I think the definition of FOSS used here is tendentious: some of these projects (which I have no particular attachment to) are marked as "not FOSS" or "issues exist" because they have components that are disconnected from the basic nature of free and open source software itself.
A recurring one here seems to be that proprietary builds somehow make a project not FOSS. But this is how it's always worked: Red Hat doesn't sell FOSS source, they sell a subscription to a distribution (RHEL) that includes managed, maintained builds. That distribution is in turn restricted[1], while the source behind it remains free.
Perhaps there's an argument to be made that the definition of FOSS should be stronger, and should include some kind of binary freedom, lack of trademark restrictions, etc. But that's not how the term is conventionally applied, and glossing over that convention seems roughly as contentious as when companies try to split the baby and rewrite "open source" to include anti-competitive terms.
In those situations, could someone easily just fork the project, offer builds, and now their version of the project is ideal? If it's easy to do that then it seems like a good ideal. If it is difficult to do then their right it is an 'issue'.
liquidgecka · 32m ago
… isn’t that basically what CentOS did in the early days?
koolala · 28m ago
What happened? Why did it stop being easy and some people say "CentOS Linux is dead—and Red Hat says Stream is “not a replacement”?
If the company no longer makes it easy that's a big issue. On a list like this, CentOS would appear next to Red Hat Linux Enterprise.
burnt-resistor · 2h ago
One to add: NanoKVM is definitely fake FOSS. It dials home to download a serialized, opaque library. NanoKVM: The S stands for Securityhttps://youtu.be/plJGZQ35Q6I
Many people also seem to think Atlassian Jira and Confluence are OSS when they're absolutely not.
stephen_g · 32m ago
Atlassian stuff never was, they do offer free licenses to use their cloud products to open source projects though - perhaps that's the confusion?
pkaeding · 11m ago
They also used to offer source downloads to paying customers, but never claimed to be open source, because the licence they gave to customers to access that source did not allow for distribution. (It was meant for auditing, and help in building extensions, I think)
snvzz · 1h ago
The vid is old and they made some promise to open source things later.
I wonder if it ever happened. I did withhold my purchase back then just because I'd rather wait for open source than buy some device I cannot trust.
evanjrowley · 1h ago
F-Droid, the FOSS-centric alternative app store for Android, provides similar information for each app. F-Droid goes a bit farther on things mobile users care about, like calling out if an app sends telemetry or requires a paid subscription. I like that this Is it really FOSS? project examines a project's potential impact on the FOSS community by questioning whether it is VC-funded, requires a CLA, and other interesting characteristics like that.
aguacaterojo · 8m ago
One one hand it's probably a good thing to have open source police. On the other hand, not quite open source was the correct choice for a lot of these projects.
kiitos · 57m ago
oh good a purity test for OSS projects, this is exactly what's needed in the ecosystem, and will surely have a positive impact
jeeyoungk · 8m ago
I think this is really unfair, in the current day and age, especially when there are "Open Weight Models" that are bending the definition of the FOSS.
I don't have a skin in the game, but I personally think that the definition of FOSS is too rigid and strict and is not evolving. There has been many challenges over time (LGPL's linking exception, tivoization, AGPL trying to fight against SaaS, Open Core business models, ...); and we are really bestowing very harsh moral standards for people who are trying to do the right thing.
For me, Sentry, being 10+ years in its existence (I used it ever since its logo was a Starcraft II unit), never participated in the usual enshitification of the software, being labeled as "NOPE" is disingenuous. I would gladly pay for Sentry because I love the software, and I also know that if shit hits the fan, I can self-host it (though the configuration for self-hosting got progressively difficult over time, but that's the complexity of modern SaaS stack). I can make similar arguments to other tools in this site that I'm familiar with.
firesteelrain · 20m ago
Free but free to sustain? No way. Sometimes there are companies that accompany a paid, Enterprise version (HashiCorp, GitLab).
You get what you pay for
koolala · 19m ago
What about the singularity? When AI can maintain any program?
dragonwriter · 15m ago
Even should that occur, AI isn't and wouldn't in that case be free of cost.
koolala · 2m ago
Even if it solved its own energy crisis? Could it ever unquestionably deserve sovereignty? At the very least on git pull requests as an individual global contributor?
zzo38computer · 39m ago
I got banned permanently from this server (with no explanation of why). However, it look like it is also on Codeberg, which I am not banned from (although many of the links are incorrect when viewed on Codeberg (at least if JavaScripts are disabled), it still works).
I think these articles are good, but I do have some other comments.
For some programs, there is the possibility that some parts can potentially work without non-FOSS but is difficult to separate. (This can also be a different problem in case you only want one part of the program.)
A program can also be Free but "trapped", in case it requires proprietary compilers to compile it (although it is often possible to work around this; sometimes easily and sometimes more difficult).
For some games that have non-FOSS parts, there is also the issue of if the non-FOSS parts can execute arbitrary code or otherwise do things outside of the game itself, that is not necessarily desirable (e.g. a Game Boy Advance emulator might be FOSS, although the programs it emulates might or might not be FOSS, but either way do not affect the rest of the computer nor the internet and other stuff like that); and, also the consideration of whether the software can be used without the non-FOSS parts (if you can replace them; e.g. a FOSS game engine might be made as a clone of a non-FOSS game engine that can use the original game files but you can also make your own fully FOSS games using it too).
There is also some that may require non-FOSS to access, even if the software itself is FOSS. Proprietary (or overly complicated, even if FOSS) communication channels are also not mentioned (although another comment on here does mention it), and I think it probably is a concern (not one that necessarily makes the project itself to be not FOSS, but still might be worth mentioning), even if it does not make the program itself to be not FOSS, it can make it difficult to contribute or to use it.
Being FOSS does not necessarily mean that you intend to run the program on your computer; you might only want to view the code, or modify it before running it, or use your own program (or a different FOSS program) as a substitute.
Programs can be "open core" but the non-FOSS part is still clearly distinct from it (which is the case for SQLite). (In the case of SQLite, they also mention the non-FOSS test suite; they are not needed to run the program, but it may make it difficult to make your own changes and then test it. However, some programs do not have a real test suite at all, anyways.)
exiguus · 2h ago
You can add a new project to the website by creating an issue [1].
I think this is not particularly impartial. Sentry is marked as "NOPE" even though it is basically open source (any commit older than two years is), yet projects that are open core forever are "issues exist" and "partially".
JoshTriplett · 32m ago
> Sentry is marked as "NOPE" even though it is basically open source (any commit older than two years is),
In other words, current Sentry isn't Open Source, but old versions are available. I think it's a fair characterization that Sentry is not Open Source, unless there's an actual community around the Open Source version.
koolala · 32m ago
Why is this project switching its license 2 years ago during development not a problem? What is good about Sentry? edit: Oh you mean rolling time windows.
lytedev · 1h ago
Wouldn't "partially" be fair? Since not ALL of the project is, but only source of a certain age?
the_mitsuhiko · 1h ago
That in my mind would be a much fairer categorization.
hk1337 · 28m ago
> The project is licensed under an FSL-1.1-Apache-2.0 license which, for two years after release, prevents use, modification and distribution when done in a range of ways which may compete with the original project.
The current license for sentry seems to be a large part of the reason for the nope.
They give a pretty detailed explanation of the decision.
It’s still a good product.
oever · 1h ago
This project's source code is hosted on Codeberg, which runs on the FOSS forge Forgejo.
This is a big improvement over projects that are hosted on GitHub. For those, the license may be FOSS, but the spirit is not, because anyone that wants to contribute upstream is lured onto a proprietary platform.
The license and terms of service of a project's community communication channels are not listed under the concerns. (https://isitreallyfoss.com/concerns/) This is understandable: traditionally and strictly, the license is the only thing that matters.
einpoklum · 1h ago
Some entries are at best confusing, and at worst misinforming.
The common case is considering projects which have one element that is FOSS and another that isn't. For example: ProtonMail, who apparently offer a FOSS mail client. They never presumed to offer mail server software; and FOSS mail server software is available. So a button calling them out for not being really FOSS kind of misses the mark. You don't see an entry like that for, say, GMail - so if Proton did not provide a client at all, they would have faired better.
Another specific case is that of Signal. The client and server are FOSS, but they're designed for no federation, so you can't (?) use a modified Signal client with the vanilla clients, and you definitely can't add a server to the network. This effectively prevents modified versions of Signal from being usable. So, is it really FOSS? The site's verdict is: Unqualified yes, Green button.
re · 36m ago
> ProtonMail, who apparently offer a FOSS mail client. They never presumed to offer mail server software
The website justifiably cites this website marketing copy as misleading: "All Proton services are open source and independently audited for security." https://proton.me/mail If that's supposed to only apply to the mail client (which isn't specifically mentioned on that page), it's incredibly unclear.
1970-01-01 · 1h ago
You missed how there are five possible answers for a binary yes/no question. The site is confusing by design.
Signal I suppose is open source, but doesn't it contain closed source Google binary blobs? It also routes through closed source notification libraries
SchemaLoad · 1h ago
Pretty sure it's impossible to not use closed source Google or Apple pieces for a functional app these days. Last I looked in to it, the only way to actually deliver notifications is to run through Google or Apple since the OSs don't want every app running their own background processes draining battery.
singpolyma3 · 34m ago
On iOS that's basically true, but on android there are a lot of battery preserving options
warkdarrior · 36m ago
Practical concerns must not matter for a purity test.
sho_hn · 2h ago
Now add an "open source" LLM.
nailer · 1h ago
I think you’re being downvoted because not everybody on HN knows that Llama is not open source, despite Yan LeCunn ignoring the OSI and continually attempting to tell everyone it is.
My wife is Venezuelan, and when they think something smells they say Foss. It's a never ending source of amusing when I'm browsing hn. She will love this site.
A recurring one here seems to be that proprietary builds somehow make a project not FOSS. But this is how it's always worked: Red Hat doesn't sell FOSS source, they sell a subscription to a distribution (RHEL) that includes managed, maintained builds. That distribution is in turn restricted[1], while the source behind it remains free.
Perhaps there's an argument to be made that the definition of FOSS should be stronger, and should include some kind of binary freedom, lack of trademark restrictions, etc. But that's not how the term is conventionally applied, and glossing over that convention seems roughly as contentious as when companies try to split the baby and rewrite "open source" to include anti-competitive terms.
[1]: https://www.redhat.com/en/resources/red-hat-enterprise-linux...
If the company no longer makes it easy that's a big issue. On a list like this, CentOS would appear next to Red Hat Linux Enterprise.
Many people also seem to think Atlassian Jira and Confluence are OSS when they're absolutely not.
I wonder if it ever happened. I did withhold my purchase back then just because I'd rather wait for open source than buy some device I cannot trust.
I don't have a skin in the game, but I personally think that the definition of FOSS is too rigid and strict and is not evolving. There has been many challenges over time (LGPL's linking exception, tivoization, AGPL trying to fight against SaaS, Open Core business models, ...); and we are really bestowing very harsh moral standards for people who are trying to do the right thing.
For me, Sentry, being 10+ years in its existence (I used it ever since its logo was a Starcraft II unit), never participated in the usual enshitification of the software, being labeled as "NOPE" is disingenuous. I would gladly pay for Sentry because I love the software, and I also know that if shit hits the fan, I can self-host it (though the configuration for self-hosting got progressively difficult over time, but that's the complexity of modern SaaS stack). I can make similar arguments to other tools in this site that I'm familiar with.
You get what you pay for
I think these articles are good, but I do have some other comments.
For some programs, there is the possibility that some parts can potentially work without non-FOSS but is difficult to separate. (This can also be a different problem in case you only want one part of the program.)
A program can also be Free but "trapped", in case it requires proprietary compilers to compile it (although it is often possible to work around this; sometimes easily and sometimes more difficult).
For some games that have non-FOSS parts, there is also the issue of if the non-FOSS parts can execute arbitrary code or otherwise do things outside of the game itself, that is not necessarily desirable (e.g. a Game Boy Advance emulator might be FOSS, although the programs it emulates might or might not be FOSS, but either way do not affect the rest of the computer nor the internet and other stuff like that); and, also the consideration of whether the software can be used without the non-FOSS parts (if you can replace them; e.g. a FOSS game engine might be made as a clone of a non-FOSS game engine that can use the original game files but you can also make your own fully FOSS games using it too).
There is also some that may require non-FOSS to access, even if the software itself is FOSS. Proprietary (or overly complicated, even if FOSS) communication channels are also not mentioned (although another comment on here does mention it), and I think it probably is a concern (not one that necessarily makes the project itself to be not FOSS, but still might be worth mentioning), even if it does not make the program itself to be not FOSS, it can make it difficult to contribute or to use it.
Being FOSS does not necessarily mean that you intend to run the program on your computer; you might only want to view the code, or modify it before running it, or use your own program (or a different FOSS program) as a substitute.
Programs can be "open core" but the non-FOSS part is still clearly distinct from it (which is the case for SQLite). (In the case of SQLite, they also mention the non-FOSS test suite; they are not needed to run the program, but it may make it difficult to make your own changes and then test it. However, some programs do not have a real test suite at all, anyways.)
[1] https://codeberg.org/danb/isitreallyfoss/issues
In other words, current Sentry isn't Open Source, but old versions are available. I think it's a fair characterization that Sentry is not Open Source, unless there's an actual community around the Open Source version.
The current license for sentry seems to be a large part of the reason for the nope.
They give a pretty detailed explanation of the decision.
It’s still a good product.
This is a big improvement over projects that are hosted on GitHub. For those, the license may be FOSS, but the spirit is not, because anyone that wants to contribute upstream is lured onto a proprietary platform.
The license and terms of service of a project's community communication channels are not listed under the concerns. (https://isitreallyfoss.com/concerns/) This is understandable: traditionally and strictly, the license is the only thing that matters.
The common case is considering projects which have one element that is FOSS and another that isn't. For example: ProtonMail, who apparently offer a FOSS mail client. They never presumed to offer mail server software; and FOSS mail server software is available. So a button calling them out for not being really FOSS kind of misses the mark. You don't see an entry like that for, say, GMail - so if Proton did not provide a client at all, they would have faired better.
Another specific case is that of Signal. The client and server are FOSS, but they're designed for no federation, so you can't (?) use a modified Signal client with the vanilla clients, and you definitely can't add a server to the network. This effectively prevents modified versions of Signal from being usable. So, is it really FOSS? The site's verdict is: Unqualified yes, Green button.
The website justifiably cites this website marketing copy as misleading: "All Proton services are open source and independently audited for security." https://proton.me/mail If that's supposed to only apply to the mail client (which isn't specifically mentioned on that page), it's incredibly unclear.
https://isitreallyfoss.com/about/categorisation/
https://opensource.org/blog/metas-llama-2-license-is-not-ope...
https://opensource.org/blog/metas-llama-license-is-still-not...
https://www.downloadableisnotopensource.org/