I have been doing a some thinking about my use and relationship with open source software. I tend to be more pragmatic in my approach to open source. I generally think open source is superior to proprietary software, but I don’t think that proprietary software is immoral. In the general case I think I still believe that. However, events over the past few years have changed my opinions somewhat.
The first item is one I’ve written about previously, and that is the relicensing of open core software to something proprietary. The basic game plan starts with an open source “core” product licensed under a permissive license. Then they slowly add proprietary add-ons, usually described as “enterprise features”. Finally, once they’ve leveraged the open source community to drive adoption, they convert the license to a proprietary. They will still allow people to see the code in an attempt to keep up appearances, but it comes with usage restrictions that make it incompatible with real open source. MongoDB, Elasticsearch, and InfluxDb are all examples of this phenomenon.
The second item is GitHub Copilot. Copilot has recently been made generally available, and GitHub is looking to charge developers for using it. While I think the Copilot technology is interesting, I’m not comfortable with the way it ignores open source licensing obligations. GitHub uses all the code in public repositories on their platform as a training set for Copilot’s AI. In practice this means Copilot can and will regurgitate blocks of open source code into software programs where it’s being used. If that code was licensed under a reciprocal license, then the developer may have unwittingly triggered a requirement to distribute their new program under the same license. This is currently a legal gray area. I’m fairly certain that GitHub’s terms of service cover their usage of code hosted in GitHub repositories, but I think it violates the spirit of open source. I also think it’s only a matter of time before unscrupulous developers and companies will seek to leverage Copilot as a “code laundering” scheme in an attempt to leverage open source code in a proprietary product.
The third and final item on this list is GitHub itself. GitHub has become the defacto standard for hosting open source code, but it isn’t open source itself. For all intents and purposes GitHub has become something of a natural monopoly. While there are other software forges out there, their share of the market is so small that it makes it difficult for companies and projects to use them. Sadly, using an alternate software forge platform will negatively impact both discoverability and the ability to recruit contributors.
I’m still mulling these thoughts over, so I don’t have an answer or a recommendation. I already try to avoid open core projects whenever possible, but the issues with GitHub are a little tougher to deal with. While I dislike what they are doing with Copilot and I would like to avoid having my own code abused in such a way, the downsides to moving off of GitHub may be too costly. In any case, I will still need to maintain a GitHub account as it’s used by my employer. In this case I think it’s going to boil down to whether or not a think GitHub has violated my principles to the point where I feel the need to do something about it.