Bonum Certa Men Certa

Free Software Contributions and Real Threats

By Marcia Wilbur

To build or not to build!



Recently, there has been some discussion about “open source freeloaders”. It’s completely laughable for companies calling others freeloaders, when in fact, we are the contributors, developers, laborers of love and take ownership volunteering our time to projects these companies use.

Often corporations use our projects without giving anything back to the community.

This is true of many companies with “open source” projects. Often, there will be use of projects in ways one might not even imagine such as curling Windows repos, creating in-house projects based on all open source projects with no redistribution, no sharing and resistance to share.

In one corporate case, the original developers shared with an open license to GitHub. When confronted with this fact, I recommended placing the updated project files to the original repo and was met with strong objection to the point the product owner stated I was “stirring the pot” and demanded management “remove that github project”. Management would not as this is not one of “our company project repos” and we have no control over this public-facing project abandoned several years prior.

"It’s not a violation of license to build new software based on different packages and projects in-house and not share, but not in the spirit of our community."The original developers seemed to have best intentions but were let go and the project developed internally from their original.

It’s not a violation of license to build new software based on different packages and projects in-house and not share, but not in the spirit of our community. Some development, testing or any contribution is appreciated but not required. There is no monetary donation more often than not. Little to no consulting opportunities are available to project developers who have an eye toward community, at least from my perspective and experience.

From Red Hat’s commitment to open source: A response to the git.centos.org changes

June 26, 2023, by Mike McGrath

“Finally, I’d like to address every open source company out there, whether your code is open today or you’re considering moving to an open source model. By any measure, Red Hat has “made it” and I hope many open source companies can succeed as we have. You can decide for yourself whether downstream rebuilds are valuable for you and it’s your call to make it easy, or not.

Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity.

We don’t want that and I know our community members, customers and partners don’t want that. Innovation happens in the upstream. Building on the shoulders of others is what open source is about. Let’s continue to drive innovation, support one another and keep moving forward.”


Granted, most of us want the ability to modify and distribute and we do just this.

There are a few use cases for simply building without adding features.



Companies are not likely to pick up abandonware and include this as a dependency, even when they have the resources to do so. Instead, they will search out an alternative.

Take for example an open source project I worked on recently using pandoc. Rather than use @latest pandoc with xelatex for new features, the project used wkhtml2pdf. The company hired an in-house dev to work on the features we wanted when these were already available using @latest pandoc with xelatex!

"Again, while completely legal, this culture of selfish dependence without give back is more common in company culture than not. Freeloaders?!"The packages included in this in-house “solution” included unsupported and deprecated versions with of course, high security risk. The company created what I like to refer to as a “frankenapp”. There was no effort to work with any of the open source projects the company used, no effort to contribute to development. Some of the projects included: ImageMagick, Graphviz, batik, pandoc, wkhtml2pdf

Again, while completely legal, this culture of selfish dependence without give back is more common in company culture than not. Freeloaders?!

Ubuntu – fully supported example:

The packages for Edubuntu were divided and are currently divided by education level.

Packages include:

ubuntu-edu-preschool ubuntu-edu-primary ubuntu-edu-secondary ubuntu-edu-tertiary

The task at Kids on Computers was to evaluate which education projects or packages were used in a previous distro, Ubermix, used by schools in Mexico implemented by KOC.

The purpose of this was to sunset any Ubermix machine, but still offer the same tools, utilities and applications to students. Ubermix was hosting the ISO on the then Google plus platform.

"Does Canonical contribute to Scribus? So, what exactly is meant by “fully support”?"“Who does that?!”

While there were some beneficial features to Ubermix, Kids on Computers wanted to see if we could simply use the packages in a custom respin.

While evaluating the list of packages (dpkg –get-selections | grep install), I noted the packages from Ubuntu.

The interesting thing about these packages was what was inside. There was no indication *buntu had done anything but packaging.

This became more clear upon the realization a couple packages were no longer maintained projects.

So, take for example, ubuntu-edu-tertiary with many recommended packages. The packages listed include Scribus.

The control file for tertiary states:

Package: ubuntu-edu-tertiary Source: edubuntu-meta Version: 23.04.12 Architecture: amd64 Maintainer: Edubuntu Developers edubuntu-devel@lists.ubuntu.com Installed-Size: 10 Recommends: bijiben, calibre, cantor, chemtool, dia, drawing, fritzing, gbrainy, gramps, inkscape, kalzium, klavaro, kmplot, ktouch, librecad, libreoffice, lightspeed, arble-qt, melting, pdfmod, rocs, scribus, stellarium, step, yorick Section: metapackages Priority: optional Description: Tertiary Educational Application Bundle This package depends on all of the educational software for Tertiary grade level education that is fully supported by Canonical and the Edubuntu community.

How do they “FULLY” support?

So, I had questions.

I joined the Edubuntu devel mailing list and asked for the definition of "fully supported".

I went to the Scribus IRC and asked the question whether canonical contributed to the project.

Does Canonical contribute to Scribus? So, what exactly is meant by “fully support”?

Documentation, training, development or testing contribution? Forum, IRC?

Or, do they simply support the ubuntu-edu-tertiary package itself and separate themselves from the projects/packages they “recommend”?

This was Sunday August 13 at approx 9pm EST when I went to Libera IRC. I received a response of no from Scribus with regard to any spending cash contributions. There may have been a few development contributions but no forum support, no chat support for the project by Canonical.

I’m not saying what Canonical does is violating any license – these are dependencies in a package, right.

The new package is theirs: ubuntu-edu-tertiary

As devs, of course, we have dependencies. For example, I use rsync for respin. Nothing needs to be edited or changed, and my software depends on an existing project. However, it does seem as these packages such as ubuntu-edu-tertiary are just dependencies with no original education applications provided by Canonical at all. There is no deliverable application depending on these other projects. Honestly, these are just projects and software included in an education flavor.

So, if the idea is to provide education software to the “masses”, why are there no features added, user experience considerations developed, or well, any development at all?

While not a violation of license – because nothing was forked, just included as dependencies, the non-contributing development is definitely not community minded and a real threat to hobbyists and hackers everywhere!

Unfortunately, having to support your primary project is key. However, small projects are not a company with financial resources based on the packages or projects developed for the community. Many projects run with just a few contributors working on a labor of love.

We are not companies that charges in the six figures for licensing the Operating System on an industrial IOT machine because the manufacturer is in a certain country.

One company literally informed us of their intention to pay out half a million dollars to Ubuntu for using the Operating system on 2 machine product lines.

The reason, the machines were manufactured in China.

“But we can just make a respin! Trust me, I know how! We don’t need to pay”.

"Some projects have had great contributions and have moved forward in progression. Perhaps there is a benefit in companies using our projects."There was nothing I could do.

So, with that kind of payment from corporations, just how much does Ubuntu have in their coffers to contribute? How much do they contribute or pay to projects?

I received messages from the Edubuntu dev mailing list.

Edubuntu is a “labor of love” for the 3 or 4 people involved in the “resurrection” of the packages. Erich and his wife work on the product with input from family members and evaluation of what packages may be useful for educational purposes.

The job is to evaluate and include packages within the educational package that are mostly stable or have longevity. While I applaud any educational effort, the fully supported question needed to be answered!

“That control file was revived and largely unedited from its original form from 9+ years ago, and when it was originally written, all of the software may very well have been fully supported by Canonical. Unfortunately, I wasn’t around at that time, so I can’t speak to that. However, I can speak to where it is at currently.”

“Edubuntu, however is not its own project as it is a flavor of Ubuntu and doesn’t exist as a separate distribution from Ubuntu.”

“I’m sorry if the descriptions were confusing, we can definitely get that cleared-up before 23-10.”

So, in conclusion, rather than to “fully support”, partially support or offer any contributions whatsoever to the community projects used by Ubuntu, at least in the case of ubuntu-edu-* packages, the solution here is to – change the control file description.

Some projects have had great contributions and have moved forward in progression. Perhaps there is a benefit in companies using our projects. While contribution is not required, encouraging contributions to our projects, especially by those companies using and depending on the tools/utilities/apps for their project is definitely appreciated and considered at the very least, good manners. The tools/utilities/apps these companies use can progress for their benefit as well by contributing back to the project and community. There are various ways to do so.



Recent Techrights' Posts

US Government: 6.1% of Site Visitors Use GNU/Linux
GNU/Linux has a considerable share and it is growing
Why the FSF No Longer Recommends Debian, as Explained by Richard Stallman This Month
some weeks ago
Defeating LLM Abuse (State-of-the-Art Plagiarism) in the Area of Linux and GNU, Free Software, BSD, Security and So On
The aim is to get them to stop using LLMs to rip off other people's work
Digital Sanitation Good Practices
leave behind Microsoftism
 
As Economies Crumble Free as in Beer Will Matter, Not Just Free as in Freedom/Libre (Libertad)
French regions choosing to embrace Software Freedom
25 Years Ago, an Explanation of How Reducing Free Software to 'Apps' Would Interfere With Freedom Goals
there's nothing unreasonable about it
A List of 63 Known Gemini Clients (Software to Browse Geminispace Content With Gemini Protocol)
Not counting browser plugins for Web browsers
Gemini Links 19/10/2025: "Firma Odin Is Transforming" and Bot Attacks While "AFK"
Links for the day
LLM Slop Could Not Rise to Prominence Without Media Complicity and Artificial Hype
Inane garbage disguised as "journalism"
All the Latest Half Dozen Articles by Mehedi Hasan (UbuntuPIT) Only Admit at the End That He's Using LLM Slop
Disclosure is OK, but the practice of using slop is not
The 'Modern' Web of Fake Security and Easy Censorship of Whole Domains
Each year it gets worse
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 18, 2025
IRC logs for Saturday, October 18, 2025
The Term "AI" is Not New and What Today's Media Calls "AI" Isn't Even AI
Only the hype was new... and totally artificial
Gemini Links 18/10/2025: "Planetary Rings", Steam, and PSU Replacement
Links for the day
Links 18/10/2025: Russell Vought in Charge, US Government Leans to Russia Again
Links for the day
Credit Where It's Due: LinuxConfig.org Quit Doing LLM Slop, Back to Original and Real Articles
We waited for a while to say this, now it seems conclusive
Of Note: UbuntuPIT Aware of Critics of Slop, Adds Disclosure of Use of LLMs
We appreciate the honesty
Links 18/10/2025: Madagascar's President Flees and ICE Arrests Protest Comedian Robby Roadsteamer
Links for the day
Richard Stallman Near the European Patent Office (EPO) in 3 Days From Now
It'll be a good opportunity for patent examiners to listen, ask questions, and maybe greet him in person
From Scholar to Booster of Slop (and Even Slop in His Own Blog)
We're going to keep an eye on future posts of his
End of Vista 10 Also Good News for the BSDs
There are many news sites that recommend trying GNU/Linux this month
What's Wrong With Liking Parrots or Birds as Pets?
They'd demonise people for speaking about freedom, no matter what they say or do
10 Days Ago Richard Stallman Gave a Long Interview in French (linuxfr.org)
English translation
Science, Not Fast Food/Junk Food
The commercial exploitation of users won't stop until users exercise full control over their software or - more broadly - their computing (including data)
The Free Software Foundation, Which Has Appointed a 43-Year-Old President, is Looking to Add Another Board Member (or Treasurer)
expect the FSF to add more people
Richard Stallman Confirms Next Week's Talk at Technical University of Munich, We Urge EPO Staff to Attend
That's probably late enough for EPO staff to attend after work
Gemini Links 18/10/2025: Notifications and Geminaut
Links for the day
Many Red Hat People Are Leaving, But It'll Be Framed Publicly as Leaving IBM
Similarly, IBM layoffs (or "RAs" as they're called) include Red Hat layoffs
Expect More Waves of Microsoft Layoffs This Month (at Least Two Rounds Confirmed Already)
From what we can gather, assuming the recent rumours about XBox are true, there will be at least 3 waves of Microsoft layoffs this month alone
Security Issues in Cisco and Jenkins Passed Off as "Linux" Problems
Fear, Uncertainty, Doubt (FUD) tactics
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 17, 2025
IRC logs for Friday, October 17, 2025
[Video] Dr. Richard Stallman at Technické Univerzitě v Liberci
New/via libre-liberec.cz
Slopwatch: LinuxSecurity, Linux Journal (Slashdot Media), UbuntuPIT, and Google News (Noise)
egregious plagiarism
Links 17/10/2025: Better Answers Sought After Air Crashes, "China Fans Patriotic Sentiment as Trade War With U.S. Heats Up"
Links for the day
Security is Desirable, But Not When the Term Security is Misused to Imply Centralisation of "Trust" (Whose?)
'Security' is not an excuse for vendor lock-in
Links 17/10/2025: Fentanylware (CheeTok) Causing Problems, Japanese Government Blasts Slop
Links for the day
The Linux Foundation Seems to Have Turned Linux.com Not Only Into a Spamfarm But Also LLM Slopfarm
it's polluting the Web, even important domains like Linux.com, with spam and LLM slop
Links 17/10/2025: UK’s Largest Breach Penalty and Windows TCO Examples
Links for the day
Go Watch Video About Librephone, Get Microsoft Ads
Very ethical company...
Campaign of Defamation Against the People Who Built NixOS (and Are Now Pushed Out From Their Own Project)
We've already grown familiar with - and resistant to - such tactics
Links 17/10/2025: Nestlé Crisis, Canada Post Versus 'Gig Economy' [sic] and Vista 11 Breaks Itself
Links for the day
Tux Machines Has Helped Separate Opinions/Analysis From News
In September 2023 we decided to split things apart and not repeat links in both sites
Tux Machines Has Improved Navigation of GNU/Linux and BSD News
Some more 'wiring' work
What a World Would Look Like If Everyone Used Free Software Only
Freedom is what matters, not "Open".
The Media Helps Microsoft, Amazon and Others (GAFAM and Beyond) Lie About Mass Layoffs Amid Valuation Bubble
The media, instead of saying that there's an "AI bubble" crashing the economy might instead choose the narrative of "jobs replaced by AI"
Bad Tempered? You Might Have Just Given Away That You're Losing the Argument
Brett Wilson LLP is fully aware that it is being investigated
Richard Stallman (RMS) is a Target of Defamation Campaigns Because of His Views on Software (But Politics Are the Excuse for Defaming Him)
Here in this site we try to refrain from politics, except in Daily Links
End of Vista 10 and Rise of GNU/Linux as Client Side Operating System
It seems certain GNU/Linux will grow in popularity over time
Taking Stock of a Week's Worth of EPO Leaks
We remain committed to exposing EPO corruption as long as it keeps happening
Mathieu Parreaux claims FINMA knew since day one
Reprinted with permission from Daniel Pocock
Calumny, Libel, Joerg Jaspert & debian-private untouchable cyberbullies
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 16, 2025
IRC logs for Thursday, October 16, 2025
Techrights Turns 19 in 3 Weeks
coverage of suppressed topics and protecting all sources/whistleblowers
International E-Waste Day Same Day as End of Vista 10
message from Akira Urushibata
The EPO's Central Staff Committee Presents Evidence That Staff Compensation Lowered While the Office Increases Income by Illegally Granting Invalid Patents
These people become millionaires by doing illegal things
Second or Third Wave of Microsoft Mass Layoffs in October 2025, This Time Portugal
Those are just the ones we know about, there may be several more
'Help Net Security' (helpnetsecurity.com) May Have Become a Slopfarm as Well
Zeljka Zorz, Editor-in-Chief at Help Net Security, was reported to us
Gemini Links 17/10/2025: Rant About Network Solutions, Strange Anomaly on Lagrange
Links for the day