Welp, #opengrep (https://www.opengrep.dev/) is a great example of something that seems like it was a reasonable thing to do, but put together by people who do not understand community relations or messaging.
It's pretty clear that what really happened is that Semgrep moved some features from their LGPL-licensed open-source core into their proprietary-licensed "pro" product (and there were some license changes around community rules, but those were never open-source anyway, so that's whatever).
A bunch of companies that compete with Semgrep at some level relied on those features. They had pretty limited choices to respond, and decided to fork semgrep-oss into opengrep, and commit to giving it to a foundation to defend against future license changes. This is the least-bad outcome for the community (more on that in 🧵 ).
However, the way they made the announcement tries to cast Semgrep as a "bad guy" and act like the opengrep cabal is somehow a champion of open-source -- which is precious because they contributed very little to the open core as it was.
=> More informations about this toot | More toots from calcifer@hackers.town
Here's what #opengrep should have said, IMO:
"Semgrep has made the decision to move some previously-open-source features under a proprietary license for any future development. This left us with a problem to solve, as our customers -- and other users of semgrep-oss -- rely on those features.
We respect Semgrep's business decision. Nevertheless, our concern about this decision and the message that we can't rely on their "open core" to continue to provide popular features has led us to exercise our rights under the LGPL and create Opengrep. We're committed to changing our products to use this fork in order to preserve the features our customers rely on, and intend place governance of the project into the hands of a non-profit foundation to ensure that no single vendor can change licenses or remove features in the future.
We believe that there's a place for both opengrep and semgrep-oss, and are hopeful that good ideas can cross-polinate between the projects."
=> More informations about this toot | More toots from calcifer@hackers.town
The reality is that these vendors, if they don't want to screw over all the custom rules they wrote and all the features they rely on, only had a handful of ways to respond:
=> More informations about this toot | More toots from calcifer@hackers.town This content has been proxied by September (3851b).Proxy Information
text/gemini