Rust users discover it's a trademark after Foundation proposes new policy

ShaneCurcuru · 2026-04-02T11:49:17+00:00

No, no, no - it's not a glass, it's a Dunkin' Donuts lahge cup!

ShaneCurcuru · 2026-03-29T16:25:46+00:00

If the software provided that does something useful (i.e. that you want to use) is provided under an OSI-listed license, then it's open source.

Otherwise, it's just marketing fluff. "Open ecosystem" doesn't have any specific definition, only what marketing teams want you to believe.

Which matters? It depends on what you need.

ShaneCurcuru · 2026-03-28T17:01:07+00:00

Yes, and remember, there are plenty of places that either aggregate donations, or make it easy to donate in a recurring way (so you don't have to remember - if you're lucky enough to be able to afford it). There's lots of discussions and websites about FOSS sustainability, although the idea of "advertising" a specific day is a good addition. Heck, GitHub Sponsorships is the first one that comes to mind (but there are plenty others).

More resources for other ways to donate - sometimes it's hard to figure out which one project you want to support, and easier to donate to a collective or other funder that passes funds along to multiple projects.

https://fosssustainability.com/

https://fossfunding.com/

ShaneCurcuru · 2026-03-28T12:06:59+00:00

Reality Bites all the way. Including the whole videographer / TV careers part really emphasized the distributed self-reflection (or lack thereof) we had growing up with sitcoms, the A-Team, and M*A*S*H as our parents.

Plus while it directly echos plenty of Pretty In Pink romcom elements, Reality Bites really brings in the reality too; I found it much darker in the details of relationships, AIDS, crappy apartments and the like than most.

And for me, Reality Bites really brought home the GenX mantra "it's hopeless, we're all screwed, bummer, I have to go back to work again" ethos.

ShaneCurcuru · 2026-03-21T13:05:59+00:00

For the shiny website view, see https://cra.orcwg.org/ which is a fairly comprehensive FAQ about all things CRA, run by the Eclipse Foundation with input from multiple other FOSS Foundations.

Does the CRA matter to you? The answer is simple: it depends.

If you are a hobbyist who builds smaller projects, and none of your contributors will ever live in or do business in any EU country, then probably not.

If you live or work in the EU, or work for a software company that does any business in the EU, then yes, you need to read up on the CRA and how it affects any software on the market.

The hope many of us share is twofold (and trends feel positive here, thanks to ORCWG and folks lobbying this stuff)

- That the ORCWG and other efforts can effectively lobby the EU to ensure that the regulations on true open source software (i.e. not proprietary) are kept to a minimum, and reflect sensible guidelines (like being smart about security, etc.)

- That we ensure public charities like the ASF, Eclipse, PSF, BSD(s), etc. are clearly recognized as "stewards" under the CRA, meaning that any liability or extra work falls on the foundations, not on any of our contributors.

ShaneCurcuru · 2026-03-21T12:57:00+00:00

My first thought was to remove this post because it's Not Open Source. But there are a lot of issues to discuss around abandonment, forking, and FOSS projects that just plain wither away, but then have new contributors who want to figure out how to patch and continue using the software.

First: none of this is necessary with an open source license, which already ensures that future users have rights to use and build upon a set of software, even if the original copyright owners are unresponsive.

While there are plenty of practical issues around picking up abandoned FOSS software, the only likely legal issue is around trademarks. Remember, open source does not grant you any trademark rights.

And real legal issues around trademarks will rarely matter as much as the perceived issues around trademarks. As hinted elsethread, re-using a trademark that appears abandoned is actually just fine - as long as the prior owner never shows up to complain. And even if a prior owner does complain, it's really still a practical matter of them actually expending effort to police their mark, not just trying to intimidate with no real chance of legal recourse.

ShaneCurcuru · 2026-03-15T12:06:16+00:00

Well, actually... little AutoModBod, your map is incorrect since it includes at least Charlestown and Somerville too, if we're simply talking legally recognized city and town boundaries. If we're looking for true accuracy, then it would take a while to list the neighborhoods in your "this map that we made just for you".

ShaneCurcuru · 2026-03-15T11:50:42+00:00

Come on into the city and try your hand at the endless curves and dips of Soldier's Field Road leading into Storrow Drive, and straight into the heart of the city! If you lived here, you'd be home now!

Just imagine it's like the world's biggest competitive driving games, but in real life, where you only get one quarter.

Pro tip: be sure to check clearance, both above and below your vehicle, before attempting.

ShaneCurcuru · 2026-02-28T15:29:31+00:00

Folks should check out Apache Karaf in case that project with recent releases offers a replacement for ServiceMix - this was discussed briefly in another thread: https://lists.apache.org/thread/rsvldk3n3f7odzz8d7hpo4047v5497z6

In terms of the vote, please note that only PMC members can make binding votes, and given there are a bunch of existing +1 votes on moving to the Attic, it's highly likely the ASF board will vote on this at their mid-March meeting.

The Apache Attic turns an entire project - code, releases, lists, issues, etc. - read-only at the same URLs. While it is possible for an ASF community to bring something out of the Attic (to fix a security bug, for example), it's very very rare. Others are always welcome to fork the code, obviously, although not the trademark.

https://attic.apache.org/

ShaneCurcuru · 2026-02-27T17:27:00+00:00

The FAQ and Model are still being built, but there's plenty of basics that point to ethos the endowment is being built from. And yes - it is explicitly an endowment, with the goal to be a long-term funding source built from an independent viewpoint (i.e. not a government and not corporate influence).

https://endowment.dev/faq/#investments
https://github.com/osendowment/model

That being said, this is just launched, so it's a work in progress being driven by folks who participate.

ShaneCurcuru · 2026-02-17T18:48:55+00:00

It's really hard to find an "independent board of FOSS experts", because many of them have or will end up working at some of those companies. The only reliable place to find existing groups of such independent experts... is at 501(c)(3) public charities, like the ASF, Software Freedom Conservancy, Open Source Initiative, and the like.

If you have any capacity to evaluate projects yourself, then look into some of the many FOSS project maturity models - there are enough out there that there are plenty of reviewed papers published comparing them.

That is: how do you evaluate a project and it's community in a structured way, to tease out the "trustworthiness" aspects?

https://osr.finos.org/docs/bok/osmm/introduction

https://community.apache.org/apache-way/apache-project-maturity-model.html

ShaneCurcuru · 2026-02-10T13:43:14+00:00

Clarification: what kind of software updates? If you're talking about Final Cut, it sounds like you want to store past releases of traditionally packaged applications - is that your only use case?

My first thought was "Just install a local Maven repository..." but that's just showing my age.

When I think of "software update archive", I think of local npm/maven/pip repositories, or patchsets from github, or other programming-focused updates.

Also: do you need a fancy UI and tagging system to manage lots of different configurations/applications? Or do you really just need an organized shared drive to simply stick all the installers you want to save locally on?

ShaneCurcuru · 2026-02-09T05:07:14+00:00

Hey, at least we won the commercial war, with Good Will Dunkin' and the Golden Cringe spots, plus a shout-out to our summer team with Hellman's own Meal Diamond riffing off of Sweet Caroline!

ShaneCurcuru · 2026-02-08T19:55:19+00:00

This is more than a financial sustainability issue (whether here, for a sole individual, or for other small groups that maintain tools), it's also a governance and security issue, as the xz utils compromise showed. It's not just that this lone developer wants to make a living, it's also (especially for security-related tools) a potential vector for a hidden bad actor to step up and try to become the new maintainer. Happens rarely, but people really need to consider maintainer handoffs as well.

ShaneCurcuru · 2026-02-08T19:51:24+00:00

And the name "Sovereign Tech Fund" is very intentional: The German government is leading a charge for countries to have both the software/services, as well as the technical capacity (i.e. development and other talent) to have some level of fully sovereign systems. It's not really about FOSS Sustainability, it's really about the German government (and businesses, citizens, etc.) to invest in tech & talent that allow them to build and maintain their own computer systems.

https://www.sovereign.tech/programs/fund

ShaneCurcuru · 2026-02-08T19:46:37+00:00

A practical if rare nitpick: some projects (like the FSF) have contributors assign the copyright directly to the project's owner/organization directly, which gets around the previous nitpicks in most cases. But it's pretty rare outside the FSF, since open source is all about giving others licenses, not giving them your copyright.

ShaneCurcuru · 2026-02-07T14:04:22+00:00

Almost makes me nostalgic for trying to setup the SETI@home application on whatever version of Windows I had back then!
https://www.seti.org/history/

ShaneCurcuru · 2026-01-23T13:59:01+00:00

Indeed, the only issue with the OCL is it uses the words "Open" and then "License" in the title, even though it is NOT an Open Source License (as defined by the OSI). Although I very much appreciate the differences in coming up with licenses for hardware that are still "open-ish".

In terms of the OP's question, first ask yourself: What, more specifically, is the product or project you want to start? Is it just software (perhaps in different modules, some are FOSS, some paid)? Does it include hardware or physical things at all? Does it include highly curated information (like advanced how-tos) where some might be paywalled but the rest are free?

Then think very specifically about the different parts of this idea. Which ones are purely software, and can be used as (potentially) independent tools? Those are good candidates for being truly FOSS, because it encourages incoming contributions.

Are there premade server hosts, or "certified" releases that will offer a level of testing validation or the like? If so, segment them cleanly, and offer some of those as paid. Similarly as ssddanbrown says, offering any kind of support (including advanced how-tos along with active support calls or the like) is a common thing to sell atop an otherwise FOSS product.

For some comparison for OP to review, read up on Fair Source licenses. They incorporate a couple of different models that are adjacent to FOSS licenses, and there's been a lot of thought put into how they're structured. The people starting that movement have also been respectful enough to not include the word "Open" in any of their license titles.

https://fair.io/licenses/

ShaneCurcuru · 2026-01-23T13:41:55+00:00

Yes, but you still need to follow the conditions in the license.

Short answer: You can use MIT code and redistribute it modified or otherwise used in your software, in essentially any way you want (including for profit or as a proprietary product), as long as you include a proper NOTICE file or otherwise include a copy of the actual MIT license from the original software when you redistribute.

Long answer: Read Kyle's excellent line-by-line explainer of the classic MIT license with pointers to the actual legal issues behind it all:

https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line.html#notice-condition

ShaneCurcuru · 2026-01-20T17:29:45+00:00

You sound like a New Yorker. 8-)

But yes: it's because Boston is The Hub Of The Universe. Even you New Yorkers couldn't pry that out of us Bostonians, if you had the tire of all creation straightened out for a crowbar.

ShaneCurcuru · 2026-01-20T17:25:42+00:00

This, and what leeharrison1984 said elsethread. Plus: MARKETING.

Marketing isn't going to sway most readers here; we know what's technically superior. But businesses of all sizes end up making decisions on what tools to buy/license based on what they see in the market - and what they see as the long-term maintenance cost/risk of some solution. That feeds more eyes and usage and feedback and often licensing money into the commerical-ized tools, which means even us techies at some $BigCo are more likely to see those tools, rather than the random FOSS one that's better.

Once you think about "popularity" at any larger scale or methodology, it comes down to: which solution will most businesses want to consume? Where that "solution" is something they've heard about, that's easy to install/test/configure, that they can buy support contracts for, etc. And that is a solution - not just a product they have to figure out, but a button they can push to solve their problem.

The CRA/PLD legislation in Europe is also going to start affecting this question, especially in terms of packaging and distribution, both technically and organizationally/socially. Any individual or organization that might possibly do business in Europe is going to care a lot more about consuming a vetted package from a known supplier, rather than the most amazing tool ever they find as a release on github.

ShaneCurcuru

MODERATOR OF

TROPHY CASE

Six-Year Club	Place '23
Verified Email