From the docs, "It is strictly recommended for personal, non-production use."
Wow what a 180 from just a year ago when their blog said, "For companies that handle sensitive information, deploying open-source scheduling software on-premises can offer an extra layer of security. Unlike cloud services controlled by external vendors, on-prem installations let teams maintain full ownership of their infrastructure. " ¹
I just cannot trust a company that does a bait and switch like this.
I think this is less a bait and switch and more just a legal liability shield. They're not saying you 'cant' use it that way. They just don't recommend you do, and they won't support you at all for doing so. Which I think is completely fair. Also, these two things aren't in contradiction. Deploying on prem does offer more security, but then it's up to you to use it correctly.
I just installed calrs, a recent alternative to cal.diy. It absolutely rocks! The only downside is that it requires me to activate STARTTLS as force-TLS-SMTP isn't supported (I had to check the source code). It’s young, very promising, and honestly, I don't know what I could ask for more.
I also replaced Radical with rustical, and I gained free push updates.
I'm unpersuaded by the assertion that closing the source is an effective security bulwark.
From that page:
> Today, AI can be pointed at an open source codebase and systematically scan it for vulnerabilities.
Yeah, and AI can also be pointed at closed source as soon as that source leaks. The threat has increased for both open and closed source in roughly the same amount.
In fact, open source benefits from white hat scanning for vulnerabilities, while closed source does not. So when there's a vuln in open source, there will likely be a shorter window between when it is known by attackers and when authors are alerted.
If you believe they really did it for security, I have a very nice bridge to sell you for an extremely low price ...
Look, tech companies lie all the time to make their bad decisions sound less bad. Simple example: almost every "AI made us more efficient" announcement is really just a company making (unpopular) layoffs, but trying to brand them as being part of an "efficiency effort".
I'd bet $100 this company just wants to go closed source for business reasons, and (just like with the layoffs masquerading as "AI efficiency") AI is being used as the scapegoat.
Wait, I didn't even realize Cal.diy is owned by Cal.com. It seems like they're trying to get ahead of the open source community forking by doing this themselves
Wow what a 180 from just a year ago when their blog said, "For companies that handle sensitive information, deploying open-source scheduling software on-premises can offer an extra layer of security. Unlike cloud services controlled by external vendors, on-prem installations let teams maintain full ownership of their infrastructure. " ¹
I just cannot trust a company that does a bait and switch like this.
¹ https://cal.com/blog/open-source-scheduling-empower-your-tea...
I also replaced Radical with rustical, and I gained free push updates.
https://cal.rs/ and https://github.com/lennart-k/rustical
And if you wanna try it out. https://cal.ache.one/u/ache
------
A few important changes to note:
We will no longer provide public Docker images, so your team will need to build the image yourselves.
Please do not use Cal.diy — it’s not intended for enterprise use.
From that page:
> Today, AI can be pointed at an open source codebase and systematically scan it for vulnerabilities.
Yeah, and AI can also be pointed at closed source as soon as that source leaks. The threat has increased for both open and closed source in roughly the same amount.
In fact, open source benefits from white hat scanning for vulnerabilities, while closed source does not. So when there's a vuln in open source, there will likely be a shorter window between when it is known by attackers and when authors are alerted.
Look, tech companies lie all the time to make their bad decisions sound less bad. Simple example: almost every "AI made us more efficient" announcement is really just a company making (unpopular) layoffs, but trying to brand them as being part of an "efficiency effort".
I'd bet $100 this company just wants to go closed source for business reasons, and (just like with the layoffs masquerading as "AI efficiency") AI is being used as the scapegoat.
I'm just choosing to focus on the substance of the argument itself, which I think is risible regardless of who makes it and why.