What is broken is companies using open-source to build their products, expanding to billion dollars total revenue and not giving anything back in the long run.
This will - as shown in the latest example - come back to bite them.
It's the classic tragedy of the commons; everyone is willing to profit from the public good and nobody is willing to invest resources into it.
I agree. What's broken is liability of those companies relying on open source but not taking responsibility.
One way to hold them accountable is to apply regulatory pressure in case of security breaches, which has started to happen (albeit not nearly enough). Is there any other way I'm not seeing?
I'm not sure. Wouldn't that mean forcing the companies to pay someone to take that liability but not necessarily providing any benefit to the original software developers---like whatever Red Hat Enterprise Linux is called today?
Why should companies pay more than $0 for something the creators ask $0 for? That doesn’t make sense at all. Do you pay more than the asking price for stuff you buy?
Another way would be to enforce open-source requirements for any public spending including/producing code. You want a city to buy your traffic control system? Open source the code first. You want a state to use your voting machines? Open source your code first. Any public money going should necessitate that software being released as open source.
Not only would this lower the risk of fatally flawed public software projects, maintenance of these systems in the long run would also not depend on just one company with an artificial monopoly anymore. This would also create a healthy ecosystem of paid open source developers.
If you provide work/code for $0 then you yourself signal that your work is worth $0. So why should companies spend more than $0 on your work? If you truly think your work is worth more than $0 then put that in your licence for companies. It isn’t rocket science.
Human society has for thousands of years relied on unpaid voluntary labor. Be it taking care of the elderly, taking care of the sick and the poor, managing public spaces, organizing festivals, on and on and on. Human society is built on voluntary participation much more than on monetary incentives.
It's part of the capitalistic delusion that only what a price label has attached has worth; you are conflating "worthless" with "priceless".
Not at all. A lot of things have intrinsic value. Like the things you mention (taking care of the sick etc.) That is different from its market value (what people want to pay for it). The problem is that some OSS maintainers think they are the same, expecting the intrinsic value of their work to automatically convert into market value (them getting paid). That is not how it works.
Sorry, I don't know what you are referring to. Are you refuting any of my arguments? If so, please let me partake in your reasoning.
> The problem is that some OSS maintainers think they are the same, expecting the intrinsic value of their work to automatically convert into market value (them getting paid).
I don't think that this is what is currently happening, isn't it?
You don't hear the log4j maintainers complain that all these big companies leech of their work and they are owed. Many of these companies do make quite some nice profits and very seldom is the dollar that gets paid back voluntarily. And that's fine for pretty much every FOSS developer. Very seldom I hear about FOSS developers angry that companies use their product to make money. Usually these developers switch to different, commercial licenses.
Quite the contrary; it's these big tech companies that are in trouble. They are in trouble because they are liable. The log4j developers are not responsible for fixing these bugs. Why should they? FOSS licenses come with explicit denials of liability.
The big tech companies are in trouble because they saw something for free and saw that they would save the market value in expenses for a similar commercial product. But they forgot that they are also relying on voluntary labor that comes without responsibility by the authors. And now they are on the hook.
They should have recognized that by skimping on the dough and using FOSS software the same way they use commercial products they also took on unmitigated risk. And because they are so cheap, they didn't consider mitigating that risk by supporting the development of the software they so depend on.
If just one or two dozen companies had paid a measly few dollars every month to the developers of log4j, this could have all been avoided. But they were shortsighted and greedy, as capitalist companies have to be shortsighted and greedy. And now they have to own the mess they made.
Suites them right, I say. Though I doubt they will learn their lesson, don't you?
What is broken is companies using open-source to build their products, expanding to billion dollars total revenue and not giving anything back in the long run.
This will - as shown in the latest example - come back to bite them.
It's the classic tragedy of the commons; everyone is willing to profit from the public good and nobody is willing to invest resources into it.