OPA maintainers and Styra employees hired by Apple
blog.openpolicyagent.org69 points by crcsmnky 4 hours ago
69 points by crcsmnky 4 hours ago
This is a very well written announcement. It immediately defines OPA (for people like me who don’t immediately recognize it). It says what’s not changing for people, and says where things will go.
Congratulations to the team.
> It says what’s not changing for people
For the people who are currently experiencing the first time a project they heavily used gets acquired by a for-profit company, it's worth remembering that everything written is "As it stands currently", which can change at any time.
It wouldn't be the first time the founders/company/project said "Nothing will change now when we got acquired" only for it to shutdown/change drastically just months after.
And the other side of that coin is ...
Lots of FOSS maintainers are happy to bitch and moan about how they are doing god's work for little or no remuneration. They are of course, quite correct to do so, it is indeed hard work, long hours, poor or no pay.
But, and its a big BUT .... you can put all the donation, crowdfunding buttons that you like on your GitHub page. The reality is that will only get you so far.
So there is a lot to be said for corporations that recognise the work and are willing to pay an old-school salary to the maintainers. It provides life-stability for the maintainers, and it provides product-stability for the corporation ... win-win.
And in 2025 the reality is that corporation thinking on open-source is a far cry of what it was back-then. In the majority they are far more enlightened and open to contributing-back.
Yes it will never be sufficient for the die-hard FOSS greybeards. But even a billion dollar corporation cannot possibly put dollars behind every single tiny piece of open-source software it ever uses. You have to pick-and-choose, its just the reality of life.
Finally, regarding the FUD about "oh, its going to be shutdown tomorrow". That road is paved with examples where it DID NOT happen ... I seem to recall that the usual suspects (Redhat / Canonical / IBM etc.) all employ a great deal of maintainers of various critical parts of Linux. As far as I can tell the output of those maintainers taking the corporate dime has neither suffered or been shutdown.
I was left with the somewhat opposite feeling. I still don’t know what OPA actually is or does. It has a nice paragraph describing it without saying anything at all.
OPA solves the problem of defining and enforcing policies across a system. Some examples:
- How do I enforce that inbound API requests come only from trusted sources?
- How do I enforce fine-grained access to user records?
- How do I enforce a set of naming conventions for a data update?
Many such policies may come from regulatory requirements, may be regional in nature, and may change in otherwise stable codebases. And it's even harder when you're applying this to a highly-scalable production internet service. As a result, defining policy at an organizational level with auditing is a challenge for large enterprises. OPA helps enterprises administer and enforce policies.
More details on what OPA does here: https://www.openpolicyagent.org/docs/philosophy
And you can see some examples of Rego (the policy language) here: https://play.openpolicyagent.org
With Both Aserto and Styra gone - there aren't any commerical/enterprise options to get capabilities and support around OPA.
Has anyone seen more options?
Based on Apple's acquisition of FoundationDB, this seems like it will have negative consequences for public development of OPA.
What are the counterexamples, where Apple acquiring a project results in it being more open with sustained development?
Apple literally purchased FoundationDB as a closed source tool and open sourced it with open source development continuing to this day.
From this announcement, they are going to open source the enterprise version of this tool, which was also previously closed source.
Was FoundationDB a CNCF project at the time of acquisition, or in some similar incubator/umbrella? Besides, seems FoundationDB was open sourced after Apple acquired it, wouldn't mean FoundationDB get more open after the acquisition? Although development stalled no matter what so maybe doesn't matter.
FoundationDB development has not stalled; v8 is still on the way. If anything, it's mostly just been stable for a while now, and it has now been developed as open source longer than it existed as closed source.
Right, FoundationDB wasn't even open source when Apple acquired them. The FoundationDB story is a prime example of why it is important to use open source technologies for foundational infrastructure.
It was independent (I think it predates the CNCF actually), but was acquired by Apple in 2015 and disappeared until it was open sourced in 2018.
>Based on Apple's acquisition of FoundationDB,
FoundationDB wasn't even Open Source when Apple acquired them.
Yup, reads like the typical announcement from the Apache Foundation era, where projects just go to wither.
This leaves me quite bummed out. After Oso[0] went from a superb open source policy evaluation solution to one that's completely closed, OPA is what I'm typically reaching for now, but now it'll likely be on life support.
Isn't Styra like a company of like 50-100 people? Seems like it'd be a bummer to be an employee at the company that gets left behind.
A counter example would be Weaveworks(folks behind Flux/FluxCD and many other widely used oss tools). I'm sure the ex employees would've preferred to get acquihired vs closing up for good. I highly doubt Styra was pulling in enough money to fund their business, and the days of zirp are long gone, so I doubt they would've been able to raise another round to keep the lights on for another few years.
ControlPlane was able to hire (not acqui-) a few of the FluxCD maintainers and other WeaveWorks staff to continue supporting the project — we did what we could, agree this is better for Styra folk than the uncertainty of closing up shop.
In most acquisitions, the buyer interviews employees and only takes part of them - or only offers bonuses to part of them.
From the post, I'm pretty sure Apple didn't buy Styra. Sounds like Apple hired the maintainers who worked at Styra (including Tim, Teemu and Torin). I'm guessing that Styra is just shutting down.
This is an extremely smart acquisition by Apple, very nice to see.
Great job Styra team, great job Apple!
OPA is a great project and I am glad they are looking to open-source the Enterprise OPA offerings
1. Any idea on what should I start next so that I can get acquihired?
2. It looks like Apple didn't get much 'ownership' of OPA in this case, what was the point of purchasing the company as a whole versus simply offering these 3 employees generous sign-on bonuses?
3. Why is it that companies generally tend to pay a lot more per employee in an acquihire scenario?
3. (From zero authority here as I’ve never bought a company:)
Perhaps the acquired employees might prefer this for tax reasons. If they stand to profit mainly via capital gains, that is wildly better than receiving ordinary income, like a bonus, would be.
Or, a completely different, unverifiable possibility:
An acquisition does not set any precedent for compensation of any kind. As a general rule corporations hate paying humans, but don’t mind paying other corporations.