They still have linked their OpenCollective account, where they have raised $10K and still have a balance of $5K. [0]
It's not a lot in the great scheme of things, but, have they been using a platform that's seemingly built for communities and open source to bootstrap their business?
Because this is not a 'open core' situation. They just closed the repo and ran away. If they had that idea all along, I feel like it hasn't be very, let's say, ethical.
Wait, so a company shared their work with the public for however long, then decided to leave what was shared up ... but stop sharing ... and you're upset?!?
They did everything properly by the rules of OSS, decided it wasn't in their best interest to keep doing OSS, and left all their code available, as required by OSS. They were a textbook good participant.
Meanwhile, 99% of companies never open source anything: why aren't you complaining about how "unethical" they are?
> and left all their code available, as required by OSS.
IANAL, and I don't have a horse in this race, but I don't think that's required by OSS, not by the spirit of "the law", and (at least) not by GPL, MIT, and other similar mainstream licenses.
The spirit of open source is: you buy (or just download for free) a binary, you get the 4 rights. Whatever happens when the developer/company stops distributing (whether at a cost or free as in beer) that binary is completely outside the scope of the license.
You only have the right to modify if you can access the source.
If you got (a snapshot of) the source along with the binary, that's fine, there's no need to keep hosting the source anywhere.
But if the company said "for source, see: our github", then that github has to stay up/public, for all the people who downloaded the binary a long time ago and are only getting around to exercising their right to modify today.
They don't need to post new versions of their software to it, of course. But they need to continue to make the source available somehow to people who were granted a right that can only be exercised if the source is made available to them.
(IIRC, some very early versions of this required you to send a physical letter to the company to get a copy of the source back on CD. That would be fine too. But they'd also have to advertise this somewhere, e.g. by stubbing the github repo and replacing it with a note that you can do that.)
> a company shared their work with the public for however long, then decided to leave what was shared up
More like a company took advantage of a community that expected their freely offered labor to not be commercialized at any point in time without making available said works in a fully free vector as well, as that's an implicit expectation behind "open source".
It would be helpful for everyone if that community would pause before contributing to code bases with licenses which allow for that. MIT, BSD, Apache, …
It would be helpful for them because they’ll know what they’re getting into. For us because we won’t have to see this tragedy unfold time and time again. And for all open source users because more efforts will be directed towards programs with licenses that protect end users. GPL, AGPL, …
It will be a little worse for companies seeking free labor. A price I’m willing to pay.
It looks like it's Apache licensed, so this was the expected and intended outcome for contributors. If they wanted their work to remain free and not become proprietary, they should have only contributed under perma-free licenses like GPL.
Companies stand to turn a profit. OSS is here to help enable that or push the goal posts. It’s not a charity unless the org feels charitable. Sure, non-profits exist but they were never one of those.
I think the comment on corpos is good, but calling the naive people fools might be unnecessary - it’s probably not their fault nobody told them about this sort of thing before and learning that lesson is probably disappointing enough already.
It’s unfortunate that this keeps happening to projects like MinIO and others too.
Sure! Slightly edited the tone, but I’m noticing that often people have idealistic attitudes about FOSS until they get burnt by bad faith actors or even just indifferent corps that have to keep the lights on. Quite unfortunate, definitely not their fault. Pity is correct.
It’s definitely pity. It’s a hard pill to swallow when you were led to believe a certain world view of an entity only to find out they were milking your data.
I can't think of any free or open license that requires you to leave your code available for any specific period of time if you are not simultaneously distributing binaries.
How can people still not understand that OSS can be abused?
It doesn't matter that the previous code is still available. Nobody can technically delete it from the internet, so that's hardly something they did "right".
The original maintainers are gone, and users will have to rely on someone else to pick up the work, or maintain it themselves. All of this creates friction, and fragments the community.
And are you not familiar with the concept of OSS rugpulls? It's when a company uses OSS as a marketing tool, and when they deem it's not profitable enough, they start cutting corners, prioritizing their commercial product, or, as in this case, shut down the OSS project altogether. None of this is being a "textbook good participant".
> Meanwhile, 99% of companies never open source anything: why aren't you complaining about how "unethical" they are?
Frankly, there are many companies with proprietary products that behave more ethically and have more respect for their users than this. The fact that a project is released as OSS doesn't make it inherently better. Seeing OSS as a "free gift" is a terrible way of looking at it.
> It doesn't matter that the previous code is still available…The original maintainers are gone, and users will have to rely on someone else to pick up the work, or maintain it themselves.
It does matter: popular products have been forked or the open-source component was reused. E.g. Terraform and OpenTofu, Redis and Redict, Docker and Colima (partly MinIO and RustFS; the latter is a full rewrite, but since the former was FOSS and it’s a “drop-in binary replacement”, I’m sure they looked at the code for reference…)
If your environment doesn’t have API changes and vulnerabilities, forking requires practically zero effort. If it does, the alternative to maintaining yourself or convincing someone to maintain it for you (e.g. with donations), is having the original maintainers keep working for free.
Although this specific product may be mostly closed source (they’ve had commercial addons before the announcement). If so, the problem here is thinking it was open in the first place.
You might want to get your arguments in order. In one sentence you're calling OSS rugpulls a problem, and then in another you're claiming that proprietary products behave more ethically.
So which is it? Is it less-ethical to have provided software as open source, and then later become a proprietary product? Why? I see having source code, even for an old/unmaintained product be strictly superior to having never provided the source code no matter how much "respect" the company has for their users today.
> The original maintainers are gone, and users will have to rely on someone else to pick up the work,
That’s a risk that no license, open source or not, can protect against. Priorities may change, causing maintainers to stop maintaining, or maintainers (companies or people) may cease to exist.
OSS licenses also do not promise that development will continue forever, will continue in a direction you like or anything like that.
The only thing open source licenses say is “here’s a specific set of source code that you can use under these limitations”. The expectation that there will be maintenance is a matter of trust that you may or may not have in the developers.
> or maintain it themselves.
With open source, at least you have that option.
> And are you not familiar with the concept of OSS rugpulls? It's when a company uses OSS as a marketing tool, and when they deem it's not profitable enough, they start cutting corners, prioritizing their commercial product, or, as in this case, shut down the OSS project altogether.
Companies have to live. It’s not nice if something like that happen to you for a tool you depend on, but you can’t deny companies to stop doing development altogether.
In this case, you have something better, as, in addition to picking up maintenance on the existing open source version, you have the choice to pay for a version maintained by the original developers.
“Open core” is when part of the product is open-source and part is private.
Was a significant part of the product private before this announcement?
If not, someone can fork the repo and immediately launch a competitor (FOSS or paid). (Technically even if so, except it wouldn’t be immediate, and if they’d have to re-implement too much, it would be easier to start from scratch.)
I evangelized localstack at my company a while back, but as we integrated it deeper into our CI test runs we started running into more and more things they don't support, and it feels impossible to get any attention from their support/devs despite being paying customers.
Their Cloud Pod and ephemeral instance features in particular feel pretty half-baked and not very useful at the moment.
Fun tangent: it's pretty easy to write a crack for the pro version; we actually used that for about a month as a pilot to confirm that it would do what we needed it to.
I never understood why AWS doesn't provide something like LocalStack out of the box.
Any team building serious software on AWS needs to mock AWS services in their CI/CD pipelines. What exactly are they expecting developers to do? They would probably argue something like "spin up real infrastructure so you are as close to production as possible" because this way they could make even more money while also avoiding the implementation / maintenance cost of the mocks.
First minio and then localstack, as an open source maintainer I find that abandoning their community is bad faith. I totally get wanting to monetize but removing the free product entirely feels like such a betrayel.
Luckily, I've been vibing with Devin since this started having it build a cleanbox emulator on top of real s3 tuned for my specific use case. It's a lot less general but it's much faster and easy to add the sort of assertions I need in it. It's no localstack but for my limited use case it works.
More reason to run your infrastructure using open source software in your own datacenter. OpenStack has been around for closing in on two decades, running clouds and being mostly governance-drama-free.
It's not surprising that a proprietary ecosystem built on open source software locked up behind a gate doesn't make a worthwhile ecosystem for building open source tooling against.
Perhaps we should stop running things on clouds to begin with. Localstack's main point was that AWS cannot be run locally. Nobody seems to have a problem with that here, which is the bigger problem.
I worked for a company that also used AWS. It was a cloud-first company so we needed to use AWS stuff even if there was a more portable variant available. We needed to run this Localstack to get stuff done. I really did not like using localstack.
Complete coincidence but today I was looking for an AWS mock for E2E tests. Not the whole AWS footprint but just a few services and looked at LocalStack for the first time.
It took Claude to put together a service (with web interface and everything) for those 2 services 15 mins.
I’m not claiming my experience is translated universally but perhaps if your core competency is something like LocalStack you need to think about alternative business ideas.
I have been working with AWS for almost a decade on professionally and never saw a reason not just to run test and develop in a real isolated AWS account with security policies (guardrails) and give out accounts with budget alerts.
There's going to be a lot of complaints about open-source restricting access.
It's going to keep happening because it just doesn't make sense for a lot of previous business models that supported and open-source project, something that was seen recently with tailwind.
In one of my projects, one that remains source-available, I had encountered an "open-source justice warrior" that made it their mission to smear the project because of the switch, grasping at straws to do everything they could to paint my intentions as malicious.
It's really too bad, and will only hurt the availability of free alternatives if one cannot provide the source under a "just don't commercially compete with the paid version of the product" license without getting branded as a scamming cash grabber
That solution can be recreated by a skilled AI boosted senior platform engineer in a few days and parity achieved in a few weeks. Nothing of value was lost.
126 comments
It's not a lot in the great scheme of things, but, have they been using a platform that's seemingly built for communities and open source to bootstrap their business?
Because this is not a 'open core' situation. They just closed the repo and ran away. If they had that idea all along, I feel like it hasn't be very, let's say, ethical.
--
They did everything properly by the rules of OSS, decided it wasn't in their best interest to keep doing OSS, and left all their code available, as required by OSS. They were a textbook good participant.
Meanwhile, 99% of companies never open source anything: why aren't you complaining about how "unethical" they are?
> and left all their code available, as required by OSS.
IANAL, and I don't have a horse in this race, but I don't think that's required by OSS, not by the spirit of "the law", and (at least) not by GPL, MIT, and other similar mainstream licenses.
The spirit of open source is: you buy (or just download for free) a binary, you get the 4 rights. Whatever happens when the developer/company stops distributing (whether at a cost or free as in beer) that binary is completely outside the scope of the license.
If you got (a snapshot of) the source along with the binary, that's fine, there's no need to keep hosting the source anywhere.
But if the company said "for source, see: our github", then that github has to stay up/public, for all the people who downloaded the binary a long time ago and are only getting around to exercising their right to modify today.
They don't need to post new versions of their software to it, of course. But they need to continue to make the source available somehow to people who were granted a right that can only be exercised if the source is made available to them.
(IIRC, some very early versions of this required you to send a physical letter to the company to get a copy of the source back on CD. That would be fine too. But they'd also have to advertise this somewhere, e.g. by stubbing the github repo and replacing it with a note that you can do that.)
In MIT, a.k.a. "the fuck you license" there is no requirement and they don't even have to give you source code at all.
> a company shared their work with the public for however long, then decided to leave what was shared up
More like a company took advantage of a community that expected their freely offered labor to not be commercialized at any point in time without making available said works in a fully free vector as well, as that's an implicit expectation behind "open source".
It would be helpful for everyone if that community would pause before contributing to code bases with licenses which allow for that. MIT, BSD, Apache, …
It would be helpful for them because they’ll know what they’re getting into. For us because we won’t have to see this tragedy unfold time and time again. And for all open source users because more efforts will be directed towards programs with licenses that protect end users. GPL, AGPL, …
It will be a little worse for companies seeking free labor. A price I’m willing to pay.
Not all f/oss contributors are anticapitalist zealots like the FSF, as evidenced by the huge popularity of permissive licenses such as MIT.
There’s nothing implicit about it. The licenses are explicit legal documents.
> anticapitalist zealots like the FSF
In what way are they?
'The term "free" is used in the sense of "free speech", not "free of charge"'
https://en.wikipedia.org/wiki/The_Free_Software_Definition
Companies stand to turn a profit. OSS is here to help enable that or push the goal posts. It’s not a charity unless the org feels charitable. Sure, non-profits exist but they were never one of those.
It’s unfortunate that this keeps happening to projects like MinIO and others too.
I'm interpreting it as closer to pity, rather than genuine criticism =)
It doesn't matter that the previous code is still available. Nobody can technically delete it from the internet, so that's hardly something they did "right".
The original maintainers are gone, and users will have to rely on someone else to pick up the work, or maintain it themselves. All of this creates friction, and fragments the community.
And are you not familiar with the concept of OSS rugpulls? It's when a company uses OSS as a marketing tool, and when they deem it's not profitable enough, they start cutting corners, prioritizing their commercial product, or, as in this case, shut down the OSS project altogether. None of this is being a "textbook good participant".
> Meanwhile, 99% of companies never open source anything: why aren't you complaining about how "unethical" they are?
Frankly, there are many companies with proprietary products that behave more ethically and have more respect for their users than this. The fact that a project is released as OSS doesn't make it inherently better. Seeing OSS as a "free gift" is a terrible way of looking at it.
> It doesn't matter that the previous code is still available…The original maintainers are gone, and users will have to rely on someone else to pick up the work, or maintain it themselves.
It does matter: popular products have been forked or the open-source component was reused. E.g. Terraform and OpenTofu, Redis and Redict, Docker and Colima (partly MinIO and RustFS; the latter is a full rewrite, but since the former was FOSS and it’s a “drop-in binary replacement”, I’m sure they looked at the code for reference…)
If your environment doesn’t have API changes and vulnerabilities, forking requires practically zero effort. If it does, the alternative to maintaining yourself or convincing someone to maintain it for you (e.g. with donations), is having the original maintainers keep working for free.
Although this specific product may be mostly closed source (they’ve had commercial addons before the announcement). If so, the problem here is thinking it was open in the first place.
You might want to get your arguments in order. In one sentence you're calling OSS rugpulls a problem, and then in another you're claiming that proprietary products behave more ethically.
So which is it? Is it less-ethical to have provided software as open source, and then later become a proprietary product? Why? I see having source code, even for an old/unmaintained product be strictly superior to having never provided the source code no matter how much "respect" the company has for their users today.
The code is all there mate.
Their time and efforts and ongoing contributions to the project are not.
OSS is not about fairness and free work from people. It's just putting the code out there in public.
> The original maintainers are gone, and users will have to rely on someone else to pick up the work,
That’s a risk that no license, open source or not, can protect against. Priorities may change, causing maintainers to stop maintaining, or maintainers (companies or people) may cease to exist.
OSS licenses also do not promise that development will continue forever, will continue in a direction you like or anything like that.
The only thing open source licenses say is “here’s a specific set of source code that you can use under these limitations”. The expectation that there will be maintenance is a matter of trust that you may or may not have in the developers.
> or maintain it themselves.
With open source, at least you have that option.
> And are you not familiar with the concept of OSS rugpulls? It's when a company uses OSS as a marketing tool, and when they deem it's not profitable enough, they start cutting corners, prioritizing their commercial product, or, as in this case, shut down the OSS project altogether.
Companies have to live. It’s not nice if something like that happen to you for a tool you depend on, but you can’t deny companies to stop doing development altogether.
In this case, you have something better, as, in addition to picking up maintenance on the existing open source version, you have the choice to pay for a version maintained by the original developers.
Was a significant part of the product private before this announcement?
If not, someone can fork the repo and immediately launch a competitor (FOSS or paid). (Technically even if so, except it wouldn’t be immediate, and if they’d have to re-implement too much, it would be easier to start from scratch.)
Their Cloud Pod and ephemeral instance features in particular feel pretty half-baked and not very useful at the moment.
Fun tangent: it's pretty easy to write a crack for the pro version; we actually used that for about a month as a pilot to confirm that it would do what we needed it to.
Luckily, I've been vibing with Devin since this started having it build a cleanbox emulator on top of real s3 tuned for my specific use case. It's a lot less general but it's much faster and easy to add the sort of assertions I need in it. It's no localstack but for my limited use case it works.
It's not surprising that a proprietary ecosystem built on open source software locked up behind a gate doesn't make a worthwhile ecosystem for building open source tooling against.
1. be table-stakes for a SDK from the cloud providers themselves
2. have the obvious home in a foundation like the CNCF; how else could you be "cloud native" afterall?
https://github.com/hectorvent/floci
It took Claude to put together a service (with web interface and everything) for those 2 services 15 mins.
I’m not claiming my experience is translated universally but perhaps if your core competency is something like LocalStack you need to think about alternative business ideas.
It's going to keep happening because it just doesn't make sense for a lot of previous business models that supported and open-source project, something that was seen recently with tailwind.
In one of my projects, one that remains source-available, I had encountered an "open-source justice warrior" that made it their mission to smear the project because of the switch, grasping at straws to do everything they could to paint my intentions as malicious.
It's really too bad, and will only hurt the availability of free alternatives if one cannot provide the source under a "just don't commercially compete with the paid version of the product" license without getting branded as a scamming cash grabber