I think the definition of FOSS used here is tendentious: some of these projects (which I have no particular attachment to) are marked as "not FOSS" or "issues exist" because they have components that are disconnected from the basic nature of free and open source software itself.
A recurring one here seems to be that proprietary builds somehow make a project not FOSS. But this is how it's always worked: Red Hat doesn't sell FOSS source, they sell a subscription to a distribution (RHEL) that includes managed, maintained builds. That distribution is in turn restricted[1], while the source behind it remains free.
Perhaps there's an argument to be made that the definition of FOSS should be stronger, and should include some kind of binary freedom, lack of trademark restrictions, etc. But that's not how the term is conventionally applied, and glossing over that convention seems roughly as contentious as when companies try to split the baby and rewrite "open source" to include anti-competitive terms.
In those situations, could someone easily just fork the project, offer builds, and now their version of the project is ideal? If it's easy to do that then it seems like a good ideal. If it is difficult to do then their right it is an 'issue'.
One to add: NanoKVM is definitely fake FOSS. It dials home to download a serialized, opaque library. NanoKVM: The S stands for Securityhttps://youtu.be/plJGZQ35Q6I
Many people also seem to think Atlassian Jira and Confluence are OSS when they're absolutely not.
F-Droid, the FOSS-centric alternative app store for Android, provides similar information for each app. F-Droid goes a bit farther on things mobile users care about, like calling out if an app sends telemetry or requires a paid subscription. I like that this Is it really FOSS? project examines a project's potential impact on the FOSS community by questioning whether it is VC-funded, requires a CLA, and other interesting characteristics like that.
F-Droid goes way off the deep end on other issues, though. For instance, most RSS readers get the "non-free network services" warning because you can use them to follow RSS feeds on any web site, including ones whose software isn't open-source.
Some entries are at best confusing, and at worst misinforming.
The common case is considering projects which have one element that is FOSS and another that isn't. For example: ProtonMail, who apparently offer a FOSS mail client. They never presumed to offer mail server software; and FOSS mail server software is available. So a button calling them out for not being really FOSS kind of misses the mark. You don't see an entry like that for, say, GMail - so if Proton did not provide a client at all, they would have faired better.
Another specific case is that of Signal. The client and server are FOSS, but they're designed for no federation, so you can't (?) use a modified Signal client with the vanilla clients, and you definitely can't add a server to the network. This effectively prevents modified versions of Signal from being usable. So, is it really FOSS? The site's verdict is: Unqualified yes, Green button.
> ProtonMail, who apparently offer a FOSS mail client. They never presumed to offer mail server software
The website justifiably cites this website marketing copy as misleading: "All Proton services are open source and independently audited for security." https://proton.me/mail If that's supposed to only apply to the mail client (which isn't specifically mentioned on that page), it's incredibly unclear.
Indeed. Glad it actually cares more Free aspect than the OS aspect. It's important to speak truth to power - VCs are abusing open source as distribution channel and then doing a rugpull, and those who care about FOSS need to fight back in these ways.
The real test of "freedom" isn't just the license but whether users can realistically deploy modified versions in production without prohibitive technical or legal barriers.
I got banned permanently from this server (with no explanation of why). However, it look like it is also on Codeberg, which I am not banned from (although many of the links are incorrect when viewed on Codeberg (at least if JavaScripts are disabled), it still works).
I think these articles are good, but I do have some other comments.
For some programs, there is the possibility that some parts can potentially work without non-FOSS but is difficult to separate. (This can also be a different problem in case you only want one part of the program.)
A program can also be Free but "trapped", in case it requires proprietary compilers to compile it (although it is often possible to work around this; sometimes easily and sometimes more difficult).
For some games that have non-FOSS parts, there is also the issue of if the non-FOSS parts can execute arbitrary code or otherwise do things outside of the game itself, that is not necessarily desirable (e.g. a Game Boy Advance emulator might be FOSS, although the programs it emulates might or might not be FOSS, but either way do not affect the rest of the computer nor the internet and other stuff like that); and, also the consideration of whether the software can be used without the non-FOSS parts (if you can replace them; e.g. a FOSS game engine might be made as a clone of a non-FOSS game engine that can use the original game files but you can also make your own fully FOSS games using it too).
There is also some that may require non-FOSS to access, even if the software itself is FOSS. Proprietary (or overly complicated, even if FOSS) communication channels are also not mentioned (although another comment on here does mention it), and I think it probably is a concern (not one that necessarily makes the project itself to be not FOSS, but still might be worth mentioning), even if it does not make the program itself to be not FOSS, it can make it difficult to contribute or to use it.
Being FOSS does not necessarily mean that you intend to run the program on your computer; you might only want to view the code, or modify it before running it, or use your own program (or a different FOSS program) as a substitute.
Programs can be "open core" but the non-FOSS part is still clearly distinct from it (which is the case for SQLite). (In the case of SQLite, they also mention the non-FOSS test suite; they are not needed to run the program, but it may make it difficult to make your own changes and then test it. However, some programs do not have a real test suite at all, anyways.)
This project's source code is hosted on Codeberg, which runs on the FOSS forge Forgejo.
This is a big improvement over projects that are hosted on GitHub. For those, the license may be FOSS, but the spirit is not, because anyone that wants to contribute upstream is lured onto a proprietary platform.
The license and terms of service of a project's community communication channels are not listed under the concerns. (https://isitreallyfoss.com/concerns/) This is understandable: traditionally and strictly, the license is the only thing that matters.
A whole lot of FOSS folks don't like that the vast majority of folks do not care about license distinctions that ultimately won't ever be tested in court anyway.
Ultimately, most people use the term "open source" to mean "freely downloadable" or similar. Sorry I guess that the gnulag[1] never happened.
Most people won't care if food and medicine are FSA/FDA certified or not, and most people won't care if a business is SOC certified. But the few people that do care about it make the world's medicine better, and the businesses better.
I think this is not particularly impartial. Sentry is marked as "NOPE" even though it is basically open source (any commit older than two years is), yet projects that are open core forever are "issues exist" and "partially".
> Sentry is marked as "NOPE" even though it is basically open source (any commit older than two years is),
In other words, current Sentry isn't Open Source, but old versions are available. I think it's a fair characterization that Sentry is not Open Source, unless there's an actual community around the Open Source version.
The FSL, like the BuSL that Hashicorp Terraform is now under, is a proprietary software license.
"Partially" makes sense for something where some component or subproject is released under a proprietary license and other components or subprojects are released under a free software license.
Software that will eventually be open-source isn't yet open-source. A once-F/OSS codebase that was closed and removed from GitHub two years ago also has all commits that are 2+ years old open-source, but that that doesn't make such a codebase open-source, either.
Why is this project switching its license 2 years ago during development not a problem? What is good about Sentry? edit: Oh you mean rolling time windows.
Or, at least, not giving a fair take on its particular approach to open source.
We both self-host and pay for the service. There is ample engagement from the development team with the larger community. There are also a myriad of open source projects without the same licence restrictions that Sentry-the-company publishes or maintains which make up key functionalities in Sentry-the-product.
> The project is licensed under an FSL-1.1-Apache-2.0 license which, for two years after release, prevents use, modification and distribution when done in a range of ways which may compete with the original project.
The current license for sentry seems to be a large part of the reason for the nope.
They give a pretty detailed explanation of the decision.
It's easy to blame evil companies for attempting to monetize OSS, it's harder to accept that a lot of the reason for more company focused OSS is that indie OSS devs were historically treated poorly, not just by companies but also by entitled users within the OSS community. A poignant example years ago was "devs" with empty GitHub commit histories coming into the OSS community to harass small projects into adopting their badly made and legally untested codes of conduct (and then attacking the individuals running those projects when they pushed back).
When you're not being paid to do something, the only benefit you get aside from software you use yourself is friendly peer recognition, and when it becomes too abrasive, when people are treating you like politicians and trying to scare you into adopting their political views, when users come in and trash talk your project like they're your boss because you didn't implement some feature they want, a lot of people just give up and leave. I largely left the space because of this, and a lot of really good OSS contributors I knew did too.
I'm not sure what the solution is at this point but it's probably not a continuation of the entitlement mentality, purity tests and witch hunts that this site is perpetuating.
One one hand it's probably a good thing to have open source police. On the other hand, not quite open source was the correct choice for a lot of these projects.
Not open source is a perfectly fine choice, as long as people are honest about it (and they are complying with licences if its based on other open source projects). The problem is when they lie about it or try and pull a bait and switch.
Pretty sure it's impossible to not use closed source Google or Apple pieces for a functional app these days. Last I looked in to it, the only way to actually deliver notifications is to run through Google or Apple since the OSs don't want every app running their own background processes draining battery.
I think this is really unfair, in the current day and age, especially when there are "Open Weight Models" that are bending the definition of the FOSS.
I don't have a skin in the game, but I personally think that the definition of FOSS is too rigid and strict and is not evolving. There has been many challenges over time (LGPL's linking exception, tivoization, AGPL trying to fight against SaaS, Open Core business models, ...); and we are really bestowing very harsh moral standards for people who are trying to do the right thing.
For me, Sentry, being 10+ years in its existence (I used it ever since its logo was a Starcraft II unit), never participated in the usual enshitification of the software, being labeled as "NOPE" is disingenuous. I would gladly pay for Sentry because I love the software, and I also know that if shit hits the fan, I can self-host it (though the configuration for self-hosting got progressively difficult over time, but that's the complexity of modern SaaS stack). I can make similar arguments to other tools in this site that I'm familiar with.
FOSS is indeed a moral and ethical stand on freedom, than on business realites (that's more why "open source" came about).
You can't have the FOSS cake and eat it too.
For eg: Sentry can release sentry-open under a fully free license from moral considerations, but choose not to do so because of business considerations. That's an OK choice to make, but you hence don't get to call yourself.
Its ok for things not to be open source, but for the term to mean anything it has to have a definition. Vauge moral handwaving about "doing the right thing" doesn't really help give meaning to the term. A project can be open source and morally bad. It can be closed source and morally good. Authors' moral intentions are a totally orthogonal dimension.
If LLM output is unlicensed, maybe an LLM could one day be trained on the public output of every existing LLM. A second gen LLM that can confidently identify its own kind alongside public domain human ideas.
I think you’re being downvoted because not everybody on HN knows that Llama is not open source, despite Yan LeCunn ignoring the OSI and continually attempting to tell everyone it is.
My wife is Venezuelan, and when they think something smells they say Foss. It's a never ending source of amusement when I'm browsing hn. She will love this site.
woodruffw|6 months ago
A recurring one here seems to be that proprietary builds somehow make a project not FOSS. But this is how it's always worked: Red Hat doesn't sell FOSS source, they sell a subscription to a distribution (RHEL) that includes managed, maintained builds. That distribution is in turn restricted[1], while the source behind it remains free.
Perhaps there's an argument to be made that the definition of FOSS should be stronger, and should include some kind of binary freedom, lack of trademark restrictions, etc. But that's not how the term is conventionally applied, and glossing over that convention seems roughly as contentious as when companies try to split the baby and rewrite "open source" to include anti-competitive terms.
[1]: https://www.redhat.com/en/resources/red-hat-enterprise-linux...
koolala|6 months ago
burnt-resistor|6 months ago
Many people also seem to think Atlassian Jira and Confluence are OSS when they're absolutely not.
stephen_g|6 months ago
snvzz|6 months ago
I wonder if it ever happened. I did withhold my purchase back then just because I'd rather wait for open source than buy some device I cannot trust.
evanjrowley|6 months ago
duskwuff|6 months ago
einpoklum|6 months ago
The common case is considering projects which have one element that is FOSS and another that isn't. For example: ProtonMail, who apparently offer a FOSS mail client. They never presumed to offer mail server software; and FOSS mail server software is available. So a button calling them out for not being really FOSS kind of misses the mark. You don't see an entry like that for, say, GMail - so if Proton did not provide a client at all, they would have faired better.
Another specific case is that of Signal. The client and server are FOSS, but they're designed for no federation, so you can't (?) use a modified Signal client with the vanilla clients, and you definitely can't add a server to the network. This effectively prevents modified versions of Signal from being usable. So, is it really FOSS? The site's verdict is: Unqualified yes, Green button.
re|6 months ago
The website justifiably cites this website marketing copy as misleading: "All Proton services are open source and independently audited for security." https://proton.me/mail If that's supposed to only apply to the mail client (which isn't specifically mentioned on that page), it's incredibly unclear.
1970-01-01|6 months ago
https://isitreallyfoss.com/about/categorisation/
exiguus|6 months ago
[1] https://codeberg.org/danb/isitreallyfoss/issues
kiitos|6 months ago
thedevilslawyer|6 months ago
ethan_smith|6 months ago
zzo38computer|6 months ago
I think these articles are good, but I do have some other comments.
For some programs, there is the possibility that some parts can potentially work without non-FOSS but is difficult to separate. (This can also be a different problem in case you only want one part of the program.)
A program can also be Free but "trapped", in case it requires proprietary compilers to compile it (although it is often possible to work around this; sometimes easily and sometimes more difficult).
For some games that have non-FOSS parts, there is also the issue of if the non-FOSS parts can execute arbitrary code or otherwise do things outside of the game itself, that is not necessarily desirable (e.g. a Game Boy Advance emulator might be FOSS, although the programs it emulates might or might not be FOSS, but either way do not affect the rest of the computer nor the internet and other stuff like that); and, also the consideration of whether the software can be used without the non-FOSS parts (if you can replace them; e.g. a FOSS game engine might be made as a clone of a non-FOSS game engine that can use the original game files but you can also make your own fully FOSS games using it too).
There is also some that may require non-FOSS to access, even if the software itself is FOSS. Proprietary (or overly complicated, even if FOSS) communication channels are also not mentioned (although another comment on here does mention it), and I think it probably is a concern (not one that necessarily makes the project itself to be not FOSS, but still might be worth mentioning), even if it does not make the program itself to be not FOSS, it can make it difficult to contribute or to use it.
Being FOSS does not necessarily mean that you intend to run the program on your computer; you might only want to view the code, or modify it before running it, or use your own program (or a different FOSS program) as a substitute.
Programs can be "open core" but the non-FOSS part is still clearly distinct from it (which is the case for SQLite). (In the case of SQLite, they also mention the non-FOSS test suite; they are not needed to run the program, but it may make it difficult to make your own changes and then test it. However, some programs do not have a real test suite at all, anyways.)
oever|6 months ago
This is a big improvement over projects that are hosted on GitHub. For those, the license may be FOSS, but the spirit is not, because anyone that wants to contribute upstream is lured onto a proprietary platform.
The license and terms of service of a project's community communication channels are not listed under the concerns. (https://isitreallyfoss.com/concerns/) This is understandable: traditionally and strictly, the license is the only thing that matters.
Der_Einzige|6 months ago
Ultimately, most people use the term "open source" to mean "freely downloadable" or similar. Sorry I guess that the gnulag[1] never happened.
[1] https://i.redd.it/th4prtdk6xr61.jpg
thedevilslawyer|6 months ago
Most people won't care if food and medicine are FSA/FDA certified or not, and most people won't care if a business is SOC certified. But the few people that do care about it make the world's medicine better, and the businesses better.
the_mitsuhiko|6 months ago
JoshTriplett|6 months ago
In other words, current Sentry isn't Open Source, but old versions are available. I think it's a fair characterization that Sentry is not Open Source, unless there's an actual community around the Open Source version.
rpdillon|6 months ago
> All components powering the main Sentry and Codecov web apps use FSL, which limits their usage in a commercial Sentry-like offering.
The license limits usage in a commercial context. That's not FOSS by the OSI's definition, which is the definition I care about.
Heck, you can tell from the URL that Sentry _really_ wants to pretend they are open source.
https://open.sentry.io/licensing/
pxc|6 months ago
"Partially" makes sense for something where some component or subproject is released under a proprietary license and other components or subprojects are released under a free software license.
Software that will eventually be open-source isn't yet open-source. A once-F/OSS codebase that was closed and removed from GitHub two years ago also has all commits that are 2+ years old open-source, but that that doesn't make such a codebase open-source, either.
lytedev|6 months ago
koolala|6 months ago
retroflexzy|6 months ago
We both self-host and pay for the service. There is ample engagement from the development team with the larger community. There are also a myriad of open source projects without the same licence restrictions that Sentry-the-company publishes or maintains which make up key functionalities in Sentry-the-product.
koolala|6 months ago
hk1337|6 months ago
The current license for sentry seems to be a large part of the reason for the nope.
They give a pretty detailed explanation of the decision.
It’s still a good product.
throwaway323929|6 months ago
When you're not being paid to do something, the only benefit you get aside from software you use yourself is friendly peer recognition, and when it becomes too abrasive, when people are treating you like politicians and trying to scare you into adopting their political views, when users come in and trash talk your project like they're your boss because you didn't implement some feature they want, a lot of people just give up and leave. I largely left the space because of this, and a lot of really good OSS contributors I knew did too.
I'm not sure what the solution is at this point but it's probably not a continuation of the entitlement mentality, purity tests and witch hunts that this site is perpetuating.
aguacaterojo|6 months ago
bawolff|6 months ago
sroerick|6 months ago
SchemaLoad|6 months ago
unknown|6 months ago
[deleted]
jeeyoungk|6 months ago
I don't have a skin in the game, but I personally think that the definition of FOSS is too rigid and strict and is not evolving. There has been many challenges over time (LGPL's linking exception, tivoization, AGPL trying to fight against SaaS, Open Core business models, ...); and we are really bestowing very harsh moral standards for people who are trying to do the right thing.
For me, Sentry, being 10+ years in its existence (I used it ever since its logo was a Starcraft II unit), never participated in the usual enshitification of the software, being labeled as "NOPE" is disingenuous. I would gladly pay for Sentry because I love the software, and I also know that if shit hits the fan, I can self-host it (though the configuration for self-hosting got progressively difficult over time, but that's the complexity of modern SaaS stack). I can make similar arguments to other tools in this site that I'm familiar with.
thedevilslawyer|6 months ago
You can't have the FOSS cake and eat it too.
For eg: Sentry can release sentry-open under a fully free license from moral considerations, but choose not to do so because of business considerations. That's an OK choice to make, but you hence don't get to call yourself.
bawolff|6 months ago
gr4vityWall|6 months ago
How is it disingenuous? The current version of Sentry is proprietary.
firesteelrain|6 months ago
You get what you pay for
koolala|6 months ago
sho_hn|6 months ago
koolala|6 months ago
nailer|6 months ago
https://opensource.org/blog/metas-llama-2-license-is-not-ope...
https://opensource.org/blog/metas-llama-license-is-still-not...
leric|6 months ago
[deleted]
sanex|6 months ago