Andrés™Nov 12
Fabio Manganiello

Imagine being one of the most valuable companies on earth, making billions thanks to open-source software like #ffmpeg, without contributing financially to it, without contributing to its codebase, and even expecting those unpaid volunteers to fix bugs for you in a timely fashion as if they were your own employees.

Imagine contributing to a huge piece of software like ffmpeg that works behind the scenes on literally any device that can either play, record or transform media, a project that has become a critical piece of our digital infrastructure, and doing so unpaid, uncredited and stressed out by companies that make billions thanks to your work.

This is the current state of open-source today.

A bunch of burned out, unpaid and uncredited volunteers building free stuff in their spare time that trillion-dollar freeriders feel entitled to use without contributing back.

ffmpeg developers are right. Either #Google contributes back, or they won’t even look at their bugs anymore.

And, in an ideal world where free software licenses weren’t written by good Samaritans, either trillion-dollar companies contribute back, or they shouldn’t be allowed to use free software for profit.

20 years ago I used to have discussions with fellow engineers whether open-source would have won over commercial software.

Now I can firmly say that open-source won. There’s no doubt about it. Linux, Apache products, Python, ffmpeg, curl etc. power all of today’s technological stack. But it’s not the win that I expected. It’s the kind of win that happened because corporations realized that open-source is just a way for them to cut on internal engineering costs.

https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/

FFmpeg to Google: Fund Us or Stop Sending Bugs

A lively discussion about open source, security, and who pays the bills has erupted on Twitter. 

The New Stack
Nov 12 at 10:00amWeb
Show threadDźwiedziuNov 12

@fabio
I think that is a very good answer.

Before even we factor in report slop.

@JoBlakely

Show threadPeteNov 12

@fabio I think about this and I wonder...

I use OS on projects and without it, I'd not be able to create much of what I do.

When am I morally obligated to pay vs when am I financially obligated to pay?

I think, once a company crosses a certain threshold of revenue, the licenses should require payment.

Thoughts?

Show threadFabio ManganielloNov 13
@philpetree I don't think there's any "moral obligation" for individual users.

I mean, I try and do my part anyway and donate to the IETF and sponsor a couple of projects, but I'm well aware that it's just a small drop in the sea.

When it comes to corporations, on the other hand, it's all another matter.

I may run ffmpeg on my laptop to transcode 2-3 videos a day on VLC, but Google runs ffmpeg billions of times a week on their servers to transcode countless YouTube videos.

Probably anything larger than a startup should contribute its fair share to the FOSS projects that it uses to make profit - either through financial support or through engineers who can directly work on those codebases. That's something that I did for a while at my employer's (specifically by contributing to OpenLineage), and it worked, but at some point the business always wants justifications and immediate quantifiable ROIs to keep investing development time in improving FOSS projects used by the company: that must change.

(Engineers are Google usually contribute more to FOSS projects than those at Booking btw, but it's usually to projects maintained directly by the company, like Chromium, or projects that the business deems critical, and it's definitely getting less compared to a few years ago).

There are two problems with this idea though:

1. FOSS OSI-approved licenses must change. Right now they have the "free as in speech" principle ingrained, so any limitation or discretionary payments for usage, even from multi-trillion companies, are seen as violations of the freedom of usage. I think that times are getting mature enough for those principles to be relaxed - non-OSI-approved licenses like SSPL, embraced by MongoDB and, for a while, by Redis, are desperate cries of FOSS products for more protections against EEE and disproportionate unshared profits made by end users.

2. It would be hard to enforce because as of now even the simplest Gitlab CI/CD pipelines pulls hundreds, if not thousands, of containers, packages, dependencies etc. that are FOSS. If all of these were to go for a fairer license, then companies would really have to enumerate all the packages installed by npm (including recursive dependencies) and run npm fund for all of them. Which tbh wouldn't be a bad thing either - it may enforce some companies to do more using less.
Show threadPeteNov 13
@fabio That's my point. Corporations like Google need to either pay or develop their own and not as derivative works. We need a new licensing structure for this.
Show threadpancake Nov 14
@fabio their bugs is clusterfuzz? Because thats a totally optin service