1. preface
In October last year, Dominick Baier and Brock Allen, two creators and maintainers of Identity Server, announced that their current business model was inherently unsustainable, so they would use the Reciprocal Public License (RPL) paid licensing model and provide Identity Server 5 under a new company, Duende Software.
近期,微软宣布他们的 ASP.NET 6 模板将继续包含 Duende 的 IdentityServer 依赖项。IdentityServer 曾经是一款使用宽松的 Apache 2.0 许可的免费开源产品,并且是 ASP.NET 开发人员常用的处理 OpenID 和 OAuth 2.0 令牌的工具,因此多年来微软的 ASP.NET 模板一直会默认包含该库。如今, 微软的流行模板中包含的 IdentityServer 要求年收入超过 100 万美元的用户每年最少支付 1,500 美元的许可费。
The. NET community responded to the announcement with great grace, carefully considering its role in promoting innovation and development in the. NET open source ecosystem by supporting independent software vendors, and agreed that IdentityServer collects license fees in the form of annual fees to maintain the code base is highly desirable because it is better than the maintainer giving up the project.
However, people in the. NET community panicked and asked to discuss the code contained in some of the templates with managers of. NET open source software. The worst problem is that the real manager of the. NET open source software ecosystem is Microsoft.
Nowadays, there is an endless discussion surrounding Microsoft, Identity Server, and free and paid "open source" software, so I decided to discuss in this article what the end of the free lunch for. NET open source software means for users.
2. People's hearts are weak and snakes swallow elephants
Whenever I see people abusing free/underpriced/unauthorized resources, I always think of a saying: A snake swallows an elephant when people are weak.
Although stealing a piece of candy from a small store will not be prosecuted, if someone robbed a bank, they will definitely be brought to justice.
Speaking of open source, if the defender only needs to support a small number of users and the requirements are similar, then the cost is actually not high, but once the project reaches a critical point and the user's requirements exceed the defender's willingness to provide, then there must be One party pays the price.
Users of IdentityServer are really greedy. For the past decade, most IdentityServer users have been greedily enjoying free dinners, and now the bill is here.
It is not difficult to imagine that various opinions appear in this Microsoft post (https://github.com/dotnet/aspnetcore/issues/32494):
- This is an essential service, and Microsoft should acquire Duende and once again provide Identity Server for free;
- No one has read Duende's pricing terms that "any company or non-profit organization with annual revenue of less than $1 million can use Identity Server for free", so many people are complaining;
- Contributing to IdentityServer4, which is still free and open source under Apache 2.0, is simply too difficult;
- Maybe Microsoft should replace IdentityServer with other products, such as https://github.com/openiddict/openiddict-core, or https://github.com/simpleidserver/SimpleIdServer, so that the free lunch can last until these projects encounter the same sustainability issues as IdentityServer.
People's reactions to Microsoft's choice to include IdentityServer in some templates instead of including core libraries that adopt RPL terms are also ridiculous.
When developers are suddenly asked to pay $1,500,$4,000, or other fees per year for "business-related" services, they immediately start crying poor.
Be aware that developers 'expertise cannot be bought with money, and purchasing an excellent, field-tested, well-documented, and highly reusable solution, such as IdentityServer built by domain experts, is not only much cheaper than paying for yourself to hire developers to do this, but also less risky. If critical issues such as authentication and authorization errors go wrong in your application, it will surely cost you dearly.
If you're the head of the company's software area and are struggling with Duende's few dollars in licensing costs, do me a favor and resign because you're not qualified for this position.
I suspect that some people on the Internet complain about licensing costs and poor installation. In fact, they have nothing to do with cost, but with the procurement department.
3. Dissatisfaction from the procurement department
One of the biggest reasons why open source technology spreads so quickly and generates such great value is that anyone can adopt, use, modify and redistribute reviewed open source software without a license, regardless of department budgets.
However, once maintenance staff started charging as compensation for their expertise and experience, developers had to negotiate with the purchasing department and obtain approval to purchase these products.
The procurement department's approval mechanism exists to thoroughly investigate the "risks" of each supplier in the supply chain. Often purchasing agencies don't produce any meaningful results and only make transactions between the two parties more expensive and difficult, so software developers don't want to get involved in this aspect.
I'm not particularly sad about the dilemma faced by. NET developers. After all, it was mainly their fault.
4. Free lunch is over
Although you can always use open source projects for free, once they decide to charge, you are at their mercy.
As far as IdentityServer is concerned, I think the payment terms for the new version are already very generous: support for IdentityServer open source software will continue until November 2022!
If it were other projects, they might give up completely and leave users to fend for themselves.
As open source software becomes increasingly popular in the. NET ecosystem, and this trend will only accelerate over time, sustainability issues in. NET will become more common. A few years ago, Microsoft paid for all costs and provided free libraries for users. The result only left the. NET ecosystem in chaos, and we can't repeat the same mistake.
The free lunch is over, you should wake up.
When you choose a variety of packages and technologies to maintain and build. NET applications, be prepared to pay. Because this is the only way to avoid future surprises and supply chain shocks: add them to costs now.
You should get into the habit of contributing value to upstream dependencies, purchasing value-added products and services from maintainers by contributing directly to the projects you use, donating, or in other better ways. Alternatively, you can help promote their projects through blog posts, videos and courses. If you use a product in your business software, you should give back through various channels. However, most users do not choose to do so.
Establishing a good value cycle of exchange with open source software projects is an inevitable result of the "open source sustainability crisis" and everyone can benefit from it. So start taking action now and contribute to open source projects, because the continued development of these projects will ultimately touch your own interests.
Author: Aaron Stannard
Original title: . NET Open Source: What Happens When the Free Lunch Ends?
Original link: aaronstannard.com/dotnetoss-free-lunch-ends/
translator| Editor in charge of Banyue| Ouyang Shuli| produced| CSDN(ID:CSDNnews)
Translation title: Is the free lunch of. NET open source over?
Translation link: www.sohu.com/a/472062543_115128