The article I’m linking today is authored by Aaron Stannard and focuses on the drama currently going on in the .NET Open Source ecosystem. We’ve all been there. A dependency we took aeons ago goes unmaintained or changes its licensing model. Why does this happen? Because at some point, projects need to become sustainable or else they fail.

[…] it’s inexpensive for maintainers to support a small number of users with relatively similar demands - but once a project achieves critical mass and the demand on the maintainers exceeds their desire to supply, something will have to give.

Case in point, IdentityServer. The license change was, in my opinion, long overdue. The new agreement is very reasonable; the package remains free for most users. I understand the so-called “Procurement Rage.”

[…] once maintainers affix a dollar amount as the entry fee to benefit from all of their institutionalized knowledge and expertise developers now have no choice other than violating the license terms (legal won’t stand for that) or dealing with the procurement bureaucracy to allocate company money for the purchase.

Procurement is undoubtedly an obstacle to open-source adoption within the Enterprise. Yet, it is true that there is no such a thing as a free lunch. Either be prepared to pay or send some value back to your dependencies, in one form or another (the article lists several great options). The conclusion is just perfect:

Creating virtuous cycles where you continuously exchange value with OSS producers is the inevitable conclusion to the “Open Source Sustainability Crisis” - and everyone will be better off for it. So you should start the conversation with your team and find some projects to support - because it’s in your own self-interest to see them sustained.

I subscribe to every single word. I find this case even more disheartening because most protesters are asking Microsoft to roll their own alternative. No gratitude or sympathy, nothing, really, for the people who worked hard for years, covering complex and strategic subjects such as authentication and authorization, providing excellent value for free. Baby-crying and asking Microsoft to “solve the problem” is so sad. It’s also so typical of certain Enterprise culture. They just don’t understand open-source or, just for convenience, they pretend not to get it.

It should also be mentioned that there already exist some valid, open-source, IdentityServer alternatives (IS4 included.) These should be the default go-to solution for those who abandon ship. The last thing we need is yet another “official” package by the behemoth. If anything, we need more variance, certainly not less.