Open Path

by Chad Whitacre

Widespread Use of a Fair Source Product

By Chad Whitacre ā§ Published on May 15, 2024
tl;dr Self-hosted Sentry is a clear existence proof of the viability of the Fair Source model.
Disclosure / advertisement: I work for Sentry.

We aim to launch Fair Source in August, just over a year from Adam Jacobā€™s call for a new term after our Codecov misstep. Yesterday, we hit ESRā€™s radar. His reaction was negative: ā€œNo corporate legal department will ever sign off on letting a ā€˜fair sourceā€™ project be used in house[.]ā€ I said that Sentry seems a clear existence proof to the contrary. Eric inquired further:

I find your claim about widespread ā€œfair sourceā€ use surprising and in fact barely even believable.

  1. There seems to be an inconsistency between the claim that ā€œfair sourceā€ is already in wide use and the fact that some people are only now getting around to naming and formulating the concept and putting up a website about it.
  2. If itā€™s nevertheless true, Iā€™m wondering why no word of such an important development had never [sic] reached me before.

Color me skeptical but willing to learn.

In this post I aim to back up my claim. Iā€™ll explain what self-hosted Sentry is, then unpack my claim that we have 10,000+ installations out in the wild. Iā€™ll end by addressing Ericā€™s additional points.

Self-hosted Sentry

Sentry is a software product for monitoring errors and performance issues in software products. David Cramer started the project 16 years ago as an unlicensed 71-line Django plugin. Today 300+ people produce Sentry in a corporation with a SaaS hosting business serving 100,000+ customers. We get occassional code contributions from non-staff (much more so in our SDKs, which are MIT-licensed), but by and large Sentry-the-product has always been produced by Sentry-the-company.

Sentry has always been produced by Sentry.

In addition to SaaS, we offer self-hosted Sentry, a Docker Compose packaging of the core Django monolith and other services (too many!). It is suitable out of the box for low-volume and proof-of-concept deployments, and also serves as a blueprint for those who want to operate Sentry at scale. The feature set is the same between self-hosted and SaaS. In fact, sufficiently motivated self-hosted users can enable bleeding edge features before theyā€™re enabled in SaaS. We do not monetize self-hosted Sentry.

Since 2019, we have licensed Sentry using what the Open Source Initiative (OSI) recently called ā€œdelayed Open Source publication.ā€ We used the Business Source License (BSL or BUSL) until 2023, at which point we introduced the Functional Source License (FSL). Both our BSL and the FSL count for what we now classify as ā€œFair Source.ā€ We have almost five years of history with the practice.

Receipts (Almost)

Sentry has a dashboard on one of our internal BI platforms that we use to monitor self-hosted. The data comes from our opt-in beacon. Of course, many users do not opt in, or have network configurations that block beacon traffic even if sent. (A few months ago we noticed a precipitous decline over the course of an hour. Nearly 20% of instances stopped reporting. Investigation showed patterns in admin emails of dropped instances that lead us to hypothesize that China blocked us at the Great Firewall.) The self-hosted instances visible to us are an unknowable fraction of the overall install base.

No, you can't actually see the dashboard.

We show 18,751 self-hosted instances in the wild running versions published in the past five years, under what we now call Fair Source licenses. Not all of these are active instances, however, and we had a bug until recently that prevents us from filtering out inactive instances from versions older than five months. We currently show 3,950 active instances running versions published in the past five months. These two bounds, along with the recognition that many instances do not report their existence to us, led me to claim 10,000+ instances as a conservative estimate.

As to my claim that users range from hobbyists to FAANG companies, Iā€™m not going to speak further. Iā€™m content to let those doubt who will.

Formulating the Concept

Besides doubting my claim about the widespread adoption of Sentry under licenses that we now call Fair Source, Eric makes another point worth addressing:

There seems to be an inconsistency between the claim that ā€œfair sourceā€ is already in wide use and the fact that some people are only now getting around to naming and formulating the concept and putting up a website about it.

Letā€™s be careful. I donā€™t claim that ā€œfair sourceā€ is already in wide use. I do claim more modestly that Sentry is already in wide use under licenses that we now call Fair Source. This is sufficient to disprove Ericā€™s original statement, that ā€œNo corporate legal department will ever sign off on letting a ā€˜fair sourceā€™ project be used in house[.]ā€ Thousands have.

Atlassian's legal department did not drive their migration.

That said, the roots of Fair Source are not as shallow as they might seem. Fair Code was a similar initiative driven by n8n with a similar origin story that kicked off five years ago. They agree in principle to merge into Fair Source when the time is right. The reason they chose Fair Code in the first place is because Fair Source was already staked out for the name of a particular license. That license has little traction (itā€™s not listed in SPDX) and the steward has moved on, making way for us to revive the term for a wider conversation about what lies between closed source and Open Source.

Whatā€™s more, OSI executive director Stefano Maffulli is on record about ā€œOpen Sourceā€™s lost decadeā€:

Over the last decade, Open Source hasnā€™t widely addressed the challenges of mobile and cloud computing. That means we donā€™t have an easy way to judge what Open Source means in those contexts.

Maybe that was OSIā€™s job. Maybe they would have been able to forestall the proliferation of non-compete licensesā€”SSPL, RSAL, EL, Commons Clause, BSL, now FSL. Now OSI is trying to catch up, but the pot is poisoned for a company like Sentry. Open Source, like Free Software, takes user freedom as its sole guiding value. We value developer sustainability just as much. As consumers of Open Source this means we pay for it. As producers of software, yes: we are ā€œnow getting around to naming and formulating the concept and putting up a website about it.ā€ The reason it took Sentry so long is because we wanted so badly to make this work inside of Open Source. Now, like n8n before us, we have ceded.

Agree or disagree with the formulation of Fair Source, arguing against it a priori is untenable. The proof of the pudding is in the eating, and 10,000+ feast happily.

šŸ„ŗ