Don’t Work For Projects That Don’t Have Open Governance

18  7 Posted on by

I'm going to weigh in on the Redis thing.

First, I want to touch on this quote from the article I linked above:

“Particularly with Speedb, this is a big investment for us as a startup. If we put that in there and the cloud service providers have the ability to quickly just take and ship it to their customers — essentially without paying anything — that’s problematic for us, as you can imagine.”

Ah yes, plucky startup Redis Labs, with over $350M in funding (most recently a G Round) and a valuation over $2B. I'd be more sanguine if Redis hadn't done this sort of shit before, or if multiple other companies hadn't taken similar tacks.

Let me get this out of the way, though -- if Redis Labs wants to re-license software that they own the copyrights and code for, that's their right. gg no re. My problem isn't that they're changing the rules of the game (and really, everyone should have seen this coming), my problem is that people keep getting their pants in a twist over it. We need to stop sitting back and saying "ah, the source is available, so it's open source and that's fine!" Just because something is on GitHub doesn't mean it's good, or useful, or sustainable. I think this is the generic fate of all 'open core' products, or even most of the 'open source' AI that's out in the world. The thing that matters is who gets to make the decisions, and who owns the IP and copyright.

I actually tend to believe that most 'open source' but closed governance tools would be better served by just being source available from the jump, rather than using an OSI-approved license. I want people to stop building critical parts of their system around things that can, and will, be yanked away from them at a moments notice. I think this even applies to foundation-backed projects! There's a non-zero amount of CNCF projects where the governance is controlled by a single company, more or less. Do some leg work, make sure the steering committee actually meets, see if it's legit. Especially do this if you plan on becoming a contributor, because it sucks to have your work get vacuumed up to enrich someone else. I would go so far to say that if you're a company using open source but closed governance tools or libraries, just preemptively fork and don't submit patches back upstream. The only safe open source is open governance.

"But wait, that basically means we need to dedicate engineers to maintaining our fork, thus erasing the cost savings of using open source in the first place!" Well yeah. No such thing as a free lunch!


Comments and Replies

  1. they effectively did not after the creator transferred rights to redis labs. governance don’t mean shit in that case; redis labs owns the copyright, they own the code, they have the keys to the repo. fork or die. /shrug

  2. The only thing that makes foundation-backed OSS somewhat immune to this is that the foundation owns the IP and contributions (per CLA and DCO at least), so even if governance goes rogue the foundation can step in to unwind things

  3. Yea that is tasty and functional too. Moment I saw it I thought it’s going to get in the way and bother me … but nah, it works perfectly and even felt homely!

  4. I do need to tweak it a bit on mobile because the like/rt icons break weirdly. Might move them, idk. Haven’t felt like hacking on the theme in a while

  5. @austinlparker but it’s turtles all the way down.

    Going “oracle and Microsoft are greedy so I’m gonna build my app on Python” and then Microsoft buys everything about python and employs everyone and puts restrictive licenses on the plugins for vs code…. and who knows what’s next.

    You can’t future proof your stack or your software because every single component can be rug pulled of some VP wants to throw money at it.

    I’d say the key lesson here is to bake in some time to replacing all the fundamental components of your system at random times so you can suffer the periodic migrations.

    Software services are usually tied to a single cloud provider, programming language, plugin ecosystem, and 3+ specific storage mechanisms that aren’t interchangeable with anything else. It’s efficient and good most of the time. Let’s keep doing it.