The problem that the #HashiCorp license change surfaced is not one of licenses but of CLAs. If you sign a CLA with a corporate entity you give them a carte blanche to do with the code whatever they like, including taking it proprietary. This is not new, the #Qt framework has been dual-licensed that way for ages. But now more and more companies are taking advantage of CLAs at the cost of open source software.
Before signing a CLA, think twice about the future impact!
A group of companies that are amazingly popular in the #Terraform ecosystem have come together and threatened to fork Terraform if #Hashicorp doesn't stick with an open source license.
These companies are not "moochers". They are the reason Terraform is popular. Gruntwork, for example, built and manages the only testing framework for Terraform. A fork managed by these companies could easily surpass Hashicorp's BS License version.
https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license "However, there are other vendors who take advantage of pure OSS models [...] for their own commercial goals, without providing material contributions back. We don’t believe this is in the spirit of open source."
That is OSS! That's what happens most of the time! Contributing to OSS is facing the digital tragedy of the commons first-hand. IMO better define a business model with this assumption, than to relicense and make a bad impression.
I don’t know what to think about it. Yes, it’s incredibly hard to create a business and a market when making everything open source. I’m not familiar with this new license and I don’t know if that’s a valid move or not.
🤔 Armon Dadgar announces #HashiCorp's #BSL future
🏆 Matt Rickard on why #TailwindCSS won
🕴️ WarpStream is like #Kafka directly on top of #S3
🧩 Vadim Kravcenko’s guide to managing difficult devs
📢 Russ Cox gives an update on #golang 2
🎙 hosted by @jerod
>HashiCorp adopts the Business Source License to ensure continued investment in its community and to continue providing open, freely available products.
Up until two months ago the CLA Page on the Hashicorp site explicitly stated that the goal was to dual license and that they were committed to having a FOSS license on their projects. People signed these legal agreements with this commitment in mind.
I think this is important to note for two reasons:
The leadership at #Hashicorp can not be trusted. They've proven that any commitment or statement they make is conditional.
This seems like a huge legal liability for Hashicorp.
If anyone is looking for a PhD dissertation topic, how about quantifying the cost to the ecosystem of company #OpenSource projects scrambling to evaluate/remove #Hashicorp's newly-non-open projects?
After #Redhat and #Hashicorp changes in their #opensource policies, I'm now looking with suspect and reviewing all single-company #FOSS projects without a clear story of multiple contributions, without a foundation based governance and/or subject to copyright #hijacking for third parties contributions. (as the infamous MySQL one).
If you are strongly depending on such a project, it is time to sleep worried. We are living in very strange times.
Oh dear, seems #HashiCorp has decided to finally execute the inevitable bait and switch. The #BSL (#BusinessSourceLicense) is a piece of decidedly not-#FLOSS garbage (albeit one with a converts-to-FLOSS sunset clause built in), that I've been eying wearily ever since #MariaDB created it (though not applying it to anything I actually use; that is still #GPL). The only HashiCorp thing I use is #Terraform; Here's to hoping someone forks the last free version ASAP.
> While the Jitsi projects are released under the Apache License 2.0, the copyright holder and principal creator is 8x8. To ensure that we can continue making these projects available under an Open Source license, we need you to sign our Apache-based contributor license agreement as either a corporation or an individual.
I am wondering if the CLAs are OK to stop an incident like one on #hashicorp from happening.
To those who are concerned that I'm going to talk about nothing but #Hashicorp for weeks, don't be. I was harder on #RedHat, not because I think that Red Hat had done something worse (they didn't), but rather that I frankly care about Red Hat more. The shop where I work is also a Hashicorp customer, but that relationship is far more expendable, IMO, and I had hopes that some in Red Hat would hear and consider feedback where I generally don't believe that to be the case for Hashicorp.
That said, I am happy to advocate for truly #opensource forks or alternatives to #Hashicorp products and may continue to post about my own experiences with migrating to other things. Keep in mind that my use cases may be different from yours, but if you're stuck on how to replace #Terraform, #Vault, etc, speak up and let the OSS community help you find what you need. There is plenty of opportunity in the midst of this tragedy and the story of open source, free or commercial, is far from over.
As much flack as I've given #RedHat over #RHEL source shenanigans, they've kept #Ansible AWX #opensource and available to the public, very much to their credit. Tower was proprietary when they bought it and they opened it and kept it open.
And yes, this post is really about #Hashicorp. Don't do false equivalent arguments. Hashicorp definitely did the worse thing.
There is also a bit of schadenfreude about this as Red Hat will now have to pull Terraform from #Openshift as some collateral damage from #Hashicorp doing an anti-competitive thing with its source code.
Terraform remains open-source-enough for me—and there is no viable alternative today—but I am still disappointed in HashiCorp adopting Business Source License as a customer, open source contributor, and shareholder.
I know someone will come at me for saying there is no viable alternative, so preemptively: There is no declarative alternative that’s extensively & officially supported by infrastructure providers, “more” open source, not problematically financed.
Czy to nie ironia losu, że tyle lat temu krytykowałem użycie produktów #Hashicorp z całkowicie niewłaściwych powodów, a tu nagle okazuje się, że miałem rację, żeby ich nie używać?
People are like "don't contribute to #hashicorp projects" but jokes on you, I've been waiting for an outside pull request getting merged for a year now
When a (VC backed) Open Source project demands from you, a community member, to sign a CLA (Contributory License Agreement) that forces you to give up your rights on your code - RUN. #Hashicorp et all who unfortunately, really sorry, kudos, love you switch their licenses to proprietary whenever they feel like it.
@jwildeboer indeed, this was the problem canonical ran projects under CLA's had posed, and still poses. Speaking of which, I see that there is a fork of #lxd and something similar should be done to #HashiCorp projects worth saving.
"...it's also becoming clear that the romantic notion of community-supported software simply does not work the way it used to in the modern cloud-centric enterprise tech landscape, and that changes are coming."
The #HashiCorp license change is just the most recent example of a company that no longer needs to drive adoption with #OpenSource claims. I wrote about the phenomenon in 2021 but it's been around for about 20 years. It is not "the end of open source", just a lifecycle stage for a VC funded software startup that was leveraging it.
One of the mechanisms that let #Hashicorp relicense their stack was the CLA. Whenever you see an "open core" shop (ie, they have proprietary "Enterprise" versions or extensions) and they require you to agree to a CLA before accepting a PR, be aware that the company may not be using #opensource in good faith and may relicense your contributions to be proprietary. Think twice about spending your time and efforts if such a move would bother you.