OSS-Blacklist: A blacklist for keeping track of OSS hostile companies/organizations

qaz@lemmy.world to Open Source@lemmy.ml – 325 points –
OSS-Blacklist
codeberg.org

Just saw the discussion around the Haier Home Assistant takedown and thought it would be good to materialize the metaphorical blacklist.

64

You are viewing a single comment

As i understand google and Microsoft don't really fit here

Probably the definition should look something like: companies that proactively did actions towards harming open source culture/community/movement. Don't respect foss licensing, etc

I nominate Gitea for this one, for hijacking the project, and making it for profit organization

Also, Ultimate Guitar with their kido musescore, for basically trying to do the same thing that manga company is trying to do right now

And my favorite.. Facebook for their oculus privacy and for threatening to sue everyone who tries to jailbreak or modify their devices

Simple tools is probably not considered open source anymore

P.S. oh! Really also think about Proton, Brave, and Telegram

Three companies that are famous for saying they are foss, but in really it's often not exactly that

Proton's and telegram's servers are not foss

Telegram and brave had many instances of delaying publishing the source, even though they already updated the apps

Also, not sure how about now, but telegram is famous for having not reproducible builds, brave probably too

Proton's server code is not Open Source because it contains filter and anti spam detection which if released, would severely hamper their ability to detect spam and keep their users safe + detect abuse for their service.

Proton has had extensive security audits done and their claims have been backed up by independent third parties.

The definition should be further modified to include legitimate reasons for not open sourcing some code + having audits to back up claims.

Facebook has their reasons to keep stuff as closed as possible, and they don't claim to be opensource

But proton does, and it's not about privacy or security, but about using banner of foss just for their own benefit, and don't contribute what they claim to the foss community

They open source all of their clients (when not in beta). They maintain multiple open source cryptographic libraries, in multiple languages, which a lot of developers and companies go on to use. They have a yearly fundraiser for open source and digital rights groups, which they contribute a $100,000 to each year.

Just because their server code is not open source, doesn't mean they don't support open source. It's not an all or nothing situation. Binary thinking and classification is a very dangerous and naïve way to look at things.