Open Source
Software quality depends on the team behind it, not on the chosen license. A misguided view of open-source software is that it is a cheaper alternative to more capable proprietary solutions, but in reality, a proprietary license only benefits the distributor.
The Right Thing to Do
To us, the open source community is a world where everyone benefits from the work of others. The programming languages we chose to build Saleor are all open-source, as are all the libraries our software depends on. We are all standing on the shoulders of giants. We believe in giving back. Our sustainability comes from providing services that customers love, not from digital scarcity.
Before we discuss the benefits of choosing an open license, let's address the distinction between "open source" and "source available."
OSI Approved Licenses
While the term "open source" is not a protected trademark, in the FLOSS community, it is used exclusively to refer to licenses approved by the Open Source Initiative, a public benefit corporation safeguarding the use of the term to refer to licenses that guarantee certain freedoms to the licensee.
There are companies who claim their software is "open-source" while the license actively prevents you from doing anything but reading the source code. While that may offer some benefits, we refer to this type of licensing as "source available" as it does not grant you the full benefits of an OSI-approved license.
Saleor is genuine open-source software licensed under OSI-approved licenses. Let's look at what that means to you.
Free as in Beer
The software is free to use and unencumbered by hidden licensing fees. You can use it for personal and commercial purposes alike. We only require that you do not use our trademarks to create the illusion of Saleor Commerce endorsing your business in any way, and we think that's fair. That's it. You can take the source code, run it, and make money doing so.
We believe that Saleor Cloud is the best way to enjoy Saleor and letting us host Saleor for you is the most cost-effective in terms of TCO. But if your hosting provider ever decides to pivot to a different product, falls victim to economic struggle, or becomes a competitor to your business, you are free to take things into your own hands and move to a different host, even on fairly short notice.
But more excitedly, Saleor's free availability means you can spin it up in your CI/CD pipeline to test your integrations against a fully controlled Saleor instance in a predetermined state. Or, run it on your laptop to step through a hard-to-reproduce problem with your storefront.
Free as in Speech
You can also freely modify the source code, adapting it to your needs. While we discourage Saleor users from doing so for ease of maintenance, support, and upgrading (see below), if you lose trust in our team or our product vision, that option remains available to secure the continuity of your business.
Thanks to the BSD license, you can also keep your modifications private; we do not require you to contribute anything back, even if we believe that's the right thing to do.
More Eyes on the Code
Having the source code available to the public combined with the benefits that the open-source model provides to the hobbyists and tinkerers means that there are many more eyes on the code than there would be in case of a proprietary system.
Some claim that it makes the system more secure, but we believe that the security is a process that we're responsible for. It does however mean that bugs are more likely to be found, reported, reproduced, and even fixed by our fellow community members before they affect you as a customer.
Open Source Misconceptions
Built by Hobbyists
While some projects are entirely community-driven, Saleor is built by Saleor Commerce, a company employing full-time software engineers, architects, and product designers. We do market research and interview users and we have the final say in where to take the project.
Zero Cost
The software may be free, but you still need servers to run it and people to look after the servers. The cost of running open-source on-premises is the same as the cost of running any other software on-premises, and using open-source in a SaaS model is not unlike using a proprietary SaaS.
There is a notable exception here: hobbyists who run software for their own benefit often have a lot more time than money to spend and the open-source model allows them to achieve what would be impossible with proprietary software.
Customization Through Forking
You can modify the source code of open-source software, and this freedom is explicitly granted to you by the license. But unless you plan to contribute back, we discourage you from modifying Saleor directly.
The moment you change anything in the source code, you become the sole owner of a unique piece of software that behaves differently from any other copy of Saleor. This means neither the community nor we, the authors, will be able to assist you with troubleshooting. It also means you may not be able to upgrade to a later version of Saleor, which may be necessary to address a security vulnerability.
Insecure
You may have heard that an open-source project is just an amalgamation of patches from random people and, therefore, cannot be trusted. It could not be further from the truth.
Saleor, like many other successful projects, employs the same tools as any responsible software company would: we have a strict code review process in place, we employ a host of static analysis tools, including vulnerability scanners, but most importantly, we are very picky about what changes make it to the codebase.
We are also very transparent in how we handle vulnerability advisories. A quick search of Mitre's CVE List will reveal a number of CVEs assigned to Saleor, highlighting our commitment to following the industry's best practices, including responsible disclosure procedures.