Aggressively pushed snaps. Apt and MOTD ads. And now this.
Look, I get it, no-one is entitled to free labour. But OSS runs on goodwill. Canonical profited obscenely from the rich open source community and diverse set of packages. And that’s OK - it’s the nature of open source. They get to differentiate with their orchestration tools and premium support. But the expectation is that when it comes to security patches, we all chip in, in the name of collective safety. If you’ve benefited from packages being part of your ecosystem and you patch a vulnerability, you contribute it back
I have to challenge that. Their last revenue numbers that I can find (2020) indicate a moderate profit on a headcount of about 500 people.
They've grown pretty well, but that's not the same as profited. Canonical targeted the gaps that Red Hat left when it moved from Red Hat Linux -> Fedora / RHEL, and ate up a lot of the Linux market and grew the pie a bit in terms of people using Linux.
But Canonical has never been making money hand over fist. Their finances aren't public but AFAIK they've largely been in the red or breaking even. Their 2020 financial statement indicated profit for 2020 but loss in 2019.
An interview with TechCrunch last year[1] suggested their revenue was "$175m last year" -- that's a small fraction of Red Hat's revenue and less than SUSE if I'm not mistaken.
Note I'm only responding to their push for Ubuntu Pro - if they're also not pushing patches back upstream or playing games like that, that's a different story. But that's not about making them available vs. making them convenient.
Having profited from OSS does not mean that the company has profit left over after spending their money on whatever they want. Canonical certainly has had no shortage of frivolous projects that anyone outside could see were doomed long before they were axed, often from inception. Examples that immediately come to mind are Bazaar, Upstart and Mir (the display protocol and required changes in pretty much all applications toolkits, not their now-a-Wayland-compositor).
Look, I get it, no-one is entitled to free labour. But OSS runs on goodwill. Canonical profited obscenely from the rich open source community and diverse set of packages. And that’s OK - it’s the nature of open source. They get to differentiate with their orchestration tools and premium support. But the expectation is that when it comes to security patches, we all chip in, in the name of collective safety. If you’ve benefited from packages being part of your ecosystem and you patch a vulnerability, you contribute it back