Open Source Projects Face “Feudal” Power Dynamics as Rug Pulls Increase, Experts Warn
Brussels, Belgium – A growing trend of companies altering the licenses of open-source projects – often referred to as “rug pulls” - is creating a precarious landscape for developers and users, mirroring “feudal” power dynamics, according to speakers at the Open Source Summit Europe (OSSEU) this week. The concern centers around the potential for companies to exert undue control over software relied upon by a broad community, and the strategies to mitigate this risk.
Speaking at the conference, a panel discussed warning signs and potential defenses against these license changes. A key indicator of potential issues, according to the discussion, is the use of Contributor License Agreements (CLAs). These agreements grant the company involved the power to relicense the software, creating a power imbalance. Projects utilizing a Developers Certificate of Origin, conversely, are seen as less susceptible to such maneuvers.
Governance structure also plays a critical role. While projects housed under foundations offer some protection, the panel cautioned that control by a single company can still lead to unexpected outcomes. The Cortex project, originally under the Cloud Native Computing Foundation, serves as a case study; Grafana ultimately forked the project to create Mimir. Neutral governance, with leadership from multiple organizations, was highlighted as a preferable model.
The health of a project’s contributor base is another crucial factor. A robust and diverse group of contributors increases sustainability and reduces the likelihood of a single entity dictating the project’s future. Resources like the CHAOSS project, which provides metrics for evaluating project viability, and its associated “practitioner guides”, were mentioned as tools for assessing and improving project health.
The panel noted that the increasing dominance of major cloud providers is exacerbating these power imbalances, leading to a more “feudal” system. While companies can leverage relicensing to counter the influence of these providers, doing so at the expense of contributors is counterproductive.
However, contributors are not powerless. The ability to “fork” a project – creating a new, self-reliant version – was repeatedly emphasized as a significant deterrent. The success of forks like Valkey and OpenTofu reportedly prompted at least one company to reconsider a planned relicensing action.
“The ability to fork has the effect of making companies think harder, knowing that there may be consequences that follow a rug pull,” the panelist stated.
Dirk Hohndel added that actively contributing to a project, rather than passively participating, is essential. “Anybody who just sits back within a project…is just a passenger; it is indeed better to be driving.”
Slides from the presentation are available for further review.
[The linux Foundation sponsored LWN’s travel to this event.]
