One of the mechanisms that let #Hashicorp relicense their stack was the CLA. Whenever you see an "open core" shop (ie, they have proprietary "Enterprise" versions or extensions) and they require you to agree to a CLA before accepting a PR, be aware that the company may not be using #opensource in good faith and may relicense your contributions to be proprietary. Think twice about spending your time and efforts if such a move would bother you.
After #Redhat and #Hashicorp changes in their #opensource policies, I'm now looking with suspect and reviewing all single-company #FOSS projects without a clear story of multiple contributions, without a foundation based governance and/or subject to copyright #hijacking for third parties contributions. (as the infamous MySQL one).
If you are strongly depending on such a project, it is time to sleep worried. We are living in very strange times.
"(Editor's note: A YouTube video of Dadgar and Hashimoto talking about HashiCorp's commitment to open-source software was mysteriously taken private after it was published right here.)"
When a (VC backed) Open Source project demands from you, a community member, to sign a CLA (Contributory License Agreement) that forces you to give up your rights on your code - RUN. #Hashicorp et all who unfortunately, really sorry, kudos, love you switch their licenses to proprietary whenever they feel like it.
Hashicorp CEO furious that #FOSS works as intended and he won't be able to pull the rug from under the devs community's feet in ways similar to the MO of web services who accrue vast amounts of data and user-generated content in their siloes built from expropriated information.
A group of companies that are amazingly popular in the #Terraform ecosystem have come together and threatened to fork Terraform if #Hashicorp doesn't stick with an open source license.
These companies are not "moochers". They are the reason Terraform is popular. Gruntwork, for example, built and manages the only testing framework for Terraform. A fork managed by these companies could easily surpass Hashicorp's BS License version.
Up until two months ago the CLA Page on the Hashicorp site explicitly stated that the goal was to dual license and that they were committed to having a FOSS license on their projects. People signed these legal agreements with this commitment in mind.
I think this is important to note for two reasons:
The leadership at #Hashicorp can not be trusted. They've proven that any commitment or statement they make is conditional.
This seems like a huge legal liability for Hashicorp.
HashiCorp got the wrong message from the Terraform fork by OpenTF 🤦 and is doubling down on being an ass.
They changed their ToS to state:
"You may download providers, modules, policy libraries and/or other Services or Content from this website solely for use with, or in support of, HashiCorp Terraform. "
As much flack as I've given #RedHat over #RHEL source shenanigans, they've kept #Ansible AWX #opensource and available to the public, very much to their credit. Tower was proprietary when they bought it and they opened it and kept it open.
And yes, this post is really about #Hashicorp. Don't do false equivalent arguments. Hashicorp definitely did the worse thing.
#Hashicorp sending their lawyers on #OpenTofu feels like the last chapter of what was once a great open source company. Oh well, the claims look baseless, and like pretty much any move Hahicorp made this past year, this will only hurt themselves.
I would like to personally thank #Hashicorp for providing the final push I needed to finally replace the remaining #Terraform stuff in our infrastructure. #opensource
"(...) The #OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused #HashiCorp’s #BSL code. All such statements have zero basis in facts. (...)"
#HashiCorp's Boundary 0.16 is here with an update that simplifies connecting to target infrastructure, has better search and filtering, and adds MinIO compatibility.
Advocating for #Wasmcloud to adopt a OSS-first approach and use #LinuxFoundation#OpenBAO as their example of a secret store integration in upcoming RFC implementation..
@linuxfoundation projects are already seen as overly corporate, and sticking as much as possible to at least #OSS and preferably even #FOSS in docs + elaborated examples would help to not further reinforce that notion.