Comment by MBCook
4 days ago
This is a very well written announcement. It immediately defines OPA (for people like me who don’t immediately recognize it). It says what’s not changing for people, and says where things will go.
Congratulations to the team.
> It says what’s not changing for people
For the people who are currently experiencing the first time a project they heavily used gets acquired by a for-profit company, it's worth remembering that everything written is "As it stands currently", which can change at any time.
It wouldn't be the first time the founders/company/project said "Nothing will change now when we got acquired" only for it to shutdown/change drastically just months after.
And the other side of that coin is ...
Lots of FOSS maintainers are happy to bitch and moan about how they are doing god's work for little or no remuneration. They are of course, quite correct to do so, it is indeed hard work, long hours, poor or no pay.
But, and its a big BUT .... you can put all the donation, crowdfunding buttons that you like on your GitHub page. The reality is that will only get you so far.
So there is a lot to be said for corporations that recognise the work and are willing to pay an old-school salary to the maintainers. It provides life-stability for the maintainers, and it provides product-stability for the corporation ... win-win.
And in 2025 the reality is that corporation thinking on open-source is a far cry of what it was back-then. In the majority they are far more enlightened and open to contributing-back.
Yes it will never be sufficient for the die-hard FOSS greybeards. But even a billion dollar corporation cannot possibly put dollars behind every single tiny piece of open-source software it ever uses. You have to pick-and-choose, its just the reality of life.
Finally, regarding the FUD about "oh, its going to be shutdown tomorrow". That road is paved with examples where it DID NOT happen ... I seem to recall that the usual suspects (Redhat / Canonical / IBM etc.) all employ a great deal of maintainers of various critical parts of Linux. As far as I can tell the output of those maintainers taking the corporate dime has neither suffered or been shutdown.
>But, and its a big BUT .... you can put all the donation, crowdfunding buttons that you like on your GitHub page. The reality is that will only get you so far.
I agree. Most people simply won't donate, be it individuals or companies using the tools.
>In the majority they are far more enlightened and open to contributing-back.
Ehh, it's mixed. A few companies won't mind going open source, some "open source", and many "open source but not really". Just having your code readable isn't the FOSS menality, and that's pretty much where the buck stops.
>Finally, regarding the FUD about "oh, its going to be shutdown tomorrow". That road is paved with examples where it DID NOT happen
Suvivor's bias doesn't really feel reassuring here. And just because it's not shut down doesn't mean it won't be subject to corporate rot. That's honestly worst than an honorable death.
See Xamarin, and what is left of it in 2025, as a good example.
Styra was also a for profit company. The project is part of CNCF though.
I was left with the somewhat opposite feeling. I still don’t know what OPA actually is or does. It has a nice paragraph describing it without saying anything at all.
OPA solves the problem of defining and enforcing policies across a system. Some examples:
- How do I enforce that inbound API requests come only from trusted sources?
- How do I enforce fine-grained access to user records?
- How do I enforce a set of naming conventions for a data update?
Many such policies may come from regulatory requirements, may be regional in nature, and may change in otherwise stable codebases. And it's even harder when you're applying this to a highly-scalable production internet service. As a result, defining policy at an organizational level with auditing is a challenge for large enterprises. OPA helps enterprises administer and enforce policies.
More details on what OPA does here: https://www.openpolicyagent.org/docs/philosophy
And you can see some examples of Rego (the policy language) here: https://play.openpolicyagent.org
That's still not saying what it is, though. Is it a thing you put in front of your backend to allow/deny requests? Is it an endpoint something like nginx calls with an auth token and the http verb and url that responds with 200/403 that nginx can react to? Is it a library you embed in your application? Is it an agentic AI?
It's as though you're describing a car to someone who's never seen a car before by listing all the places you can go in a car.
1 reply →
I guess I’m familiar with the general concept/domain it’s in. I haven’t used it myself, but having it spelled out was enough base knowledge for me to grab on to.
Looking again, I see your point. If you don’t know what it is having the acronym spelled out doesn’t help much at all.
Still it clears the low bar provided by those announcements that just say something like:
“BEOTZ’s developers are joining Flmp.io. As well all know BEOTZ is popular and Flmp.io is a top provider to enterprises. We look forward to exciting things coming soon.”
The nice things about such an obituary is that it isn't a person so we don't have to feel bad and we don't need to know what it was going to do.
> It immediately defines OPA (for people like me who don’t immediately recognize it)
Outer Planets Alliance. Bloody terrorists they are.