Sometimes it's pretty cut and dry, just people using open source without attribution and hoping that nobody will find out. But why?<p>MinIO is licensed under AGPL (the current versions, at least): <a href="https://github.com/minio/minio/blob/master/LICENSE" rel="nofollow">https://github.com/minio/minio/blob/master/LICENSE</a><p>It effectively mandates that the modified version needs to be made available: <a href="https://en.wikipedia.org/wiki/GNU_Affero_General_Public_License" rel="nofollow">https://en.wikipedia.org/wiki/GNU_Affero_General_Public_Lice...</a><p><pre><code> The GNU Affero General Public License is a modified version of the ordinary GNU GPL version 3. It has one added requirement: if you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there.
</code></pre>
So the logical first question is: why pick software that is using AGPL? Did the engineers/managers just not care? Did they miss it? I know for a fact that there are many out there who couldn't care less about licenses and compliance. Maybe companies haven't been strong armed into caring about licensing as much as they have been in regards to GDPR, for example?<p>Secondly, why should the modified version remain a "secret"? Would competition suddenly spring up? Or maybe the project contains tight coupling to the rest of the platform, which could be considered a security risk?<p>Why isn't open sourcing a modified version something that would take a few hours anyways, since then none of this would be an issue?<p>(disclaimer: I discuss SSPL below because I find it interesting; apologies for the tangent)<p>Honestly, the state of software licensing sometimes puzzles me. For example, MongoDB switched over to SSPL altogether: <a href="https://www.mongodb.com/community/licensing" rel="nofollow">https://www.mongodb.com/community/licensing</a><p><pre><code> If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. ...
</code></pre>
Seems like that applies to even patches: <a href="https://github.com/mongodb/mongo" rel="nofollow">https://github.com/mongodb/mongo</a><p><pre><code> MongoDB is free and the source is available. Versions released prior to October 16, 2018 are published under the AGPL. All versions released after October 16, 2018, including patch fixes for prior versions, are published under the Server Side Public License (SSPL) v1. See individual files for details.
</code></pre>
DigitalOcean, for example, proudly advertises managed MongoDB as a service: <a href="https://www.digitalocean.com/products/managed-databases-mongodb" rel="nofollow">https://www.digitalocean.com/products/managed-databases-mong...</a><p>And yet, to the best of my understanding, the entirety of the DigitalOcean platform isn't open source (even though many projects are): <a href="https://github.com/orgs/digitalocean/repositories" rel="nofollow">https://github.com/orgs/digitalocean/repositories</a><p>Or even anything that might have something to do with MongoDB in particular: <a href="https://github.com/orgs/digitalocean/repositories?q=mongo&type=all&language=&sort=" rel="nofollow">https://github.com/orgs/digitalocean/repositories?q=mongo&ty...</a><p>It just feels like one of those "rules for thee, not for me" situations, since it wouldn't be feasible for small companies to compete with them. Edit: someone mentioned them probably running the enterprise version which is probably the explanation for this!<p>That said, the thought experiment of building a company (including all systems) as 100% open source is really interesting, whether such a thing would be feasible if people stopped caring about "guarding" their IP and whatnot.