this post was submitted on 15 Jul 2023
8 points (100.0% liked)

Rust Programming

8259 readers
2 users here now

founded 5 years ago
MODERATORS
 

I posted this over /r/StallmanWasRight and I am not sure it would be taken well at /r/Rust so here we are.


I have been getting into Rust in the last year but the licensing ecosystem of Rust crates makes me perplexed.

Today I came along this project https://github.com/uutils/coreutils that is trying to rewrite GNU coreutils in Rust and it is likely over the years projects like this one will overshadow many of the legacy GNU projects.

They are almost all made on "permissive" licenses that will give so much more power to corporations, in fact I am absolutely sure all these (big) rewrites are sponsored by corporations to escape the GNU safeguards that were built to protect users and society.

Does anyone else see this or am I just too paranoid ?

EDIT: It is not my intention to single out any specific project/team. Instead, I aim to initiate a meaningful discussion regarding the licensing choice. Rust is likely the first language since C that holds the capability to effectively replace the decades old, legacy libraries.

you are viewing a single comment's thread
view the rest of the comments
[–] zeerooth@lemmy.antemeridiem.xyz 0 points 2 years ago (2 children)

I don't think there's a hidden conspiracy behind projects such as this one; it may be just that it's simply much easier for projects with permissive licenses to take off as corporations and private entities are willing to sometimes submit patches and contribute to these projects on the side while sponsoring the developers with money. However, it's still definitely not proportionate to the value that the community contributes back and basically gives to the corporations for free with most of them packaging these libraries and binaries and selling their software for much higher profit without ever contributing anything back. There is a reason why these permissive licenses are called the cuck licenses and I wish that more people would start caring about the license they publish their code under, but the sad reality is that, especially in the rust community, the MIT and Apache 2.0 licenses became the de facto standard, and that was without much pressure from the big corporations, though rust has its origins under the umbrella of Mozilla so it's not that surprising given this context.

[–] blob42@lemmy.ml 2 points 2 years ago* (last edited 2 years ago)

I am aware that permissive licenses became the defacto form of licensing for new projects thanks to years of propaganda from big corps and especually Microsoft, who bought Github mainly for this. I never paid too much attention until I realized the potential for Rust projects to be widely adopted for replacing a big portion of copyleft libraries. This coreutils project was just an example to make the point, it seems very convenient and it is easy to dismiss the licencing choice as a coincidence. On the long term this might have huge implications a few generations ahead when big corps don't have to contribute nothing anymore to society. Look at what is happening with ~~Open~~CloseAI, open source models are lagging behind because there nothing equivalent to GNU/Copyleft in this field, thus we end up with a big corp mostly owned by Microsoft holding a life changing technology in its hands and hindering the progress of all society.

[–] nous@programming.dev 0 points 2 years ago (1 children)

However, it’s still definitely not proportionate to the value that the community contributes back and basically gives to the corporations for free with most of them packaging these libraries and binaries and selling their software for much higher profit without ever contributing anything back.

I think you massively underestimate how much corporations contribute to OSS technology. Even the linux kernel has over 80% of contributions being from people paid to do so:

The number of paid developers is on the rise, as companies aggressively recruit top Linux talent. More than 80 percent of kernel development is done by developers who are being paid for their work. Volunteer developers tend not to stay that way for long.

https://www.linuxfoundation.org/press/press-release/the-linux-foundation-releases-linux-development-report

If you removed all that support, and everything RedHat, Canonical etc have done then the Linux land scape would be baron today. Hell even Debian is basically backed by corporate sponsors to fund their work.

And after all of that, if corporations did not use Linux or any OSS projects at all then there would be far fewer people getting introduced to it at work, then wanting to contribute back in their spare time.

So even if companies take far more then they give back, they also give back far more than people doing it for the love of the software. And while some companies might be much more of a leach off what OSS provides, overall corporations give a lot back to the OSS movement.

the MIT and Apache 2.0 licenses became the de facto standard, and that was without much pressure from the big corporations, though rust has its origins under the umbrella of Mozilla so it’s not that surprising given this context.

There is actually a big pressure here, libraries under the GPL are very toxic to companies (binaries, like the kernel, much less so). If you base an entire core of a languages library under the GPL then no major company would ever touch that language. This would basically doom the language to a forever niche language. All major languages have a huge amount contributed to them via companies - most having been created by companies to begin with. Most of the popular libraries are written by people who are hired to write in that language and write these things if not while they are being paid to do so then because they might want to use the libraries during their jobs.

The LGPL might have mitigated this a bit, but companies are still wary of it. And every barrier put up would stunt the languages growth.

We live in a world dominated by corporations and what they do - volunteer effort (while still valuable) is just a drop in the ocean. A software license wont change this, but can have dramatic consequences on your product depending on what it is you are developing. And the GPL is not always the right choice for a project, especially a library.

[–] zeerooth@lemmy.antemeridiem.xyz 0 points 2 years ago (1 children)

To be honest I expected nothing else from the Linux kernel as by now it's so widespread and essential to so many companies' operations that they need to have their dedicated developers to make patches and push new features into the kernel. The notable fact though is that Linux is licensed under GPL and somehow the companies still embraced it, so it's not as "toxic" to them as expected. I am aware of the fact that Linux and most other popular GPL projects are mostly contained to binaries and there's even one notable example with the ogg vorbis audio format where Richard Stallman himself decided that relincensing it under BSD license instead of the LGPL would improve its adoption over the patented MP3 so clearly GPL isn't always the right choice, but if people don't actively push for copyleft licenses then we'll forever be stuck in a world of companies actively blocking the spread of knowledge, selling us software filled with DRM and proprietary software, making insane profits, but graciously letting a few developers to contribute some of their company time back to these open source projects. I don't think it's fair and GPL may not be solution for all the problems, but what else it to be done?

[–] nous@programming.dev 1 points 2 years ago

And that is what it comes down to - binaries vs libraries. For a binary GPL is not that much of a problem for corporations, they can still work with it without giving up their propriety code they ship with it. But for a library, that would force them to give up everything which is a step too far for most corporations. If a language used GPL licences for the majority of their library code then it would basically discourage corporations from using those libraries - and without libraries how much use is a general purpose language?

then we’ll forever be stuck in a world of companies actively blocking the spread of knowledge, selling us software filled with DRM and proprietary software, making insane profits

I don't think we would. Remember, rust and go are both languages written by corporations, with a large number of libraries written by people working for those corporations with most of the libraries still being open source under permissive licences. If the GPL did not exist would that change anything here? And the same goes for NPM, and python packages and a lot of other popular languages. Corporations do give back to these projects, quite a lot, much more than pure volunteers at any rate. Yet they don't need to given the MIT/BSD licences, they still do.

Now, some companies do leach far more then they give back. But that does not diminish the amount that companies overall have given to the OSS world.

I don’t think it’s fair and GPL may not be solution for all the problems, but what else it to be done?

There are instances where it is unfair. And those instances the GPL does not actually help as much as you think. Like the amazon profiting off offering elastic search as a service without giving much back to the project. If they have not made any major changes to the code base they are well within their rights to sell it as a service under the GPL. Hell, they don't even need to share changes they do make unless they start distributing the binaries - which does not happen when offering it as a hosted service.

And you wont stop behaviour like this from the greedy corporations with some copyleft licence IMO - if what you make is popular and has a licence that stops them from using it then they have the resources and reach to create a competitor that out classes your solution. Licences wont solve that problem at all, that is just an inherit flaw with the capitalistic world we live in. Copyleft licences are just a band aid over that real problem so there is only so much they can really do, and which is further weakened by the cost of trying to enforce the license. Without the FSF which is another corporation fighting on the behalf of individuals, the GPL would not be worth anything, a licence is only as valuable as your ability to enforce it.

So really, the whole system is just broken. But even in this broken system, permissive licences don't get abused nearly as much as they could be. Corporations have realised there is some value in having multiple others maintain common tools and libraries they use to build things. And so they continue to invest in OSS projects (more and more in recent years compared to the earlier days).