When 'open core' projects reject contributions for competing with the EE

Project context and triggering event

  • Discussion centers on an “open core” project rejecting a major community PR that added SSO/SAML/OIDC support, overlapping with its Enterprise Edition (EE).
  • The PR sat for months with little or no maintainer response, then was closed with business/”vision” reasoning and the thread locked, which many found disrespectful.

Open core model vs. real open source

  • Some argue this illustrates how “open core” often means intentionally shipping a worse free version to preserve monetization.
  • Others respond that without paid features there might be no project at all; EE gating is seen as necessary for sustainability.
  • Several commenters stress that the project is MIT-licensed, so it is genuinely open source legally, regardless of its business model.

SSO/“SSO tax” and security

  • Many criticize putting SSO behind a paywall, calling it an “SSO tax” and arguing security features should not be monetized.
  • Counterpoint: SSO is framed as an enterprise necessity, not a core security requirement for individuals, making it a natural price discriminator.
  • Some self-hosters argue SSO is essential even for small setups to get robust 2FA/WebAuthn and centralized account management.

Contributions, entitlement, and maintainer responsibilities

  • One camp sees the contributor’s effort as generous and the rejection (after long silence) as demoralizing and poorly communicated.
  • Another camp emphasizes that maintainers owe contributors nothing: PRs are liabilities, not entitlements, and big changes should be discussed first.
  • Debate over “entitlement”: is expecting basic communication and non-hostile responses reasonable, or already too demanding of free maintainers?

Forking and practical limits

  • Many note that forking is the intended safety valve: the code is MIT, anyone can implement and maintain rejected features.
  • Others highlight the real cost: ongoing rebasing, conflict resolution, separate releases, and handling bugs in diverging code.

Broader takeaways about open core

  • Open core is seen as inherently tension-filled: community wants “best possible” OSS; companies must intentionally withhold some value.
  • Some conclude they’ll avoid open core / “self-hostable” products backed by a company, or at least treat them with suspicion.