by pabs3 on 9/6/25, 5:59 AM with 162 comments
by palata on 9/6/25, 10:19 AM
Would be worth explaining why: my understanding is that if you sign a CLA, you typically give a right to relicence to the beneficiary of the CLA. So you say "it is a GPL project, my contribution is GPL, but I allow you to relicence my contribution as you see fit".
If the project uses a permissive licence already, honestly I don't really see a big impact with signing a CLA: anyone can just take the codebase and go proprietary with it. However, if it is a copyleft licence, then signing a CLA means that the beneficiary of the CLA doesn't play by the same rules and can go proprietary with the contributions!
If you don't want a rug pull, you should use a copyleft licence and not sign a CLA: nobody can make Linux proprietary because the copyright is shared between so many people.
If you use a permissive licence, then a rug pull is part of the deal.
by dig1 on 9/6/25, 11:15 AM
If contributors/maintainers are not happy with what the small company does, they can fork the project (assuming a liberal license) and continue in their own way. Valkey is a good example (with an interesting twist of license dynamics where Redis can use Valkey code now, but not the other way around).
> We have built a world where it is often easiest to just use whatever a cloud provider offers
And, IMHO, this is the major problem in the dev community these days - we've become lazy and focused on nonsense ("pretty"/unusable UIs, web gymnastics, llm, "productivity" etc.). We didn't have problems in the past to fork or reimplement OSes (various BSD instances), compilers (gcc versions), databases (MariaDB), and so on. There are tons of geniuses around hacking on cool stuff, but, sadly, the loudness of various hipsters and evangelists limits their visibility.
> Those providers may not contribute back to the projects they turn into services, though, upsetting the smaller companies that are,
The significant contribution that these providers (AWS, et al.) make to these projects is often overlooked - free advertisement. If I can remember correctly, ElasticSearch got popular when AWS started to offer it as a service. Additionally, cloud providers usually contribute (by employing core developers, shipping patches or testing) to the kernel, gcc or jdk, from which these small companies benefit significantly. In contrast, they themselves could do none of this.
But it is easier to blame "big scary clouds" than to rethink your business model. Be honest, start closed; no one will touch that and no one will be standing in your way.
by 3np on 9/6/25, 8:23 AM
Switching your existing build-infra to sync sources from a new remote should be a snap.
Also no major need to hound maintainers to ship a release or merge that neglected bugfix or feature you desperately need - just cherry-pick it.
by cycomanic on 9/6/25, 7:40 PM
So in a way the "rug pull" achieved what it wanted, amazon is now contributing to development.
I think discussing these "rug pulls" without discussing the destructive habit of many large companies to only profit without giving back misses the mark. Any community where there is a large imbalance between the ones doing the work and the ones profiting will over the long run become unstable.
by evantbyrne on 9/6/25, 2:12 PM
by Arcuru on 9/6/25, 8:14 PM
I'm honestly curious since I've been considering how I license my large OSS projects lately [1], and I really do want to understand what would be "acceptable" here. Start more funding campaigns for the project? Work on it less? Sell merch? Openly communicate that they'll need to re-license without additional funding?
by skybrian on 9/6/25, 5:19 PM
If you choose to give gifts to the world, that’s great, but you should go into it with your eyes open and not expect anything back. The world includes a lot of terrible people and you’re giving them gifts too. It’s okay to change your mind.
Calling it a “rug pull” when a software vendor relicenses seems like biased language. We still have all the gifts they gave us. It’s unfortunate that they changed direction, but nothing lasts forever.
by bawolff on 9/7/25, 1:33 AM
Well yes. There is no free lunch. Open source only works if enough people are willing to give back. If your fork dies, that probably means the project had a lot of free riders.
The main issue i have with rug pulls is its essentially false advertising. They grew their customer base by promising open source and reneged when it was no longer convinent. This feels morally gross to me.
However i don't know that i actually am worried about the no longer making contributions aspect. Nobody is obliged to continue working on something forever. Its a totally normal thing for individuals to retire from a project, its fine for companies to stop too.
by PeterStuer on 9/6/25, 1:32 PM
by tetha on 9/6/25, 10:29 AM
And we were either paying these companies (looking at VMWare), or looked for quotes and intending to pay these companies. But suddenly, your configuration management is supposed to cost almost 6 digits per year. Very basic services should suddenly cost a mid-6-digit range per year for a basic suport contract. Sorry but what the fuck? And - again, looking at VMWare - even then we can't really rely on it?
I've been recommending to instead sponsor foundations, or straight up paying maintainers and developers of OSS we use regularly. The giggles when suggesting that have been getting quieter. But I'd rather hire a Proxmox/qemu dev than start paying the next VMWare.
by palata on 9/6/25, 10:08 AM
That, or maybe people make a "snapshot" just in case. I don't believe many people seriously consider leading the effort of maintaining a fork...
by thayne on 9/6/25, 11:28 PM
1. It's too vague about what is covered by it. This makes using such software risky in practice. Is the OS it runs on included? What about a log aggregator used to collect logs? Or a system backup system? The VM hypervisor and orchestration software for running the VMs that host it? I think it would be better if it was more clearly scoped to components that are specifically related to the service itself and not general purpose components of the hosting environment and/or things that could easily be substituted with other standard open source or off the shelf components.
2. It isn't compatible with AGPL or GPL. This is especially bad combined with 1. Does that mean you can't run the service on Linux? I don't think it could be compatible with AGPL code directly linked to it, but it could allow external components to be under most open source licenses.
IANAL, and don't know exactly how to word a license that fixed those issues, but I think there could be something better than the SSPL, and maybe such a license has a better chance of getting OSI approval.
by z3t4 on 9/6/25, 1:31 PM
by matheusmoreira on 9/6/25, 11:57 AM
https://news.ycombinator.com/item?id=42601846
I see what you mean. The original developer can engage
in a practice that blocks coopertation.
By contrast, using some other license, such as the ordinary GPL,
would permitt ANY user of the program to engage in that practice.
In a perverse sense that could seem more fair, but I think it
is also more harmful.
On balance, using the AGPL is better.by OgsyedIE on 9/6/25, 9:49 AM
by throwaway832338 on 9/6/25, 11:51 AM
by villgax on 9/6/25, 12:54 PM
RIP VibeVoice Large 7B
https://arxiv.org/pdf/2508.19205
https://github.com/microsoft/VibeVoice
Nice to have forks & downloadable models now 'innit
by api on 9/6/25, 1:40 PM
The whole reason for these “rug pulls” is abuse of the open source ethos by big companies using it as free labor for SaaS and giving nothing back.
SaaS is more like feudalism than any other software model, yet the open source community seems committed to making sure the SaaS industry can continue its free ride.
Part of why I’d hesitate to ever again make free (as in beer) software is this whole toxic shitty mentality. If I give you a ton of work for free, say thank you. If a bunch of investors fund that, say thank you. This entitlement mentality from a bunch of people with careers that mostly put them in or near the global 1% is gross. It’s not like you people need stuff for free. You ain’t poor.