Question - eramba not anymore open source?

Hello everyone,
we are considering using eramba and in my mind I had it labeled as “open source”.
Since the new website I am unable to find the specific term “open source” on the website.
It is only labeled as “free and open”.
In addition to that I can’t seem to find any source code on github (other than docker and uptime).

So question is if eramba still labels itself as open source and if so where is the source code stored and accessible?

Thank you very much.


Interesting post - first of its type, i’ll try to answer in detail.

Until November 2022 people would download a tgz with the code and DB and would do the install themselves. Most GRC people does not have the skills to do that type of linux work and in order to make their lives easier, in November 2022, the code and database is inside the docker images , still accessible of course inside the docker images:

because it is that way (you do not pay and all is open -documentation, code, db schema, install, etc-) but i would not call eramba “open source” as the key attribute for open source is: redistribution. the power of taking eramba, change a few CSS styles, re-packaging as “Acme GRC” and do whatever you want so as long as you keep the original license and code.

historically, eramba was born under a GNU license but only the first couple of years, then it switched to a custom license that is public on the code, the application login screen and our website.

Our license basically says:

  • we give you code, etc
  • you can adapt it as much as you want, so as long is for your OWN consumption (no re-distribution) and you are not under support contract with us (enterprise)
  • in the case of enterprise, your license is perpetual. what point would it be to limit when you already have the code!

So we call this license an hybrid of sorts. The reason we did this is because in 10 years doing this stuff, we got two patches and the code was terrible. Most GRC people can not code at this level. Its a fact i learned over many years in this industry. Making the code GNU would not translate to more quality code. Contributing to open-source projects is very different from running one, and only if you have run one can understand it. We have done both (I started with kernel 1.x modules, using mailing lists and reading RFCs).

We built this in our free time and we felt we owed more to our families and friends (the time we took from them) than to the community. This is a personal decision we did and we do not regret about it. We all have a mortgage to pay, right?

This is also true, our Github repositories are private. This year in November when we opened the repositories for Dockers and Uptime (as you mention) we had in mind opening as well eramba (community), in the end we didn’t do it because we were not sure how to handle Github “Issues”, we have a lot of stuff there accumulated over years that originally was not meant to be public (there are keys, confidential stuff, etc) … we have first to clean up and then we’ll open it up. I’m sure next year we’ll do it… even when we know is useless as we will not get quality code contributions.

Hi kisero,

thanks for taking time to answer in such a detailed and insightful manner.
I absolutely understand your claims/concerns and can only agree to them.

I’m sure next year we’ll do it… even when we know is useless as we will not get quality code contributions.

At least I am looking forward to it.

Thank you again for your answer!

PS: We absolutely loved your picture at the demo call popup on the main website. We had a good laugh about it!

1 Like