search

NuGet / NuGetGallery

NuGet Gallery is a package repository that powers https://www.nuget.org. Use this repo for reporting NuGet.org issues.
https://www.nuget.org/
Apache License 2.0
1.55k stars 645 forks source link

[Feature]: Sign up / pay for licences when using opensource projects in medium to big enterprise companies #9265

Open KennethDotNet opened 2 years ago

KennethDotNet commented 2 years ago

Related Problem

I work for a small company and sometimes we come over projects (like dueende and epplus and more) where I would like to pay licences directly to the OSS when downloading the nuget package. In azure devops we could ha a licence collection for the company. Microsoft/Nuget could bill the company over the azure bill (even taking a handling fee, which we would gladly pay for making it easy for both the company and the oss project).

The Elevator Pitch

If nuget worked like an app store it would greatly help OSS projects to collect licences fees from companies. Nuget would enable OSS project to actually make a living of their passion. Companies needs to support OSS by paying licences when having the revenue to do so.

Additional Context and Details

No response

joelverhagen commented 2 years ago

Hey @KennethDotNet, thanks for the suggestion. I think there are a lot of moving parts here that are currently outside of the team's expertise: billing in general, integration with Azure subscriptions, how to surface/enforce billing in our various client and browser experiences, etc. As a team, this is pretty far from our area of expertise so we'd need a lot of help from partners at Microsoft to make this happen.

Our current role in the ecosystem, put simply, is a package host. We have extensive investments in security, trust, and availability but we've not invested as much in the OSS sustainability or more plainly monetization of NuGet packages. I think the closest thing we have is not getting in the way of any licensing strategy package authors want to cook up on their own and bake into their README or license text.

I'm happy to continue the discussion to gather upvotes and more voices, but I can't realistically commit to this in the near term given our other priorities. Please feel free to share this issue link around to gather upvotes so we can prioritize it appropriately. As a side note, we use GitHub upvotes as a tool to prioritize new features.

Instead of building a new subscription/payment portal, what are your thoughts on simply leveraging an existing flow like GitHub Sponsors or Open Collective? For example, NuGet could add a "sponsor URL" to the metadata model, allow package authors to bake it into their package metadata, and then we could show it on the website and VS UI. VS Code recently shipped this for VS Code extensions and I think it's been pretty successful, adoption-wise.

Also, what are your thoughts on the looking for funding flow in npm? Do you like it? Is that what you envision for a NuGet license feature? How do other ecosystems address this problem? This sort of information would be great to include in your proposal as "prior art".

What sort of enforcement do you imagine? DRM/or runtime license checks? Honor system? Currently, there is absolutely no auth for NuGet.org package consumption so I wonder how (if at all) we as stewards of the NuGet package ecosystem would make sure "medium to big enterprise companies" aren't abusing the system. I don't know how we, as the "marketplace" in your suggestion, could even react to "theft" or inappropriate package usage since package consumers do not identify themselves.

I wanted to leave my raw thoughts here since you kindly took the time to make this suggestion. I appreciate your consideration of the health of our ecosystem!

KennethDotNet commented 2 years ago

Hi, Thanks @joelverhagen for using your time to answer my question. I really appreciate it.

I know my proposal was short and not so sweet, but I wanted to start an community discussion and leave it open to be concluded. I know posting it here could possible be wrong, but this is the first place, as a developer, you get in contact with a OSS project.

My premise is companies using OSS project which has a licence like the PolyForm Noncommercial License or with a revenue minimum limit should pay monthly licence fees.

I do not think companies in large are interested in breaching a licence and would pay for OSS projects they use. A honor system can work fine for this audience. I do not believe most companies or people are evil ,but if they do not have to pay a licence they will not.

To make this idea work it must be easy for a developer in a company to sign up and pay for that licence, Without having new contracts, legal department and so on involved.

My first thought was paying over the azure bill.
Have a "Pay over azure" button that can be used to sign in and choose number of developers to pay for each month. And yes I know its not just to add a button...... Then it would be easy for the developer/department to pay for new projects, and the OSS project will get steady monthly income.

This is my main point I think. Steady monthly income for OSS projects who wants companies, which earns money from their project, to pay a licence fee.

Sponsor / Open Collective, should be promoted and used, but I do think we would have more sustainability if companies paid for the OSS project they use, not because they can, but because they morally and legally have to.

Npm fund (looking for funding) is a nice feature, but I feel the same as above. We could have a "Looking for funding" button in the installed tab (vs studio).

I wonder if the reason we have all these ways to "sponsor" OSS projects is because we do not have a good way to make companies pay a licence.

Again thank you for your "raw thoughts" and your time. I really appropriate your opinion on this.