Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Why not make Cloudron fully open source again?


  • App Dev

    @jdaviescoates said in Why not make Cloudron fully open source again?:

    I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).

    You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.

    So cloning Cloudron would really not be that easy.



  • This thread got so big. I wanted to clarify with Cloudron - is it just the dashboard, and the billing / licensing that is closed off source-wise?

    As for Premium Wordpress plugins GPL debacle. There have been attempts to capitalize off the fact they can legally resell the plugins once bought and numerous sites have tried and failed. They never last more than a couple years.

    Reason being that people don't buy software off of shady sites that could inject things and they had no way to automatically update like the official licenses allowed. So most of them were dead pretty quickly.



  • @mehdi said in Why not make Cloudron fully open source again?:

    You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.
    So cloning Cloudron would really not be that easy.

    I know it's not open source (hence this whole thread), and the scenario I was positing would only apply post-re-open-sourcing.

    But I was under the impression everything is already source-available, no?


  • App Dev

    @jdaviescoates No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source. And I believe nobody ever asked for it to be. The cloudron dashboard (what's installed on your own server) is what used to be open-source.



  • @marcusquinn said in Why not make Cloudron fully open source again?:

    Interesting weekend read: https://plausible.io/blog/open-source-funding

    More interesting reading material dated 12 October 2020 from the same source: https://plausible.io/blog/open-source-licenses

    So we want a “don’t be evil” license and here’s what we are trying to accomplish with it:

    • We want to prevent corporations from taking our code and using it as part of their closed-source proprietary products
    • We want to prevent corporations from offering Plausible as a service without contributing to the open source project

    We want to prevent corporations from confusing people and making them think that the service they sell is in any shape or form approved by the original team. [...]
    Although we don’t want closed source corporations to directly compete with us using our own work, it’s important to leave the space open for forking of the project and incorporating it into other open source works.

    This is the best way to future-proof the project against bad actors, including ourselves if we become evil at some point. By allowing open source forks and competitors to exist, we are opening ourselves up to healthy competition and accountability from the open source community.

    Plausible is now AGPLv3 licensed
    So how do we accomplish all that? We do it by changing our license. Plausible Analytics has now changed the license from the MIT to a newer licensing scheme called GNU Affero General Public License V3 (AGPLv3) or any later version. [...]

    This change makes no difference to any of you who subscribe to Plausible Cloud or who self-host Plausible, but it may upset a few corporations who tried to use our software to directly compete with us without contributing back.
    [...]

    The goal of the AGPL license is to maximize user freedom and to encourage companies to contribute to open source.

    What is the GNU AGPLv3 license?
    Copyleft license: “If you make a derivative work of this, and distribute it or run it as a service on a server to others then you have to provide the source code under this license”

    What are the benefits of the AGPLv3?
    The AGPL license is identical to the original GPL license with the only additional term being to allow users who interact with the licensed software over a network to receive the source for that program.

    AGPL is designed to ensure corporations contribute back to the open source community even when running the software as a service in the cloud.

    If you used AGPL-licensed code in your web service in the cloud, you are required to open source it. It basically prevents corporations that never had any intention to contribute to open source from profiting from the open source work.

    It explicitly prohibits corporations from parasitically competing with an open source project. They won’t be able to take the code, make changes to it and sell it as a competing product without contributing those changes back to the original project.

    Here’s that extra paragraph:
    “If you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there”.

    What are the restrictions with the AGPLv3?
    A corporation needs to be clear and provide a prominent mention and link to the original project so people that are considering to use their version of software can be aware of the original source

    If a corporation modifies the original software, they need to open source and publish their modifications by for instance contributing back to the original project

    So how can a corporation commercialize a FOSS project without open sourcing their modified code? They can purchase a commercial license to remove the copyleft restrictions and in that way support the original project.



  • @mehdi said in Why not make Cloudron fully open source again?:

    No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source.

    But all the app packages themselves are open source, no?

    I think I'm missing something. Like @Lonk said, be good to get some greater clarity on the status quo.



  • @jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?). Sorry I don't have a lot of time at the moment to contribute much but I think this is a very important conversion. At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice (and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model).
    Anyway, thanks for starting this thread. I will write more on the topic soon



  • @avatar1024 Correct, not all apps are free software. It never was a requirement for apps to have a specific license to be packaged.

    It just happens that most apps available for packaging -and thus on which you can freely base a businees model on- are free software. 😏


  • App Dev

    @ruihildt said in Why not make Cloudron fully open source again?:

    It never was a requirement for apps to have a specific license to be packaged.

    Not to say that all licenses types can be packaged - the license for the app needs to allow free distribution of the software in order for us to package it.



  • @avatar1024 said in Why not make Cloudron fully open source again?:

    @jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?).

    Confluence and Emby too. Possibly others (I would still really like a filter in the app store for licences and LDAP support)

    But, I think the additional Cloudron code in the Cloudron packages for those apps is still MIT even for these non-open-source apps too.

    @avatar1024 said in Why not make Cloudron fully open source again?:

    At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice

    Same.

    @avatar1024 said in Why not make Cloudron fully open source again?:

    and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model

    Exactly.

    Although I'm still open to being convinced otherwise if there is some genuine risk I've not fully considered as a non-developer.

    @avatar1024 said in Why not make Cloudron fully open source again?:

    I will write more on the topic soon

    Thanks 🙂



  • IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream. The access to code has stopped being the bottleneck. The problem is now centralization. We've seen this happen again and again with Redis, Elastic etc.

    The question is whether this risk is worth the developer contributions and user adoption that Cloudron is missing out by NOT being open-source.



  • @nilesh The devs seem to imply they don’t want code contributions but will allow them if it allows a new app in the store that couldn’t exist without them.

    That’s the vibe I’ve gotten anyway. I’ve written code contributions to box for my VPN Client app and plan to add contributions to dashboard. But I’ll let you guys know what happens.



  • @nilesh I signed up way before there were the amount of developer contributions we can see now because what the Cloudron team could offer was already awesome. I've seen the forums get really busy with lots of dev suggestions; I've tried non-Cloudron submitted apps that didn't work out for this or that reason - even though some are still on offer, I'm not sure to what degree the Cloudron team has taken "full" responsibility for these dev-contributed apps, but it has all made me wonder just how much busier these contributions have made the Cloudron team, and to what detriment to existing users or road plans. Obviously the Cloudron team has a better picture of who the paying users are, but I suspect there are many like me. Don't get me wrong, I super appreciate the time outside devs and users have freely given to helping make the overall Cloudron platform broader, but the people I'm looking at getting to sign up and pay for Cloudron are more like me , though they have less awareness or interest in open-source in general, they do like things that work, and they like having ownership and control over their data (meaning we won't ever sign up with an AWS, GC or Azure-branded cloudron). My main concern is that Cloudron remains functioning to be able to offer their service.



  • @scooke That sounds spot on and the best demographic to go after. Since I’m just a dev that finds this stuff fun (not the target market); they still do go out of the way to help me which I think shows how much character both of them have. Which is another reason I’ve backed Cloudron so much.

    I did want to ask what you meant by installing apps outside of the official AppStore and what was your experience with that?



  • @nilesh said in Why not make Cloudron fully open source again?:

    IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream.

    Two things.

    1. The scenario you describe is actually exactly what AGPL was designed to protect against, no? See https://www.gnu.org/licenses/agpl-3.0.html and lots of relevant quotes from that and other write-ups in posts above.

    Perhaps you're thinking of a different license?

    But, also,

    1. as I said above, I think the risk of someone cloning Clouron is MUCH higher from a small tech agency than the Tech Giants taking the code. The Tech Giants have unfathomable resources. If they wanted to reverse engineer Cloudron it would take an unimaginably tiny fraction of their immense budgets.


  • @jdaviescoates The Fair Code license makes this explicit - I think it might work well here if they choose to go open-source. https://faircode.io/



  • @ianhyzy Fair code is not a license, and it's not open source (OSI compliant).



  • This post is deleted!