FFmpeg to Google: Fund us or stop sending bugs

Easy: ffmpeg discontinues or relicenses some ffmpeg functionality that AWS depends on for those product alines and AWS is screwed. I've seen that happen in other open source projects.

Wouldn’t that only affect new versions and current versions are still licensed under the old license ?

But if it gets relicensed, they would still be able to use the current version. Amazon definitely would be able to fund an independent fork.

Sounds like it would be a lot of churn for nothing; if they can fund a fork, then they could fund the original project, no?

It still takes expensive humans to do this so they are incentivized to use the free labor.

If they can fund a fork, they can continue business as usual until the need arises

A fork is more expensive to maintain than funding/contributing to the original project. You have to duplicate all future work yourselves, third party code starts expecting their version instead of your version, etc.

They COULD, but history has shown they would rather start and maintain their own fork.

It might not make sense morally, but it makes total sense from a business perspective… if they are going to pay for the development, they are going to want to maintain control.

If they want that level of control, reimburse for all the prior development too. - ie: buy that business.

As it stands, they're just abusing someone's gift.

Like jerks.

Yes, definitely. I was just saying that if the license ever did change, they would move to an in-house library. In fact, they would probably release the library for consumer use as an AWS product.

There should be a "if you use this product in a for-profit environment, and you have a yearly revenue of $500,000,000,000+ ... you can afford to pay X * 100,000/yr" license.

That's the Llama license and yeah, a lot of people prefer this approach, but many don't consider it open source. I don't either.

In fact, we are probably just really lucky that some early programmers were kooky believers in the free software philosophy. Thank God for them. So much of what I do owes to the resulting ecosystem that was built back then.

There is also the AGPL.

I always like to point out that "Open Source" was a deliberate watering-down of the moralizing messaging of Free Software to try and sell businesses on the benefits of developing software in the open.

> We realized it was time to dump the confrontational attitude that has been associated with "free software" in the past and sell the idea strictly on the same pragmatic, business-case grounds that motivated Netscape.

https://web.archive.org/web/20021001164015/http://www.openso...

ffmpeg cannot relicense anything because it doesn't own anything. The contributors own the license to their code.

With a bit of needless work the fixes could be copied and they would still end up funding them.

And then the argument for refusing to just pay ffmpeg developers gets even more flimsy.

The entire point here is to pay for the fixes/features you keep demanding, else the project is just going to do as it desires and ignore you.

More and more OSS projects are getting to this point as large enterprises (especially in the SaaS/PaaS spheres) continue to take advantage of those projects and treat them like unpaid workers.

I don’t know about ffmpeg, but plenty of OSS projects have outlined rules for who/when a project-wide/administrative decision can be made. It’s usually outlined in a CONTRIB or similar file.

Relicensing isn't necessary. If you violate the GPL with respect to a work you automatically lose your license to that work.

It's enough if one or two main contributors assert their copyrights. Their contributions are so tangled with everything else after years of development that it can't meaningfully be separated away.

something more dangerous would be "amazon is already breaking the license, but the maintainers for now havent put in the work to stop the infringement"

Doubtful that's enough for a copyright grant. You'd need a signed CLA.

Do they want control or do they really want something that works that they don't have to worry about?

The only reason for needing control would be if it was part of their secret sauce and at that point they can fork it and fuck off.

These companies should be heavily shamed for leaching off the goodwill of the OSS community.

Not really. Their whole reason for not funding open source is it essentially funds their competitors who use the same projects. That's why they'd rather build a closed fork in-house than just hand money to ffmpeg.

It's a dumb reason, especially when there are CVE bugs like this one, but that's how executives think.

Funding ffmpeg also essentially funds their competitors, but a closed fork in-house doesn't. Submitting bugs costs less than both, hence why they still use ffmpeg in the first place.

In addition, there is the potential for software users to sue for GPL compliance. At least that is the theory behind the lawsuit against Vizio:

https://sfconservancy.org/copyleft-compliance/vizio.html

But their competitors also fund them, which makes it a net positive sum.

> Their whole reason for not funding open source is it essentially funds their competitors who use the same projects. That's why they'd rather build a closed fork in-house than just hand money to ffmpeg.

So the premise here is that AWS should waste their own money maintaining an internal fork in order to try to make their competitors do the same thing? But then Google or Intel or someone just fixes it a bit later and wisely upstreams it so they can pay less than you by not maintaining an internal fork. Meanwhile you're still paying the money even though the public version has the fix because now you either need to keep maintaining your incompatible fork or pay again to switch back off of it. So what you've done is buy yourself a competitive disadvantage.

> that's how executives think.

That's how cargo cult executives think.

Just because you've seen someone else doing something doesn't mean you should do it. They might not be smarter than you.

I reckon this is an impedance mismatch between "Open Source Advocacy" and Open Source as a programming hobby/lifestyle/itch-to-scratch that drives people to write and release code as Open Source (of whatever flavour they choose, even if FSS and/or OSF don't consider that license to qualify as "Open Source").

I think Stallmann's ideological "allowing users to run, modify, and share the software without restrictions" stance is good, but I think for me at least that should apply to "users" as human persons, and doesn't necessarily apply to "corporate personhood" and other non-human "users". I don't see a good way to make that distinction work in practice, but I think it's something that if going to become more and more problematic as time goes on, and LLM slop contributions and bug reports somehow feed into this too.

I was watching MongoDB and Redis Labs experiments with non-OSF approved licences clearly targeted at AWS "abusing" those projects, but sadly neither of those cases seemed to work out in the long term. Also sadly, I do not have any suggestions of how to help...

No one said make it proprietary; there are other OSS licenses that would make ffmpeg non-viable for commercial usage.

Google, AWS, Vimeo, etc can demand all they want. But they’re just another voice without any incentives that aid the project. If they find having an in-house ffmpeg focused on their needs to be preferable, go for it; that’s OSS.

But given its license, they’re going to have to reveal those changes anyways (since many of the most common codecs trigger the GPL over LGPL clause of the license) or rewrite a significant chunk of the library.

I like FS, but it's always had kind of nebulous morality, though. It lumps in humans with companies, which cannot have morals, under the blanket term "users".

This is the same tortured logic as Citizens United and Santa Clara Co vs Southern Pacific Railroad, but applied to FS freedoms instead of corporate personhood and the 1st Amendment.

I like the FS' freedoms, but I favor economic justice more, and existing FS licenses don't support that well in the 21st c. This is why we get articles like this every month about deep-pocketed corporate free riders.

But that's only relevant if AWS (in this example) violates the GPL license, and it doesn't really seem like they have?

Agree in some ways. Still, discussing the nitty gritty is superfluous, the important underlying message you are making is more existential.

Open source software is critical infrastructure at this point. Maintainers should be helped out, at least by their largest users. If free riding continues, and maintainers' burden becomes too large, supply chain attacks are bound to happen.

They can switch from LGPLv2.1 to GPLv2 or GPLv3 for future development because the license has an explicit provision for that.

ffmpeg is LGPL, so they can't make a proprietary fork anyways

Heard of OpenSearch?

There are many reasons, often good ones, not to pay money for an open source project but instead fund your own projects, from a company's perspective.

Nobody said the fork cannot diverge from the original project.

Oh the irony - we don't want to pay for ffmpeg's development, but sure can finance a fork if we have to.

You need a copyright grant to change the license in any way.

They can't - it's LGPL 2.1. So the fork would be public essentially.

It's the tragedy of the commons all over again. You can see it in action everywhere people or communities should cooperate for the common good but don’t. Because many either fear being taken advantage of or quietly try to exploit the situation for their own gain.

The tragedy of the commons is actually something else. The problem there comes from one of two things.

The first is that you have a shared finite resource, the classic example being a field for grazing which can only support so many cattle. Everyone then has the incentive to graze their cattle there and over-graze the field until it's a barren cloud of dust because you might as well get what you can before it's gone. But that doesn't apply to software because it's not a finite resource. "He who lights his taper at mine, receives light without darkening me."

The second is that you're trying to produce an infinite resource, and then everybody wants somebody else to do it. This is the one that nominally applies to software, but only if you weren't already doing it for yourself! If you can justify the effort based only on your own usage then you don't lose anything by letting everyone else use it, and moreover you have something to gain, both because it builds goodwill and encourages reciprocity, and because most software has a network effect so you're better off if other people are using the same version you are. It also makes it so the effort you have to justify is only making some incremental improvement(s) to existing code instead of having to start from scratch or perpetually pay the ongoing maintenance costs of a private fork.

This is especially true if your company's business involves interacting with anything that even vaguely resembles a consolidated market, e.g. if your business is selling or leasing any kind of hardware. Because then you're in "Commoditize Your Complement" territory where you want the software to be a zero-margin fungible commodity instead of a consolidated market and you'd otherwise have a proprietary software company like Microsoft or Oracle extracting fees from you or competing with your hardware offering for the customer's finite total spend.

(Except for the part in the LGPL that lets you relicense it to later versions.)