Just sharing a post I created today that’s a plead to Futo to not attempt to create their own open source definition:
I’ve shared this in Futo’s zulip chat, yet to receive any official feedback, but thought the subject might be of interest to others here. With these types of conversations with projects I always try to position my input in a understanding way, in an attempt to open a constructive path forward, but it can be hard not to come across as somewhat pedantic. I’m open to feedback if there are ways this kind of thing can be better positioned.
Even if it’s of no good, I cannot help to feel a bit of schadenfreude when the “open source” people get eaten by the pragmatist monster that they created.
In a more constructive manner, I don’t think there are any objective arguments against the kind of reframe that Futo is doing here. Once you have admitted that “open source” is just a technical issue that happens to lead to good software, how can you oppose this without hypocrisy?
I’m wondering who is behind FUTO. There’s no transparency on their website about who started it or why. The listed address is the address of the Young Financial Group, which is a financial advisory organization not an investment organization. Managing finances is complicated and important in this world. So maybe some well-intentioned people hired the Group to help them be successful and is using their address because they don’t have a proper business address (yet?). But the lack of transparency around leadership, or alternative form of organization, makes me nervous.
Louis Rossman does work and is actively involved in Futo (joined on later, had previously received support/funding from Eron for Louis’ causes).
Other than that I’m unclear. The Immich project team recently become part of FUTO. Their GrayJay app developers seem to be directly part of FUTO too.
From what I’ve seen, I believe they’re trying to do a good thing, but have built FUTO up advertising “open source” as a core pillar while, maybe not familiar with what open source means to many, and actually wanting a level of control that’s in contention with what many consider open source to be. The CEO also comments on the received criticisms of their use of open source in a video here (14:11) but doesn’t reflect a full understanding of what those criticisms actually were.
Yeah, I can’t agree with the direction of their rhetoric. The first 2 people were so focused on ownership and the idea that the people who originally wrote the software should be the ultimate authority on what is and is not OK. The whole point of FOSS is acknowledging that once I put my work out into the world it is no longer mine - it is now a part of the world - and the people who are using it deserve a say in what it does.
They are pointing at legitimate problems. It is true that malicious actors can easily take FOSS projects, tack on some malware, then distribute this while fraudulently claiming that it is an unchanged build. But their suggestion that the original developers should be the ultimate authority on what constitutes malware is impractical. I might disagree with them about what I consider to be malware, because ultimately it is a relative term: malware simply means that the software is doing something that the user did not consent to. Plenty of people are fine with tracking cookies for personalized advertising. I am not. On their machine it is software while on my machine it is malware. There is enough room in this world for many different perspectives.
Like I said there is a legitimate concern here about malicious actors. But there are other ways of handling it. For example, reproducible builds help us prevent people from maliciously modifying the source. The developers can sign the hash of the output files, then anybody can help with distribution because the user only needs that one small bit of information from the developers. This also makes it more feasible for auditors to operate efficiently, because they can review the source (including build files) then sign the same output hash to indicate that there is no malware. One auditor might be a government who certifies that the software complies with state laws. Another might be the FSF who certifies that it respects user freedoms. And each user can decide which set of auditors they trust.
Yeah, I totally agree. I believe they are trying to do something good, and that they believe they are tackling those legitimate problems, but maybe they lack the experience/understanding in this very specific domain to understand why the freedoms provided by open source are important, and what their impact of pushing an alternative definition could be.
Yesterday Louis offered to answer questions I may have in a Reddit thread here, so I’ve asked some questions and am just awaiting a response.
My questions for those that don’t want to access Reddit:
Have your read, and do you understand the concerns of my blogpost?
If you’re choosing to continue with your own definition of open source:
Why do you need to use “open source” instead of helping establish an alternative that doesn’t hinder/affect the definition that many believe in? Especially as you have some resources and the audience to do this.
Do you not think the ability to fork, and for projects to grow under new/alternative leadership, is a fundementally important factor to open source?
Agreed. They seem well-intentioned and are publishing code under open source licenses which is a good thing. I’m a little sensitive to the impulse to solve problems by selecting some person/people to control things for personal reasons. I think that it causes more problems than it solves in the long run, but it’s an easy trap to fall in to because it solves a lot of problems very quickly in the short run. So the arguments about making sure that the developers can control how other people use their work hit a nerve.
Still, in spite of the impactful disagreement we probably have more in common than not, and we can support each other while still acknowledging that the differences matter.