Comment by fsckboy
[flagged]
[flagged]
> you're not a good person, you don't fool me. Fund open source, it would support young people who were just like you were
Or maybe he knows he's not a good person and has no intention of multiplying people who are just like he was, because he knows people as himself are bad and the world is better without them.
> It's probably too much to ask corporations to dump money into it as it would not be a legitimate business expense.
Um, excuse me?
Ok, let's suppose you've got a product that depends on open source project X. For simplicity let's say it's a direct dependency, though I think everything here applies to indirect ones as well.
Let's consider the options.
Option 1: never pay a dime for it. This works in so far as someone else picks up the bill. So really there are two sub-cases:
Option 1(a): the project is successful enough that it's self-sustaining. What this really means is that someone else (or multiple someone elses) picked up the bill. Congrats, you lucked out.
Option 1(b): the project is insufficiently funded and either dies or has a major security breach. Now you end up paying either for the security breach fallout and/or to replace the component, possibly on short notice, with something else. Or you maintain it yourself and start paying that cost, again possibly on short notice.
Is that really worth it? Do you think so? I'm betting all those costs are higher than it would have cost to maintain it in the first place. Because anything you do in an emergency is more expensive, and you're paying the cost of losing all the context in the development of the project itself (if someone leaves before you start maintaining it).
Option 2: pay for the software in the first place, making the cost predictable and avoiding a low-probability high-impact failure mode. Honestly, given all the risk management companies do, this seems worth it to me. At least if the dependency is critical enough.
Obviously you won't do this with any random open source project. But that's sort of the point: companies are making economic decisions all the time about what they really care about. If they aren't paying, that means they're happy with the inverse lottery[1] of the failed open source project model.
[1]: An inverse lottery is one where most of the time you get nothing, but rarely you lose big.
There are other options.
Option 2: Fork the code and do whatever they want with it.
Option 3: Directly employ open source project maintainers instead of donating to the project. They can exert at least some control over project direction that way.
Most enterprises don't even have a budget line item for open source project donations.
> Most enterprises don't even have a budget line item for open source project donations.
But it's common that they have employees who are assigned to working on the open source project. That's an item in the budget, it just isn't labeled "open source project donations".
I am not here to shill for Google, but they publish a staggering amount of liberally licenced software. We can much less of that about Microsoft, Apple, and (my personal most dreaded for open source) Amazon.
Also, I stand by my previous comments from other similar discussions: Almost all big corps use Redhat. They are indirectly funding open source. Redhat probably employs more programmers that contribute to a base Linux install than any other company on the planet. (Yeah, I know they were bought by IBM, which gets no love around here.)