Why not make Cloudron fully open source again?

necrevistonnezr

@marcusquinn said in Why not make Cloudron fully open source again?:

Interesting weekend read: https://plausible.io/blog/open-source-funding

More interesting reading material dated 12 October 2020 from the same source: https://plausible.io/blog/open-source-licenses

So we want a “don’t be evil” license and here’s what we are trying to accomplish with it:

• We want to prevent corporations from taking our code and using it as part of their closed-source proprietary products
• We want to prevent corporations from offering Plausible as a service without contributing to the open source project

We want to prevent corporations from confusing people and making them think that the service they sell is in any shape or form approved by the original team. [...]
Although we don’t want closed source corporations to directly compete with us using our own work, it’s important to leave the space open for forking of the project and incorporating it into other open source works.

This is the best way to future-proof the project against bad actors, including ourselves if we become evil at some point. By allowing open source forks and competitors to exist, we are opening ourselves up to healthy competition and accountability from the open source community.

Plausible is now AGPLv3 licensed
So how do we accomplish all that? We do it by changing our license. Plausible Analytics has now changed the license from the MIT to a newer licensing scheme called GNU Affero General Public License V3 (AGPLv3) or any later version. [...]

This change makes no difference to any of you who subscribe to Plausible Cloud or who self-host Plausible, but it may upset a few corporations who tried to use our software to directly compete with us without contributing back.
[...]

The goal of the AGPL license is to maximize user freedom and to encourage companies to contribute to open source.

What is the GNU AGPLv3 license?
Copyleft license: “If you make a derivative work of this, and distribute it or run it as a service on a server to others then you have to provide the source code under this license”

What are the benefits of the AGPLv3?
The AGPL license is identical to the original GPL license with the only additional term being to allow users who interact with the licensed software over a network to receive the source for that program.

AGPL is designed to ensure corporations contribute back to the open source community even when running the software as a service in the cloud.

If you used AGPL-licensed code in your web service in the cloud, you are required to open source it. It basically prevents corporations that never had any intention to contribute to open source from profiting from the open source work.

It explicitly prohibits corporations from parasitically competing with an open source project. They won’t be able to take the code, make changes to it and sell it as a competing product without contributing those changes back to the original project.

Here’s that extra paragraph:
“If you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there”.

What are the restrictions with the AGPLv3?
A corporation needs to be clear and provide a prominent mention and link to the original project so people that are considering to use their version of software can be aware of the original source

If a corporation modifies the original software, they need to open source and publish their modifications by for instance contributing back to the original project

So how can a corporation commercialize a FOSS project without open sourcing their modified code? They can purchase a commercial license to remove the copyleft restrictions and in that way support the original project.

jdaviescoates

@mehdi said in Why not make Cloudron fully open source again?:

No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source.

But all the app packages themselves are open source, no?

I think I'm missing something. Like @Lonk said, be good to get some greater clarity on the status quo.

avatar1024

@jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?). Sorry I don't have a lot of time at the moment to contribute much but I think this is a very important conversion. At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice (and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model).
Anyway, thanks for starting this thread. I will write more on the topic soon

ruihildt

@avatar1024 Correct, not all apps are free software. It never was a requirement for apps to have a specific license to be packaged.

It just happens that most apps available for packaging -and thus on which you can freely base a businees model on- are free software.

murgero

@ruihildt said in Why not make Cloudron fully open source again?:

It never was a requirement for apps to have a specific license to be packaged.

Not to say that all licenses types can be packaged - the license for the app needs to allow free distribution of the software in order for us to package it.

jdaviescoates

@avatar1024 said in Why not make Cloudron fully open source again?:

@jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?).

Confluence and Emby too. Possibly others (I would still really like a filter in the app store for licences and LDAP support)

But, I think the additional Cloudron code in the Cloudron packages for those apps is still MIT even for these non-open-source apps too.

@avatar1024 said in Why not make Cloudron fully open source again?:

At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice

Same.

@avatar1024 said in Why not make Cloudron fully open source again?:

and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model

Exactly.

Although I'm still open to being convinced otherwise if there is some genuine risk I've not fully considered as a non-developer.

@avatar1024 said in Why not make Cloudron fully open source again?:

I will write more on the topic soon

Thanks

nilesh

IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream. The access to code has stopped being the bottleneck. The problem is now centralization. We've seen this happen again and again with Redis, Elastic etc.

The question is whether this risk is worth the developer contributions and user adoption that Cloudron is missing out by NOT being open-source.

Lonkle

@nilesh The devs seem to imply they don’t want code contributions but will allow them if it allows a new app in the store that couldn’t exist without them.

That’s the vibe I’ve gotten anyway. I’ve written code contributions to box for my VPN Client app and plan to add contributions to dashboard. But I’ll let you guys know what happens.

scooke

@nilesh I signed up way before there were the amount of developer contributions we can see now because what the Cloudron team could offer was already awesome. I've seen the forums get really busy with lots of dev suggestions; I've tried non-Cloudron submitted apps that didn't work out for this or that reason - even though some are still on offer, I'm not sure to what degree the Cloudron team has taken "full" responsibility for these dev-contributed apps, but it has all made me wonder just how much busier these contributions have made the Cloudron team, and to what detriment to existing users or road plans. Obviously the Cloudron team has a better picture of who the paying users are, but I suspect there are many like me. Don't get me wrong, I super appreciate the time outside devs and users have freely given to helping make the overall Cloudron platform broader, but the people I'm looking at getting to sign up and pay for Cloudron are more like me , though they have less awareness or interest in open-source in general, they do like things that work, and they like having ownership and control over their data (meaning we won't ever sign up with an AWS, GC or Azure-branded cloudron). My main concern is that Cloudron remains functioning to be able to offer their service.

Lonkle

@scooke That sounds spot on and the best demographic to go after. Since I’m just a dev that finds this stuff fun (not the target market); they still do go out of the way to help me which I think shows how much character both of them have. Which is another reason I’ve backed Cloudron so much.

I did want to ask what you meant by installing apps outside of the official AppStore and what was your experience with that?

jdaviescoates

@nilesh said in Why not make Cloudron fully open source again?:

IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream.

Two things.

1. The scenario you describe is actually exactly what AGPL was designed to protect against, no? See https://www.gnu.org/licenses/agpl-3.0.html and lots of relevant quotes from that and other write-ups in posts above.

Perhaps you're thinking of a different license?

But, also,

2. as I said above, I think the risk of someone cloning Clouron is MUCH higher from a small tech agency than the Tech Giants taking the code. The Tech Giants have unfathomable resources. If they wanted to reverse engineer Cloudron it would take an unimaginably tiny fraction of their immense budgets.

ianhyzy

@jdaviescoates The Fair Code license makes this explicit - I think it might work well here if they choose to go open-source. https://faircode.io/

ruihildt

@ianhyzy Fair code is not a license, and it's not open source (OSI compliant).

avatar1024

This post is deleted!

marcusquinn

Just dropping this link here for inspiration while I remember: https://ghost.org/about/

marcusquinn

Reference the above and thinking out loud; I'm thinking to turn our efforts on the whole Brandlight WP/Woo stack, and probably wider peripheral development & maintenance business, into a Foundation.

Mostly for simplicity and arguments' sake, team, users & contributors become beneficiaries. Better trust for what happens with income & expenses.

I'm sure there's other advantages I need to research too but mostly a deceleration to the world that the work is for the quality of the products and no-one's looking for a quick-flip or windfall, just sustainable satisfaction and protection to keep on evolving.

robi

@marcusquinn Like a .coop too.

marcusquinn

@robi Maybe, I don't know much about either - but living in Jersey, I know Trusts and Foundations are in many ways big business as much as Companies.

ruihildt

The meeting with Cloudron enthusisats we had on Workadventure and reading the following article by ERP Next developers made me remember about this thread.

When this discussion started back in July 2020, nebulon said "we will answer in more details", but since then, we haven't heard from him and girish directly on whether Cloudron could become fully open source again.

@nebulon @girish With the time passed and the discussions, is it a question you feel ready to answer?

marcusquinn

I can't answer for Cloudron but if it were me, to go FOSS I'd want to split the functionality to a core FOSS package and commercial license for add-ons and support to protect the business IP.

Similar to Freescout & EspoCRM, plus the standard CLA that's now common with FOSS.

With that in mind, I don't know that gains would be quite what people would be hoping for since it's already source-available and any would-be contributor can already get involved with a free install.

I can understand the ideology, but in practice, for me, the experience, enthusiasm and renumeration of the creators is more important to me for security of continuity.

I'm sure the feature requests will eventually plateau, and the community supplement many more apps, at which time I guess that would afford more headspace for this.

In the meantime, it's the coming features and apps that have most value to me, so I guess anything distracting from that is going to be an intermittent long range conversation.

Sorry, I know you addressed the comment directly but I guess there's also other interests here that don't have this at the top of the wishlist still.