> For example, I could use opensource internally, add features to it but I dont have to submit those changes back to the main source for others to use. Not only that who is going to police it? Its not like there is some magic open source police who will police my computer is there?!?
There is nothing to police. You making changes and not releasing them is perfectly within your rights. You can even distribute binaries with your changes legally.
> So sure whilst the statement is true that Open Source runs most of the internet, the companies using it like Facebook or Google are not under any legal obligation to submit any changes back to the public domain for the greater good under some of those contracts.
That depends. Both named companies have a global ban for anything using the AGPL license family. Except from that, you might be right that they aren't obligated to distribute their changes. You might find, however, that they do so anyways. It's much easier to merge your changes upstream than to maintain an internal fork indefinetly. And by merging the changes upstream everyone else profits.
You seem to have a very warped view of what open source software and free software is about, and what rights the users may have or not have.
My point is this, if the OSS remuneration situation were better would we have seen HeartBleed or other CVE's?
There are a lot of falsehoods in the OSS domain, like its better for security.
https://www.cvedetails.com/top-50-product-cvssscore-distribu...
Just looking at paid out Bug Bounties gives you an idea of how hard it is to get appropriate levels of remuneration as a vendors own bug bounty is outbid.
So whilst the call to arms to get paid for OSS submissions is noble, its still a flawed business model for most "professional" maintainers. I know there is a culture at Uni's to maintain OSS but they dont have the experience which we see in the quality of the code output.
There is nothing to police. You making changes and not releasing them is perfectly within your rights. You can even distribute binaries with your changes legally.
> So sure whilst the statement is true that Open Source runs most of the internet, the companies using it like Facebook or Google are not under any legal obligation to submit any changes back to the public domain for the greater good under some of those contracts.
That depends. Both named companies have a global ban for anything using the AGPL license family. Except from that, you might be right that they aren't obligated to distribute their changes. You might find, however, that they do so anyways. It's much easier to merge your changes upstream than to maintain an internal fork indefinetly. And by merging the changes upstream everyone else profits.
You seem to have a very warped view of what open source software and free software is about, and what rights the users may have or not have.