← Back to context

Comment by tazjin

2 days ago

My current take is that if you start an open-source project now, you should go full AGPL (or similar copyleft license), and require a CLA for contributors.

If your thing ends up actually good you now have a defence against exploitation, and a way to generate income reliably (by selling the code under a different license). afaik, organisations like the FSF even endorse this.

11 comments

tazjin

Reply
heavyset_go  2 days ago

AGPL is my first choice of license, but its efficacy does not necessarily come from its teeth, but from the aversion legal departments have towards the license. It's similar to how the GPL used to be, or still is, treated. Along with compatibility with other AGPL projects, that's the reason I use the license.

There are situations that the AGPL does not cover that could be considered leeching from the commons.

I think we need stronger licensing, and binding contracts that forfeit code recipients' right to fair use in order to hinder LLM laundering, along with development platforms that leverage both to limit exploitation of the commons.

matt-p  2 days ago

I agree, I'm quite curious on what feelings are about still putting it in a public GitHub repo?

AI models will train on your codebase, unethical actors will still take it and not pay. Others can give the .zip to Claude and ask it to reimplement it in a way that isn't license infringement. I think it really turns open source upside down. Is this a risk worth taking or best to just make getting the source something that's a .zip on a website which the models realistically won't train on.

  • TeMPOraL  1 day ago

    Or maybe ask yourself why are you doing open source in the first place?

    AI training on your code is success if you care about your code being genuinely helpful to others. It's a problem only if you're trying to make money or personal reputation, and abusing open source as a vector for it.

    • matt-p  10 hours ago

      This is fair, but it restricts the number of open source contributors massively if that's the criteria.

      Let's say I'm a company and I have this library I've developed at enormous expense. The company is happy to share it so long as competitor X a big multi-national corp doesn't get it for free. Is it better that it gets open sourced as GPL3 with commercial use on application, or better it stays closed source?

      Let's say I'm a developer trying to get a job, I pour months of my time into a new project that's open source, of course I want that attached to my reputation, because that's a part of how I get my new job.

      The number of people who can code for free and are happy to not attach thier name and to watch as big AI labs profit off their work while they can't afford rent is super close to 0.

    • nz  1 day ago

      Just to add to this. Open source for money has been a dead end for a long time, except for the (increasingly rare) situations where people accidentally convert their open source _contributions_ into employment (I accidentally did this back in 2015). Open source for recognition/reputation makes a bit more sense, but it is also becoming increasingly rare. LLMs are super-charging the extinction, but this was also observable in 2021, when I wrote this: https://news.ycombinator.com/item?id=29714929 .

      Even before LLMs, I have seen people (shamelessly) re-implement code from open source project A into open source project B, without attribution (IIRC, a GPL C++ project [no hate, I use C++ too these days] basically copied the very distinctive AVL Tree implementation of a CDDL C project -- this is a licensing violation _and_ plagiarism, and it effectively writes the C project out of history. When asked about this, various colleagues[1], just shrugged their shoulders, and went on about their lives.). LLMs now make this behavior undetectable _and_ scalable.

      If we want strong copyright protections for open source, we may need to start writing _literate_ programs (i.e. the Knuthian paradigm, which I am quite fond of). But that probably will not happen, because most programmers are bad at writing (because they hate it, and would rather outsource it to an LLM). The more likely alternative, is that people will just stop writing open source code (I basically stopped publishing my repos when the phrase "Big Tech" became common in 2018; Amazon in particular would create hosted versions of projects without contributing anything back -- if the authors were lucky they would be given the magnanimous opportunity to labor at Amazon, which is like inventing dynamite and being granted the privilege of laboring in the mines).

      The fact is, if we want recognition, we need to sing each others' praises, instead hoping that someone will look at a version control history. We need to be story-tellers, historians, and archivists. Where is my generation's Jargon File?

      [1]: Not co-worker, which is someone who shares an employer, but colleague, which is someone who shares a profession.

      1 reply →

    • johnnyanmac  1 day ago

      I'd like to contribute to open source to help and empower people.

      Your environmental mission feels moot if you do a lot to help with greenhouse emissions and then proceed to also dump all the waste in the ocean. Your mission is "accomplished" by your hands and you are recognized as a champion. but morally you feel like you took a step back and became the evil you sought to address.

      Now apply that mentality to someone in FOSS who sees their work go into a trillion dollar industry seeking to remove labor as a concept from it, and the rest of society. Even of you are independently wealthy and never needed to make money to get by, you feel like your mission has failed. Even if people give you a pat on your back for the software you made.

    • jcattle  1 day ago

      > abusing open source as a vector for it

      It seems like you are very against open source not being an altruistic endeavor. Or that you should not make money with an open source project. I would like to challenge you on that.

      Would you say that the Linux Foundation is a net positive on the software ecosystem? How about big open source projects like curl or QGIS? How about mattermost or nextcloud? All of these have full-time employees working on them (The Linux Foundation generated almost 300 million USD of gross revenue in 2024).

      I would argue that good monetization is paramount to a healthy open source ecosystem.

      Both can be true:

      - AI training on your code is success

      - AI undermining the sustainability of your project by reducing funding is an issue

      Also, I see you haven't changed your mind much on the training LLMs being one of the major benefits of open source since the last discussion we had ;) https://news.ycombinator.com/item?id=44155746#44156782

    • grokys  1 day ago

      >Or maybe ask yourself why are you doing open source in the first place?

      I, like everyone started work on OSS because it's fun. The problem comes when your project gets popular - either you try to make it your job or you abandon the project, because at a certain point it becomes like an unpaid job with really demanding customers.

      2 replies →