Keygen is now Fair SourceStar us on GitHub arrow_right_alt

Whither Open Source?

Wednesday, February 19th 2025Avatar for the author, Zeke Gabrielse, Founder of KeygenZeke Gabrielse, Founder of Keygen

Commercial open source software (COSS) has become an increasingly popular model for businesses, especially for venture-backed startups. COSS allows businesses to tap into the unparalleled distribution model that is open source, to build vibrant communities around their core products which fuel product-led growth, and to ultimately reach product-market fit much faster than closed source models.

However, there's a dark side to the model that many eventually come to realize: you often have to lie to make it work.

This lie is primarily perpetuated through the GNU Affero General Public License, commonly referred to as the AGPL or AGPLv3.

The AGPL is a strong, networked copyleft license that was designed to prioritize user freedom above all else. It's the strongest copyleft license in existence right now that is considered "open source."

But the truth is, the AGPL isn't used to increase user freedom — it's used to restrict it, primarily through its legal ambiguities. It's used to protect the business from competition, and limit the effects of open source monetization acting as a loss leader.

The AGPL, how it's often used, isn't some noble license for collaboration and freedom. Instead, it's a weaponized license, twisted to restrict use and prevent competition, all while masquerading as "open source."

It's not being used to increase freedom — it's being used to create a legal moat that prevents others from freely using and building on the software. The AGPL is used like an UNO reverse card to its intended purpose. In reality, the AGPL doesn't afford more rights to users — it restricts them — creating a mockery of free software.

So let's start off by reflecting on and acknowledging that.

In practice, the AGPL is nothing more than an OSI-approved source-available license. Despite being marketed as "open source," AGPL's effect is similar to that of a source-available license — one that restricts usage and prevents competition. The key difference is that AGPL has the coveted OSI approval stamp, which makes it seem blanket aligned with open source values.

However, it doesn't align — it's just like other source-available licenses that the open source and free software communities often criticize. The latter licenses just say the quiet part out loud.

So let's also acknowledge that.

Now, there's nothing inherently wrong with source-available licenses, nor with limiting how software can be used commercially.

Keygen itself has been under a source-available license for the past two years — first the ELv2, now the FCL — both of which have restrictions, particularly regarding competition.

But where the AGPL — a license which also restricts use — becomes problematic is in the cognitive dissonance it creates.

To sustain a COSS business under AGPL, there's a need to hide true intentions — to beat around the bush, so to speak. While AGPL isn't explicitly designed to prevent competition or restrict use, it effectively does so. It creates legal barriers that limit how others can use the software, all while claiming to be "open source."

Why exactly this has become a reality is multi-faceted.

The AGPL, as it's written, has some ambiguities around what exactly triggers the networked copyleft clause. Due to this, enterprises like Google have banned AGPL from their organizations entirely, which has led to a general fear and uncertainty in regard to AGPL's reach.

"If Google can't use AGPL, is it safe for me?", they murmur.

All the while, COSS businesses lean into this fear and uncertainty in hopes of profiting off of it. This is not transparency — it's deceit, plain and simple. The product is being presented as "open source" while actively undermining the principles of open source itself.

Frankly, it's disgraceful.

You may argue that some COSS founders don't know this. That they're oblivious, or that they're simply following what other COSS founders do. But ignorance is not an excuse. You should understand the rules of engagement for your business.

The allure of the AGPL is that these veiled restrictions protect the business, and deep down, businesses know that commercial open source usually won't work without such restrictions.

Without it, enterprises would be able to freely self-host the software, not give back, and become free-riders. And without a CLA tacked on, competition might even emerge. So the application of the AGPL is defensive then, not progressive.

And COSS businesses that don't use the AGPL, given enough time, encounter a recurring problem: without the real-world restrictions of the AGPL, more permissive licenses like Apache 2.0 and MIT often lead to free-riders, to competition, to unsustainability — and eventually, like clockwork, to a relicense to stop the inevitable bleed.

The reality is that, most of the time, permissive licenses don't work for COSS. History has shown us this reality time and time again. Granted, there are exceptions. But given enough time, perhaps there aren't.

And so the cycle continues.

There's nothing wrong with wanting to fix these problems. There's nothing wrong with wanting to profit off of your software. However, sacrificing your integrity to use "open source" when others, doing essentially the same thing, cannot, is wrong.

But fortunately, these problems can be avoided entirely by choosing the right license from the start, ending the cycle.

This is where fair source comes in.

With fair source, there's no need to hide behind vague legal terms. No need to manipulate the community or mislead users. The business can actually be honest about the terms of the software and still build a successful, sustainable business.

Fair source offers users what they want: the freedom to self-host. Like COSS, it's typically a loss leader, but unlike COSS, it has clear, honest rules of engagement regarding competition and monetization — a distinction achieved through a simple non-compete clause.

Created by people who love open source, fair source attempts to balance the spirit of open source with sustainability.

This balance is realized through a process that involves becoming open source after a set period of time, typically two years, through delayed open source publication (DOSP).

Though it isn't open source at first, it eventually will be.

Unlike open core, all proprietary features are eventually open sourced, ensuring that paying customers aren't left in the dark[1] if and when the company pivots or shuts down. This addresses the backwards relationship open core has with users and customers.

There's no legal ambiguity, no empty promises of “longevity” left up to chance. With clear rules, fair source guarantees that, after two years, all proprietary code will become fully open, ensuring that customers, users, and the business can all win.

By adopting fair source, businesses can protect their business model without resorting to legal manipulation or deceitful practices. Rather, you do this crazy thing where you just say what you mean.

The reality is clear: COSS, as it stands today, is a broken model. It's time to let go of the old guard and embrace the future —

Fair source is the better COSS.

[1]: Shout out to Bryan Cantrill for introducing me to the word "whither."

© 2016–2025 Keygen LLC – All Rights Reserved – Reach out <[email protected]>