The other day someone shared a Puppet Community Slack post in which a very senior Perforce sales engineer stated plainly that the reason for their sequestered source shenanigans is that they’re “asking open source users to pay their fair share.” Now, I don’t want to sound like I’m poking fun at this particular corporate flunky, he’s only repeating what he’s clearly been told over and over again, but What. The. Fuck.
Besides making it exceedingly clear that the only thing that Perforce understands about open source communities is a bunch of people who happen to own wallets or purses, this also demonstrates a devastating lack of understanding of their own product. Let’s break it down, shall we?
What you think of as a big beastly monolithic application called Puppet Enterprise is mostly a lot of open source tools jammed together with some proprietary business logic duct tape and baling wire. No surprise there, that’s how most enterprise apps are built these days.
The puppetserver application is business logic implemented in the open source Clojure runtime. It drives puppet via the open source jRuby runtime. These are packaged up into a jar with a lot of open source components like the open source Bouncy Castle which is of course built on top of the open source OpenSSL library. This jar is then run with the open source openjdk Java runtime. To build it, they use the open source Jenkins CI/CD platform. Packages are generated with the open source fpm tool.
And that’s only puppetserver. The puppet-agent package uses open source nssm (now defunct) to run on Windows because they couldn’t be arsed to write their own service management. PuppetDB is just a business logic wrapper over the open source PostgreSQL database server which was chosen because it was the only one with the primitives they needed. The Puppet Enterprise Console is built on the open source Ember framework. I could go on listing the projects that Puppet depends on, but that would easily triple the length of this article.
There is very literally not a single part of Puppet Enterprise that stands alone. More of the PE installer is open source packages than it’s Puppet Enterprise itself. And yet how much do they contribute back? Do you think they “pay their fair share?”
No. It’s zero. When jRuby put out a desperate call for funding, do you think
Perforce chipped in? Have they ever contributed to OpenSSL? Has @whack ever
seen a dime for the thousands of packages Puppet built with fpm? No. None.
Perforce has never contributed a penny. They’ve just taken and taken.
Update, hey neat! Looks like raising the issue finally got jRuby some support. Let’s hope that they continue funding their dependencies.
To be clear though, that’s not the part of this that’s so offensive. Perforce’s sponsorship record is pretty standard for the corporate world. Puppet itself, prior to Perforce, didn’t contribute all that much more. What is utterly offensive is this idea that somehow the very community that built the foundation that Puppet sits on isn’t “paying their fair share”.
Let me tell you about “their fair share.” Many of you know that I spent thirteen years at Puppet and I ran Community for a large part of that. So I can give you actual real numbers. A full 96% of Puppet’s paid customers uses Vox Pupuli’s open source community modules. And the remaining 4% would have except their policies required them to write all their own content.
When it comes to paid Puppet customers, we should acknowledge how many of them are customers because of the community. I’ve attended many “vendor appreciation dinners” where the point of me being there as a community representative was to make sure that Puppet, Inc continued to remember that investing in community was required. The single biggest deal Puppet ever closed hinged on a community interaction that I and some Vox Pupuli members enabled. We talked through a hypothetical solution to the problem at hand and then I built it on my spare time as a community member.
Then if you want, we can get down to raw contributor data and I could show you how many community members contribute to Puppet codebases more even than most Puppet employees. A quick count shows that only 54 of the top 100 were Puppet employees.
Puppet’s community is the foundation for Puppet Enterprise and the whole
company. When we did the massive upgrade from 3 to 4 and needed all the tooling
to find all the weird edge cases, the community is who pointed out what we
needed to validate and built tools like catalog-diff to give us a starting
point. When we pulled core resources out to modules in Puppet 6 and broke every
testing pipeline in the world, the community worked with Josh to fix it. And
now that Perforce is insisting on shooting its own feet, the community is once
again stepping up to ensure that an open source community actually continues to
exist and help each other out. That community still includes their paid clients
and somehow Perforce continues to lose sight of that fact.
The fact that the messaging that their representatives share is that open source community users need to step up and “pay their fair share” is a slap in the face to the community that has provided the foundation for the entire company to exist on. Without these people Puppet by Perforce would not exist.
Puppet by Perforce doesn’t pay their fair share in any way shape or form, and for them to self-righteously demand that from their users demonstrates how little they understand the space and how parasitic they are. I wish that they weren’t so representative of the industry.
The reality is that open source projects help your company. They accelerate your GTM (go to market) velocity a TON. And open-sourcing your own product leads to rapid adoption by open source community users who give you so much free marketing and product feedback and are the final line of QA before changes hit your paying customers. All in addition to the code and docs and expertise contributions. But this doesn’t come without cost to you. If you use the benefits of open source software then you have to pay the costs of open source software. It’s not a lot. It just means that you have to understand that the value you derive from open source communities is inherently a function of your product being freely available. When the vultures swoop in and try to alter that power balance, then you lose the benefits of the open source community.
And before you demand a “fair share” from your users, make sure that you’re doing the same. If your company uses open source software then contribute back. Either sponsor the project or contribute code, resources, or time. And if your community contributes code, or docs, or troubleshooting, or anything then freaking appreciate them for it.