I was called out on Mastodon for sharing my referral code, which led to quite a few more discussions about Cloudron (and especially about the not-fully-open-source nature of Cloudron) both on Mastodon and elsewhere.
I have to admit, I think many of the criticisms, concerns and perspectives people shared with me are valid and as a result I have begun to be less enthusiastic in my promotion of Cloudron (and even ever so mildly concerned about my continued use of it too).
Therefore, I'd really like to hear @girish and @nebulon's answers to these two questions:
- Why is the Cloudron front end proprietary? but, moreover,
- What would need to be in place in order to convince you both to make ALL of Cloudron open source again?
(because I would love, love, LOVE, this to happen! AND it'd be really GREAT PR for 6.0! ).
The answer to my first question has to some degree already been answered...
Back on Monday 29 August 2016, Cloudron was fully open sourced! Hooray!
But, as noted by @ryangorley in his post asking "Cloudron no longer AGPL?", the licence was changed in GitLab on 26 February 2019:
a blog post (https://cloudron.io/blog/2016-08-29-opensource.html) dated 29 August 2016 announcing that Cloudron was being distributed with an AGPL license. At the top was a notice added 28 March 2018 indicating that Cloudron was no longer advertising open source, but was still being developed in the open. It did not indicate any license change. Then I found that the license had in fact changed in GitLab on 26 February 2019.
Some people realise this but just accept the compromise:
Like when @ruihildt recently wrote:
FYI, not all Cloudron code is open source (FOSS).
I'm not happy about it, but it's a comprise I can take, like so many others I have already in my life.Other people seemingly still think/ assume Cloudron is still open source:
Just a week ago, @marcusquinn said in Scaling / High Availability Cloudron Setup:
Clouron is open-source
@girish said in Cloudron no longer AGPL? (my emphasis added):
The technical reason is that the code base has subscription, appstore and sign up logic. It's unclear what the license should be if it requires the cloudron.io service to work. The non-technical reason is that we were spending too much time explaining why we call ourselves opensource and charge for it. To put an end to such conversations (many of them very hurtful), we just stopped calling ourselves opensource as as early as 2017. I don't know of an easy solution to this.
And in one of the threads on Mastodon, a Cloudron dev said (again, my emphasis added):
Cloudron is attempting to enable people with lesser technical knowledge to get apps running and most importantly updated, backed up and secured"
and:
most of our work goes into reliable, reproducible app updates
And later on in the same thread Cloudron devs go on to describe their desire to create:
a sustainable product with support
And:
We believe more into source available for trust and validation reasons bundled with a business model which is sustainable to ensure continuity for users and one which does not rely on external investment or other means to pay for dev. We have seen sandstorm failing, everyone looses out.
My personal opinion: Ideally we all have the luxury to develop all this for free, but sadly at least I don't. And we have tried patreon style.So, to summarise, and correct me if I'm wrong @girish and @nebulon, but it would appear to me that the primary reason given for why Cloudron is not fully open source is simply because:
the business model is to sell subscriptions in order to fund ongoing development, updates and support.
Assuming I'm not wrong(?), this really confuses me, because I don't understand why Cloudron being fully open source would stop Cloudron from selling subscriptions for updates and support?
Indeed, selling subscriptions for updates and support is pretty much exactly the same business model as the first one-billion dollar (now nearly $4B) open-source company in the world, and one of the most successful open source companies of all time: RedHat:
Red Hat sells subscriptions for the support, training, and integration services that help customers in using their open-source software products. Customers pay one set price for unlimited access to services such as Red Hat Network (makes updates, patches, and bug fixes of packages included within Red Hat Linux and Red Hat Enterprise Linux available to subscribers) and up to 24/7 support.
This was also one of the points raised on Mastodon:
"Choosing a FOSS license does not impact your ability to have a subscription service."
It was also made previously on this forum too:
@gabrielcossette said in Cloudron no longer AGPL?:
It should be pretty simple for customers to understand, they are paying for a service of maintenance and support (indirectly funding the development of the core product). That is no different than let's say a WordPress maintenance service to have plugins/themes kept up-to-date by a company.
So, to rephrase my first question to @girish and @nebulon
- What exactly is it about Cloudron and/or the AGPL that leads you to the conclusion that if Cloudron were fully AGPL licensed you would be unable to continue with your sustainable business model of selling subscriptions for updates and support?
And to repeat my second question:
- What would need to be in place in order to convince you both to make ALL of Cloudron open source again?
(because I would love, love, LOVE, this to happen! AND it'd be really GREAT PR for 6.0! ).
From my perspective, I really cannot see any real reason why Cloudron could not continue to sell subscriptions for updates and support whilst being fully AGPL.
I certainly would not cancel my subscription! Indeed, I'd be considerably more likely to purchase an annual one (or even a 3 year subscription if that were even an option!)
Far from cancelling my subscription, if Cloudron it were to become fully open source again I'd get all excited and go on a giant Cloudron promotion spree that would no doubt generate lots more subscriptions too! (quite likely including additional subscriptions from people who've expressed their concerns to me about the licencing, and many other like minded people too).
So, here's a few additional question to all my fellow Cloudron subscribers:
- Would you stop subscribing for updates and support if Cloudron were AGPL?
- Or would you be even more inclined to invest even more in Cloudron?
- Might you, for example, be willing/ able commit to taking out a 3+ year Cloudron subscription, if that would help @girish and @nebulon feel comfortable going full open source again?
Upvote and comment to let us all know!
Many thanks in advance to everyone, especially to @girish and @nebulon for creating such a great platform and community (and for your forthcoming answers too, of course )
-
Thanks for your elaborate post, we will answer in more detail, but till that, maybe the reversed question could also be asked to add more context your question: What are the hoped for benefits for users to have Cloudron under some open source license?
Please note that the code as such is source available, so there is no benefit from an introspection and code verification point of view at least. -
Thanks @nebulon for the quick response, looking forward to the more detailed one
I was going to add more details about why I'd love Cloudron to be fully open source, but I figured the post was too long already!
I'll similarly answer in more detail when I get the chance...
-
@nebulon If I understand the dynamics introduced by an open source licence like AGPL, someone having the access to the source code, and in fact having the source code, does not make them a "user" of Cloudron. They simply have the software and can install it and do whatever. But when they have problems, as they surely will because of Docker, where will they turn to? Most likely the original creators of the software... and when you and @girish can't help because of other time constraints, I can imagine the complaints and badmouthing that would follow. This would potentially have the effect of Cloudron (the subscription service) getting a bad name, losing customers, and eventually going out of business. So it makes sense to me that you've tightened up the licence so that the amazing user experience can remain intact and manageable.
I am not an open source purist, starting from the fact that I have no control over the VPS I rent on which I run Cloudron. It is, as someone in your chats said, a compromise for a purist. For the rest of us who don't want to pay an opaque behemoth company anything, Cloudron is simply the best. And it has the open source spirit, if not the correct licence on every bit of code. And importantly, the software actually works, a theme that I've repeated a few times on different threads. I applaud the Cloudron team for making decisions to enable them to keep the software open AND working.
-
@nebulon I can't speak for @jdaviescoates, but I would point out just 4 benefits:
- Greater Contributions. With a source available, but proprietary license, anyone who contributes a bug fix or feature immediately loses license to their own work, or at least would have to in order for Cloudron to be able to enforce its license and copyright. Aside from the potential legal mess, this is almost certainly a deterrent to substantial outside contributions. An open source license makes Cloudron much more enticing to contribute to.
- Benefits of Broad Adoption. Those willing to do the work to run their own Cloudron instance from the source code may have been loud, but they weren't likely customers to begin with. While not paying, these potential users do offer some benefits. They're more likely to provide good bug reports, patches, and answers to community questions. Even while promoting the free use of Cloudron, they are reaching an audience you would otherwise have to pay to reach. Even if the vast majority of users were to use Cloudron for free, as I suspect the majority of Nextcloud users do, in volume it really becomes a net benefit to Cloudron.
- Long-Term Assurance. The choice to self-host one's own infrastructure can be stressful. It becomes less stressful when you know that the software your using is open source and will be viable as long as there is a community willing to keep it going. This is one reason open source users become such loud advocates. They want that thriving community to live on forever, in a way they can't necessarily ensure a company will.
- Part of a Bigger Cause. I like you @nebulon and @girish. I like what you have made, and I hope you succeed, probably more so than most companies I buy products/services from. But at the end of the day you are a company. People like companies, they support causes. It's hard for me to express how when Cloudron went from open source to proprietary it changed my feelings. I still tell people about it and have tried to make important strategic introductions. But I don't donate my time to Cloudron like I do Inkscape. I don't extol the virtues of Cloudron over all other proprietary solutions, like I do Nextcloud. Supporting a company selling a proprietary solution is just not the same as supporting a company that is part of a bigger cause. Cloudron has the potential to be part of that cause. I want it to be open source.
Addendum: This is all said with full awareness that you need and deserve to get paid. Don't listen to anyone who expects anything otherwise. For the reasons stated above, and others, I think you can still make a living and perhaps even a better living releasing software with an open source license.
-
I'm a fan of open source and certainly encourage it with my team - but it comes with overhead and responsibilities beyond working on the actual product, so it's not something to take on lightly or without expectation for the time-costs in managing that.
On the flip-side open-source is infinite almost free referral marketing.
From a business point of view, I would think that hosts themselves should be the primary target for sponsorship since the more that can offer Cloudron, the broader their potential customer-base and those customers subscription to their resources.
If Cloudron.io were able to Terraform the Cloudron instances to popular hosts and then the cloudron.io site was the only way to manage multiple hosts with a subscription, I could see value in that because the subscription costs is still less than the time-costs being saved.
I'm fine with hybrid models, we can hire developers to fix issues if they have a higher priority for us than you guys but also it is important to me that the platform commitments we make have a sustainable business model to remain motivated and evolving as needs arise.
Your work, your choice, either way big kudos for what you've already done and thanks for saving me a ton of time and money already!
-
We are all a pretty tight community at this point, but putting aside the reddit and mastodon "external" comments for a minute... Ive been a cloudron user, customer & supporter since the beta & was mainly drawn to the platform for its Open Source solution....when that changed I understood the reasoning, calculated the positives & they simply outweighed the negatives. Has that move been "BAD" ? maybe in terms of some "adoption" but my point is that I would have and always will pay for the value @girish & @nebulon are providing!! So, YES it would be ideal for Cloudron to be fully open source...For me its a matter of "Principal"... The amount of people who would actually roll out their own implementation without support are far and in-between. Myself & others I am sure are literally going out of our way to sell this platform/solution for both of our sake... Personally I would prefer that we go with the Red Hat model over the SFDC model. Regardless I'm here for the ride & appreciate everything ya'll are doing. +1
-
Some notes to add on this:
- GPL v3 covers commercial interests nicely and ensure any additions or modifications must also remain open and therefore available back to yourself to choose to include or not as you wish without cost or consequence.
- Include your website link and email in your copyright notice, since the licence specifies that the copyright notice must always remain in-tact and included, to make sure every copy and version links back to yourselves as the originator.
-
@marcusquinn said in Why not make Cloudron fully open source again?:
GPL v3 covers commercial interests nicely
Yes, but only when the other party offers downloads of the product. Not when it's only hosted publicly (the installed product). In the latter case agpl would ensure that code is being made available.
But usually and honesty a lot people (if they contribute or not) only care about the freedom aspect, and there gpl or agpl are not sufficient enough for some people.
In essence, the type of license should also be dependent on the audience of developers you want to attract by at.
-
The value of Cloudron and why we pay a license is the appstore. So my naive person think that changing the platform code back to free software wouldn't affect negatively Cloudron business model.
It seems to me part of the reasoning to the license change was there wasn't much contribution to the platform anyway. I believe the same argument can be used to change it back to free software.
I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.Moving Cloudron back to free software would bring much needed positivity to 2020.
-
@ruihildt said in Why not make Cloudron fully open source again?:
I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.I totally agree with this part. More than that, I would never have picked up Cloudron at all at the beginning if it weren't open source.
And as to contributions, I am the author of one of these rare contributions ^^ (to make the platform compatible with the OpenVPN app), and I would definitely not have contributed if it were not open source.
TLDR: I am 100% in favor of switching back to an open source licence.
(As for the precise licence, I do not really care, be it MIT, Apache, GPL, AGPL ... whatever.)
-
Given the nature of the responsibility of the Cloudron system, security is the biggest aspiration for me from open-source, along with a security reporting process that allows for private communication of any issues found.
I recommend including this somewhere on your site:
https://www.zerodayinitiative.com/advisories/disclosure_policy/
My page own open-source on our own platform (WP&Woo stack) for interest:
https://brandlight.org/i/transparency/proudly-open-source/
Although we haven't open-sourced that whole stack yet, it's planned.
-
As for security issues to have a private conversation, please see https://cloudron.io/security.html
Also as mentioned earlier, we do share the view that it is useful to introspect the code to see what is happening on your server, this is already achieved by our source-available policy, so feel free to audit that in the git repo.
-
As could probably be gleaned from my previous posts, Iβd love to contribute to the code. Adding an option for disabling unsafe backup notifications, adding support for inter-app network communication (so my OpenVPN Client Cloudron app Iβm buildingβs network can be used by any Cloudron app with a quick restart of the app), adding multiple domains for Wordpress Multisite, etc.
I do feel a little bound to the main developers roadmap when Iβm loving Cloudron more and more with each update. Some fixes are just mere nice-to-have (the option to disable unsafe backup notifications), but some are necessary features I need. Iβm no stranger to building what I need for myself and then letting others benefit from it. But a pull request for these features is impossible if itβs now closed / proprietary. Which, by the way, I totally understand. I just wish I could contribute to the project my main features so the developers donβt have to do so (eventually) and I can get what I need as soon as I need it.
I honestly didnβt know there was a GIT somewhere for Cloudron so I can at least start browsing the code to get familiar with it.
-
@Lonk Here's the code : https://git.cloudron.io/cloudron/box
I think the cloudron team still accepts Merge Requests, even if it's not Open Source, as long as you sign a contributor's agreement (https://cla.cloudron.io/)
-
Everyone contributing in the forums, codebase and apps are heroes!
I wish I could get more involved on that side but the next best I can do is keep telling every developer I work with and know online about it to try it, and get you more developer users β because I think we all can see the value in both the platform and this community.
I shudder to think of doing all that Cloudron does any other way now, and have been through pretty much every way of doing Sys Admin in 20+ years of tech.
-
@marcusquinn I love being a developer user myself. Contributing to the code that I'm using to run my web apps (custom or otherwise) I find very fulfilling. I followed @mehdi's advice and submitted the contributors agreement so I hope to contribute to Cloudron in a meaningful way. οΈ
-
@Lonk Nice. I work with a team of 10 devs, mostly WP & Woo but inevitably the full stack & dev-ops. They have a good 1,000+ ticket backlog from me on feature development but I've been introducing Cloudron for peripherals apps for now, like Bitwarden, PrivateBin, NextCloud, Email etc.
We'll definitely be getting more involved, the incentive I always try to work with is that all our team owns the codebase, so everyone benefits from the collective. I always try to make what we do portable, so anyone could fork & run with it at any time but the greater incentive to collaborate is in the experience of the team.
As a separate project I'm looking at starting an open-source tech fund looking to invest in things like this directly or indirectly with sponsored development. Just matching investors to their tech appetites, returns expectations, and overall business models we have as users of the stuff we develop among our team and with other communities.
Recommend following Sahil, on Twitter the creator of Gumroad, he has lots of experience and commentary on this subject.
-
Just a thought for the business-model side of open-source because as much as I love and promote open-source, I always look at what the business model is behind it. Any software choice is a long-term commitment and I want to know that progress is motivated and sustainable.
Partner programs / subscription levels. Odoo has a good example of this. The return on investment for the Partners being implementation referrals.
Sponsored development.
Affiliate deals
Hosts referral revenue share
Hosting service
Many of the FOSS apps included with Cloudron use this model.As I say, just thoughts, with the utmost respect for all that the team here do and it's their work to do with as they see best and whatever works for the schedules they have and generously share with us.