this post was submitted on 31 Mar 2024
111 points (79.7% liked)

Open Source

31227 readers
232 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I tried a couple license finders and I even looked into the OSI database but I could not find a license that works pretty much like agpl but requiring payment (combined 1% of revenue per month, spread evenly over all FOSS software, if applicable) if one of these is true:

  • the downstream user makes revenue (as in "is a company" or gets donations)
  • the downstream distributor is connected to a commercial user (e.g. to exclude google from making a non profit to circumvent this license)

I ask this because of the backdoor in xz and the obviously rotten situation in billion dollar companies not kicking their fair share back to the people providing this stuff.

So, if something similar exists, feel free to let me know.

Thanks for reading and have a good one.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 7 months ago (1 children)

I want to say that all this backdoor incident (s, not the first and certainly not the last) only shows how well the FOSS model works. Not only for catching it promptly before it even was released, but these attacks which require a good amount of skill and time, and therefore probably money, demonstrate that some bad actors are fearful of FOSS. Also I want to point that voluntary FOSS contributors are not exploited even if some big corp uses their software without paying anything, as long as they respect the freedoms they have to give to their users. Also many (maybe most idrk) contributions to FOSS aren't made by volunteers, but through foundations/donations models paid professionals or companies putting developer time to them (I suspect this could be the case here with the guy from Microsoft that caught it).