←back to thread

189 points udev4096 | 1 comments | | HN request time: 0.207s | source
Show context
mickael-kerjean ◴[] No.42136723[source]
What if instead of publicly blaming an OSS product, you try to get a support contract with some of the engineers behind it? If your company is too cheap for that, maybe a PR would have been nice?

Having very high expectations when using the software without contributing anything else than public shaming on something that clearly state in the license: "Licensor provides the Work ... WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND" shouldn't be ok, this is quite literally how you make open source developer to burn out

replies(7): >>42136837 #>>42136872 #>>42136966 #>>42137033 #>>42137338 #>>42137517 #>>42137650 #
tapoxi ◴[] No.42137033[source]
Keycloak is a Red Hat product and is a dependency for many Red Hat products so I'd love it if people running the open source release can report the bug and get feedback. This isn't a student eating ramen supporting this software, its IBM.
replies(1): >>42137535 #
hiciu ◴[] No.42137535[source]
Keycloak has been donated to CNCF in 2023. So it's not a RH / IBM product anymore.

I would even go as far as say that it never was; Red Hat had their own product called "Red Hat Single Sign On" that was, for some time, based on opensource Keycloak project, but the opensource Keycloak project has existed before RH SSO. And exists now that RH SSO product has been deprecated (retired? Idk what happened).

Red Hat does offer a "Red Hat build of Keycloak" now, and of course Keycloak would not exists in it's current form without Red Hat.

But saying that "Keycloak is a Red Hat product and therefore Red Hat and / or IBM should support it" would be, in my opinion, harmful for the whole opensource movement. If, by being engaged with opensource project, a company risks it's reputation then such company could decide against any engagement, or would engage only if it could keep control of the project / community around it.

replies(3): >>42137753 #>>42138004 #>>42138921 #
ffsm8 ◴[] No.42138004[source]
RH SSO was the LTS build of keycloak with business support.

Keycloak doesn't publish hot fixes for previous major versions, and these major versions come out on a very tight release schedule / every few months. So if you didn't want to upgrade all the time, you'd have been forced to use rhsso. And now the red hat keycloak build.

https://github.com/keycloak/keycloak/discussions/25688

replies(1): >>42138643 #
1. vbezhenar ◴[] No.42138643[source]
> So if you didn't want to upgrade all the time, you'd have been forced to use rhsso.

Or just not upgrade at all. Not the most wise strategy for security-focused software, but I'm sure many teams do that. Especially because keycloak often being heavily customized with plugins and themes, so upgrading this setup might actually be not trivial.