The FOSS mismatch
In light of the XZ Utils backdoor, another frantic wave of discussion, ideas and initiatives was started, that deal with the role of FOSS in society. As in earlier incidents, like Log4Shell, so many angles and vast scope are discussed in a cacophony of voices, that this overwhelms bascically everyone.
That in turn gives people saying “Let’s start here, for Christ’s sake”, and they leave out much of the nuance. @onepict in her article “A Few thoughts on FOSS Sustainability” provides some examples of that (e.g. a “mental health foundation for burnt-out maintainers to turn to”). Also tired decades-old arguments are reiterated over and over again, as is common in FOSS (e.g. “companies must donate to the projects they depend on”). There’s nothing wrong with these arguments, but they are “tired” because in all these years we didn’t manage to bring about an environment where that actually happens.
So, with a sigh, we attach another XKCD-2347 reference…
It is clear that FOSS, with its own culture and values, things are very different than in the business world (esp. in all those places where hypercapitalism festers). FOSS wants to spread its mindshare, and its advocacy has seen (thus far limited) success in companies embracing FOSS’y aspects. Same is true for Governments, with - recently - more success, as governmental institutions increasingly recognize the crucial role of FOSS in society.
There remains a huge mismatch between FOSS movement on one hand, and Business plus Government on the other hand. How do we bridge that gap?
FOSS realm and interfaces
In this topic I want to muse on an analogy that may be used to bridge the divide.
The XZ debacle is such problem because of adoption by Business and Government (the XKCD stack cartoon), without properly taking into account all the concerns that usually play a role in B2B and B2G relationships. In other words a myopia that when dealing with FOSS similar concerns also need to be made. In these relationships we should take Gov + Biz separately, they are not the same. We have:
- FOSS ← → Business (F2B interface)
- FOSS ← → Government (F2G interface)
On F2G there’s more progression to look at funding initiatives, and the realization of Governments that this is essential. On the F2B front, not so much.
When a Business acquires products & services from another Business, then the B2B interface is well-understood. It is just the “natural way of doing business” (with all its hypercapitalist flaws, of course).
In this B2B the obligations and liabilities are between the companies. The employees are shielded from that. They have obligations only to the business they work at. It is the business that provides them a healthy work environment.
It is the task of the business to deliver QoS, and manage risks. If the employee gets sick, the business should not go bankrupt, etc. So internally they ensure that other employees can take over.
This is all kinda obvious. We are used to that. But I’m mentioning, because all that breaks down when there’s a F2B relationship. On both sides of the interface people walk in territory they haven’t properly explored.
FOSS has its own culture, values, fosters reciprocal relationships and focuses on empowerment of the Commons. It wants to safeguard those within its realm. It wants to spread those values about (grow the mindshare). But in doing so it bumps against F2B interface where Biz + Hypercapitalism sits on the other side, who fundamentally don’t understand this mindset.
FOSS-to-Business relationship
[TODO]