This document discusses different models for open source projects including open projects, open source, and open core models. It provides examples of projects that follow each model including XScreenSaver, Android, GCC, Qt, and Linux. It also covers related topics like licenses, contributor license agreements, export restrictions, patents, responsible disclosure, and trademarks.
2. Bio
• Johan Thelin
• Co-founder of Kuro Studio
• Past: Pelagicore, Trolltech, BitSim, Enator
• QmlBook, Foundations of Qt Development
• Datormagazin, LinuxJournal, etc
• foss-gbg / foss-north
3.
4. What is Open Source?
• Free Redistribution
• Source Code
• Derived Works
Source: https://opensource.org/osd
5. What is Open Source?
• Free Redistribution
• Source Code
• Derived Works
• Integrity of the Author’s Source Code
• No Discrimination Against Persons or Groups
• No Discrimination Against Fields of Endeavour
Source: https://opensource.org/osd
6. What is Open Source?
• Free Redistribution
• Source Code
• Derived Works
• Integrity of the Author’s Source Code
• No Discrimination Against Persons or Groups
• No Discrimination Against Fields of Endeavour
• Distribution of License
• License Must Not Be Specific to a Product
• License Must Not Restrict Other Software
• License Must Be Technology-Neutral
Source: https://opensource.org/osd
7. From Linus Torvalds <>
Date Sun, 16 Sep 2018 12:22:43 -0700
Subject Linux 4.19-rc4 released, an apology, and a maintainership note
15. Where do we see these models?
• Open Core + Expensive ”modules”
• Play Services
• Gitlab tiers
• Dual licensing
• Requires copyright ownership
• Services
• Anyone can do it, but you do it best
• Physical products
• Phones, etc
• SaaS – Software as a Service
• Hosting, e.g. Wordpress, mender, AWS, etc
Open source is not a business model.
Your business model may, however, be
affected by your choice of licenses.
17. Case Study: XScreenSaver
Open project Open source Open core
Source code
Governance
Bugs
Copyright
Planning
https://www.jwz.org/xscreensaver/
• Source code is available as a tarball
• Mix of licenses, MIT, GPLv2+, other permissive licenses
• Bugs can be reported, but not public issue tracker
• Run by a single guy at his leisure
18. Case Study: Android
Open project Open source Open core
Source code
Governance
Bugs
Copyright
Planning
https://source.android.com/setup/contribute/index.html
• Source code is available (AOSP) but not to the services
• Mix of licenses
• Has an issue tracker
• Accepts external contributions
• Planning and Governance are internal to Google
19. Case Study: GCC
Open project Open source Open core
Copyright
Source code
Governance
Bugs
Planning
• Source code is available
• GPL
• Has a public issue tracker
• Has a steering committee for major decisions
• Recommends copyright assignment (to FSF)
https://gcc.gnu.org/
20. Case Study: Qt
Open project Open source Open core
Source code
Governance
Bugs
Copyright
Planning
https://www.qt.io/
• Source code is available
• GPLv3 / LGPLv3, and some commercial add-ons
• Has a public issue tracker
• Has an open governance model
• Required contributors to sign a CLA
• Has moved from open core towards open projects
21. Case Study: Linux
Open project Open source Open core
Copyright
Source code
Governance
Bugs
Planning
• Source code is available
• Mostly GPLv2
• Has a public issue tracker
• Has an open governance model
• Good example of herding cats
https://www.kernel.org/
22. Sharing models and licenses
• A license does not imply a sharing model…
• …but it can prevent one.
• You need to be aware of how licenses depend on each other
27. Licenses
• Enables or disables sharing models and business models
• You need to be aware of them
• As long as you retain copyright, you can change your mind
• But not retroactively
• There is more: licenses trigger at different conditions, e.g. “distribution”
• I like https://tldrlegal.com/ and https://opensource.org/
• Ask a lawyer!
28.
29. Contributor License Agreements
• Require that each contributor signs a contract
• Assignment of copyright
• Guarantee ownership and originality
• Patents
• More
30. Export restrictions
• Mostly affects exporting crypto software from the US
• The restrictions have been eased since the ’90s
• Interfers with the open source definition (the no discrimination parts)
31. Patents
• Software patents are not discoverable through looking at the source
• Patents may be enforced retroactively
• Expensive law suits and potentially expensive license costs
• Still open to discussion if pure software can be copyrighted
• Different depending on geography
• OIN is a patent pool to defend Linux
• Defensive publications
https://www.openinventionnetwork.com/
32. Responsible Disclosure
• Contradictory to openess – but protects the users
• Example project: curl
• Report potential security issues to dedicated mailinglist
• Limited, trusted, set of people on the list
• Agree on plans to fix and disclosure time-line
• Information to distros via distros@openwall
• Short release cycles (8 weeks) means that fixes are quick
Source: https://curl.haxx.se/dev/secprocess.html
33. Trademarks
• Restricts who can use a product brand
• Examples: Arduino, Mozilla, Firefox
• Helps creating an official configuration, without restricting other
freedoms
34. Trademarks
• This type of abuse can be
stopped suing trademarks
• Requires a legal entity to own
the trademarks
• Costs money to register and
defend
https://www.bleepingcomputer.com/news/microsoft/unknown-dev-brings-libreoffice-to-windows-10-via-the-microsoft-store/