I know I am tooting Sentry's own horn a bit here, and since I was involved it is close to my heart. We struggled at one point with how to build a large company on top of an open source project, and we never liked the idea of simply carving out parts of the codebase and marking them as closed source (open core). At the same time, there was always the latent risk that even if you put 95% of the energy into the product, you were still not fully in control and someone else exploits the economic value without investing.
Our way of dealing with this was delayed open source publication. That led to the FSL [1], and later to bootstrapping the Fair Source initiative [2] to establish an umbrella term that does not conflict with Open Source. What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
I actually still find that surprising. I would like to know whether this is a legitimate concern that two years is not enough, or mostly a perceived one. To me, moving to an Apache 2 or MIT license after a relatively short period is a much stronger statement than a license that risks the project effectively ending if the commercial entity is unwilling to relicense it more openly at the end of its life such as the O'saasy license.
Isn’t the “solution” for Sentry that deploying it is such a pain in the ass that no one bothers to really do this? I haven’t checked in years but that always seemed like the real competitive blocker?
The end of life problem can be solved by source code escrow, with a clause putting the code under an open source license and published in case of the demise of the owning cpmpany.
Why not just release the software after your set threshold of time versus opening it up with such a license? To get eyes on it before-hand?
Also how does this work with contributor contributions? Does the owning SaaS get the benefit of contributor work instantly while everyone else has to wait 2 years? What about the contributers themselves?
> you were still not fully in control and someone else exploits the economic value without investing
O'Sassy came up recently in one of the forums I lurk in [0], and as discussed there, I tend to agree with Adam Jacob (SystemInit) and others that FSL is definitely one way out but doesn't totally solve the commercialization aspect, because the code & all that IP is still readily available.
Adam, in this talk [1], argues that like RedHat (and unlike Canonical), Open Source businesses must learn to separate source license from distribution license and if they do so, the money is there to be made (in a b2b setting, at least).
> What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
... if the companies conflate Open Source and business models, rather it being merely a Go-To-Market (like open core).
Especially true for dev/infra upstarts competing with incumbents (PostHog v Amplitude; GitLab v GitHub [2]), and lately for AI labs (DeepSeek/Qwen/Llama v GPT/Gemini/Claude). In a role reversal, BigTech also uses Open Source to commodotize its competition's advantages (Android v iOS; k8s v Swarm; Firefox/Chrome v IE) [3].
It is not open source, it is not free. It’s a term tacked on to the MIT license.
It’s also vague as, what if I run a VPS provider and someone can upload images to a marketplace like thing, does that count as SaaS? How about if someone’s only use of my services is to run that image?
Steer clear unless you want to open yourself up to the copyright owners opinion changing. (See for example the pine email client and the copyright discussions there.)
> It’s also vague as, what if I run a VPS provider and someone can upload images to a marketplace like thing, does that count as SaaS? How about if someone’s only use of my services is to run that image?
This strikes me as somewhat contrived. Like yeah, if you're gonna do some weird button-pushing thing, it's not worth it, steer clear, keep this product off your platform, easy. Is a piece of software really only of value to the open source community if any kind of unscrupulous use of it is allowed?
There's a million ways to get value out of source code that don't involve pushing the envelope. I've accepted every EULA ever without reading and never once worried I would get in trouble with any of them, it's generally pretty easy if you're not trying to invent ways to do so.
Very cute but I am pessimistic about the battle tested nature of the second clause. Licenses are like mythical swords in fantasy stories: the famous ones are famous because they are not only objectively well made, but also because they survived in battle. Imagine some blacksmith presenting King X with GoblinsbaneY touting it as the greatest sword ever yet having only a blank face when asked what battles it has won. He’d be laughed out of court.
Or maybe an analogy closer to home (Anduril notwithstanding) would be cryptography code. New ideas are cheap compared to code that has been to hell and back in the wild and remained unbroken.
(I assume this license is novel and untested. I’ve not heard of it before. Happy to hear otherwise, of course.)
I wrote about this recently. If we adopt SAS at the cost of OSS, its gonna make it even more harder to fight against corps which are against users and communities. We need to rally for OSS more than ever IMO.
I used the MIT license for https://github.com/SaynaAI/sayna mainly because the challenge is usually in product velocity and direct sales/distribution. Blocking from SaaS is explicitly entirely redundant.
Making software is getting cheaper, so this kind of license would not protect against someone reverse-engineering the SaaS tool in a week. It is better to be abstracted away from those type of things IMHO
People want to call their software open source, because it attracts customers. They don’t believe in software freedoms or open source, otherwise they’d never try or want to restrict Freedom 0.
If your SaaS can’t compete on the service part, the software part ain’t gonna make or break you.
No the problem is that it cant compete on the hardware part sometimes
Lets face it even if it something is open source, chances are that the most contributions/time are still spent by the person making it or the saas provider in this industry.
Imagine that someone goes ahead and launches a cheaper version of their saas and people go use that, since that person isnt having his time invested in the software as much as the original person and thus is willing to undercut him because his investment/returns expectations are very minimal whereas for the original saas it can be very high (writing good quality software which costs some developers real time and even real money)
> If your SaaS can’t compete on the service part, the software part ain’t gonna make or break you.
Oh, your bootstrapped team can’t simultaneously develop from scratch and support the new open source software project AND outcompete a multi-billion dollar business who decided to offer your service as a below-cost addon to their offering used by millions of people on day one? Tough luck, greedy bastard, you should have stayed in your cubicle.
Given oligopoly cloud corps are the biggest exploiters of OSS (to everyone elses detriment), I'd prefer an OSS license that was simply OSS for everyone under < $1B ARR.
> Given oligopoly cloud corps are the biggest exploiters of OSS
Not exploiters unless they are breaching OSS licenses. Why do you think Cursor exists? The forked and made VS code their own. Why is it exploiting when Amazon or MS is doing the same? Am nowhere close a fan of these corps but we need to be very clear when throwing words around like exploiters.
All the LLMs are probably breaching the OSS license though. We don't care about that cos we need it. How can we complain about something we use daily eh?
What are they exploiting? Are they violating the terms of the license? The point of OSS is that there aren't arbitrary restrictions to its use; you can do what you like with it and the open source maintainer has absolutely zero obligations to continue supporting the software, or implement any of your requests.
This is not a "real" (i.e. GAAP or accounting standards) metric, so that would seem like a bad idea.
The trouble is that lots of even the accounting metrics are gameable, but a comptent auditor(s) probably won't let the metric divulge too much from "reality" (i.e. conformance with accounting standards).
I think that open source licenses for complete software (such as SaaS components) for commercial entities have a one major purpose:
A marketing tactic. If I am open, it is easy to discuss it everywhere without paying for it.
I think that if you are short on cash, open source is the way to go to get adoption faster. If you have endless money, then there is really no reason to open source it (except edge cases, like shared protocols, libraries, etc...)
Even though it may seem harsh to apache 2.0 the code, no one will steal it since you are maintaing it, essentially paying to keep it on your turf. Reasons for not stealing:
1) Security CVEs and patches. No serious company will use it without these.
2) Bugs, if I take it I will have to fix it.
3) Merging changes. If the source is branched, I will have to get people to move to my project. Otherwise, I will have to employ people just to merge the changes all day.
4) Authority. I would argue that if you do not control the narrative of the project it is essentially similar to abandonware of the project. What would a customer/client prefer more? to use the original product or some copy of it? If you are the Authority that inspire people, they will not go to the competition.
I remember in the past the open source were thought of as communists. I think that we are far from that, and big capitalist companies knows how to profit from open source (even Apache 2.0 and MIT).
To be fair, when people worry about "stealing" their FOSS work, they don't mean someone forking their project, they mean someone outcompeting them on offering commercial infrastructure for their own project, typically launching a competing SaaS service.
Of course, this is explicitly permitted and even encouraged by FOSS licenses, so calling it "stealing" is quite absurd. But it is also a real problem for a company trying to make money by selling its FOSS software.
Essentially, it's pretty clear that you can't make a successful company out of selling free software. You either create a consulting company and push yourself as the expert on some free software that people want to use (what RedHat did, and to a much lesser degree of success, MySQL) or the free software has to be some enabler for your real business (like Linux is to Amazon, Google, Microsoft, and all of these other cloud companies and most of the internet, or like Java was to Sun).
Yes obviously big tech knows how to profit from open source
they (AWS) profitted so hard from redis and elasticsearch that they had to literally change their licenses similar to O'sassy's
and even then people forked redis to create valkey and AWS engineers started working on it
Both redis and elasticsearch got so much backlash because "not open source" when in reality, they were trying to make ends meet but also since it allowed external contributions, people who contributed felt rug pulled
In the end, both of these had to revert switching to AGPL licenses.
Technically I am sure that people are still competing against these servers even with AGPL because it does have freedom 0 but I think that they kind of realized that backlash was very high
My opinion on the matter personally is, I value source code because I can work around it, I can see the code and audit it/ have a peace of mind.
But even now, open source is severely underfunded and I think we should do something about it. We cant really expect developers to write code in any license that you want, its their code and their wish (originally) and I think these are just means where someone wants to open source but he also wants to profit from his creation just enough so that he/she can maybe work full time on it/have more employees working on it and just have it grow better which for the end users does feel better.
the_mitsuhiko|2 months ago
Our way of dealing with this was delayed open source publication. That led to the FSL [1], and later to bootstrapping the Fair Source initiative [2] to establish an umbrella term that does not conflict with Open Source. What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
I actually still find that surprising. I would like to know whether this is a legitimate concern that two years is not enough, or mostly a perceived one. To me, moving to an Apache 2 or MIT license after a relatively short period is a much stronger statement than a license that risks the project effectively ending if the commercial entity is unwilling to relicense it more openly at the end of its life such as the O'saasy license.
[1]: https://fsl.software/
[2]: https://fair.io/
bberenberg|2 months ago
actionfromafar|2 months ago
cobertos|2 months ago
Also how does this work with contributor contributions? Does the owning SaaS get the benefit of contributor work instantly while everyone else has to wait 2 years? What about the contributers themselves?
ignoramous|2 months ago
O'Sassy came up recently in one of the forums I lurk in [0], and as discussed there, I tend to agree with Adam Jacob (SystemInit) and others that FSL is definitely one way out but doesn't totally solve the commercialization aspect, because the code & all that IP is still readily available.
Adam, in this talk [1], argues that like RedHat (and unlike Canonical), Open Source businesses must learn to separate source license from distribution license and if they do so, the money is there to be made (in a b2b setting, at least).
> What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive.
... if the companies conflate Open Source and business models, rather it being merely a Go-To-Market (like open core).
Especially true for dev/infra upstarts competing with incumbents (PostHog v Amplitude; GitLab v GitHub [2]), and lately for AI labs (DeepSeek/Qwen/Llama v GPT/Gemini/Claude). In a role reversal, BigTech also uses Open Source to commodotize its competition's advantages (Android v iOS; k8s v Swarm; Firefox/Chrome v IE) [3].
[0] https://forum.fossunited.org/t/6878
[1] https://www.youtube-nocookie.com/embed/watch?v=rmhYHzJpkuo / Summary: https://gemini.google.com/share/e21cd1bacff6 (mirror: https://archive.vn/Jzhk3)
[2] https://www.heavybit.com/library/video/commercial-open-sourc... / https://archive.vn/jQh27
[3] https://gwern.net/complement / https://archive.vn/QITxC
dontdoxxme|2 months ago
It’s also vague as, what if I run a VPS provider and someone can upload images to a marketplace like thing, does that count as SaaS? How about if someone’s only use of my services is to run that image?
Steer clear unless you want to open yourself up to the copyright owners opinion changing. (See for example the pine email client and the copyright discussions there.)
m463|2 months ago
The restriction is on the redistribution of the software - the same rights must be passed on when redistributing it.
this license places (complicated) restrictions on how the software is used.
jrowen|2 months ago
This strikes me as somewhat contrived. Like yeah, if you're gonna do some weird button-pushing thing, it's not worth it, steer clear, keep this product off your platform, easy. Is a piece of software really only of value to the open source community if any kind of unscrupulous use of it is allowed?
There's a million ways to get value out of source code that don't involve pushing the envelope. I've accepted every EULA ever without reading and never once worried I would get in trouble with any of them, it's generally pretty easy if you're not trying to invent ways to do so.
gorgoiler|2 months ago
Or maybe an analogy closer to home (Anduril notwithstanding) would be cryptography code. New ideas are cheap compared to code that has been to hell and back in the wild and remained unbroken.
(I assume this license is novel and untested. I’ve not heard of it before. Happy to hear otherwise, of course.)
unsungNovelty|2 months ago
https://www.unsungnovelty.org/posts/10/2025/oss-and-sas/
tigranbs|2 months ago
Making software is getting cheaper, so this kind of license would not protect against someone reverse-engineering the SaaS tool in a week. It is better to be abstracted away from those type of things IMHO
sneak|2 months ago
If your SaaS can’t compete on the service part, the software part ain’t gonna make or break you.
Imustaskforhelp|2 months ago
No the problem is that it cant compete on the hardware part sometimes
Lets face it even if it something is open source, chances are that the most contributions/time are still spent by the person making it or the saas provider in this industry.
Imagine that someone goes ahead and launches a cheaper version of their saas and people go use that, since that person isnt having his time invested in the software as much as the original person and thus is willing to undercut him because his investment/returns expectations are very minimal whereas for the original saas it can be very high (writing good quality software which costs some developers real time and even real money)
nlitened|2 months ago
Oh, your bootstrapped team can’t simultaneously develop from scratch and support the new open source software project AND outcompete a multi-billion dollar business who decided to offer your service as a below-cost addon to their offering used by millions of people on day one? Tough luck, greedy bastard, you should have stayed in your cubicle.
xigoi|2 months ago
mythz|2 months ago
unsungNovelty|2 months ago
Not exploiters unless they are breaching OSS licenses. Why do you think Cursor exists? The forked and made VS code their own. Why is it exploiting when Amazon or MS is doing the same? Am nowhere close a fan of these corps but we need to be very clear when throwing words around like exploiters.
All the LLMs are probably breaching the OSS license though. We don't care about that cos we need it. How can we complain about something we use daily eh?
chrysoprace|2 months ago
disgruntledphd2|2 months ago
This is not a "real" (i.e. GAAP or accounting standards) metric, so that would seem like a bad idea.
The trouble is that lots of even the accounting metrics are gameable, but a comptent auditor(s) probably won't let the metric divulge too much from "reality" (i.e. conformance with accounting standards).
pointlessone|2 months ago
graemep|2 months ago
They will find a way of gaming the metric.
For example, they run the software through a subsidiary that makes $900m ARR.
socketcluster|2 months ago
tzahifadida|2 months ago
I think that if you are short on cash, open source is the way to go to get adoption faster. If you have endless money, then there is really no reason to open source it (except edge cases, like shared protocols, libraries, etc...)
Even though it may seem harsh to apache 2.0 the code, no one will steal it since you are maintaing it, essentially paying to keep it on your turf. Reasons for not stealing: 1) Security CVEs and patches. No serious company will use it without these. 2) Bugs, if I take it I will have to fix it. 3) Merging changes. If the source is branched, I will have to get people to move to my project. Otherwise, I will have to employ people just to merge the changes all day. 4) Authority. I would argue that if you do not control the narrative of the project it is essentially similar to abandonware of the project. What would a customer/client prefer more? to use the original product or some copy of it? If you are the Authority that inspire people, they will not go to the competition.
I remember in the past the open source were thought of as communists. I think that we are far from that, and big capitalist companies knows how to profit from open source (even Apache 2.0 and MIT).
tsimionescu|2 months ago
Of course, this is explicitly permitted and even encouraged by FOSS licenses, so calling it "stealing" is quite absurd. But it is also a real problem for a company trying to make money by selling its FOSS software.
Essentially, it's pretty clear that you can't make a successful company out of selling free software. You either create a consulting company and push yourself as the expert on some free software that people want to use (what RedHat did, and to a much lesser degree of success, MySQL) or the free software has to be some enabler for your real business (like Linux is to Amazon, Google, Microsoft, and all of these other cloud companies and most of the internet, or like Java was to Sun).
Imustaskforhelp|2 months ago
they (AWS) profitted so hard from redis and elasticsearch that they had to literally change their licenses similar to O'sassy's
and even then people forked redis to create valkey and AWS engineers started working on it
Both redis and elasticsearch got so much backlash because "not open source" when in reality, they were trying to make ends meet but also since it allowed external contributions, people who contributed felt rug pulled
In the end, both of these had to revert switching to AGPL licenses.
Technically I am sure that people are still competing against these servers even with AGPL because it does have freedom 0 but I think that they kind of realized that backlash was very high
My opinion on the matter personally is, I value source code because I can work around it, I can see the code and audit it/ have a peace of mind.
But even now, open source is severely underfunded and I think we should do something about it. We cant really expect developers to write code in any license that you want, its their code and their wish (originally) and I think these are just means where someone wants to open source but he also wants to profit from his creation just enough so that he/she can maybe work full time on it/have more employees working on it and just have it grow better which for the end users does feel better.
Sander_Marechal|2 months ago
But that's evidently not true. Amazon has co-opted plenty of open source projects and put the squeeze on the original maintainer's SaaS offering.