Update ownership and license #2943
Conversation
Pull Request Test Coverage Report for Build 12762300226Details
💛 - Coveralls |
Qodana for .NETIt seems all right 👌 No new problems were found according to the checks applied 💡 Qodana analysis was run in the pull request mode: only the changed files were checked Contact Qodana teamContact us at qodana-support@jetbrains.com
|
|
Sorry to chip in. I just noticed that the Apache 2.0 license mentions was completely removed. I'm not a lawyer, but I don't think you can re-license the entire project like this without obtaining the consent of all the contributors. If there are contributors who do not agree to the new license, then you would have to maintain the original Apache 2.0 license for that code contributed under it. Upd: I also do not see on https://xceed.com/products/unit-testing/fluent-assertions/ which version this license applies to. I would expect that v7 and earlier are not affected, as you cannot claim the license for past releases according to Apache license, and that the new licensing applies only to v8 and above. However, it would be helpful if this were explicitly mentioned so others could avoid any hassle and confusion. |
|
Does this update mean, some has to pay now to use FluentAssertion? |
The Apache license for v7 already granted you a "perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license", they can't take it away retroactively. |
This is correct. v7 will remain free indefinitely and will still receive critical fixes. v8 will only require a license when you use it in non-commercial projects. |
|
@dennisdoomen can you please address the questions posed by @ScarletKuro? Specifically, do you have a CLA that grants you this authority, or have you obtained consent from all 222 contributors? |
|
Thank you all for raising these important questions. Fluent Assertions' transition to a dual-licensing model has been carefully planned in compliance with standard practices for open-source projects. The new commercial version (V8) represents a significant evolution of the library, incorporating improvements and features that were developed under the direction of Xceed and the original creators. These updates are governed by the licensing terms specified for this version, which differ from the Apache-licensed versions. Regarding your concern about contributor consent:
If you have further questions or concerns, feel free to reach out. Transparency and clarity are key, and we’re happy to provide more details. I've personally invested almost 15 years of my private time in this project, and I am really happy with this new development. Once again, v7 will remain free indefinitely and will still receive critical fixes. v8 will only requires a license when you use it in commercial projects. |
This does not seem so simple. There are companies contributing to FOSS projects that are then used in their enterprise packages provided to other enterprises. How does this licensing work then? It makes this situation very complicated, putting others in risk of violating the license. |
I don't get that scenario. FA is just a unit testing project that never gets shipped to anybody else in a package. Can you elaborate? |
|
One question about the new license agreement. I've seen a file in the commit Src/init.ps1, that will check the windows register. Don't you think that only for this reason the most of the developers will leave of use this library?, and that in 1 or 2 years this project will be finished?. |
You mean commercial projects. |
I understand that it depends on who runs the FA included components. FOSS doesn't guarantee that it will be the packager in every case. Whole FOSS projects can be privately packaged and used in enterprise environments, but this involves running FA in completely different environment (not any more in a free open source environment). |
Yes, sorry. That's what I meant. |
|
I think it would be fair to include this info in the https://fluentassertions.com/upgradingtov8 guide? Also, could you point me to some info about the pricing for commercial projects and how to obtain a commercial license? |
|
Which license is needed for commercial software running Tests with FA at a buildserver with every developer at a company can review the results? |
To mention the change of license? Yeah, make sense.
|
Thanks a lot! Well, it's not entirely cheap, especially for a team of 100+ devs. We'll stay on v7 now and long term either wait for a fork of v7, or migrate to Shouldly or another alternative, I'm afraid. Thanks a lot for your great work on FluentAssertions! |
|
Few questions:
|
|
I don't understand the pricing model, we have 100+ devs working on 100+ services. Half of those services are using FA meanwhile, all the devs have access to build servers that build those services using FA... I'm a little surprised this move doesn't switch to a new repo/package while sunsetting this FA repo in its current state at version 7 with the Apache 2.0 license. |
|
Please, visit a professional instead of showing your issues to the public. This mindset you're presenting does not only represent the usual compliance nonsense that is absolutely meaningless for IT security, it's also blatant racism to the core. The logical argument of Person has WeChat linked -> Person is Chinese -> Being Chinese is a security threat -> Chinese bad is just one thing: pure racism. It's not even based on a single fact after all. I sincerely hope you're not responsible for security in your organization because otherwise they should put a competent person in that position. This discussion takes place in a repository that was owned by somewhat reputable Dutch person that sold their project to some shady Canadian business that makes money with bogus software and broke the license agreement of the content of this repository. This fact alone should prove that the origin of the owner of a project is meaningless, let alone their perceived status. Also, when it comes to security: this license change was done without any proper announcement under the same name and in the same NuGet package. The new version contains a powershell script that is executed during installation that executes arbitrary code to open a website. If you would really care about security, you would go crazy about this stuff. Instead you're showing off some racist attitude in here. |
The Co-Founder of MudBlazor has WeChat, speaks Chinese, and has worked with Chinese. Apparently, according to that logic, he’s a Chinese spy and MudBlazor is his cover 😆. Though, you can Google him and find his speeches at
Menzen doesn't even have WeChat, he has Matrix, which supports WeeChat (that what Snazzie probably saw), but WeeChat ≠ WeChat (aka the Chinese chat etc).
Honestly, you made my day. Stop hiding behind security, you are an absolute racist. |
Was thinking of the same example actually. There are dozens of Chinese people on the OSS community doing great stuff. It amuses me that some person writes about security and compliance while being unable to do the basic research to understand the differences between Matrix, WeeChat and WeChat. |
|
Haha this is as funny as the TikTok ban. I love the world nowadays |
|
I have been watching the situation since its beginning. My attention was drawn not so much to the discussion itself, but to the lack of any tangible reaction to it from the owners. The right questions were raised about the legality of changing the license. There is hope that some detailed response is being prepared by owners now and they are simply not in a hurry. Otherwise, an ugly situation will arise and this entire discussion will remain unanswered. |
|
There will not be any proper answer, other than "you can reach out to support@xceed.com if you want to waste time." Or maybe some corpo jargon. |
|
The funniest thing I've seen so far is that you will receive softwarnings even if you bought a license and you cannot disable them after all. Not only are there actually people taking the bait and wasting money on a license, they are being screwed over it at the same time. This fits the broader picture of all that happened but just underlines how unprofessional and rushed this move has been. #2963 |
All discussion here and there #2963 (comment) show that it is obviously not true. It's hard to believe that anyone thinks otherwise. |
|
Well, this blew up in your face, didn't it ? |
Still, 2.000.000 * 0 < 78.000*130 |
I would assume that 99.99% of those 78.000 are unknowing updates. Nobody in his right mind would pay $ 130 per seat. moq tried to do the same and reversed their changes pretty fast |
|
These 78k downloads are probabaly either dependabot-like services and/or people unaware of the situation at all, considering there's no agreement required in nuspec, only an obscure warning during build (I think?). Sure, there are some who paid (admittedly at least one issue was already created by someone who paid for it), but can't argue there's no impact with such a move. Also, yes, 1 * 130 is still more than 2m * 0, but the point still kinda stands. |
obviously only a tiny fraction of those downloads are paying customers. A download on nuget does not equal a purchased license. most will be accidental version bumps for people that are unaware or somehow missed the license change in the update. (including me, until i saw the video from @Elfocrash) Of course i support the author in his decision to try to monetize his work, but not in the way he dealt with this. He just threw his coauthors under the bus. This must be handled appropriately and not in a pull request without description or previous notice. |
|
Good job on getting funding for your project @dennisdoomen — getting paid for writing high quality open source software (especially in the .Net eco-system) is impossible unless you make moves like this. I think the haters should pay you at last an hour's worth of their own time for what they've used so far if they're also going to spew hate in this thread! |
The "haters" are people concerned about the ethics and legality of this move. This is NOT the way to make FOSS sustainable, for sure. Grouping the people who added nothing of value to the conversation with those who expressed legitimate concern is extremely disrespectful and naive. |
This is not about monetizing the project, this issue is about disregarding the opinion of many developers that helped raise this project to what it is now. All of the work, especially the work until the release candidate for version 8 was done under apache, but the final 8 release is now under a proprietary license. Imagine adding many contributions to a public project and spending a lot of time to develop fixes for a community project, only for your work to be kept and relicensed by a company that you are not at all related to and without your consent or even prior notice. That is not how this should be handled. Noone would've had a problem with the relicensing if the main developer had made a fork of this project to which he contributes his monetarized work. This is just not okay. |
|
I'm always happy to pay for quality software but I have serious concerns about switching to a $130/user license model. As someone who pays for GitHub Copilot and other dev tools, this price point for what's essentially syntactic sugar around testing feels completely disconnected from reality. This feels like a dramatic shift from the Apache license that contributors worked under. Many developers contributed improvements and bug fixes over the years - will they receive any share of this revenue? The pricing seems particularly tone-deaf given that this is a testing library, not an AI-powered assistant or complex development platform. |
@cn-ml Yeah, I see your point, but all that work is still in the open under Apache 2 and you can indeed use it as such; even sell it yourself. |
The changes made are only available as a pre-release version on NuGet. Alternatively you would need to compile that on your own. You're not seeing the point if you're arguing like that. The point is that everything has been relicensed and the old license has been removed which is in fact against the terms of Apache 2.0 Besides that: seems like comments are being deleted now. This is getting even more absurd. No proper statement from the owner so far, contribution acknowledgments are being removed from the readme and the so called "clarification" is not clarifying anything. How ignorant can someone be? |
(for @klemmchr )
(Based on the mail notification I received, your comment didn't seem in good faith to me. It may have led to witchhunting or incite harassment of users. It wasn't an argument nor help for a healthy discussion. So, the deletion does seem legit to me...) On a more on-topic side of things: The code could've been arranged in such a manner that it is extensible, most of the code is then made OSS (:tm: or not, idc) then any "Pro" features would've been extensions or other way of adding functionality. While also giving paying customers dedicated technical support and non-paying users would be then served in a public space (potentially github discussions). |
And the work of the project's contributors has - based on comments from contributors in this thread - been unilaterally relicensed under a commercial licence. The licence they contributed code under (Apache) doesn't allow for this without a CLA or consent. |
No description provided.