Bonum Certa Men Certa

Free Software Contributions and Real Threats

By Marcia Wilbur

To build or not to build!



Recently, there has been some discussion about “open source freeloaders”. It’s completely laughable for companies calling others freeloaders, when in fact, we are the contributors, developers, laborers of love and take ownership volunteering our time to projects these companies use.

Often corporations use our projects without giving anything back to the community.

This is true of many companies with “open source” projects. Often, there will be use of projects in ways one might not even imagine such as curling Windows repos, creating in-house projects based on all open source projects with no redistribution, no sharing and resistance to share.

In one corporate case, the original developers shared with an open license to GitHub. When confronted with this fact, I recommended placing the updated project files to the original repo and was met with strong objection to the point the product owner stated I was “stirring the pot” and demanded management “remove that github project”. Management would not as this is not one of “our company project repos” and we have no control over this public-facing project abandoned several years prior.

"It’s not a violation of license to build new software based on different packages and projects in-house and not share, but not in the spirit of our community."The original developers seemed to have best intentions but were let go and the project developed internally from their original.

It’s not a violation of license to build new software based on different packages and projects in-house and not share, but not in the spirit of our community. Some development, testing or any contribution is appreciated but not required. There is no monetary donation more often than not. Little to no consulting opportunities are available to project developers who have an eye toward community, at least from my perspective and experience.

From Red Hat’s commitment to open source: A response to the git.centos.org changes

June 26, 2023, by Mike McGrath

“Finally, I’d like to address every open source company out there, whether your code is open today or you’re considering moving to an open source model. By any measure, Red Hat has “made it” and I hope many open source companies can succeed as we have. You can decide for yourself whether downstream rebuilds are valuable for you and it’s your call to make it easy, or not.

Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity.

We don’t want that and I know our community members, customers and partners don’t want that. Innovation happens in the upstream. Building on the shoulders of others is what open source is about. Let’s continue to drive innovation, support one another and keep moving forward.”


Granted, most of us want the ability to modify and distribute and we do just this.

There are a few use cases for simply building without adding features.



Companies are not likely to pick up abandonware and include this as a dependency, even when they have the resources to do so. Instead, they will search out an alternative.

Take for example an open source project I worked on recently using pandoc. Rather than use @latest pandoc with xelatex for new features, the project used wkhtml2pdf. The company hired an in-house dev to work on the features we wanted when these were already available using @latest pandoc with xelatex!

"Again, while completely legal, this culture of selfish dependence without give back is more common in company culture than not. Freeloaders?!"The packages included in this in-house “solution” included unsupported and deprecated versions with of course, high security risk. The company created what I like to refer to as a “frankenapp”. There was no effort to work with any of the open source projects the company used, no effort to contribute to development. Some of the projects included: ImageMagick, Graphviz, batik, pandoc, wkhtml2pdf

Again, while completely legal, this culture of selfish dependence without give back is more common in company culture than not. Freeloaders?!

Ubuntu – fully supported example:

The packages for Edubuntu were divided and are currently divided by education level.

Packages include:

ubuntu-edu-preschool ubuntu-edu-primary ubuntu-edu-secondary ubuntu-edu-tertiary

The task at Kids on Computers was to evaluate which education projects or packages were used in a previous distro, Ubermix, used by schools in Mexico implemented by KOC.

The purpose of this was to sunset any Ubermix machine, but still offer the same tools, utilities and applications to students. Ubermix was hosting the ISO on the then Google plus platform.

"Does Canonical contribute to Scribus? So, what exactly is meant by “fully support”?"“Who does that?!”

While there were some beneficial features to Ubermix, Kids on Computers wanted to see if we could simply use the packages in a custom respin.

While evaluating the list of packages (dpkg –get-selections | grep install), I noted the packages from Ubuntu.

The interesting thing about these packages was what was inside. There was no indication *buntu had done anything but packaging.

This became more clear upon the realization a couple packages were no longer maintained projects.

So, take for example, ubuntu-edu-tertiary with many recommended packages. The packages listed include Scribus.

The control file for tertiary states:

Package: ubuntu-edu-tertiary Source: edubuntu-meta Version: 23.04.12 Architecture: amd64 Maintainer: Edubuntu Developers edubuntu-devel@lists.ubuntu.com Installed-Size: 10 Recommends: bijiben, calibre, cantor, chemtool, dia, drawing, fritzing, gbrainy, gramps, inkscape, kalzium, klavaro, kmplot, ktouch, librecad, libreoffice, lightspeed, arble-qt, melting, pdfmod, rocs, scribus, stellarium, step, yorick Section: metapackages Priority: optional Description: Tertiary Educational Application Bundle This package depends on all of the educational software for Tertiary grade level education that is fully supported by Canonical and the Edubuntu community.

How do they “FULLY” support?

So, I had questions.

I joined the Edubuntu devel mailing list and asked for the definition of "fully supported".

I went to the Scribus IRC and asked the question whether canonical contributed to the project.

Does Canonical contribute to Scribus? So, what exactly is meant by “fully support”?

Documentation, training, development or testing contribution? Forum, IRC?

Or, do they simply support the ubuntu-edu-tertiary package itself and separate themselves from the projects/packages they “recommend”?

This was Sunday August 13 at approx 9pm EST when I went to Libera IRC. I received a response of no from Scribus with regard to any spending cash contributions. There may have been a few development contributions but no forum support, no chat support for the project by Canonical.

I’m not saying what Canonical does is violating any license – these are dependencies in a package, right.

The new package is theirs: ubuntu-edu-tertiary

As devs, of course, we have dependencies. For example, I use rsync for respin. Nothing needs to be edited or changed, and my software depends on an existing project. However, it does seem as these packages such as ubuntu-edu-tertiary are just dependencies with no original education applications provided by Canonical at all. There is no deliverable application depending on these other projects. Honestly, these are just projects and software included in an education flavor.

So, if the idea is to provide education software to the “masses”, why are there no features added, user experience considerations developed, or well, any development at all?

While not a violation of license – because nothing was forked, just included as dependencies, the non-contributing development is definitely not community minded and a real threat to hobbyists and hackers everywhere!

Unfortunately, having to support your primary project is key. However, small projects are not a company with financial resources based on the packages or projects developed for the community. Many projects run with just a few contributors working on a labor of love.

We are not companies that charges in the six figures for licensing the Operating System on an industrial IOT machine because the manufacturer is in a certain country.

One company literally informed us of their intention to pay out half a million dollars to Ubuntu for using the Operating system on 2 machine product lines.

The reason, the machines were manufactured in China.

“But we can just make a respin! Trust me, I know how! We don’t need to pay”.

"Some projects have had great contributions and have moved forward in progression. Perhaps there is a benefit in companies using our projects."There was nothing I could do.

So, with that kind of payment from corporations, just how much does Ubuntu have in their coffers to contribute? How much do they contribute or pay to projects?

I received messages from the Edubuntu dev mailing list.

Edubuntu is a “labor of love” for the 3 or 4 people involved in the “resurrection” of the packages. Erich and his wife work on the product with input from family members and evaluation of what packages may be useful for educational purposes.

The job is to evaluate and include packages within the educational package that are mostly stable or have longevity. While I applaud any educational effort, the fully supported question needed to be answered!

“That control file was revived and largely unedited from its original form from 9+ years ago, and when it was originally written, all of the software may very well have been fully supported by Canonical. Unfortunately, I wasn’t around at that time, so I can’t speak to that. However, I can speak to where it is at currently.”

“Edubuntu, however is not its own project as it is a flavor of Ubuntu and doesn’t exist as a separate distribution from Ubuntu.”

“I’m sorry if the descriptions were confusing, we can definitely get that cleared-up before 23-10.”

So, in conclusion, rather than to “fully support”, partially support or offer any contributions whatsoever to the community projects used by Ubuntu, at least in the case of ubuntu-edu-* packages, the solution here is to – change the control file description.

Some projects have had great contributions and have moved forward in progression. Perhaps there is a benefit in companies using our projects. While contribution is not required, encouraging contributions to our projects, especially by those companies using and depending on the tools/utilities/apps for their project is definitely appreciated and considered at the very least, good manners. The tools/utilities/apps these companies use can progress for their benefit as well by contributing back to the project and community. There are various ways to do so.



Recent Techrights' Posts

People Who Assault Women Are Not Victims of "Distress"
It seems like an American tradition. In a country with almost 50 presidents, not even one was a female.
Adoption of Gemini Protocol Still Growing
Gemini Protocol is being obscured by the media - it doesn't help that Google 'hijacked' the word "Gemini" - but people still manage to find out about it, download a client, and use it
Brett Wilson LLP "Takes it Personal" (Character Assassination, Not Professionalism). Everybody Can See That.
On behalf of violent men
Pissing Contests and Pissing Off Everyone
people who came from Microsoft are trying to vex and divide the community
Microsoft Repeats the Mistakes Made by the EPO After We Exposed a Major Microsoft/EPO Scandal 10 Years Ago
That scandal was all over the media, not just in English
 
Changing One's Name Won't Change One's Past
People who have earned a bad reputation are not magically "entitled" to reset
Slashdot Media Turned Linux Journal Into a Slopfarm and Now Slashdot Actively Promotes Anti-Linux Slopfarms
Yes, "no-nonsense" apparently means actual nonsense
Links 14/07/2025: Arresting Photographers, Threats to Revoke US Citizenship Over Criticism
Links for the day
More EPO Leaks on the Way
We hope that Mr. Rowan will actually try to refute what we say and show, not merely point the finger at the messengers
Decommodification is a Corporate Strategy Against Communities
systemd is led by Microsoft and hosted by Microsoft
copyleft.org 'Hijacked' by the People Who Attack the Person Who Created Copyleft
So far there's nothing "tasteless" in copyleft.org, but that can change at any time in the future
Asking People to Take Down Articles and Videos Only Makes These More Popular and "Viral"
If you do something bad, one of the worst things you can possibly do it try to silence those who speak about it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 13, 2025
IRC logs for Sunday, July 13, 2025
Two-Thirds Towards FSF Goal, Richard Stallman to Give Talks in Europe
There are 67 left before reaching the target
Gemini Links 14/07/2025: Politicised Tech and "Leaving GitHub"
Links for the day
The Demise of LLMs
We've just checked BetaNews again. They've dropped all the slop and went back to human authors.
Gemini Links 13/07/2025: Sonpo Museum of Art and FCEUX
Links for the day
Links 13/07/2025: UnitedHealth's Censorship Campaign, Australia Wary of China
Links for the day
Firing Away With Nonsense
Or fighting fire with fire
Links 13/07/2025: Climate Crisis, GAFAM Poisoning the Water
Links for the day
Turns Out LLMs for Code Don't Save Time and Don't Improve Quality
Neither legal nor useful
The Microsofters Will Have an Obligation to Compensate Us
This story isn't just about Microsoft. It's also about corruption, there are many women victims, there is abject "abuse of process", and many more scandals to be illuminated in years to come.
Reproducing at the EPO Instead of Producing Monopolies for Foreign Monopolies With Their Price-Fixing Cartels
Does the EPO recognise the need of well-educated Europeans to bear kids?
Valnet Inc. Dominates Real (Not LLM Slop) GNU/Linux Coverage in 2025
And likely in prior years, too
Free Software Foundation (FSF) Fund Raiser Goes on
Later this month we'll expose another OSI scandal
EPO Staff Representatives Issue a Warning About Staff's Health and Inadequate Care
Even the EPO's own stakeholders (money sources) are openly protesting against what the EPO became
Links 13/07/2025: Partly Assorted News From Deutsche Welle and CBC
Links for the day
Gemini Links 13/07/2025: Board Games and Battle Styles
Gemini Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 12, 2025
IRC logs for Saturday, July 12, 2025
Plunder at the Second-Largest Institution in Europe
cuts, neglect, health problems, even early deaths
Links 12/07/2025: Political Developments, Attack on Opposition, Climate Actions
Links for the day
Gemini Links 12/07/2025: Melodic Musings and Small Web July
Links for the day
Links 12/07/2025: Jail in China for Homoerotica, South Korea Discriminates Against Old Workers
Links for the day
If Only Everything Was Rewritten in Rust, We'd Have No More Security Issues?
Nope.
Links 12/07/2025: Birdwatching and Fake/Misleading Wall Street 'Valuation' Figures
Links for the day
Gemini Links 12/07/2025: How to Avoid Writing, Apps for Android
Links for the day
Using SLAPPs to Cover Up Sexual Abuse and Strangulation
The exact same legal team of the Serial Strangler from Microsoft and Garrett already has a history fighting against "metoo"
EPO Staff Committee on Harassment in the Workplace
slides
Adding the Voice of Writers to UK SLAPP Reform
The journey to repair antiquated (monarchy era) laws will likely be long
EPO Takes More Money From Staff for Speculation (Pensions), Actuarial Study Explains the Impact
"The key change in this year’s Actuarial Study, due to cascading the new “risk appetite” from the financial study, is a significant increase of the total pension contribution rate of 5.7 percentage points, up to a total of 37.8%. This is driven by an unprecedented decrease in the discount rate of 105 bps down to 2.2%."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 11, 2025
IRC logs for Friday, July 11, 2025