top | item 44899170

(no title)

securesaml | 6 months ago

> Companies say "This my code when I need it, and it's your code when it breaks", and developers read the fine print very late, because they thought exposure is valuable.

I think that this is an accurate description of working relationship. But, the fine print (MIT license) explicitly says that the companies are responsible:

> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED

discuss

bayindirh|6 months ago

That line allows shifting the blame upstream without any friction.

Exhibit A: Company X uses library Y by Mr. Z., which is used by another 100 or so companies. Mr. Z. is happy because he's quasi-famous because of all the exposure. A bug has been found in Y by users of Company X, which is not interested in fixing it.

    - Users: Hey Company X, this feature provided by libY is broken.
    - Company X: This makes us lose money, but it's complicated. Tell Mr. Z.
    - Mr. Z: There's no warranty whatsoever.
    - Company X: You either fix it, or we spread the word that you're irresponsible and everyone will inevitably migrate to libW.
    - Mr. Z: OK. Lemme look at that.

Mr Z. drops everything, fixes problem, maybe gets a Thanks!, and might feel better. Company X and other hundred gets free labor for their problems, and one person burns out.

Why? Because nobody tried to understand how GPL works, and companies said MIT or no cookie points anyway.

So, another developer is bought with hope vapor. He gets nothing in the end, while the company is printing money in two ways by not buying an expensive library and selling its capabilities.

Edit: One Daniel Stenberg of curl:// has dropped this: https://mastodon.social/@bagder/115025727082593712

Another (good) write up from LinkedIn: https://www.linkedin.com/posts/troed_how-many-open-source-pr...

fph|6 months ago

Do you think this would work?

- Mr. Z: There's no warranty whatsoever. However, I might fix it for a small consulting fee.

- Company X: You either fix it, or we spread the word that you're irresponsible and everyone will inevitably migrate to libW.

- Mr. Z: Ok, and I'll spread the word that you are a cheapskate.

jefftk|6 months ago

Instead, we can spread the idea that maintainers don't owe you anything, and that it's normal for them to decline and/or ask for compensation.

Z should ignore or publicize the threat, not give in to it.

(If someone tried this approach with software I maintain I would absolutely not fix their problem.)

pabs3|6 months ago

> nobody tried to understand how GPL works

The GPL can't solve the FOSS funding situation, its relatively easy to comply with, and still not send any money (nor code) back upstream to maintainers.

godshatter|6 months ago

More realistically, users are going to say "Hey Company X, this feature is broken." They won't know or care about libY. I would have replied with "There's no warranty whatsoever. Please submit a bug report and we will prioritize it accordingly. We do accept pull requests."

The bug might have low impact in most cases but doesn't work with how Company X is using libY, so it might not get fixed for a while. If this is hurting them, they can fix it themselves and submit a PR. Or they can work with them to prioritize their bug, which puts them on the other foot. If it's a huge problem that affects half the web, then Mr. Z will be working on it anyway.

If I were Mr. Z, I would know the problems Company X will have replacing libY with libW, and wish them the best of luck if they bring it up. No one's paying me, if they want to use something else, good riddance. Especially if they are threatening me. But I get it, people are different.

carlosjobim|6 months ago

I'm sorry, but what kind of fantasy is this? Here's how it works in reality:

    - Customers: Hey Company X, this feature provided by libY is broken.

    - Company X: This makes us lose money, but it's complicated. Tell Mr. Z.

    - Customers: We don't care who Mr. Z is or who is responsible. If your company does not fix the problem we are going to fucking murder you.

No paying customer will ever accept that a company tries to shift the blame to somebody else. So Mr. Z is free to ignore anything that company asks from him, reputation intact.