Comment by bsgeraci
5 hours ago
Great question and I think about this a lot. I chose MIT deliberately and I'll explain why.
My graduate research focused on common computer security misconceptions — one of the biggest being that open source is inherently insecure. The algorithms and systems we trust most are the ones open to public scrutiny. AES was selected through an open competition where every candidate was published for the world to attack. TLS, SHA-256, RSA — their security comes from transparency, not obscurity. I believe the same applies to software infrastructure.
Could a bigger player take this and run a competing service? Sure, MIT allows that. But I'd rather have the code out there being used, audited, and improved than restrict it to protect a business model I don't even have yet. If someone like AWS wraps this in a managed service, that honestly means I built something worth wrapping — and the open version still exists for anyone who wants to self-host.
I've thought about the Canonical model — paid support around a free product — and I might go there someday. But I don't have years of production use behind this yet. We all start somewhere. Right now I'd rather focus on making the software good and building a community around it than optimizing a license for a monetization strategy that doesn't exist.
AGPL is a valid choice and I respect projects that use it. But for me, MIT is a statement about what I actually care about — the code being out there for everyone.
Yours is truly an informed and well thought out decision! I appreciate it, and enjoyed reading your reasoning; thanks for the clarity and props for the whole effort of this project!
I agree that an extreme of the permisiveness is indeed the most likely to attract major usage. On the other hand, its freedom is more fragile. All is well with each project striking the preferred balance in that axis.