Can Open Source Projects Exit Foundations?
45 comments
·May 27, 2025eqvinox
bruce511
Yeah, but who owns the name? That's what this is about.
Let's say I fork Firefox. I can do that because it's open. I can't call my thing Firefox though (that's that's trademark owned by Mozilla).
It turns out, the brand name is actually the thing that matters, not the code. He who owns the name owns the users.
In terms of the code, he who owns the contributers owns the code. But it takes a LOT of work to switch people from one brand to another, even if the new brand is the old developers.
Witness the fact that MySql is still deployed more than MariaDb. The MySql brand is very strong, even if the MariaDb product is superior.
eqvinox
> Witness the fact that MySql is still deployed more than MariaDb. The MySql brand is very strong, even if the MariaDb product is superior.
That's a sample size of one.
FRRouting forked from Quagga. Quagga is completely, utterly and unquestionably dead. So, with a sample size of two it's 50/50. What now?
slavik81
Jenkins forked from Hudson at the same time as MariaDB forked from MySQL (and for the same reason). Yet, Hudson has been so thoroughly replaced that even developers who used it for years have probably forgotten about it.
tgma
Evidently during the donation process CNCF requires them to give them the trademarks so they own it.
redeux
That’s true. The problem here was that Synadia never fully transferred the trademark, seemingly in bad faith. When Synadia told the CNCF that it needed to transfer NATS back, they claimed that the CNCF didn’t own the trademark and therefore didn’t own the project.
LadyCailin
I solved this in my open source project by owning the name personally. The code is dual MIT/GPL licensed - I don’t/can’t fully control that (by design), but I unilaterally control the registered trademark. I feel this is a reasonable compromise between the reality of the legal and practical issues with trademarks, and the spirit of open source, even though you’re right, there’s a ton of power in owning the name itself. I’ve thought about writing up some permissive license/rules for trademark usage, which would allow me to relinquish some legal control there, while still ensuring good stewardship of the trademark. But it’s definitely a thin line to balance on.
immibis
Except you didn't solve it, because you owning the trademark personally is the problem that's being complained about
eqvinox
That just means a different set of people can get stuck having to rename, i.e. whatever group doesn't include you. How confident are you that (assuming your project thrives) you'll be around in 10 years and have the project's best interests at heart?
Even the nicest and best people can change for the worse. One of the reasons to go for some foundation-like entity owning the name is that you can equalize out across multiple people in a meritocratic, democratic, demarchist, or whatever else process.
And even if you're incredibly sure you won't become a bad person: what happens if life hits you hard? A relative becomes disabled and you need money to care for them? Will you sell the trademark?
blitzar
> I’ve thought about writing up some permissive license/rules for trademark usage
See the 'wordpress' situation for a case study ...
johannes1234321
> Witness the fact that MySql is still deployed more than MariaDb. The MySql brand is very strong, even if the MariaDb product is superior.
If it were ... but it isn't, quite to the contrary.
However look at Openoffice, where libreoffice clearly won.
baobun
Been suggesting to a non-technical OpenOffice-using writer friend to at least give LibreOffice a try but it ain't happening. The name is a lot stickier than the actual product or people behind it.
evanelias
Large tech companies (especially in the US) seem to strongly favor MySQL over MariaDB. For example, when these companies discuss MySQL, they're literally using Oracle MySQL or a patch-set on top of it such as Percona Server -- Meta/Facebook, GitHub, Shopify, Uber, Square, Pinterest, Twilio, Etsy, and many others that have done conference talks about upgrading from MySQL 5.7 to MySQL 8.0.
AWS Aurora for MySQL is based on Oracle MySQL, without a MariaDB variant. Vitess only supports MySQL and not MariaDB. Between these two facts, you can ascertain a lot of companies are using MySQL under the hood.
Even in terms of "regular" managed DB hosted, only AWS RDS actively offers both MySQL and MariaDB variants; Azure had both but has chosen to drop their MariaDB product and focus only on MySQL. Google CloudSQL offers MySQL and has never supported MariaDB.
This is not to say MariaDB is bad! Quite the contrary. Just responding to the common incorrect HN refrain that Oracle MySQL is dead.
As for which product is "superior", in my experience they both have unique strengths and features that the other lacks. MariaDB has especially been adding some great FOSS features lately. MySQL is focusing more on enterprise/non-FOSS in the last couple years, but prior to that they added a ton of unique stuff to MySQL 8 as FOSS.
bawolff
> Witness the fact that MySql is still deployed more than MariaDb. The MySql brand is very strong, even if the MariaDb product is superior.
On the other hand, wikivoyage is more well known than wikitravel. LibreOffice is more well known than OpenOffice.
Ultimately though i think this is reasonable. If you go your own separate way you use a new name. If you give your project's name to someone else, that is your own stupid fault.
dirkc
Are you saying wikitravel has been forked to wikivoyage and that wikivoyage is the new one? I was looking through wikitravel a few weeks ago and felt sad
aryonoco
Far to break it to you but OOo install base still dwarfs Libre Office. Nearly all on Windows.
atombender
With the NATS fiasco, Synadia never achieved any of their stated goals, and ended up in a worse place than before. Why would they do this?
Synadia ended up relinquishing their trademarks (which they had already promised to transfer), they gave up taking the project away from CNCF, they gave up their plan to relicense under a BSL license, they alienated a lot of customers, and they got a lot of bad press.
The whole thing seemed to lack foresight and planning. The strategy — to blame CNCF for NATS not thriving as a community — was contradictory, since their "rescue plan" involved making it closed source. But I suspect the real reason for failure was that there wasn't really any hope to get the trademarks back; that would have required a legal battle they couldn't afford to pay for.
I'm a big fan of NATS as a technology, and I like Synadia as a company. They're doing something a little different than the DataBricks of the world. I completely understand their need to survive financially, and I understand if this pressure has increased after getting VC funding. (They raised $25m a year ago, so I'm guessing the screws started tightening.)
However, many other companies have been able to make billions without resorting to a BSL. Unlike Elasticsearch (which also created similar drama and changed their license, then went back to open source after a short while), nobody is threatening Synadia by offering a competitor to their cloud version of NATS.
I can only speculate, but I suspect Synadia's existential crisis is self-inflicted. If you look at their product offering, there's simply little reason for any company to pay for a support contract; they made NATS incredibly easy to self-host, and what you get (support and a nice dashboard UI) doesn't stand out as particularly valuable.
As someone who used a lot of open source, I'm a little conflicted by this. I want Synadia to succeed as a company. But I think it comes down to this: Either you fully invest in open source and manage to build your business around it, even if that means the business will be a little smaller and never turn into the next Microsoft. Or you don't make any pretenses, and you double down on BSLs and commercial licensing.
There isn't a middle ground where you pretend you possess the spirit of open source (which Synadia's communications kept professing) but must also turn to a license hostile to it.
notpushkin
> I can only speculate, but I suspect Synadia's existential crisis is self-inflicted. If you look at their product offering, there's simply little reason for any company to pay for a support contract; they made NATS incredibly easy to self-host, and what you get (support and a nice dashboard UI) doesn't stand out as particularly valuable.
This is just a really sad incentive in place nowadays. If you make something that’s easy to self-host, and open source it, you might end up with a popular project that’s just not financially sustainable. So you see people either overengineering their architecture to the point it’s painful to host, reaching out for a more restrictive licensing, or both (looking at you, Sentry... not judging though).
Of course, there’s the open core model as well. There are also mischiefs that pretend their product is open core and enable some features behind a license key, but everything is open source in the repo. (A YC startup, nonetheless! Not calling names because I don’t want to jinx it, but if it was intentional – you have my deepest respect. And I promise I’ll pay you plenty, once I have some money to sustain myself.)
So... there might be a spirit of open source somewhere in these “commercial open source startups”, but it’s usually in those that don’t play pretend open source. And in there, money still comes first, of course.
tinodb
> … nobody is threatening Synadia by offering a competitor to their cloud version of NATS.
Scaleway is! Was quite excited when I saw that recently.
MadVikingGod
Can a project exit cleanly, probably not.
What I'm really disappointed with the CNCF in particular was the lack of support I felt from them. I mean a trade organization is going to do trade organization things like Kubecon, but they could have spent just a fraction of their marking budget on things that directly support projects.
What I saw directly from them was the github org, the CLA bot, and a discount ticket to Kubecon. What would have been useful was things like: independent developer stipends, so everything isn't only backed by the large companies in the game; paying for technical writers; independent community managers; dispute arbitration; dedicated hardware for performance profiling; and I'm sure I could think of a few more.
While I don't think that anyone in the CNCF is doing the mad scientist laugh trying to make it harder for it's projects, I do think that working with them has change my image of them as a bastion of Open Source.
liveoneggs
The purpose of the foundation (to me) is to ensure that this thing will continue to exist five years from now. That a company even thought they could "un-donate" a project is absurd. I'm not sure the CNCF is a very serious place.
williamstein
This recent long interview with the founder of NATS has some new information and deeper insight into what actually happened: https://changelog.com/podcast/641
It ends with the host saying “Rug pulls are not OK” and the NATS founder responding “No pay, not okay.”
mparnisari
My hot take is that CNCF, when you look under the hood, is nothing more than an avenue to promote your project. Once you get people to know about it, it's kinda dangerous to leave it there (other companies may try to change its direction) and I can see why Synadia wanted it back.
bonzini
They were the majority of the commits so there's no risk that someone would change their project's direction.
Ockham's razor tells me that they realized too late that they don't have a viable business model, the money dried up and that's why they wanted to make it proprietary.
dedicate
maybe once a project, especially one with a strong commercial backer like Synadia, really finds its footing, they might feel they need more direct control to really drive their specific vision forward?
tgma
A better question would be what is the point of CNCF? Why would you voluntarily sign away your trademarks to some random third party without gaining something?
null
sgtcodfish
As an active maintainer of cert-manager (which is CNCF graduated), I can shed some light here. It's not just "give away trademarks for nothing"!
The CNCF pays for cert-manager's testing, web hosting and infrastructure costs and they paid for a professional security audit of the project. We get marketing help, exposure, talks, booths and other bits too. When we graduated last year, we got popcorn!
What I personally like too is that the CNCF provide a kind of "business continuity" aspect for open source, which is something I think about a lot. If the current maintainers got hit by an asteroid at an in-person event, there are CNCF people in our testing infra account and in GitHub who can log in and save the project. At the end of the day businesses have continuity plans for their projects, and for open-source projects of cert-manager's size it makes sense to do the same - and the CNCF neatly solves that problem for us.
elktown
> A better question would be what is the point of CNCF?
I ask myself that every time I happen to stroll past CNCF things. I just can't avoid feeling that it's a big cloud complexity racket - and not even a classy one. A constant barrage of expensive conferences, vague memberships [1], and over-the-top certification schemes [2]. Not to even mention the obvious self-interests of hyperscalers of setting up this org in the first place.
[1] "The CNCF Silver Membership offers unmatched value across your entire organization. Whether a startup, scale-up, or mid-sized company, get ready to lead, learn, grow, and be recognized in the cloud native ecosystem." https://www.cncf.io/about/join/silver/
[2] "Individuals who have successfully passed every CNCF certification (currently CKA, CKAD, CKS, KCNA, KCSA, PCA, ICA, CCA, CAPA, CGOA, CBA, OTCA, KCA) and LFCS, will receive the title of Golden Kubestronaut for life [...]" https://www.cncf.io/training/kubestronaut/
tgma
I felt the same. They feel super corporate with all that bloat and the DEI stuff they shove down your project throat, it does seem to be an arm of Google et al.
aspenmayer
Maybe an analogy could help.
You volunteer at a nonprofit, and come back from work one day to find the office empty, with the phones ringing. You answer the phone. It’s a user asking for support. You help them and conclude the call, then hang up the phone. It immediately rings. It’s the director of the organization. He’s resigning. As he is explaining that he won’t be coming in to work tomorrow, he wishes you good luck before peremptorily ending the call.
With a look toward your desk with rising anticipation, the phone once again begins to ring…
Do you go in to work the next day? What do you expect to find when you do?
fourthark
Well that's a frightening scenario... but how does it relate?
aspenmayer
I think that if you're an unpaid open source developer, then if you no longer want to maintain your project, donating it to something like CNCF might feel like better stewardship than nothing at all, and donating it to "the community" is ambiguous. I can see how one would want their project to do right by its users, but due to bus factors and so on, one person might need to step away indefinitely at little notice. As someone can accidentally find themselves steering an open source project that becomes larger than they ever intended, so too can someone accidentally become their own boss, which was kind of what my analogy was getting at, that it can be thankless work, and that there are likely good reasons that people donate their projects to groups like CNCF or others.
A lot of open source software is developed by people employed by large tech companies, so that complicates ownership structures. I can see companies may view projects that are led by nonprofit orgs, trusts, or other durable formations of collaborators as more stable than those led by individuals or small groups, but perhaps they prefer these structures because they are easier to exert control over by those groups seeking to do so, like CNCF may be doing in the case of OP?
null
gadders
Is this another dispute with hyperscalers using the technology for free?
It's Apache 2.0 licensed, so anyone can "exit" the project from anywhere. "exit" is just a fancy name for fork here — even a proprietary/closed fork — and the usual layer 9 considerations apply, e.g. do they take users & devs with them or not. Or the domain, if there is one.