Why not make Cloudron fully open source again?
-
@marcusquinn said in Why not make Cloudron fully open source again?:
@necrevistonnezr Yeah, the thread should locked, everyone's had their say now. Developer time is precious. Their work, their choice, their freedom to change and change again. I believe in good work more than I believe in good intentions.
Um, actually, the two most important people @girish and @nebulon have not yet had their say.
And nor have most of the other people who have so far packaged apps for Cloudron.
Moreover, the very first response to this thread was @nebulon who said:
Thanks for your elaborate post, we will answer in more detail,
I'm actually as happy as every one else that they are busy spending their time developing instead of replying here, but I'd still really like to hear that more detailed answer at some point!
And I'd still love to hear what other app packaging contributors think too.
I really don't understand this desire to shut down healthy debate and discussion between members of the Cloudron community.
But sure, if either @girish or @nebulon themselves would like to lock this thread they could of course choose to do so.
-
I think this thread is valuable for @girish and @nebulon - because there are people like us who are passionate about open-source and we all have different reasons why we want to develop for and maintain apps for Cloudron and though I donāt have any issue with āsemi-open-sourceā - I know a lot of other developers that do. Which this discussion and girish's / nebulon's reaction to the entire thread of opinions - may be a way to attract new develoeprs: āCloudron goes fully open sourceā kind of headline.
I will say tho - if Cloudron became closed source I would stop creating apps for it (and I have 5 apps I have in mind to continue to port already)...okay maybe, I'm 50 / 50 on that (I really like Cloudron ). But I couldn't have created the apps I have now without direct access to their very readable and commented source. Though, theyāve made it decently clear thats not what the developers want to do (close the source entirely).
So yeah, I want to continue to hear peopleās passion about their open source software beliefs and how they feel about it in the Cloudron context.
-
@jdaviescoates I went back and read a link you shared, a convo in a Mastodon instance, by someone who seemed to brush away Cloudron's approach and mindset automatically. I wouldn't take that opinion expressed in such a way seriously, especially since they didn't in any way outline exactly how they can see Cloudron managing or limiting access. I mean, the first and most important part of Cloudron is that we host it ourselves on our own servers and backup things to destinations we control.
Somehow the negative viewpoint (not saying this is yours) that Cloudron has benefited off the back of open source projects ignores all that it conversely has done to broaden each projects exposure, without (I assume) asking for financial renumeration from those projects for doing so, nor excluding projects if they won't pay up. I think if Cloudron went that way then a negative view of Cloudron would totally understandable.
I can take a step back and look historically at all the times I tried to self-host something, and got stuck, with minimal help from said-project's forums, and came away with nothing, and remember thinking, "I'd pay some one to help me with this!"... voila, that is the role Cloudron has played. I share your enthusiasm for this project!
Like you (in the mastodon thread), I tried Yunohost and Sandstorm and the like... just too many complicated problems that no help from forums could provide. They always forced me back to doing it myself: I've had a heck of a time trying to get nginx and apache running on the same server; I've never successfully gotten docker or docker-compose to seamlessly add services or apps to an existing two-app setup (mysql and wordpress) even though it is supposed to be so incredibly easy (even with the promised answer of portainer). I can setup and run a basic VPS running LAMP... going beyond that.... I am soo thankful for Cloudron!
I wonder if the licencing can play a role in how much ownership @girish and @nebulon and the Cloudron team feel toward their code and their subsequent "responsibility" to keep it running well. I mean, if it were as open as can be, and others started forking it and running it and offering their own specialized subscriptions for their version of Cloudron, I could see that there would be some run-off of problems and complaints back to the Cloudron team that this or that isn't working on Fork A or Subscription Service D, and then they end up maintaining code for ideological reasons rather than offering and improving a service for productivity and (user-)independence reasons.
-
@scooke thanks for your further input. I agree that some of the commenters on Mastodon were basically just rude and seemingly unable to capture any nuance, others less so.
I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).
Also, just thinking out load, but I notice loads of premium WordPress plugins are GPL but the manage to keep going without someone buying lifetime updates and the re-selling on the cheap. But thinking about it, in many cases such projects, whilst technically GPL are actually much less open than Cloudron (I guess because they have to be to reduce risk), in that none of their repositories are publicly available.
https://premium.wpmudev.org/ is one such example. And, actually, just searching for 'wpmu GPL' to check I'd remembered correctly that that is how they are licensed the top result for me was actually https://www.gplvault.com/product-category/wordpress-plugins/wpmu-dev/ who are selling their plugins for less (I presume).
I also note that, having subscribed to WPMU in the past, I never actually thought much of their support, whereas Cloudron support is great!
Lots to ponder. Perhaps there are good reasons for Cloudron to not be re-released as AGPL... even though right now I'd still support that
-
@jdaviescoates said in Why not make Cloudron fully open source again?:
I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).
You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.
So cloning Cloudron would really not be that easy.
-
This thread got so big. I wanted to clarify with Cloudron - is it just the dashboard, and the billing / licensing that is closed off source-wise?
As for Premium Wordpress plugins GPL debacle. There have been attempts to capitalize off the fact they can legally resell the plugins once bought and numerous sites have tried and failed. They never last more than a couple years.
Reason being that people don't buy software off of shady sites that could inject things and they had no way to automatically update like the official licenses allowed. So most of them were dead pretty quickly.
-
@mehdi said in Why not make Cloudron fully open source again?:
You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.
So cloning Cloudron would really not be that easy.I know it's not open source (hence this whole thread), and the scenario I was positing would only apply post-re-open-sourcing.
But I was under the impression everything is already source-available, no?
-
@jdaviescoates No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source. And I believe nobody ever asked for it to be. The cloudron dashboard (what's installed on your own server) is what used to be open-source.
-
@marcusquinn said in Why not make Cloudron fully open source again?:
Interesting weekend read: https://plausible.io/blog/open-source-funding
More interesting reading material dated 12 October 2020 from the same source: https://plausible.io/blog/open-source-licenses
So we want a ādonāt be evilā license and hereās what we are trying to accomplish with it:
- We want to prevent corporations from taking our code and using it as part of their closed-source proprietary products
- We want to prevent corporations from offering Plausible as a service without contributing to the open source project
We want to prevent corporations from confusing people and making them think that the service they sell is in any shape or form approved by the original team. [...]
Although we donāt want closed source corporations to directly compete with us using our own work, itās important to leave the space open for forking of the project and incorporating it into other open source works.This is the best way to future-proof the project against bad actors, including ourselves if we become evil at some point. By allowing open source forks and competitors to exist, we are opening ourselves up to healthy competition and accountability from the open source community.
Plausible is now AGPLv3 licensed
So how do we accomplish all that? We do it by changing our license. Plausible Analytics has now changed the license from the MIT to a newer licensing scheme called GNU Affero General Public License V3 (AGPLv3) or any later version. [...]This change makes no difference to any of you who subscribe to Plausible Cloud or who self-host Plausible, but it may upset a few corporations who tried to use our software to directly compete with us without contributing back.
[...]The goal of the AGPL license is to maximize user freedom and to encourage companies to contribute to open source.
What is the GNU AGPLv3 license?
Copyleft license: āIf you make a derivative work of this, and distribute it or run it as a service on a server to others then you have to provide the source code under this licenseāWhat are the benefits of the AGPLv3?
The AGPL license is identical to the original GPL license with the only additional term being to allow users who interact with the licensed software over a network to receive the source for that program.AGPL is designed to ensure corporations contribute back to the open source community even when running the software as a service in the cloud.
If you used AGPL-licensed code in your web service in the cloud, you are required to open source it. It basically prevents corporations that never had any intention to contribute to open source from profiting from the open source work.
It explicitly prohibits corporations from parasitically competing with an open source project. They wonāt be able to take the code, make changes to it and sell it as a competing product without contributing those changes back to the original project.
Hereās that extra paragraph:
āIf you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running thereā.What are the restrictions with the AGPLv3?
A corporation needs to be clear and provide a prominent mention and link to the original project so people that are considering to use their version of software can be aware of the original sourceIf a corporation modifies the original software, they need to open source and publish their modifications by for instance contributing back to the original project
So how can a corporation commercialize a FOSS project without open sourcing their modified code? They can purchase a commercial license to remove the copyleft restrictions and in that way support the original project.
-
@mehdi said in Why not make Cloudron fully open source again?:
No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source.
But all the app packages themselves are open source, no?
I think I'm missing something. Like @Lonk said, be good to get some greater clarity on the status quo.
-
@jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?). Sorry I don't have a lot of time at the moment to contribute much but I think this is a very important conversion. At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice (and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model).
Anyway, thanks for starting this thread. I will write more on the topic soon -
@avatar1024 Correct, not all apps are free software. It never was a requirement for apps to have a specific license to be packaged.
It just happens that most apps available for packaging -and thus on which you can freely base a businees model on- are free software.
-
@ruihildt said in Why not make Cloudron fully open source again?:
It never was a requirement for apps to have a specific license to be packaged.
Not to say that all licenses types can be packaged - the license for the app needs to allow free distribution of the software in order for us to package it.
-
@avatar1024 said in Why not make Cloudron fully open source again?:
@jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?).
Confluence and Emby too. Possibly others (I would still really like a filter in the app store for licences and LDAP support)
But, I think the additional Cloudron code in the Cloudron packages for those apps is still MIT even for these non-open-source apps too.
@avatar1024 said in Why not make Cloudron fully open source again?:
At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice
Same.
@avatar1024 said in Why not make Cloudron fully open source again?:
and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model
Exactly.
Although I'm still open to being convinced otherwise if there is some genuine risk I've not fully considered as a non-developer.
@avatar1024 said in Why not make Cloudron fully open source again?:
I will write more on the topic soon
Thanks
-
IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream. The access to code has stopped being the bottleneck. The problem is now centralization. We've seen this happen again and again with Redis, Elastic etc.
The question is whether this risk is worth the developer contributions and user adoption that Cloudron is missing out by NOT being open-source.
-
@nilesh The devs seem to imply they donāt want code contributions but will allow them if it allows a new app in the store that couldnāt exist without them.
Thatās the vibe Iāve gotten anyway. Iāve written code contributions to
box
for my VPN Client app and plan to add contributions todashboard
. But Iāll let you guys know what happens. -
@nilesh I signed up way before there were the amount of developer contributions we can see now because what the Cloudron team could offer was already awesome. I've seen the forums get really busy with lots of dev suggestions; I've tried non-Cloudron submitted apps that didn't work out for this or that reason - even though some are still on offer, I'm not sure to what degree the Cloudron team has taken "full" responsibility for these dev-contributed apps, but it has all made me wonder just how much busier these contributions have made the Cloudron team, and to what detriment to existing users or road plans. Obviously the Cloudron team has a better picture of who the paying users are, but I suspect there are many like me. Don't get me wrong, I super appreciate the time outside devs and users have freely given to helping make the overall Cloudron platform broader, but the people I'm looking at getting to sign up and pay for Cloudron are more like me , though they have less awareness or interest in open-source in general, they do like things that work, and they like having ownership and control over their data (meaning we won't ever sign up with an AWS, GC or Azure-branded cloudron). My main concern is that Cloudron remains functioning to be able to offer their service.
-
@scooke That sounds spot on and the best demographic to go after. Since Iām just a dev that finds this stuff fun (not the target market); they still do go out of the way to help me which I think shows how much character both of them have. Which is another reason Iāve backed Cloudron so much.
I did want to ask what you meant by installing apps outside of the official AppStore and what was your experience with that?
-
@nilesh said in Why not make Cloudron fully open source again?:
IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream.
Two things.
- The scenario you describe is actually exactly what AGPL was designed to protect against, no? See https://www.gnu.org/licenses/agpl-3.0.html and lots of relevant quotes from that and other write-ups in posts above.
Perhaps you're thinking of a different license?
But, also,
- as I said above, I think the risk of someone cloning Clouron is MUCH higher from a small tech agency than the Tech Giants taking the code. The Tech Giants have unfathomable resources. If they wanted to reverse engineer Cloudron it would take an unimaginably tiny fraction of their immense budgets.
-
@jdaviescoates The Fair Code license makes this explicit - I think it might work well here if they choose to go open-source. https://faircode.io/