Ask HN: Why aren't we penalising companies for not contributing to open source?

I don&#x27;t agree that we should make companies pay for open source or contribute towards it or whatever.<p>(I&#x27;ll put the &quot;open source&quot; vs. &quot;free&quot; thing to one side for a minute, but I will assume you mean anything on Github (etc.) with a permissive license and is free of charge.)<p>Also there is no reason individuals should produce open source code for free. If you want to, then that is fine, but remember you don&#x27;t have to.<p>It would be a lot better for developers if fewer people created open source software. Paid software (perhaps with exceptions for destitute people) would be better and more developers could make a living in such a way. The stuff that is good to have open source is the frameworks and toolchains like React and NPM, which big companies can bankroll for PR purposes.

It would be unreasonable to expect every company that uses open source software to have a PR accepted for every such software they use.. most companies using open source software are not software companies and don&#x27;t employ programmers.<p>It also goes against the spirit of the free software ethos. The end user has the right to use their software as they see fit, which includes not contributing back. If you don&#x27;t find that acceptable, <i>write it in the license.</i> If they violate the license, <i>sue them.</i>

We sort of are. My company does anti-spam and email security for over half the fortune 500 with 3000+ employees. We use FOSS everywhere. We contribute absolutely nothing back afaict.<p>We are trying to recruit people who use these open source tools&#x2F;languages and literally no one has ever heard of us. Forget college graduates -- I&#x27;ve been to an industry conference which I think we create, and even there, the majority of people have never heard of us, which is imho an accomplishment.

First offenders are governments. There should be provisions for (non-security) software build by the government or publicly-owned corporations to become open source. The UK does some of that i believe.<p>Private corporations pay taxes, which should be enough to be their fair share. They are not obliged to otherwise contribute back to public infrastructure, even if they use it.

It&#x27;s starting to happen, with things like the recent Redis labs and MongoDB license updates.<p>But it seems to me there&#x27;s at least a couple of different categories of &quot;open source&quot; that have quite different backgrounds and motivations.<p>Things like Linux, Perl, Python, PHP, Apache, all of GNUs code - I guess much of the well known &quot;old-school&quot; open source software - was very much the &quot;some developer &#x27;scratching their own itch&#x27;&quot; and then choosing to share their work, with some more or less onerous obligation that others who use it also share their work.<p>Lately we&#x27;re hearing about &quot;company backed&quot; open source projects like Redis and Mongo (and I&#x27;m not claiming this model hasn&#x27;t existed for a long time, just that it&#x27;s making noise in the tech news sphere a lot recently), where there are founders&#x2F;employees&#x2F;staff getting paid to work on open source software - which is then being used and significantly monetised by other companies (mostly cloud providers) who are benefiting from the work without needing to give anything back - either time&#x2F;effort or money.<p>The first category of projects don&#x27;t seem to have much problem at all with FAANG or other businesses using their code - either incidentally (Facebook being built on PHP) or directly (every web hosting company and ISP in the world effectively just selling Apache). These projects all wrote or popularised the common&#x2F;established open source licenses, and they&#x27;re mostly optimised for how these projects run. Often this is one person of a small core who&#x27;re either self funded or supported by the business they work for, and a few or a huge number of contributors who are effectively &quot;volunteers&quot;, at least from the point of view that they are not looking to be financially compensated for the time they spend on the project by the project itself. They either work on the project in their own time for their own reasons, or they&#x27;ve got agreement with their boss that working on the project is beneficial enough to their business that they can do it on company time.<p>The second category though, are actually spending money running companies and paying staff - funding it either through selling consulting services, burning VC money, or upselling freemium versions, or whatever else they can think of to bring in revenue. I think this part of the open source eco system is still trying to explore new avenues for generating sustainable revenue to pay for software development while still being &quot;open source&quot;. The &quot;old school&quot; licenses were not written with this model in mind, and so are not really working well for some of these projects. For the same sorts of reasons that some of the more permissive old-school licenses spun out from the GPL, giving us things like Perl&#x27;s Artistic License and the Apache License, these contemporary &quot;business owned&#x2F;funded open source projects&quot; are experimenting - with more or less success and with more or less publicity backlash - with new licenses or new clauses added to existing licenses.<p>I think the &quot;penalising users who&#x27;re not contributing back&quot; isn&#x27;t the right way to think about how to create a new open source model, even if only because of the negativity inherent in that way of expressing it. I don&#x27;t though, have a good alternative to offer. I hope somebody hits on a good solution, because I genuinely think it&#x27;s possible that company-funded projects (like Redis and Mongo for example) might be able to tackle difficult problems in different ways to the &quot;bazaar&quot; model of open source.

How do you propose to enforce such laws?