I'd like to set some tone before I begin, primarily because I'm typically pretty bad at maintaining my tone throughout the course of a long response. I'd like to say that Eran Hammer holds a place on a rather short list of people that I particularly respect in the node community. He's been vocal on a number of issues, and I've always admired his ability to articulate and reason clearly through the various drama-llama moments that this community seems prone to.
I'd like to be clear that there are aspects of this transfer of ownership that I'm not terribly fond of either. However, even when not in total agreement, it's important to approach situations with fairness.
Ok, with that as context, I've in-lined my thoughts below:
Yesterday, to the surprise of the express community, the framework’s creator and longtime maintainer TJ Holowaychuk sold the project to StrongLoop, a commercial node services startup. The move came as a shock to the project active maintainers who have been responsible for the framework exclusively since early January.
This is the part that I basically agree with. It appears that the change of ownership was made on short notice to the current lead maintainer, and further, some of the details weren't communicated as clearly as intended. TJ has apologized for the miscommunication, and has posted additional information on what was communicated and when.
In a clumsy transfer of ownership, the people actually responsible for the last eight months of the project lost their commit rights (which was later restored).
Already, things get a little bit subjective ("clumsy") and, if the title didn't do it for you, it becomes pretty clear that this is a "gloves off" conversation. For all practical purposes, this point is really neither here nor there. As best I can tell, GitHub doesn't transfer maintainer rights when projects are transferred, and so it took some manual effort to restore these rights. But, it does make StrongLoop sound bad, though... so let's just throw it in for good measure.
In a blog post, StrongLoop announced the move as a great next step in the evolution of the project. The blog post masks a commercial transaction as an act of good will by calling it a “transfer of sponsorship”. If all they wanted was to “pitch in and help”, why did they need to take over and move the project? Why is their first public act a blog post and not a pull request?
This is big news. I would have loved to see the version of this response had StrongLoop not made a public statement about it immediately. I'll grant that the "sponsorship" terminology doesn't really paint the most accurate picture (although it is common terminology used by corporate stewards of Open Source projects).
There is no excuse for violating one of the basic rules of open source – taking a project away from its rightful maintainers. It is also bad form to sell open source maintainer rights (as opposed to trademarks which is pretty common, if obnoxious practice).
I have a very hard time agreeing with this. I sympathize with the sentiment here, but even the term "rightful maintainers" is based on a very short history (relative to the over 5 years of Express' commit history). Consider, also, that even the current maintainers didn't actually "own" Express. To the extent that you can actually "own" something with an MIT license, TJ did. What we really have here is a transfer of ownership of the domain, the GitHub repo, and the NPM module. If we're just talking about maintainer rights, all we saw happen is that more people were granted commit access.
I'm not saying all of that has zero side-effects; of course it does. But let's not pretend like we're violating some sacred tenant of Open Source. Personally, I love stories where people make money writing Open Source code. TJ taking a back seat for the last several months certainly muddies the situation, but when taking a more macro-level view, I think this is a success story.
The thing about successful open source projects is that their success doesn’t come from the project creator, but from the contributions and adoption of its community. Express’ success has much more to do with the people who chose to use it than the work of one individual, even if he “is responsible for ~95%+ of the project”.
It's true that nothing happens in a vacuum, but that is incredibly dismissive of the rather herculean effort that TJ personally put into the project (which, again, he initiated and owned). I'm just going to stress here, though, that I have 100% approved of Doug's recent leadership of the project, so I don't say any of this with the intention of diminishing his substantial contributions either.
As I previously stated, things got muddy when TJ backed away. But not so muddy that we can dogmatically assert that his absence for the last 6-7 months completely nullifies his ability to profit off of something that he created and maintained for the preceding 4 1/2 years.
When TJ Holowaychuk lost interest in maintaining Express, he did the right thing (for a change) by letting others take over and keep it going. In open source, that meant the project was no longer his, even if it was located under his GitHub account – a common practice when other people take over a project.
Thats a nice thought (minus the parenthetical snark), but Open Source doesn't work this way. The MIT license means anyone can look at it, fork it, modify it, and use it. But there's still a copyright in play, and that still had TJ's name on it. TJ didn't sell mine or anyone else's fork of the repo, but he has every legal right to sell the canonical repo that he owned since the project's inception.
Keeping a project under its original URL is a nice way to maintain continuity and give credit to the original author. It does not give that person the right to take control back without permission, especially not for the sole purpose of selling it to someone else. Not to mention the fact that Express already has a GitHub organization ready and eager to take over the project.
Of course, the URL has nothing to do with it; but see my previous comment. I'm not trying to be a punk (and I'll throw in the obligatory "I am not a lawyer" here), but for all practical, legal, and otherwise meaningful senses, TJ never gave up control in a way that required him to "take control back".
What makes this particular move worse, is the fact that ownership was transferred to a company that directly monetizes Express by selling both professional services and products built on top of it. It gives StrongLoop an unfair advantage over other companies providing node services by putting them in control of a key community asset. It creates a potential conflict of interest between promoting Express vs. their commercial framework LoopBack (which is built on top of Express).
This is one of the aspects that I'm personally less fond of as well. However, I'd like to point out that node itself is owned by Joyent, and NPM is owned by npm, Inc., both of which are commercial entities that benefit from their respective ownership claims (and, relevantly, both projects have benefited in return).
This isn't to say that corporate ownership doesn't introduce various risks, but at a minimum those risks are extremely mitigated by the MIT license. I would have liked to see Express officially turned over to the community, but if it was to go to a corporate steward, I think StrongLoop has as good of a track record in the node community as any.
I'm somewhat hesitant to touch this next facet, but since we're talking about conflicts of interest, am I the only one noticing that the most scathing diatribe on this exchange so far is from the maintainer of one of Express' most prominent alternatives?
This move only benefits StrongLoop and TJ Holowaychuk, and disadvantages the people who matter the most – the project active maintainers and its community.
StrongLoop and TJ Holowaychuk certainly benefit from this. It's not a bad thing when people and organizations benefit. Whether they're the exclusive beneficiaries over the long run, though, we'll have to wait and see.
Thanks for reading, I'm gonna go run for cover now.