Do Skills Have to Be Open Source?


#1

Can a skill be published to Mycroft without being open source?
There are some skills which cannot be made open-source completely.
For example, developing certain skills requires the use of services such as Firestore or AWS. How do you keep those keys secure?
In addition, some developers would not be comfortable releasing the source code to some of the apps they create.


#2

There’s nothing preventing anyone from making a closed-source skill.


#3

Unfortunately, there appears to be. To be able to run Mycroft skills from Mycroft servers, it must be submitted to the Mycroft skills github repo which means all the source code is open sourced.


#4

In order to be available for voice installation, or to be a part of the Mycroft Marketplace (https://market.mycroft.ai) then the code has to be posted to a GitHub repo, so that we can bring it into mycroft-skills using .gitmodules.

So, if you wish to keep your code proprietary and closed source, there’s nothing to stop you using the Skill, but then you won’t be able to take advantage of features like voice installation and the Mycroft Marketplace.

In the future we will consider mechanisms that support closed source Skills, and the ability for Skill Authors to be able to charge for Skills, but this is part of our longer-term Roadmap - it won’t be available for at least a year or so.


#5

you can make a closed source skill, look here https://github.com/JarbasAl/evil_skill

getting it in the repo is another story, but people can install it manually no problem


#6

That’s my understanding so far.

My question was more geared to functionality as even very basic skills require persistence. Is there a persistent storage solution that Mycroft plans to support?

On another note, https://mycroft.ai/roadmaps seems to be broken.


#7

a closed source skill would need binaries for each architecture, evil skill wont work on a pi for example

i am against getting closed source skills in the repo, but if they were allowed there was no reason it could not be used as a standard skill (marketplace + voice install etc), it would require extra work from the skill developer to properly close the source choose right binary and make it importable in python

i would mind a paywall only slightly less than a closed source skill, but preferably we can find a different way to reward devs

if you are not confortable with releasing source code, then you should not be using a open source product… please don’t make it easy to submit closed source skills :slight_smile: that won’t fit well with the acceptance process and efforts should be invested somewhere else, if anything closed source skills should be in a different market and require a separate vocal install command

we do need ways to manage api keys oauth etc, and that is in the roadmap


#8

I agree on this with Jarbas and are against closed source binary skills within the Mycroft marketplace.

If you really need a closed source skill, then you should fork Mycroft, rename it, and take a side step. The apache license is selected for this kind of commercialisation. If you take that route, you most likely also want/need your own backend etc.

On the other hand, I can see a benefit for closed source binary skills. The best example is for instance with the KODI project and DRM. Netflix and other similar companies where never interested in creating a KODI skill because of the opensource nature. Now KODI with the next release does support closes source binary addons and for that reason the whole DRM can be implemented and Netflix and Amazon addons are already there.

I see the same road eventually for a project like Mycroft. In the end, if you want to play with the “big boys” you need to “allow” these type of things…


#9

Apologies, wrong link. Try this;


#10

I’m not against paid for skills, open or closed source, as long as they’re clearly marked and marketed as such.
Hiding those away from the marketplace isn’t terribly helpful to users who may come looking for such things. We’re supposed to make it easier for them to find what they want, not harder. Handling that in a way to make it compatible with the marketplace and the project probably needs some guidelines, though.


#11

Take the example of persistence. Skills being able to remember information is quite critical. If I want to build any kind of tracker app (time, weight, todos), I need a place to store user generated info. The best way to store that info would be using a Cloud storage service such as Firestore or Amazon DynamoDB. To use any cloud storage service, I need to reference a set of secret API keys. Where do I store those keys?

What if you could have closed source skills but for inclusion into the Marketplace, the Mycroft team have access to the code.


#12

saving my critical information is the main use case where it should not be closed source…

you can save that data on the device, and you can also let users get their own keys and put them in the settings, nothing to do with open source or not

but i think there are plans to add oauth support among other things, so devs can provide keys securely

edit: i would trust mycroft if they reviewed the code, but i don’t think pushing code reviews on them is the way to go, also to ensure the code they saw is the code on the binary file they would need to compile it themselves or the review is useless

edit2: you might want to look at the skill settings docs, you can use them to get api keys from user, or to store data on device (kinda like a json file per skill), if you are getting a lot of data you are probably better just providing a sql db and a path in settingsmeta.json


#13

It is also posible to save data in the skills safepath self.file_system.path. which is needed if you got plenty of data I think.

And issues with closed or not closed source I to are not happy about that.

But it is posible - I just made THEIA-IDE which actualy duing installation downloads a precompiled package and unpack that. THEIA-IDE is open source, but one could do the same with precompiled closed source packages.
The skill just needs to check platform and choose right package to download.


#14

Thanks for the info! Being able to store data on a user’s device is good. Of course, the best place to store data is in the cloud so it’s available on other devices too.

Perhaps, the user’s authentication keys could be stored on their local device and be used to access data stored in the cloud.


#15

_ certently depends on what data it is…I prefear my music stored somewhere, but wouldnt like personal stuff go there as well.
There are skills that do need specifik auhentification keys, and the usual way to go is that users enter the keys in the home.mycorft.ai, and then the skills can use is.

Take a look at National park skill, or Spotify skill.


#16

Umm…There already appear to be skills that require access to proprietary back-end services via an API. Yelp and Remember The Milk come to mind. Those happen to be free (gratis) services, but there’s nothing stopping them from charging money…except not many people would use them.

Even Openweathermap (which is used by the weather skill) charges something like one-tenth of one cent per 100,000 API calls, IIRC.

In fact, I recently wanted to set up the email skill, but found out the email server I wanted to use requires a monthly fee to use an IMAP client instead of webmail. Which I thought was weird, but here I am, honestly considering it. :roll_eyes:

I don’t know if there’s a way to load skills as pre-compiled binaries, but I don’t roll that way. Seems like there are other ways.