• bahmanm@lemmy.ml
    link
    fedilink
    arrow-up
    50
    arrow-down
    2
    ·
    edit-2
    1 year ago

    This is the 2nd of such moves this year to my knowledge; first there was #Lightbend and #Akka and now this. What a year for #FOSS 😕

    I know for a fact that so many organisations use #hashicorp products for commercial purposes w/o ever contributing back. And I understand how this may feel for hashicorp in these harsh economic times. Though this still is, IMHO, a cheap move: they used an OSS license for a very long time which resulted in a massive user base and a “soft” vendor lock-in, and now they decided to milk that user base.

    Looking forwards to solid community-driven forks of their products 💪

    • exu@feditown.com
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      From my reading this wouldn’t impact organisations just using the product at all. Only probiders that offer services should be impacted. Similar to what Elastic did with their license.

      Note I didn’t actually read the license text, just browsed the FAQ a bit

  • silent_water [she/her]@hexbear.net
    link
    fedilink
    English
    arrow-up
    28
    ·
    1 year ago

    I appreciate Grafana going in the opposite direction and relicensing under the AGPL. it largely serves the same purpose but it provides a stronger guarantee for users.

    • The Quuuuuill@slrpnk.net
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      That’s where I’m at too. Philosophically its a bummer. For the majority of users of their codebase however, this presents zero changes and the only entity I known of who would be impacted by this change going forward is AWS

      • Illecors@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        So I was trying to figure out what are they getting defensive against. It was clear in redhat’s case, but I only really found pulumi as some sort of alternative to terraform and I’m not even sure it relies on it. What is the AWS product that’s competing here?

      • allywilson@sopuli.xyz
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Curious, how will AWS be affected? I’m not familiar with all of Hashicorp’s tools. Mostly just Terraform (and obvs AWS had Cloud Formation, then CDK - they even worked with HashiCorp I believe to build CDKTF).

  • sweng@programming.dev
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    The biggest problem I see is that you can suddenly become non-compliant just because Hashicorp decides to release a new service (i.e.they start competing with you, rather than the other way). It can be a huge risk for companies.

    • veloxy@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      So it would seem it’s always a good idea to contact them, get a commercial license or custom licensing terms (they do seem open to that from what I gather here and here) before building a business on top of their software.

      • sweng@programming.dev
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        Probably works well if you are an established company, but why would e.g. a startup pick licensing headaches over the competition? I imagine bigger companies would also rather just move to e.g. CDK or ARM if they don’t need multiple providers (at least our company started discussing this today).

        What kind of “custom licensing” do you anyway think a 5-person startup would get?

    • bamboo@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      The FAQ covers this:

      1. If I want to build a product that is competitive with HashiCorp, does that mean I’m now prevented from using any HashiCorp tools under the BSL license?

      No. The BSL license does not prevent developers from using our tools to build competing products. For example, if someone built a product competitive with Vault, it would be permissible to deploy that product with Terraform. Similarly, if someone built a competitive product to Terraform, they could use Vault to secure it. What the BSL license would not allow is hosting or embedding Terraform in order to compete with Terraform, or hosting or embedding Vault to compete with Vault.

      So if you are selling a product and HashiCorp releases a product which competes with yours, you can still use Valut, Terraform, etc the way you had been. I can’t see a way for your senario to play out based on their FAQ.

  • starman@programming.devOP
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    1 year ago

    From the blog post:

    […] today we are announcing that HashiCorp is changing its source code license from Mozilla Public License v2.0 (MPL 2.0) to the Business Source License (BSL, also known as BUSL) v1.1 on all future releases of HashiCorp products. HashiCorp APIs, SDKs, and almost all other libraries will remain MPL 2.0.

    BSL 1.1 is a source-available license that allows copying, modification, redistribution, non-commercial use, and commercial use under specific conditions.

    • bahmanm@lemmy.ml
      link
      fedilink
      arrow-up
      14
      arrow-down
      2
      ·
      1 year ago

      Given I was recently involved in minimising the impact of Lightbend’s similar move earlier this year, AFAIU it means their products will be conditionally open source. They’ll be free to use for non-commercial use but you’d need to pay for anything else.

      • grue@lemmy.ml
        link
        fedilink
        arrow-up
        26
        arrow-down
        1
        ·
        edit-2
        1 year ago

        There is no such thing as “conditionally open source.” The license terms you describe are just “not open source.”

        If they actually gave a shit about commercial entities contributing back, they should’ve gone AGPL3. This is just a money grab and yet another example of how permissive licensing isn’t good enough and everything should be copyleft.

        • Sigmatics@lemmy.ca
          link
          fedilink
          arrow-up
          7
          arrow-down
          4
          ·
          1 year ago

          It basically means you can view the code, which is the literal by-the-word definition of open source. It’s not the common understanding of open source, which would be free-to-use (with some minor restrictions like attribution or publishing derivatives under the same license).

        • The Quuuuuill@slrpnk.net
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          10
          ·
          1 year ago

          Its still open source. You can still view the source code. That’s what open source is. The change here is the restriction on providing Terraform as a service in the form of a Terraform Cloud competitor. This seems to be a very direct response to Amazon introducing a service for hosting terraform modules, storing terraform state, and applying changes.

          I don’t love this, but they’re also not restricting anyone’s comercial ability to develop products using terraform like a banking app, a link aggregator, or a e-commerce platform. All you’re restricted on is providing an IaC service where you directly profit from running someone else’s terraform for them. This is the same license the MariaDB creators came up with when they felt burned by Oracle but did want people to be able to build closed source products using their database without profiting from providing their db as a service (this is why many self hosted projects use Maria instead of MySQL) which is why AWS can’t offer maria RDS instances.

          AGPL wouldn’t help them keep developing terraform the way BSL would because their business problem isn’t that no one is contributing back to the code, their problem is a $1T market disruptor just turned their Sauron eye towards Hashicorp’s $5B shire and offered their own shire for less money behind the black gates. All after for many years directly benefitting from Hashicorp’s existence and giving them white glove treatment as a result. And yes I’m aware that in this analogy Hashicorp is probably one of the Nazghul being corrupted.

          Like I said. I don’t love this license change. But like I said. Hashicorp doesn’t have a code contributions to Terraform problem. They have a funding their business and development problem

          • Spectacle8011@lemmy.comfysnug.space
            link
            fedilink
            arrow-up
            20
            ·
            1 year ago

            Its still open source. You can still view the source code. That’s what open source is.

            “Open Source” does not, and has never only meant, “you can view the source code”. This is the Open Source Definition: https://opensource.org/osd/

            Relevant excerpt:

            1. No Discrimination Against Fields of Endeavor

            The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

            The Open Source Definition is very specific, and this license does not meet it. This license is, as it calls itself, “source-available”.

            If the OSI had obtained that trademark in 1999 on “Open Source”, it would be abundantly clear what software really is and is not open source https://opensource.org/pressreleases/certified-open-source.php/

          • grue@lemmy.ml
            link
            fedilink
            arrow-up
            10
            ·
            edit-2
            1 year ago

            You can still view the source code. That’s what open source is.

            No, it’s not. It only counts if it provides the four freedoms listed here:

            • The freedom to run the program as you wish, for any purpose (freedom 0).
            • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
            • The freedom to redistribute copies so you can help others (freedom 2).
            • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

            And before you say “but that’s the definition of ‘Free Software’, not ‘Open Source’,” even the latter, misguided as it is, at least still requires freedom 0!

            • hypelightfly@kbin.social
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              edit-2
              1 year ago

              Those are definitions for free software not open source. Open source does not mean free and open source (FOSS). This is still open source (you can see the code) , it’s no longer FOSS (you can’t freely use the code).

        • falsem@kbin.social
          link
          fedilink
          arrow-up
          2
          arrow-down
          3
          ·
          1 year ago

          You’re conflating FOSS and open source. This is open source just not FOSS anymore

          • Baut [she/her] auf.@lemmy.blahaj.zone
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            This is plainly incorrect, please see the other responses.
            FOSS stands for “free and open source software”, but they functionally mean the same thing. So what you’re saying is:

            This is open source just not open source anymore

              • Baut [she/her] auf.@lemmy.blahaj.zone
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                So your claim is that the open source definition by the Open Source Initiative which is battle tested and widely used by distributions, major git hosts and legal enitities is a cherry-picked definition?
                Sounds like you’re cherry-picking your definition to hide that you simply have no idea :)

              • Baut [she/her] auf.@lemmy.blahaj.zone
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                I don’t get what you’re trying to say here. All terms used have a clear definition and other comments pointed that out already. The definition on open source is very clear.

      • loren@programming.dev
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        There’s no need to AFAIU when their FAQ explains all the detail, which is that commercial production use is fine as long as you’re not using it to build a competitor product to Hashicorp.

        • theherk@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Which is described in ambiguous terms that they can change their minds about at any time. They can decide down the road you are competing, or they can develop a product that competes with you and then use it against you.