« A taxonomy of open source business models | Main | Read ChangeThis and you may not need to buy a business book ever again »

Signing the ModSecurity Contribution Agreement

March 17, 2009

Two months after leaving it, I went back: I signed the ModSecurity Contribution Agreement. If you read my blog post on open source dual licensing from a few days ago, the one where I explain how it is difficult to get user contributions to a dual-licensed open source project, you may wonder if I had told the truth. I had. I had said it was difficult to get contributions, but not impossible.

This is an interesting position for me to be in because I used to be on the other side, explaining to others why dual-licensing should not be a barrier to their contributing. It's only fair that I sign on the dotted line, isn't it? But—with the discussion on dual licensing in mind—why did I do it? It all comes down to motivation.

When you have big ideas it makes sense to start your own project, work hard, and benefit from your work. But when your ideas are not of the new-project sort, and generally not worth changing your life for, then the best thing to do is share your ideas (in the form of a code contribution) to a well-established project. By doing that you scratch your itch and get other people to benefit from your work.

And I don't feel bad about giving my time and code to Breach Security (who owns ModSecurity). Not in the slightest. After all, many man-years have been invested in ModSecurity. What do you think my contributions are going to be worth compared to what has already been given away to me?