Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Why not make Cloudron fully open source again?



  • I've been blown away by how totally awesome Cloudron is (both in terms of how great the platform is, but also how great the community is, and how incredibly productive and responsive @girish and @nebulon are) since I first decided to give a try just 6 months ago. Thank you for creating something wonderful.

    Given this incredibly positive experience, I have understandably been actively promoting Cloudron whenever an opportunity to do so presents itself (I've already generated 9 referrals 😄 ).

    However, recently I was called out on Mastodon for sharing my referral code, which led to quite a few more discussions about Cloudron (and especially about the not-fully-open-source nature of Cloudron) both on Mastodon and elsewhere.

    I have to admit, I think many of the criticisms, concerns and perspectives people shared with me are valid and as a result I have begun to be less enthusiastic in my promotion of Cloudron (and even ever so mildly concerned about my continued use of it too).

    Therefore, I'd really like to hear @girish and @nebulon's answers to these two questions:

    1. Why is the Cloudron front end proprietary? but, moreover,
    2. What would need to be in place in order to convince you both to make ALL of Cloudron open source again?
      (because I would love, love, LOVE, this to happen! AND it'd be really GREAT PR for 6.0! 😉 ).

    The answer to my first question has to some degree already been answered...

    Back on Monday 29 August 2016, Cloudron was fully open sourced! Hooray! 👏

    Some people realise this but just accept the compromise:

    Like when @ruihildt recently wrote:

    FYI, not all Cloudron code is open source (FOSS).
    I'm not happy about it, but it's a comprise I can take, like so many others I have already in my life.

    Other people seemingly still think/ assume Cloudron is still open source:

    Just a week ago, @marcusquinn said in Scaling / High Availability Cloudron Setup:

    Clouron is open-source

    But, as noted by @ryangorley in his post asking "Cloudron no longer AGPL?", the licence was changed in GitLab on 26 February 2019:

    a blog post (https://cloudron.io/blog/2016-08-29-opensource.html) dated 29 August 2016 announcing that Cloudron was being distributed with an AGPL license. At the top was a notice added 28 March 2018 indicating that Cloudron was no longer advertising open source, but was still being developed in the open. It did not indicate any license change. Then I found that the license had in fact changed in GitLab on 26 February 2019.

    In response @girish said in Cloudron no longer AGPL? (my emphasis added):

    The technical reason is that the code base has subscription, appstore and sign up logic. It's unclear what the license should be if it requires the cloudron.io service to work. The non-technical reason is that we were spending too much time explaining why we call ourselves opensource and charge for it. To put an end to such conversations (many of them very hurtful), we just stopped calling ourselves opensource as as early as 2017. I don't know of an easy solution to this.

    And in one of the threads on Mastodon, a Cloudron dev said (again, my emphasis added):

    Cloudron is attempting to enable people with lesser technical knowledge to get apps running and most importantly updated, backed up and secured"

    and:

    most of our work goes into reliable, reproducible app updates

    And later on in the same thread Cloudron devs go on to describe their desire to create:

    a sustainable product with support

    And:

    We believe more into source available for trust and validation reasons bundled with a business model which is sustainable to ensure continuity for users and one which does not rely on external investment or other means to pay for dev. We have seen sandstorm failing, everyone looses out.
    My personal opinion: Ideally we all have the luxury to develop all this for free, but sadly at least I don't. And we have tried patreon style.

    So, to summarise, and correct me if I'm wrong @girish and @nebulon, but it would appear to me that the primary reason given for why Cloudron is not fully open source is simply because:

    the business model is to sell subscriptions in order to fund ongoing development, updates and support.

    Assuming I'm not wrong(?), this really confuses me, because I don't understand why Cloudron being fully open source would stop Cloudron from selling subscriptions for updates and support?

    Indeed, selling subscriptions for updates and support is pretty much exactly the same business model as the first one-billion dollar (now nearly $4B) open-source company in the world, and one of the most successful open source companies of all time: RedHat:

    Red Hat sells subscriptions for the support, training, and integration services that help customers in using their open-source software products. Customers pay one set price for unlimited access to services such as Red Hat Network (makes updates, patches, and bug fixes of packages included within Red Hat Linux and Red Hat Enterprise Linux available to subscribers) and up to 24/7 support.

    This was also one of the points raised on Mastodon:

    "Choosing a FOSS license does not impact your ability to have a subscription service."

    It was also made previously on this forum too:

    @gabrielcossette said in Cloudron no longer AGPL?:

    It should be pretty simple for customers to understand, they are paying for a service of maintenance and support (indirectly funding the development of the core product). That is no different than let's say a WordPress maintenance service to have plugins/themes kept up-to-date by a company.

    So, to rephrase my first question to @girish and @nebulon

    1. What exactly is it about Cloudron and/or the AGPL that leads you to the conclusion that if Cloudron were fully AGPL licensed you would be unable to continue with your sustainable business model of selling subscriptions for updates and support?

    And to repeat my second question:

    1. What would need to be in place in order to convince you both to make ALL of Cloudron open source again?
      (because I would love, love, LOVE, this to happen! AND it'd be really GREAT PR for 6.0! 😉 ).

    From my perspective, I can not really see any really reason why Cloudron could not continue to sell subscriptions for updates and support whilst being fully AGPL.

    I certainly would not cancel my subscription! Indeed, I'd be considerably more likely to purchase an annual one (or even a 3 year subscription if that were even an option!)

    Far from cancelling my subscription, if Cloudron it were to become fully open source again I'd get all excited and go on a giant Cloudron promotion spree that would no doubt generate lots more subscriptions too! (quite likely including additional subscriptions from people who've expressed their concerns to me about the licencing, and many other like minded people too).

    So, here's a few additional question to all my fellow Cloudron subscribers:

    • Would you stop subscribing for updates and support if Cloudron were AGPL?
    • Or would you be even more inclined to invest even more in Cloudron?
    • Might you, for example, be willing/ able commit to taking out a 3+ year Cloudron subscription, if that would help @girish and @nebulon feel comfortable going full open source again?

    Upvote and comment to let us all know! 🙂

    Many thanks in advance to everyone, especially to @girish and @nebulon for creating such a great platform and community (and for your forthcoming answers too, of course 😉 ) 🙂


  • Staff

    Thanks for your elaborate post, we will answer in more detail, but till that, maybe the reversed question could also be asked to add more context your question: What are the hoped for benefits for users to have Cloudron under some open source license?
    Please note that the code as such is source available, so there is no benefit from an introspection and code verification point of view at least.



  • Thanks @nebulon for the quick response, looking forward to the more detailed one 🙂

    I was going to add more details about why I'd love Cloudron to be fully open source, but I figured the post was too long already! 😛

    I'll similarly answer in more detail when I get the chance... 🙂



  • @nebulon If I understand the dynamics introduced by an open source licence like AGPL, someone having the access to the source code, and in fact having the source code, does not make them a "user" of Cloudron. They simply have the software and can install it and do whatever. But when they have problems, as they surely will because of Docker, where will they turn to? Most likely the original creators of the software... and when you and @girish can't help because of other time constraints, I can imagine the complaints and badmouthing that would follow. This would potentially have the effect of Cloudron (the subscription service) getting a bad name, losing customers, and eventually going out of business. So it makes sense to me that you've tightened up the licence so that the amazing user experience can remain intact and manageable.

    I am not an open source purist, starting from the fact that I have no control over the VPS I rent on which I run Cloudron. It is, as someone in your chats said, a compromise for a purist. For the rest of us who don't want to pay an opaque behemoth company anything, Cloudron is simply the best. And it has the open source spirit, if not the correct licence on every bit of code. And importantly, the software actually works, a theme that I've repeated a few times on different threads. I applaud the Cloudron team for making decisions to enable them to keep the software open AND working.



  • @nebulon I can't speak for @jdaviescoates, but I would point out just 4 benefits:

    • Greater Contributions. With a source available, but proprietary license, anyone who contributes a bug fix or feature immediately loses license to their own work, or at least would have to in order for Cloudron to be able to enforce its license and copyright. Aside from the potential legal mess, this is almost certainly a deterrent to substantial outside contributions. An open source license makes Cloudron much more enticing to contribute to.
    • Benefits of Broad Adoption. Those willing to do the work to run their own Cloudron instance from the source code may have been loud, but they weren't likely customers to begin with. While not paying, these potential users do offer some benefits. They're more likely to provide good bug reports, patches, and answers to community questions. Even while promoting the free use of Cloudron, they are reaching an audience you would otherwise have to pay to reach. Even if the vast majority of users were to use Cloudron for free, as I suspect the majority of Nextcloud users do, in volume it really becomes a net benefit to Cloudron.
    • Long-Term Assurance. The choice to self-host one's own infrastructure can be stressful. It becomes less stressful when you know that the software your using is open source and will be viable as long as there is a community willing to keep it going. This is one reason open source users become such loud advocates. They want that thriving community to live on forever, in a way they can't necessarily ensure a company will.
    • Part of a Bigger Cause. I like you @nebulon and @girish. I like what you have made, and I hope you succeed, probably more so than most companies I buy products/services from. But at the end of the day you are a company. People like companies, they support causes. It's hard for me to express how when Cloudron went from open source to proprietary it changed my feelings. I still tell people about it and have tried to make important strategic introductions. But I don't donate my time to Cloudron like I do Inkscape. I don't extol the virtues of Cloudron over all other proprietary solutions, like I do Nextcloud. Supporting a company selling a proprietary solution is just not the same as supporting a company that is part of a bigger cause. Cloudron has the potential to be part of that cause. I want it to be open source.

    Addendum: This is all said with full awareness that you need and deserve to get paid. Don't listen to anyone who expects anything otherwise. For the reasons stated above, and others, I think you can still make a living and perhaps even a better living releasing software with an open source license.



  • I'm a fan of open source and certainly encourage it with my team - but it comes with overhead and responsibilities beyond working on the actual product, so it's not something to take on lightly or without expectation for the time-costs in managing that.

    On the flip-side open-source is infinite almost free referral marketing.

    From a business point of view, I would think that hosts themselves should be the primary target for sponsorship since the more that can offer Cloudron, the broader their potential customer-base and those customers subscription to their resources.

    If Cloudron.io were able to Terraform the Cloudron instances to popular hosts and then the cloudron.io site was the only way to manage multiple hosts with a subscription, I could see value in that because the subscription costs is still less than the time-costs being saved.

    I'm fine with hybrid models, we can hire developers to fix issues if they have a higher priority for us than you guys but also it is important to me that the platform commitments we make have a sustainable business model to remain motivated and evolving as needs arise.

    Your work, your choice, either way big kudos for what you've already done and thanks for saving me a ton of time and money already!



  • We are all a pretty tight community at this point, but putting aside the reddit and mastodon "external" comments for a minute... Ive been a cloudron user, customer & supporter since the beta & was mainly drawn to the platform for its Open Source solution....when that changed I understood the reasoning, calculated the positives & they simply outweighed the negatives. Has that move been "BAD" ? maybe in terms of some "adoption" but my point is that I would have and always will pay for the value @girish & @nebulon are providing!! So, YES it would be ideal for Cloudron to be fully open source...For me its a matter of "Principal"... The amount of people who would actually roll out their own implementation without support are far and in-between. Myself & others I am sure are literally going out of our way to sell this platform/solution for both of our sake... Personally I would prefer that we go with the Red Hat model over the SFDC model. Regardless I'm here for the ride & appreciate everything ya'll are doing. ✌🖤+1



  • Some notes to add on this:

    • GPL v3 covers commercial interests nicely and ensure any additions or modifications must also remain open and therefore available back to yourself to choose to include or not as you wish without cost or consequence.
    • Include your website link and email in your copyright notice, since the licence specifies that the copyright notice must always remain in-tact and included, to make sure every copy and version links back to yourselves as the originator.


  • @marcusquinn said in Why not make Cloudron fully open source again?:

    GPL v3 covers commercial interests nicely

    Yes, but only when the other party offers downloads of the product. Not when it's only hosted publicly (the installed product). In the latter case agpl would ensure that code is being made available.

    But usually and honesty a lot people (if they contribute or not) only care about the freedom aspect, and there gpl or agpl are not sufficient enough for some people.

    In essence, the type of license should also be dependent on the audience of developers you want to attract by at.



  • The value of Cloudron and why we pay a license is the appstore. So my naive person think that changing the platform code back to free software wouldn't affect negatively Cloudron business model.

    It seems to me part of the reasoning to the license change was there wasn't much contribution to the platform anyway. I believe the same argument can be used to change it back to free software. 😄

    I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
    It has in effect changed my relation to the project, from an invested advocate to a simple client.

    Moving Cloudron back to free software would bring much needed positivity to 2020. 😉



  • @ruihildt said in Why not make Cloudron fully open source again?:

    I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
    It has in effect changed my relation to the project, from an invested advocate to a simple client.

    I totally agree with this part. More than that, I would never have picked up Cloudron at all at the beginning if it weren't open source.

    And as to contributions, I am the author of one of these rare contributions ^^ (to make the platform compatible with the OpenVPN app), and I would definitely not have contributed if it were not open source.

    TLDR: I am 100% in favor of switching back to an open source licence.

    (As for the precise licence, I do not really care, be it MIT, Apache, GPL, AGPL ... whatever.)



  • Given the nature of the responsibility of the Cloudron system, security is the biggest aspiration for me from open-source, along with a security reporting process that allows for private communication of any issues found.

    I recommend including this somewhere on your site:

    https://www.zerodayinitiative.com/advisories/disclosure_policy/

    My page own open-source on our own platform (WP&Woo stack) for interest:

    https://brandlight.org/i/transparency/proudly-open-source/

    Although we haven't open-sourced that whole stack yet, it's planned.


  • Staff

    As for security issues to have a private conversation, please see https://cloudron.io/security.html

    Also as mentioned earlier, we do share the view that it is useful to introspect the code to see what is happening on your server, this is already achieved by our source-available policy, so feel free to audit that in the git repo.