By Marcia Wilbur

To build or not to build!

Recently, there has been some discussion about “open source freeloaders”. It’s completely laughable for companies calling others freeloaders, when in fact, we are the contributors, developers, laborers of love and take ownership volunteering our time to projects these companies use.

Often corporations use our projects without giving anything back to the community.

This is true of many companies with “open source” projects. Often, there will be use of projects in ways one might not even imagine such as curling Windows repos, creating in-house projects based on all open source projects with no redistribution, no sharing and resistance to share.

In one corporate case, the original developers shared with an open license to GitHub. When confronted with this fact, I recommended placing the updated project files to the original repo and was met with strong objection to the point the product owner stated I was “stirring the pot” and demanded management “remove that github project”. Management would not as this is not one of “our company project repos” and we have no control over this public-facing project abandoned several years prior.

"It’s not a violation of license to build new software based on different packages and projects in-house and not share, but not in the spirit of our community."The original developers seemed to have best intentions but were let go and the project developed internally from their original.

It’s not a violation of license to build new software based on different packages and projects in-house and not share, but not in the spirit of our community. Some development, testing or any contribution is appreciated but not required. There is no monetary donation more often than not. Little to no consulting opportunities are available to project developers who have an eye toward community, at least from my perspective and experience.

From Red Hat’s commitment to open source: A response to the git.centos.org changes

June 26, 2023, by Mike McGrath

“Finally, I’d like to address every open source company out there, whether your code is open today or you’re considering moving to an open source model. By any measure, Red Hat has “made it” and I hope many open source companies can succeed as we have. You can decide for yourself whether downstream rebuilds are valuable for you and it’s your call to make it easy, or not.

Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity.

We don’t want that and I know our community members, customers and partners don’t want that. Innovation happens in the upstream. Building on the shoulders of others is what open source is about. Let’s continue to drive innovation, support one another and keep moving forward.”

Granted, most of us want the ability to modify and distribute and we do just this.

There are a few use cases for simply building without adding features.

• We can pick up abandonware and there is value in supporting users and maintaining a stable release. This does add value also.
• We can simply rebuild code, rename, redistribute (see your code license(s) for proper threat leveling) and become the “REAL THREAT” to open source companies.
• We can learn by simply building through evaluation.
• We can encourage contributions to software by including the built code in our projects.

Companies are not likely to pick up abandonware and include this as a dependency, even when they have the resources to do so. Instead, they will search out an alternative.

Take for example an open source project I worked on recently using pandoc. Rather than use @latest pandoc with xelatex for new features, the project used wkhtml2pdf. The company hired an in-house dev to work on the features we wanted when these were already available using @latest pandoc with xelatex!

"Again, while completely legal, this culture of selfish dependence without give back is more common in company culture than not. Freeloaders?!"The packages included in this in-house “solution” included unsupported and deprecated versions with of course, high security risk. The company created what I like to refer to as a “frankenapp”. There was no effort to work with any of the open source projects the company used, no effort to contribute to development. Some of the projects included: ImageMagick, Graphviz, batik, pandoc, wkhtml2pdf

Again, while completely legal, this culture of selfish dependence without give back is more common in company culture than not. Freeloaders?!

Ubuntu – fully supported example:

The packages for Edubuntu were divided and are currently divided by education level.

Packages include:

ubuntu-edu-preschool ubuntu-edu-primary ubuntu-edu-secondary ubuntu-edu-tertiary

The task at Kids on Computers was to evaluate which education projects or packages were used in a previous distro, Ubermix, used by schools in Mexico implemented by KOC.

The purpose of this was to sunset any Ubermix machine, but still offer the same tools, utilities and applications to students. Ubermix was hosting the ISO on the then Google plus platform.

"Does Canonical contribute to Scribus? So, what exactly is meant by “fully support”?"“Who does that?!”

While there were some beneficial features to Ubermix, Kids on Computers wanted to see if we could simply use the packages in a custom respin.

While evaluating the list of packages (dpkg –get-selections | grep install), I noted the packages from Ubuntu.

The interesting thing about these packages was what was inside. There was no indication *buntu had done anything but packaging.

This became more clear upon the realization a couple packages were no longer maintained projects.

So, take for example, ubuntu-edu-tertiary with many recommended packages. The packages listed include Scribus.

The control file for tertiary states:

Package: ubuntu-edu-tertiary Source: edubuntu-meta Version: 23.04.12 Architecture: amd64 Maintainer: Edubuntu Developers edubuntu-devel@lists.ubuntu.com Installed-Size: 10 Recommends: bijiben, calibre, cantor, chemtool, dia, drawing, fritzing, gbrainy, gramps, inkscape, kalzium, klavaro, kmplot, ktouch, librecad, libreoffice, lightspeed, arble-qt, melting, pdfmod, rocs, scribus, stellarium, step, yorick Section: metapackages Priority: optional Description: Tertiary Educational Application Bundle This package depends on all of the educational software for Tertiary grade level education that is fully supported by Canonical and the Edubuntu community.

How do they “FULLY” support?

So, I had questions.

I joined the Edubuntu devel mailing list and asked for the definition of "fully supported".

I went to the Scribus IRC and asked the question whether canonical contributed to the project.

Does Canonical contribute to Scribus? So, what exactly is meant by “fully support”?

Documentation, training, development or testing contribution? Forum, IRC?

Or, do they simply support the ubuntu-edu-tertiary package itself and separate themselves from the projects/packages they “recommend”?

This was Sunday August 13 at approx 9pm EST when I went to Libera IRC. I received a response of no from Scribus with regard to any spending cash contributions. There may have been a few development contributions but no forum support, no chat support for the project by Canonical.

I’m not saying what Canonical does is violating any license – these are dependencies in a package, right.

The new package is theirs: ubuntu-edu-tertiary

As devs, of course, we have dependencies. For example, I use rsync for respin. Nothing needs to be edited or changed, and my software depends on an existing project. However, it does seem as these packages such as ubuntu-edu-tertiary are just dependencies with no original education applications provided by Canonical at all. There is no deliverable application depending on these other projects. Honestly, these are just projects and software included in an education flavor.

So, if the idea is to provide education software to the “masses”, why are there no features added, user experience considerations developed, or well, any development at all?

While not a violation of license – because nothing was forked, just included as dependencies, the non-contributing development is definitely not community minded and a real threat to hobbyists and hackers everywhere!

Unfortunately, having to support your primary project is key. However, small projects are not a company with financial resources based on the packages or projects developed for the community. Many projects run with just a few contributors working on a labor of love.

We are not companies that charges in the six figures for licensing the Operating System on an industrial IOT machine because the manufacturer is in a certain country.

One company literally informed us of their intention to pay out half a million dollars to Ubuntu for using the Operating system on 2 machine product lines.

The reason, the machines were manufactured in China.

“But we can just make a respin! Trust me, I know how! We don’t need to pay”.

"Some projects have had great contributions and have moved forward in progression. Perhaps there is a benefit in companies using our projects."There was nothing I could do.

So, with that kind of payment from corporations, just how much does Ubuntu have in their coffers to contribute? How much do they contribute or pay to projects?

I received messages from the Edubuntu dev mailing list.

Edubuntu is a “labor of love” for the 3 or 4 people involved in the “resurrection” of the packages. Erich and his wife work on the product with input from family members and evaluation of what packages may be useful for educational purposes.

The job is to evaluate and include packages within the educational package that are mostly stable or have longevity. While I applaud any educational effort, the fully supported question needed to be answered!

“That control file was revived and largely unedited from its original form from 9+ years ago, and when it was originally written, all of the software may very well have been fully supported by Canonical. Unfortunately, I wasn’t around at that time, so I can’t speak to that. However, I can speak to where it is at currently.”

“Edubuntu, however is not its own project as it is a flavor of Ubuntu and doesn’t exist as a separate distribution from Ubuntu.”

“I’m sorry if the descriptions were confusing, we can definitely get that cleared-up before 23-10.”

So, in conclusion, rather than to “fully support”, partially support or offer any contributions whatsoever to the community projects used by Ubuntu, at least in the case of ubuntu-edu-* packages, the solution here is to – change the control file description.

Some projects have had great contributions and have moved forward in progression. Perhaps there is a benefit in companies using our projects. While contribution is not required, encouraging contributions to our projects, especially by those companies using and depending on the tools/utilities/apps for their project is definitely appreciated and considered at the very least, good manners. The tools/utilities/apps these companies use can progress for their benefit as well by contributing back to the project and community. There are various ways to do so.

• Hire a dev



• Contributing to added features



• Contributing to bugs or defects



• Reporting defects and offering possible solutions



• Encouraging employees to contribute to projects used



• Financial contribution



• Forum or communication to address any next step features



• Release your project/framework/code based on open source projects. ⬆