I tend to write a lot about how Free and Open Source Software projects rely on a community of contributors to grow and expand, and how projects without a healthy community tend to face problems and in some cases disappear. Today, I would like to discuss a sad reality of Free and Open Source Software: funding.
These past years -and months- we have had several examples how lack of funding can cut a project’s ability to develop, patch and maintain its codebase and by project I mean developers not getting adequate money, if no money at all, for what they do. There is really two sides to the same coin here. There’s the one where an entire industry re-uses entire FOSS stacks or components, sometimes without even acknowledging it licence-wise or even just in name. And there’s the other side, where the same industry will not compensate anyone upstream, because the license terms enables simple reuse and distribution of those software components.
Don’t believe the remaining few who will tell you that they do not believe that Free and Open Source Software is everywhere. It is pretty much everywhere, from your web server to your corporate I.T. infrastructure in the cloud and your plasma screen at home. But what those people don’t see is revenue streams, existing business transactions from the downstream (the distributors, integrators and users) to the upstream, the original developers. Or if they see it does not exist and know about it, then they should feel there’s a problem. This is how we have situations like the Heartbleed episode: the number of platforms, software products, hardware and custom designed and integrated systems embedding OpenSSL and OpenSSH is astonishingly large. In fact, pretty much everyone out there uses these components. But everyone thinks it’s up to the neighbour to buck the chef. And in the end, nobody did, leaving the developers without any real revenue to maintain this stack.
Choosing alternative licences -open source licences that is- won’t change anything. GPL software may have specific clauses preventing a distributor to alter its Free Software nature on the downstream (the famous “copyleft”) but I believe that this level of protection works only marginally better than any other licence. The Apache license and the whole Apache Foundation’s posture about setting corporations free from donating back does not work well or better either: If you are to believe the whole Apache theory about being more permissive and therefore encouraging contributions (I’m skeptical of that), you cannot claim that Apache licensed software has a better track record in working out developers’ revenue stream.
What could work then? I have no real answer to this. In some cases, we know that donations work. The Document Foundation is a good example of that, but there are others. Yet the donations mostly come from small, individual donations by our users. It is one way to solve the problem, even though in the case of the Document Foundation the money collected goes into investment made by the foundation itself, not necessarily to developers directly. For software stacks that are less “user facing” or consumer oriented, donations do not work as well. The ideal way is to hire or contract the orginal developers to work on the code itself or on jobs aimed at improving the software stack itself.
I happen to think that regulatory constraints will not work at all here. After all, it’s Free and Open Source Software. What is required is a shift in the culture of the industry about Free and Open Source Software. Our ecosystem is actually pretty tighly integrated, and it is rare to see an entire software stack developed from scratch overnight. Software components are used and reused everywhere, and Open Source licences are a key enabler of these practices. Compensating the upstream should be a matter of collective hygiene. But the awareness of the industry at large has only started to be raised, unfortunately. How many Heartbleed will we have to witness before we change?