Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Open Source Creators: Red Hat Got $34 Billion and You Got $0. Here's Why.' (tidelift.com)

Posted by msmash on from the quick-primer dept.

Donald Fischer, who served as a product manager for Red Hat Enterprise Linux during its creation and early years of growth, writes: Red Hat saw, earlier than most, that the ascendance of open source made the need to pay for code go away, but the need for support and maintenance grew larger than ever. Thus Red Hat was never in the business of selling software, rather it was in the business of addressing the practical challenges that have always come along for the ride with software. [...] As an open source developer, you created that software. You can keep your package secure, legally documented, and maintained; who could possibly do it better? So why does Red Hat make the fat profits, and not you? Unfortunately, doing business with large companies requires a lot of bureaucratic toil. That's doubly true for organizations that require security, legal, and operational standards for every product they bring in the door. Working with these organizations requires a sales and marketing team, a customer support organization, a finance back-office, and lots of other "business stuff" in addition to technology. Red Hat has had that stuff, but you haven't.

And just like you don't have time to sell to large companies, they don't have time to buy from you alongside a thousand other open source creators, one at a time. Sure, big companies know how to install and use your software. (And good news! They already do.) But they can't afford to put each of 1100 npm packages through a procurement process that costs $20k per iteration. Red Hat solved this problem for one corner of open source by collecting 2,000+ open source projects together, adding assurances on top, and selling it as one subscription product. That worked for them, to the tune of billions. But did you get paid for your contributions?

3 of 236 comments (clear)

  1. Re:News? by cascadingstylesheet · · Score: 5, Informative

    That's not "shady". That's explicitly allowed by the GPL, and noted fairly often in discussions about the GPL's use. If you don't like it, pick a different license for your stuff.

    Agreed. And I just don't get this hostility.

    You see it a lot in, say, Joomla and WordPress add ons. Those projects want to promote GPL use, so you have to use GPL to get in their add on directories. Many add on makers therefore whine all the time about their software being reproduced and distributed without their approval. Um, guys, you released it under a license that specifically allows users to copy it. That's a big part of the whole point of the GPL.

  2. Re:News? by Anonymous Coward · · Score: 5, Informative

    A lot more companies, organizations, and individuals have made money selling services, support, and consulting from their F/OSS codebase.

    What RedHat put to the table were a number of things that take time, money, and trust:

    1: Hardware HSM devices to ensure package security and that the signing key never winds up as a pastebin or torrent. RedHat also took active steps to mitigate when someone compromised a HSM to sign bogus SSH packages.

    2: FIPS and Common Criteria compliance. This may not mean much to most people, but in some environments, it is make or break.

    3: Keeping versions steady and backporting fixes. This ensures that an application that is certified to run on RHEL 7.0 will run on RHEL 7.x, similar to how AIX has binary compatibility guarantees.

    4: STIGs for compliance assurance at install-time. May not be important for people, but critical to businesses.

    5: Erroring on the conservative side. Not many companies do this, especially in DevOps where everyone is locked getting features out there, and not caring about anything else. This by itself warrants the price premium.

    6: Open source with everything.

    All the above not just take time; they take money, especially the auditing and certification process.

  3. #1 Linux supporter: Red Hat, #4: IBM by perpenso · · Score: 5, Informative

    Remember: not only RH pay salary for FLOSS engineers and supporters...

    No, but Red Hat tops the list and IBM is #4:

    "The top 10 organizations sponsoring Linux kernel development since the last report (or Linux kernel 2.6.36) are:
    1. Red Hat,
    2. Intel,
    3. Novell,
    4. IBM,
    5. Texas Instruments,
    6. Broadcom,
    7. Nokia,
    8. Samsung,
    9. Oracle
    10. and Google."

    "... more than 7,800 developers from almost 800 different companies have contributed to the Linux kernel since tracking began in 2005. Of particular interest perhaps is the finding that — seventy-five percent of all kernel development is done by developers who are being paid for their work ..."

    https://www.computerweekly.com...