Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Please consider adding a delayed open-source license/clause :-)

Also, are you using Open VSX, and what’s your take on the recent malware extension story?



Thanks for your thoughts on the license; we know that it's FRAUGHT, for sure. Our company makes quite a lot of software available under OSI-approved licenses (MIT, etc) and we did think pretty carefully about what to try here, given our goals around both OSS and building a sustainable business.

We do use OpenVSX, yes, like the other forks, and our company is a major sponsor of OpenVSX. Security around the extension ecosystem is a pretty messy, complicated issue both for the proprietary Microsoft marketplace and OpenVSX. For example, the recent Amazon Q story! I currently think about it as conceptually fairly similar to the risks of using packages from PyPI or npm.


> Thanks for your thoughts on the license; we know that it's FRAUGHT, for sure

There is no doubt that your company maintains a lot of high quality open source code.

But in this case Posit is re-licensing Open Source code, with a "source available" license.

Posit is free to help itself to VSCodium, but not the other way around.

I do hope Posit will one day reconsider this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: