←back to thread

Ask HN: What are you working on (August 2024)?

634 points david927 | 9 comments | 24 Aug 24 22:00 UTC | HN request time: 0.49s | source | bottom

What are you working on? Any new ideas that you're thinking about?
1. 8organicbits ◴[24 Aug 24 23:55 UTC] No.41342968[source]
The recent relicensing of Redis to a non-open-source license bothered many in the community. But the groundwork for the relicensing was laid much earlier. I've been working on relicensing monitor to track various projects attributes that can affect the ease of relicensing a project.

https://alexsci.com/relicensing-monitor/

replies(3): >>41343102 #>>41343206 #>>41347370 #
2. hypeatei ◴[25 Aug 24 00:16 UTC] No.41343102[source]
Is there a specific reason that Firefox is considered low-risk for a rug pull? In my view, Mozilla doesn't seem the same as it once was but maybe there are specific reasons the open-sourceness isn't in jeopardy.
replies(2): >>41343469 #>>41343691 #
3. jeeyoungk ◴[25 Aug 24 00:31 UTC] No.41343206[source]
I also think CLAs are eerie and goes against the open source spirit, I don't think CLA alone puts a project in "high risk". I'm not sure about the FAANG open source projects that are used as libraries (Guava, React, ...). These projects fundamentally don't jeopardize these company's businesses, and serve to increase the developer goodwill amongst the engineers. Nobody can predict the future but I can't imagine these projects becoming relicensed.

More plausible scenario is them becoming an abandonware, but even in those cases the community can carry the torch.

replies(1): >>41343829 #
4. PeeMcGee ◴[25 Aug 24 01:17 UTC] No.41343469[source]
I imagine Firefox would die instantly if it moved to a restrictive license. It would be too easy to simply switch to a popular fork, and Firefox's userbase are the type that would be compelled to follow through with it. Even ignoring FOSS principles reasons, most folks are browser-savvy enough to understand the implications of such news -- their favorite browser is about to kill itself so they have to pick another one. Also consider that Firefox would no longer be the default browser in most Linux distros, and likely prohibited from official package repositories entirely.
5. 8organicbits ◴[25 Aug 24 02:00 UTC] No.41343691[source]
Firefox scores well because it uses a copyleft license and the ability to relicense contributions remains with the original authors. Mozilla can't unilaterally relicense the Firefox code base as they haven't been granted that ability by the contributors. The copyleft license means they can't slap a new license on top (like a permissive license allows).

The rating criteria was designed to consider legal facators, like license terms and CLA, so concerns like Mozilla buying an ad company aren't factored in. Those concerns feel more subjective to me, but are certainly valid.

https://alexsci.com/relicensing-monitor/projects/firefox/

6. 8organicbits ◴[25 Aug 24 02:28 UTC] No.41343829[source]
Agreed, and there's a few projects with CLAs that are ranked lower due to mitigating factors, like K8s [1]. I honestly don't get why they have a CLA, anyone know?

The impact of developer good will is difficult to measure, so I don't attempt it. Redis burned community good will so badly with their relicensing that several forks rapidly emerged. Seemed like a predictably poor decision to me.

I also don't want to pick favorite companies, because it's subjective, companies can change strategies or even sell projects off. What if Meta decided to sell React to a patent-troll-like company instead of just abandoning it?

[1] https://alexsci.com/relicensing-monitor/projects/kubernetes/

replies(1): >>41368553 #
7. em-bee ◴[25 Aug 24 14:00 UTC] No.41347370[source]
do you consider the likelyhood that a project will be forked?

for example react is listed as high risk, but at the same time i would consider the risk to be very low in the sense that if it is relicensed then it will be forked immediately backed by a community that is strong enough to sustain such a fork.

i'd go as far as saying that for react relicensing would kill the project because the majority of users would go with the fork.

for other projects the risk is higher because they don't have a strong FOSS userbase that could sustain a fork, and because most current users would not care.

replies(1): >>41351907 #
8. 8organicbits ◴[25 Aug 24 22:07 UTC] No.41351907[source]
What happens after the relicensing isn't measured as the community has already been disrupted. I'm also less certain on how to fairly measure and predict fork likelihood.

One challenge for forks is that relicensing doesn't always jump from fully-open to fully-closed. There's a lot of "fake open-source" and source-available licenses, like the one Redis now uses. These may "only impact you if you are AWS", so a fork "that AWS can use for free" feels less compelling. If React was to relicense, I expect they'd similarly take a small step.

9. jen20 ◴[27 Aug 24 15:20 UTC] No.41368553{3}[source]
> I honestly don't get why they have a CLA, anyone know?

There are valid reasons to have a CLA: confirmation that your contributions are not encumbered by an employer contract is a good one. What there is rarely an excuse for is a copyright assignment, which often gets bundled into a CLA.

The only non-nefarious example of copyright assignment that I can think of is the FSF, but only because they have such a strong record on software freedom.