> That is manifestly unfair, the situation is someone doesn’t want to pay for a security feature so they go ahead and expose themselves, all the time they are trying to make money by using a free product.
>Really unfair to point fingers at ES. And I really don’t get why People feel they should be making money off someone’s work but don’t have to pay them. What significant os or free is your company offering
Very much disagree with all of this - not an unfair position to take at all. My open source browser supports TLS. The open source web frameworks I work with include built-in web servers that support TLS. It's inexcusable not to support basic things like this in 2019. I don't care if your software is OSS or not.
I'm unsure why "my company" is relevant here. But for what it's worth, the client I currently work with is a) an exempt educational charity, b) open sources all of their internal web applications that interact with the ELK stack.
>They do something for free you demand more for free otherwise you are at risk.
Do you honestly think Elastic would've accepted a PR that added transport security into the open source codebase? Even if it was developed entirely by someone else in good faith?
The only reason they've done anything now is because their hand was forced by Amazon. Honestly? Good. This is about as bad as when StartCom were charging for certificate revocations.
>does the same approach work with your lawyer, mechanic plumber electricity gas company
It's like a lawyer offering to represent me pro bono, and then it turning out that they're not even qualified to practice law and have jeopardised my case as a result.
Legally, sure? There's no warranty given with the software. But it's still a morally wrong thing to do.
