Did you read the quarter-million-line license for your Slack app?
44 comments
·September 20, 2025nettlin
zahlman
Why can't it deduplicate matching licenses?
s20n
That's how it is done in debian packages. The full text of each license is only mentioned once and given an identifier which is then used to link the license to the relevant copyright statements.
For example: https://salsa.debian.org/debian/highlight/-/blob/94ee6559155...
throwup238
The legal department doesn't want to take that chance.
phendrenad2
Lawyers can make mistakes, but to REALLY mess things up, you need lawyers, plus some engineers that take the lawyers too seriously.
Uehreka
I think it might be the case that licenses often include the authors’ names in the “this code is copyright of so-and-so” (as you can see, I Am Not A Lawyer) section, which might be considered part of the text of the license, thereby making it a requirement to include the full license text for each dependency.
notpushkin
It’s usually done in MIT-like licenses, which are quite short.
But I’d argue that replacing it with
Copyright (c) 207X Jonathan Fenimore
Licensed MIT, see the license text below
Copyright (c) 207X Jonathan Fenimore
SPDX-License-Identifier: MIT
---
In longer licenses like GPL or Apache, you are not supposed to change any copyright statement placeholders. For example, there’s this line in the GPL text:
Copyright (C) <year> <name of author>
---
Or they could just compress the license amalgamation! I think it would be a bit bigger but pretty reasonable, and their lawyers should be happy with this arrangement.
gpm
Are you sure it doesn't*?
* When we treat different versions of say, the MIT license, with different names and copyright years inserted, as different licenses.
I have to imagine the file would compress extremely well though... I'm more curious why they don't use compression.
toast0
Not sure why Apple doesn't offer a compressed filesystem :p it makes writes a bit slower when compression fails, but otherwise the savings in I/O time often makes up for the increased processing on read and write.
sneak
I imagine it does precisely that when gzipped for distribution.
hmartin
Title of this post is blatantly misleading for using the singular 'license'.
GuestFAUniverse
My first computer had a 10MB HDD. * I could program with it comfortably (e.g. Turbo Pascal). * I could play with it (Civ, Day of the Tentacle with a few tricks, ...) * I could run a office suite. * I could communicate via mail and newsgroups
In short: all problems back than could be solved at home.
And yeah, I know that barely anybody cares _how utterly_ wasteful software has become.
theideaofcoffee
But think of the dEvElopEr exPeRienCe! They may have to slow down on the rate they are shitting things out to actually learn a native system/UI toolkit, or, gasp, write it a few different times for different environments! Thats gonna affect some bonuses for sure.
hliyan
We need to return to a world where we primarily own things, not rent them. If the software executable can be thought of as a machine, we should be able to own the version/instance of it we purchased the license for. We may not own the intellectual property, but we should have enough ownership to install it on a personal cloud computer we own and run it until such time we need to upgrade it.
sealeck
https://zulip.com/ is a pretty excellent chat program that can be self-hosted
hliyan
Zulip self-hosted is billed monthly. Still a form of rent. You don't own the version you bought perpetually.
jkaplowitz
According to https://zulip.com/plans/#self-hosted, the only things you get by upgrading from free self-hosted (which is absolutely offered) to paid self-hosted is to remove the limits on mobile notifications, which is a service that Zulip as an organization has to run and which therefore has an inherent cost, plus access to various forms of customer support.
Explicitly mentioned is that all Zulip features are included in the free plan.
The self-hosted offering is notably described as 100% open source software in the tab heading above all the plans, paid or free. https://zulip.com/help/zulip-cloud-or-self-hosting confirms this interpretation. It’s as owned as any other open source software. https://zulip.com/self-hosting/ even confirms that the self-hosted offering is the same software as Zulip Cloud.
The mobile push notification service is also open source and can be self-hosted for free, although this requires recompiling the mobile apps with a different secret and distributing the modified apps to the desired mobile clients. Zulip has no way around this due to Google and Apple’s push notification security models.
kristianc
Buy Campfire instead? https://once.com/campfire
shomp
Campfire needs 64GB RAM for 10,000 users, that surprises me, I would think we could get to 10k users with far less RAM.
nbngeorcjhe
well it is rails
leakycap
And we provide these apps with data and collaboration we rely on for our business or clubs day-to-day?
Time to rethink.
JED3
honestly the slack app store and it’s ridiculous policies makes publishing apps completely unworthy of the time investment. after having published numerous apps across dozens of marketplaces, I would advise everyone to avoid apps.slack.com at all costs. slack is beyond the maximum bloat threshold in virtually every aspect imaginable, TOS and licensing most especially. build elsewhere
wilg
This is simply downstream of open source working as intended. It's also not a problem, and also there's no good solution.
leakycap
> It's also not a problem, and also there's no good solution.
I have worked with people who have this attitude and I wonder how they're doing these days.
I hope they haven't ran into any problems they cannot simply dismiss as not problems that don't have solutions.
neuroelectron
I can't really understand the point of using Slack. There's so many free alternatives.
bigstrat2003
If you mean for individuals, it's because that's what their job uses. If you mean for the companies deciding to use Slack, it's because most companies significantly prefer to pay someone for a supported product than use a free product which they have to have their own staff support.
guerrilla
Someone also explain to me how gamers of all people can live with Discord when the thing barely works.
bigstrat2003
Because it actually works pretty well most of the time. I'm not sure where you get "barely works" from, but that's not remotely my experience or the experience of anyone I know. And of course, network effects are strong so that keeps people using it even through the occasional hiccups.
As for how it got its foothold, it comes down to having an easier onboarding than the solutions it competed with. With Mumble (or Ventrilo, etc) someone has to pay for a server. Then you have to download the client, get the host and port to connect to, enter credentials, and so on. Repeat for every server you might join. With Discord, once your account is set up you just click on a link and join the server. You don't even have to use the client if you don't want; you can join from the browser just fine. I don't think the friction of using previous solutions was actually bad, but it was enough to give Discord an edge even without the integrated chat+voice angle (which is something that those other programs never did and still don't do).
guerrilla
> I'm not sure where you get "barely works" from, but that's not remotely my experience or the experience of anyone I know.
Alright, I'm exaggerating but I've never had as many problems with such a popular app of that class. I'm literally locked out right now due to a known bug (confirmed by support) and this isn't even the first time. Then there were months when recording voice notes (of all things) didn't work on Android. So many other little random things. If YouTube or something behaved that way I'd be shocked. It's a ghetto in comparison.
Yeah, I get what you're saying about friction. I'm complaining as someone who's fine with Signal and IRC, so not the target audience. Someone else also mentioned that the performance may have been better early on as well. I find that hard to believe but I'll trust ya'll for now.
jbaber
When I installed matrix, I thought it was an example of FOSS UI being crummy. Then I found out they were actually doing a good job of emulating discord.
sealeck
Discord is much, much more user friendly than Matrix!
dade_
Except that Matrix is a protocol.
chillfox
Because when Discord released it had less impact on game performance than any of the other solutions at the time. And these days it’s still great, so only a fantastic solution will be able to replace it. But maybe in a few more years of enshitification it will be easier for something new to be better than it.
greenavocado
Wait until you find out both Ukrainian and Russian military were using Discord to communicate
superb_dev
Wait until you find out that the interim prime minister of Nepal was elected on Discord
throwaway20222
Would you happen to have a stack ranked list of favorites off the top of your head?
ProAm
One throat to choke... is why. Enterprise grade sales and support.
This file does not contain the terms of service of Slack. Rather, it contains the software licenses of third-party code that is embedded in Chromium, which in turn is embedded in the Slack app. Every dependency has its own license, which is why the file is so big (800× Apache-2.0, 237× MIT, 59× LGPL, and so on).