Tag Archives: relicense

General

What can your OSPO do about power dynamics, rug pulls, and other corporate impacts on OSS sustainability

A bunch of CHAOTICs at CHAOSScon EU with our hands in the air.

A few months ago, I posted here about the New Power Dynamics in Open Source: Rug Pulls, Relicensing, and Forks, but it’s something I’ve been continuing to think about over the past few months. I recently published a blog post for OpenUK on The Shifting Power Dynamics in Open Source: Rug Pulls, Relicensing and Forks, and at the recent Open Source Summit EU (OSSEU) in Amsterdam, I gave a talk on this topic, which Jon Corbett did a lovely job of summarizing in his LWN Coverage of the talk. Here’s the video if you’d like to watch the full 45 minute talk.

What Can Your OSPO Do?

I’ve spent quite a bit of time looking at relicensing and rug pulls, but the data isn’t the important part. What really matters are the actions that we take based on what we’ve learned. It’s important for OSPOs and other open source teams within companies to think strategically about what these power dynamics mean and how we can anticipate and mitigate the risks associated with rug pulls from open source projects driven by software vendors. During my talk at OSSEU, most of the discussion during the Q&A was about the indicators and red flags that can help us anticipate these risks along with how we can mitigate the risks through open source project contributions.

Indicators and Red Flags

There are a couple of indicators that can help you anticipate which open source projects might be more or less likely to be subject to a rug pull or relicense in the future.

  • Contributor License Agreements (CLAs) create a power imbalance within open source communities where the power is tilted toward the company who owns the project and controls the CLA, which gives the company more power than other contributors; for example, the power to relicense a project. This is probably the biggest red flag when assessing whether a project might be at risk of a rug pull in the future.
  • Neutral Foundations and Governance provide a level playing field where people from many different companies can work together on an open source project as equals to create something that benefits everyone. Projects are much less likely to experience rug pulls if they are under neutral, well-run foundations and have governance structures with leaders and maintainers from a variety of organizations. This is in contrast to projects owned or controlled by a single company, which is a red flag because those projects are more likely to experience rug pulls.

Mitigate through Contribution

The most impactful action that a company can take to mitigate potential issues within an open source project is to have employees actively participating and contributing to the projects that are most strategic for your company. This is an important way to better understand and mitigate the risks associated with future rug pulls, but it also goes beyond just that one concern. Companies have the power and resources to make real improvements within open source projects, and corporate involvement can positively impact the sustainability of our projects. Companies can allocate employee time to contribute to projects or provide funding and other resources to help sustain open source projects. 

Having your employees working within a project helps you understand the power dynamics that might be at play and better understand the strengths and weaknesses of that project while also being able to influence the project from within. If your employees are in positions of leadership within a project, you might be able to help prevent future rug pulls, or at the very least, maybe you can anticipate them.

Resources:

General

New Power Dynamics in Open Source: Rug Pulls, Relicensing, and Forks

I’ve spent a lot of time over the past year doing research into open source projects that have moved to proprietary licenses and the forks that were the result of those license changes. More recently (starting with a talk at Monki Gras), I’ve been thinking about how the power dynamics within the open source ecosystem have evolved and how rug pulls, relicensing, and forks can shift those power dynamics.

I finally wrote all of this down and turned it into a blog post for The New Stack: Clouds, Code, and Control: The New Open Source Power Struggle. Here’s a short quote from the post:

“With the rise in popularity of large cloud providers, the open source power dynamics are looking kind of similar to the feudalism example I talked about at the beginning of this blog post, but in the open source case, what’s different is that we have ways to shift or flip the power dynamics. A smaller company deciding to move a project away from an open source license can flip the power dynamic and gain power back from those large cloud providers. Still, they also shift the balance of power even further away from contributors and users at the same time when they decide to relicense that project. This encourages those with less power to take collective action to fork a project, flipping the power dynamic in favor of the contributors and users, often including the cloud providers as users. Within the open source world, we are better off than the peasants and serfs because we have certain freedoms that allow us to take collective action to regain power by forking projects when others abuse their power.” – read the rest of the blog post on The New Stack.

If you want to learn more about the research, here are a few places to get started:

Photo by Lance Reis on Unsplash