Open Source & MoneyPart II
I run into this tweet:
Remember when open source was about "I'll build this cool feature using this OSS project as the base and contribute it upstream" and not "my multibillion corporation needs this feature so I'll demand it for free from the maintainers"
— Igal Tabachnik (@hmemcpy) November 7, 2020
I wanted to respond to that, because it ties very closely to the previous post. As I already said, getting paid for open source is a problem. You either try to do that professionally (full time) or you don’t. Trying to get hobbyist amount of money from open source is not really working. And when you are doing this professionally, there is a very different manner of operating. For this post, I want to talk about the other side, the people who want to pay for certain things, but can’t.
Let’s say that Jane works for a multibillion dollar company. She is using project X for a certain use case and would like to extend its capabilities to handle and additional scenario. We’ll further say that this project has a robust team or community behind it, so there is someone to talk to.
If the feature in question isn’t trivial, it is going to require a substantial amount of work. Jane doesn’t want to just bug the maintainers for this, but how can she pay for that? The first problem that you run into is who to pay. There isn’t usually an organization behind the project. Just figuring out who to pay can be a challenge. The next question is whatever that person can even accept payments. In Israel, for example, if you aren’t an independent employee, there is a lot of bureaucracy you have to go through if you want to accept money outside of your employer.
Let’s say that the cost of the feature is set around 2,500$ – 7,500$. That amount usually means that Jane can’t just hand it over and claim it in her expenses. She needs someone from Accounts Payable to handle that, which means that it needs to go through the approval process, there should be a contract (so legal is also involved), they might be a required bidding process, etc.
The open source maintainer on the other side is going to get an 8 pages contract written is dense legalese and have to get a lawyer to go over that. So you need to cover that expense as well. There are delivery clauses in the contract, penalties for late delivery, etc. You need to consider whatever this is work for hire or not (matters for copy right law), whatever the license on the project is suitable for the end result, etc. For many people, that level of hassle for a rare occurrence of non life changing amount of money is too much. This is especially true if they are already employed and need to do that on top of their usual work.
For Jane, who would like her employer to pay for a feature, this is too much of a hassle to go through all the steps and paperwork involved. Note that we aren’t talking about a quick email, we are probably talking weeks of having to navigate through the hierarchy, getting approval from multiple parties (and remember that there is also the maintainer on the other side as well).
In many cases, the total cost that is involved here can very quickly reach ridiculous levels. There is a reason why in many cases it is easier for such companies to simply hire the maintainers directly. It simplify a lot of work for all sides, but it does means that the project is no longer independent.
Comments
Of course not talking from my experience (ive never been in 'multibillion company), but even if you're smaller, and you decided to base your business on some open source project, you have to think about how to develop it. As soon as it becomes your product you will have to make changes according to your business needs. So i'm 100% sure everyone at the company would have a good laugh about an idea to just jump in and never worry about who and how will maintain the software, or that it's just enough to ask on dev forum and it will magically happen. So, coming back to Janet multibillion employee, i think they always have some budget for unexpected costs and there's no problem with shelling out few thousand dollars ad-hoc without going thru multi-level bureaucracy. But it would never be the case, such idea would be rejected at the very beginning.
Rafal,
The actual situation is a bit more complex.
Let's say that the project in question is something important you need, but isn't in the core of your system. Let's say that you use a project to generate PDF invoices. You have a new requirement, a contract requires that you'll sign the PDF using elliptic curve cryptography. The project only supports RSA signatures for PDF.
Now, Janet is not an expert on elliptic curves or PDFs, no idea how to go about doing this. It is an important feature for the contract, but going through the process of paying the maintainers for this is _hard_. The maintainer, at the same time, may also have no idea how to go about doing something like this. Let's say that the library that they are using for signatures doesn't support it, so they may need to find another one. That means that even estimating the cost of this feature is hard.
Consider what kind of interaction needs to happen. This is an annoying feature for the maintainer. If they aren't working full time, they would need to dedicate a large block of time. There are many unknowns here. How would you price it? How would you even negotiate this? Remember that this is assuming that the maintainer has other employment.
Then the security / compliance department hears that they are doing something with cryptography and they are going to require a whole bunch of documents. It starts from export control and moves to anti slavery forms (serious here).
At this point, the maintainer (if they are smart) will need a lawyer to navigate things, and the cost spirals.
On the other hand, if the company just allocates some funds to this, bypassing the whole process, you are going to end up with an implementation that doesn't verify the public key, which means that it can be tricked into leaking information. That means that I can get your private key and then end up sending you a valid (signed) invoice. Note that you need to be a crypto expert to even understand that there is a problem here.
These controls are annoying, but they are usually there for a reason.
Yep, i'm not sure if we agree or disagree here, but the situation is that a company needs work in a professional and formalized way, and not everyone is the right partner for that, especially a random open source developer. Both sides need to be prepared and compatible, there's some reason why even a 1 hour job costs multiple thousands of dollars when it's done for a big company, it's much easier to go to an established supplier and pay twentyfold for the same job than trying to find a dev in the wild and run into neverending hassle.
Abdu,
Another example, on a more popular project: https://github.com/HangfireIO/Hangfire/graphs/contributors Sergey Odinokov has done the vast majority of the work. Note that in this case, there is already a way to get money, so commercial work may be easier. And I chose this project effectively in random, just as an example
Man to woman: Would you sleep with me for one million dollars? Woman: Sure. Man: How about for ten dollars? Woman: What do you think I am? Man: We’ve already established what you are. All we’re doing is bargaining about price.
Assume in this case that she would be willing to sleep with the man for no money whatsoever. But the moment that money is introduced, there is a whole different dynamic.
Note that in many cases, sending pizza (roughly ~30$ or so) would get you a night of a maintainer looking at your issue. Offering to pay that 30$ would ensure that you would get nothing. This is not economics per se, this is a case of value attached to action. Dan Ariely talked about this a bit in Predictably Irrational, which is a very interesting book.
Support after the fact - sure, that adds to the underlying cost, but unless you are already set up for that, are you even able to offer it? Do you think that the maintainer (in this case, not already set up for this) is able to evaluate and price this?
And you just made my point. At this point, the amount of work required to get things going means that it is cheaper and easier for the company to not try to fund a feature but go and buy something from a commercial entity. Because then someone else is doing all the work around that. Note that I'm not saying here it is the maintainer's fault. I'm trying to explain the difficulities in getting companies to fund open source activities in this manner. It is not "evil companies wanting to get stuff for free", it is more complex than that.
He first has to get a lawyer. And you need someone with expertise in some pretty specific areas of the law (contracts with tech companies are not something that you just get at the standard law firm). Note that this simply means that the cost of getting the lawyer means that the contract must be more lucrative, but that builds against just paying the maintainer a small amount. Now the process has become _hard_, where is that commerical solution, instead?
And Janet can't get pre-approval from the company, not before there is a lot of discussion between Janet and the maintainer to figure out what the issue _is_, what the scope is, etc.
Yes the main maintainer usually does most of the work in an open source project but a co-maintainer can be familiar enough with the code to go and do that side project for Janet. Or maybe even one of the users.
As for your woman example, I am sure there are women who would do it for a price between $10 and $1M. Bargain about the price. No problem.
What Janet wants is custom work for a fee. I am sure there are maintainers who are up for it. Here's an example: https://www.abotx.org/Buy/Pricing. A .NET web crawler open source project. There's a commercial offering with more features. Plus $1000/day for custom work. He's the only maintainer. He didn't mention anything about lawyers and liabilities. Probably will be added in the contract later but that's not a hurdle for him. The main point here is that he's advertising that he's available for custom work. Charge a high enough fee to dissuade most people but if someone REALLY wants him to work on it, he's going to charge a lot. $1000/day will be a lot for many individuals to pay but probably OK for companies. Maybe that's the type of customers he wants. As for lawyer fees and all the hassles, just add the extra cost plus a buffer. Add whatever is worth it to go through it.
Every maintainer/developer is different. It's a case by case situation so there's no harm in trying to approach them. If they won't do it, maybe they know someone who will.
Abdu,
In the case of the woman example. The common case is that a woman would sleep with a man for free, but refuse for money. And if money is involved, the price is much higher.In other words, if a man would offer 10$ to a woman who would sleep with him for free, there is a high likelihood that she won't. Note that the idea is to give a clear example of how money is complicated.
And you are kind of making my point for me. There are OSS projects that are setup to charge people. For that matter, mine are :-). But a large majority of them aren't, and that explains why it is hard to actually pay for that.
And yes, every scenario is different, but the common case is an OSS project that isn't setup to charge people. And that lead to problems with money.
Comment preview