Closed jezzsantos closed 10 months ago
If we select Option 3, then the private nuget could contain the source generator we have for converting API definitions into minimal API and MediatR handlers, plus a few other components needed in that call stack at runtime.
Without this component, some key interfaces would be missing in the open source.
If a savvy developer were to try and work around having that component included in their copy of the software, the author could remove it, and do their own wiring up.
The only reasonable mitigation to this (apart from putting something into the dual-license, is to make that harder to do than the cost of the license. If the cost was reasonably small like USD150, they perhaps would not bother. If the cost was higher, they may invest the time, as it will be seen as a technical challenge to please their paymasters.
With the component in the runtime, we could do a few things, depending on the strategy.
We could fail the runtime if the license key is invalid, for any number of reasons.
For example:
During the development of the web framework patterns, the code is changing rapidly. We leave all the code in the repository, in the open.
Once the patterns have stabilized, perhaps after we have some feedback from other developers on their look and feel. We move some of the components (e.g. Source Generators and extension methods) to a private repo, and remove them from the code base. We publish that nuget and take a dependency on it from that point. No license checking or anything, At this point we change the license of the main repo to be dual license and start accepting sponsorships.
We announce that we are charging for future uses, and start checking for license keys.
Beyond that we can get a little more creative about the checks and limitations.
If the package is not OSS and obfuscated, it doesn't even need to be a source generator, a plain library would be enough (unless you use code generation to make it better).
The three stages, unless the first is OSS, how do you envision folks adopting it? It seems like a "bait & switch" approach to get them to use the codebase and then changing the licensing to monetize. I doubt this will be well received.
@kzu Yeah agreed. The source generator is currently a vital part of the API layer, and there will be other parts emerging soon. Just did not want to put too much in that package that cannot be seen by the users of the codebase.
So i am telling myself that there is some kind of balance to strike in what goes in it. I think it would need some base types (or other things) from the domain layer for it to be effective enough (can skip the Application layer). Im also investing heavily in providing a few Roslyn analysers to enforce dependency directions and vertical coupling, so they can go there too.
The trick will be striking a balance with having enough in it to prevent someone removing the dependency on this package and reverse engineering what it provides. Versus only just enough not to have to see it.
About the bait and switch. Definitely not the intention.
Right now, I believe that the repo (as a useful whole) does not have any value. I will mark it PreRelease to make that clear.
At some point that will change, is the intention. So part two and three need to happen before that point, and I think Ill need to do a good job of being transparent about what it is and why it is there to mitigate the critics.
Given that there is much to do before this really matters, do you think I need to do anything sooner than later?
Reverse engineering of what's happening is pretty much guaranteed. Emitting source generated files for inspection (and therefore copying) Is supported OOB by Roslyn, so that doesn't add a hard layer to overcome.
Perhaps the annoyance is just enough to make the customer pause and think whether they are OK with the legal risk, but that's about as much guarantee you can have, IMHO.
Yeah, I cannot disagree with any of that. Sadly its true.
The way I am thinking about it is this at the moment:
So I think it's a balance to strike. I see no foolproof way, and no certainty in a any direction.
Do you think its worth moving forward with that set of assumptions?
Yeah, that sounds like the best course of action. I'm usually more in favor of recurring revenue to ensure the project can continue evolving over time, without having to resort to adding never-ending "features" just to entice users to pay for upgrades (like Office used to before the subscription model).
When the code template is nearing its completed state, it will represent significant value to those who wish to use it. Estimates (from past initatives), put the codebase at about 70,000 LOC. Which coarsely equates to about 700-7000 days of work (depending on your measure of production lines of code per day (10 LOC/day -100LOC/day). Conservatively, that's ~2 years of work, that you would have to spend achieving a similar outcome, if you started from scratch.
Caveat, albeit many of the available components, specifically some of the technology adapters included in this codebase, may never be used, and can be deducted from that estimate.
Thus, an appropriate financial contribution could be accepted by the buyer for the time saving to their business.
This contribution (in whatever form) would ideally be a one-off amount (rather than recurring), and it could also be per usage (i.e. per product used).
The code template, in its entire form, would need to remain available (open-sourced) to browse and examine by the buyer. This is believed to be necessary in order to feel confident judging its value, and in purchasing it.
It would also need to be licensed, (e.g. Unlicensed or MIT), such that ALL rights are transferrable to the buyer, to do as they please, with no limitations.
However, being fully available (to browse), presents a challenge in collecting contributions, since those obtaining it can easily do that without incurring any contribution back. There is no mechanism in this platform to help with that.
Option 1: Fully open source it
Expectations:
Cons:
Option 2: Make it a standard paid-for-product
Expectations:
Cons:
Option 3: Open source it with dual license
Expectations:
Cons: