alt Hacker News"Bad guys can't use it" is per definition incompatible with free software.
For this author's definition of "bad guys" (megacorps), AGPL is probably the easiest poison pill. As with all poison pills, this will also make many (most?) "good" users unable to use it.
This project is no curl or database engine, it seems to be a slightly easier way to set HTTP response headers. I bet most of the uses are transitive (someone using something that uses something that uses a framework that uses something that uses this project).
In particular, this project is something small enough that nobody will pay for it, not because it's not worth it, but because the friction of paying for it is higher than rewriting it from scratch. And "the bad guys" are unlikely to use it directly in their major products due to the pure nature of it.
In most cases, but especially this one IMO, you just get to choose wheter to contribute to the commons, the actual commons, for everyone, including "the bad guys" - or not.
Replies
Since the author mentioned trying to find a general solution, not one just for his project - here's one that could work:
Make a new standard license similar to the GPL, but one that includes machine-readable payment requirements, each consisting of:
- a UUID
- a minimum profit threshold
- a license fee, either a fixed amount or some well-defined formula (you'd probably want an inflation adjustment system)
- a recipient
Anyone who wants to use the software can do it, but if you cross the profit threshold, you have to pay, once per project. Dependents would naturally inherit the payment requirements of their dependencies, but you'd only pay once per dependency even if it was used in multiple projects (hence the UUID).
With high enough profit thresholds and small payments, this should avoid the license from becoming toxic:
* If you aren't a megacorp, you don't care because you're not hitting the thresholds.
* If you aren't a megacorp but dreaming of becoming one, you still don't care, because if you do become one, you can afford the cost, and the combined cost (payments + compliance cost) is well understood and limited.
* If you are a megacorp, you still don't care, because we're most likely talking about peanuts and the machine readable descriptions make it practical to comply, and you get a "software bill of materials" out of it as a side effect.
This relies on the minimum profit thresholds being high enough and the license fees low enough. This could be achieved by the text of the license itself being licensed only as long as you keep within certain thresholds.
Building a new license ecosystem and the critical mass behind it is a tall order, but I think this way it's not hopeless-from-the-start. The design isn't meant to "capture a fair share of the value" or anything like that, it's meant to be minimally toxic (because that's a hard requirement for having a chance of becoming popular) while still delivering some minimal contribution to big projects with a lot of dependents.
I was originally planning to suggest a revenue threshold, but I think profit is better, as it excludes nonprofits, startups in the starting-up phase, companies that aren't money printers, etc.
> "Bad guys can't use it" is per definition incompatible with free software
It's incompatible with 1 definition of free software. More and more developers are unhappy with this definition.