| ▲ | the_mitsuhiko 19 hours ago |
| I know I am tooting Sentry's own horn a bit here, and since I was involved it is close to my heart. We struggled at one point with how to build a large company on top of an open source project, and we never liked the idea of simply carving out parts of the codebase and marking them as closed source (open core). At the same time, there was always the latent risk that even if you put 95% of the energy into the product, you were still not fully in control and someone else exploits the economic value without investing. Our way of dealing with this was delayed open source publication. That led to the FSL [1], and later to bootstrapping the Fair Source initiative [2] to establish an umbrella term that does not conflict with Open Source. What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive. I actually still find that surprising. I would like to know whether this is a legitimate concern that two years is not enough, or mostly a perceived one. To me, moving to an Apache 2 or MIT license after a relatively short period is a much stronger statement than a license that risks the project effectively ending if the commercial entity is unwilling to relicense it more openly at the end of its life such as the O'saasy license. [1]: https://fsl.software/ [2]: https://fair.io/ |
|
| ▲ | bberenberg 18 hours ago | parent | next [-] |
| Isn’t the “solution” for Sentry that deploying it is such a pain in the ass that no one bothers to really do this? I haven’t checked in years but that always seemed like the real competitive blocker? |
| |
| ▲ | mechsy 17 hours ago | parent | next [-] | | If you need less scale/features go for glitchtip. If you’re not going for k8s, the self-hosted docker-compose version of sentry works fine including proper releases and support by the sentry team etc. Just experimental newly introduced features can be a bit wonky.
They are doing much more than just throwing code over the fence. Also phone home telemetry is optional and there’s a switch for just errors mode. IMHO this really builds trust.
With regards to deployment complexity: well it’s built for handling high volumes of events. I’d reckon this is more a consequence of scaling the project rather than a coordinated plan to push people to their cloud offering.
If you do go for k8s or choose to deploy the stack yourself, you even get access to the full scale solution. But if you’re at that scale, you probably have someone hanging around who knows how to run your clickhouse setup. You still get the full sentry software and SDKs for free in that case. I think this is as fair as it gets with regards to the open source SaaS model. | | |
| ▲ | homebrewer 17 hours ago | parent | next [-] | | This may very well be caused by my incompetence, but Sentry's docker-compose setup has never survived for more than a few months under my control. Something always destroys itself without an obvious reason sooner or later, and either refuses to start, or starts and doesn't really work. I tried updating it regularly, tried never updating it, getting the same treatment either way. | | | |
| ▲ | bberenberg 17 hours ago | parent | prev [-] | | I did not intend to be critical of their work. They're doing OSS as best as they can and good for them. I am just saying that it's a different beast if Sentry is OSS vs a much simpler to operate OSS product. Licensing matters less when the operational cost acts as an inhibitor to adoption of your OSS offering. | | |
| ▲ | mechsy 16 hours ago | parent [-] | | True, opportunity cost is a factor, sorry if my reply sounded a bit brash. IMHO they are one of the few orgs who got this model right compared to lots of others who went the open core or support/consulting contract required OSS route. |
|
| |
| ▲ | vanschelven 7 hours ago | parent | prev | next [-] | | Earlier discussion on Hacker News: https://news.ycombinator.com/item?id=43725815 I'm personally on the fence how much of it is intentional... from the_mitsuhiko's side it probably isn't, but "the purpose of a system is what it does" and all. | |
| ▲ | veeti 7 hours ago | parent | prev | next [-] | | Don't believe the salesmen, self hosting Sentry has been the most liberating feeling in a long while. Buy a cheap dedicated server with 64 gigs of RAM from Hetzner, run their install script and it's literally up and running. I'm processing volumes that would bankrupt me on their managed service without breaking a sweat. | |
| ▲ | Nextgrid 17 hours ago | parent | prev | next [-] | | Agreed. It was easier for me to rebuild parts of it for my own use than to self-host it. At my scale, a single DB works well as a datastore instead of Clickhouse/etc. But then again I think this only prevents small players from "competing" by self-hosting, so the revenue loss there would be minimal either way. Large enterprises are too incompetent to even self-host a single self-contained binary, so for those the availability of source code and ease of hosting would make no difference, they would still use the SaaS. | |
| ▲ | the_mitsuhiko 16 hours ago | parent | prev [-] | | > Isn’t the “solution” for Sentry that deploying it is such a pain in the ass that no one bothers to really do this? That Sentry is a pain to deploy is not really intentional, it just happened over the years. However because it's a pain to deploy it also opens up a market for people that create managed deployments so I would say, that if anything, it made it worse. For self deployed Sentry you do not need to pay cent, the license explicitly allows it. |
|
|
| ▲ | actionfromafar 17 hours ago | parent | prev | next [-] |
| The end of life problem can be solved by source code escrow, with a clause putting the code under an open source license and published in case of the demise of the owning cpmpany. |
| |
| ▲ | Kerrick 4 hours ago | parent | next [-] | | With O'Sassy specifically, the end of life problem solves itself. If the original vendor stops offering the software, a third party offering the software is not competing with the original vendor. Thus, the third party can offer paid hosting for the software if the original vendor does not. Or am I reading it wrong? I am not a lawyer. | |
| ▲ | ta2234234242 14 hours ago | parent | prev [-] | | If the company is sold for its assets is the code released to the public? Or removed from escrow and kept private? | | |
|
|
| ▲ | cobertos 18 hours ago | parent | prev | next [-] |
| Why not just release the software after your set threshold of time versus opening it up with such a license? To get eyes on it before-hand? Also how does this work with contributor contributions? Does the owning SaaS get the benefit of contributor work instantly while everyone else has to wait 2 years? What about the contributers themselves? |
| |
| ▲ | the_mitsuhiko 16 hours ago | parent | next [-] | | > Why not just release the software after your set threshold of time versus opening it up with such a license? That requires trust that the company will do this. The FSL is irrevocable and comes with a future promise. > Also how does this work with contributor contributions? The same way as any other thing with a CLA works. If you don't have a CLA, then you have a bit of a mess. | |
| ▲ | rcxdude 17 hours ago | parent | prev | next [-] | | presumably because a) it still allows the source code to be available and used for the 'permitted purposes' (i.e. anything that's not directly competing), and b) it represents a concrete commitment to open up, not just a pinkie promise (even if they were to have a license or contract which promised it, it would not be as easy to rely on as actually having the source code published. Companies have reneged on such promises before). And yeah, by my reading essentially people can contribute code or publish patches (with just a plain MIT license in principle), just the original and derivatives still can't be used for non-permitted purposes until the timer is up. | |
| ▲ | Nextgrid 17 hours ago | parent | prev [-] | | > Why not just release the software You may want to allow certain uses (self-hosting, etc) even before it transitions to a fully open-source license. Having access to the source code can also help SaaS users debug certain situations. |
|
|
| ▲ | ignoramous 17 hours ago | parent | prev [-] |
| > you were still not fully in control and someone else exploits the economic value without investing O'Sassy came up recently in one of the forums I lurk in [0], and as discussed there, I tend to agree with Adam Jacob (SystemInit) and others that FSL is definitely one way out but doesn't totally solve the commercialization aspect, because the code & all that IP is still readily available. Adam, in this talk [1], argues that like RedHat (and unlike Canonical), Open Source businesses must learn to separate source license from distribution license and if they do so, the money is there to be made (in a b2b setting, at least). > What I have found interesting in the years since is that many companies are wrestling with the same problem, but feel that the two year head start the FSL gives is too aggressive. ... if the companies conflate Open Source and business models, rather it being merely a Go-To-Market (like open core). Especially true for dev/infra upstarts competing with incumbents (PostHog v Amplitude; GitLab v GitHub [2]), and lately for AI labs (DeepSeek/Qwen/Llama v GPT/Gemini/Claude). In a role reversal, BigTech also uses Open Source to commodotize its competition's advantages (Android v iOS; k8s v Swarm; Firefox/Chrome v IE) [3]. [0] https://forum.fossunited.org/t/6878 [1] https://www.youtube-nocookie.com/embed/watch?v=rmhYHzJpkuo / Summary: https://gemini.google.com/share/e21cd1bacff6 (mirror: https://archive.vn/Jzhk3) [2]
https://www.heavybit.com/library/video/commercial-open-sourc... / https://archive.vn/jQh27 [3] https://gwern.net/complement / https://archive.vn/QITxC |
| |
| ▲ | zeeg 10 hours ago | parent [-] | | The issue is these are mostly academic points of view. Sentry’s model on the FSL (and previously the BUSL) has shown to be working just fine at scale. Whereas, for example, trademark protections have shown to fail easily. So people can argue it doesn’t work, but so far we only have evidence to the contrary and Sentry is quite successful. | | |
| ▲ | ignoramous 7 hours ago | parent [-] | | > So people can argue it doesn’t work, but so far we only have evidence to the contrary and Sentry is quite successful So, RedHat has also been successful? GP says that some companies don't find FSL aggressive enough, despite it having worked nicely for Sentry. And that's similar to the point Adam makes: That Open Source (per OSI not FSF) is a development model not a business model. Companies that don't want/need to prioritize collaboration tend to use FSL / BUSL / etc; but those licenses aren't really going to significantly change their development or business (other than prevent competition from using it as-is, but now the code is out there anyway [0][1]), and so they might as well go close source (and Lockdown the code, too). > issue is these are mostly academic points of view Both, commodotizing competition (through OSS) and using OSS as Go-To-Market aren't academic PoVs, I don't think. [0] And trained on by LLMs, which makes cloning probably that much faster? https://x.com/paultoo/status/1999245292294803914 / https://archive.vn/kTiyZ [1] Companies will deep pockets and technical expertise can/will anyway clone it: https://bcantrill.dtrace.org/2018/12/14/open-source-confront... | | |
| ▲ | zeeg 5 hours ago | parent [-] | | I'm not talking about RedHat, I'm talking about the perspective that "FSL / BUSL aren't effective enough". They solve the problem. O'saasy is just freeware at the end of the day, FSL creates more open source, and BUSL often has (though unfortunately the license doesnt require it). The idea that FSL ~= Closed Source is entirely wrong and misunderstands the value that an open distribution gives. We have 10s of thousands of customers that run Sentry self-hosted. We regularly get contributations back to our core service - both in code and (what we prefer) other artifacts like feedback. We were "Single Origin Open Source", which is extremely common whether people like to believe it or not. Its the entire premise of the sustainability issue in the industry. Thats not just an issue for commercial entities, its also most of the big open source software people rely on. In our case though we have a great business model that makes it entirely sustainable, and now have built a solid licensing mechanism around it that protects that, while ensuring our community is still successful. Ive written about a lot of these kinds of things: https://cra.mr/open-source-is-not-a-business-model
https://cra.mr/open-source-and-a-healthy-dose-of-capitalism
https://cra.mr/the-busl-factor These same issues around single origin open source are why we started the no-strings-attached funding mechanism via Open Source Pledge (https://opensourcepledge.com), why we push Fair Source (https://fair.io). Maybe others will find defensible models, but I'm skeptical. I also respect Adam, but last I understood it the model they were going after sounded pretty similar to trademark protection (which doesnt work). |
|
|
|
