Terraform By Hashicorp Forked To OpenTF

"Terraform, arguably the most popular Infrastructure as Code products, has been forked after the parent company HashiCorp changed its license from the Mozilla Public License (MPL) to the Business Source License v1.1 (BSL)," writes long-time Slashdot reader ochinko. "Our view is that we're actually not the fork because we're just changing the name but it's the same project under the same license," Sebastian Stadil, co-founder and CEO of DevOps automation biz Scalr told The Register. "Our position is that the fork is actually HashiCorp that has forked its own projects under a different license." From the report: HashiCorp's decision to issue new licensing terms for its software follows a path trodden by numerous other organizations formed around open source projects to limit what competitors can do with project code. As the biz acknowledged in its statement about the transition, firms like Cockroach Labs, Confluent Sentry, Couchbase, Elastic, MariaDB, MongoDB, and Redis Labs have similarly adopted less-permissive software licenses to create a barrier for competitors. You can see the OpenTF manifesto here.

GPL

[phantomfive]

The benefit of the GPL is that you can dual-license your code, so you can make a profit on it while also getting improvements from other people, if they'd rather go that route.

Re:

[Richard_at_work]

And the reason why these companies dont go with the GPL is precisely because of the long-standing argument that you should instead make money off of the support and service side of things rather than the software itself.

MongoDB hated Amazon et al providing Mongo as a service, because there was no money going MongoDBs way - support and provisioning was all done by Amazon et al.

MariaDB had the same issue.

Elastic, Redis etc etc etc.

With the GPL there is no requirement for a third party to pay those companies a

Re:

[phantomfive]

If you don't want people to use your software as a service without giving back like Amazon does, then use the AGPL. Problem solved.

Re:

[Richard_at_work]

The issue isnt about giving back.

The issue is about who has the revenue stream.

AGPL doesnt solve the revenue stream issue - the proprietary licenses these companies switched to does.

Also, the AGPL doesnt solve the “value added” custom services that Amazon etc has around their hosted services - the ones which make using their hosted services easier than self hosted etc. it doesnt solve it because those services dont modify the original source code, they are separate things themselves.

Re:

[phantomfive]

The AGPL solved the problem enough for Elastic to be happy.

Re:

[Richard_at_work]

No it didnt.

Elastic uses the Elastic License for its products, which is proprietary and includes the following limitation:

You may not provide the software to third parties as a hosted or managed
service, where the service provides users with access to any substantial set of
the features or functionality of the software.

https://github.com/elastic/ela... [github.com]

Right now, the de facto main implementation of ElasticSearch is no longer Elastics, but rather Amazons OpenSearch.

Elastic lost.

As did MongoDB.

Re:

[Registered Coward v2]

And the reason why these companies dont go with the GPL is precisely because of the long-standing argument that you should instead make money off of the support and service side of things rather than the software itself.

MongoDB hated Amazon et al providing Mongo as a service, because there was no money going MongoDBs way - support and provisioning was all done by Amazon et al.

MariaDB had the same issue.

Elastic, Redis etc etc etc.

With the GPL there is no requirement for a third party to pay those companies anything to offer their software as a service.

So they changed their licenses to be less permissive for service providers.

Retaining the GPL in a dual-license manner fixes nothing for these companies. The very permissive nature of the GPL is the issue here.

However, anything licensed under teh GPL is still GPL licensed, so a fork can negate any efforts to dual license. Companies such as Amazon have the resources to do just that, witness Amazon's OpenSearch when Elastic changed their license. I suspect firms with projects big companies regularly use will o what Amazon did and simply fork and continue developing the fork. I suspect since such forks could still be GPL licensed companies could not incorporate new features in their versions since that would requ

Re:

[Registered Coward v2]

Retaining the GPL in a dual-license manner fixes nothing for these companies. The very permissive nature of the GPL is the issue here.

I agree, and hit submit before I finished editing my other comment. Any company that goes the GPL route can never truly control their product if a company with the resources to fork and further develop it decides to rather than submit to a restrictive license.

Hashicorp

[BytePusher]

Hashicorp is in a corporate bureaucracy death spiral; No one should trust their products at marketing face value. Their products work well in the lab, but fail in surprising ways when you scale beyond undocumented bounds

Re:

[sodul]

We actually use some of their OSS products, we did consider using some of their 'SaaS' offering and were quite surprised at how it was managed internally. It was more of a somewhat hosted service where they run and maintain the hardware for you, but not much more. Since we run our infrastructure in AWS, it was actually going to make things harder, while being a lot more expensive for us.

There are some technical decisions that they have made over time that I have been scratching my head over. For example the

Re:

[gweihir]

That explains a lot. They are obviously in the process of making their product worse (by investing less) and probably plan to make it more expensive to buy. Obviously they need to lock-out the competition to do that. Time to switch to the "fork" and regard HashiCorp as a failure.

Re: Hashicorp

[BytePusher]

They're focused more on marketing and sales than good engineering. Initially their products have the appearance of quality, but as you found out, there are lots of head scratchers. Go and try to talk to someone about it and they'll tell you improvements are planned in their internal issue tracking. Press them more and they'll tell you how software is complex and difficult. I'm sure as you scale you'll find you'd have been better off with a self built solution.

Making a buck off of someone else's work

[rufey]

Regular user of Terraform and Vagrant here. Not trying to be a troll on the subject of open source. But this change has brought to the surface a couple of thoughts I've had about the whole open source thing for a while now.

I took the time to read the information about the license change on HashiCorp's website. Reading through the FAQ [hashicorp.com] alleviated some of my concerns about the license change.

It seems the biggest change is that the new license will prohibit a competitor from taking, for example, Terraform, free of charge, and package that up and distribute it for a fee, in competition to HashiCorp's own Terraform offering (some of which I'm sure is in the form of paid support and similar).

A “competitive offering” is a product that is sold to third parties, including through paid support arrangements, that significantly overlaps the capabilities of a HashiCorp commercial product. For example, this definition would include hosting or embedding Terraform as part of a solution that is sold competitively against our commercial versions of Terraform. By contrast, products that are not sold or supported on a paid basis are always allowed under the HashiCorp BSL license because they are not considered competitive.

I'm all for open source. I've written some myself years ago. But I don't view open source as freeware. Say I create widgets that I give out for free. I also have a paid support plan that gives you support should something go wrong (businesses often like to have someone to hold to the fire if something goes wrong with a piece of equipment or software or whatever my widget turns out to be).

You can take my widget and do whatever you want with it. You modify it at your own risk. The worst that could happen is you break it and you simply come to me and get a new free widget and go on your way. You can even submit your mods back to me for consideration for inclusion in a future version of my widget.

What I would be less happy about is if someone took my free widget and turned around and started giving them away and selling their own support plans, of which I get no money from. I do want to make money off of my widgets and the paid support plans is part of that. But if someone else who I don't know and have no kind of relationship with starts taking my actual widgets and making money off of them without me being compensated in any way, why would I even make the widgets and give them out for free in the first place?

Those who are unhappy with my views can, of course, take my widget, "fork it" and start their own line of widgets that may or may not continue to share similarities with mine, and do their own thing. And in this case that is what someone has done. Its one of the things that open source allows. Its why we have many software products that are forks of others that have become mostly closed source.

I also read in the FAQ reference above is that code changes made by HashiCorp will eventually be made open source under the MPLv2. It could take up to 4 years (not disagreeing that is a long time in software development terms), which gives HashiCorp a leg up to capitalize on their own changes before the code is made open source. But HashiCorp does need to look after their own financials, as no one works for free.

BSL is an alternative to closed source or open source licensing models. Under BSL, the source code is publicly available. Non-production use of the code is always free, and the licensor can also make an Additional Use Grant allowing production use under specific restrictions. Source code is guaranteed to become open source at a certain point in time. On a specified Change Date, or the fourth anniversary of the first publicly available distribution of the code under the BSL, whichever comes first, the code automatically becomes available under the Change License. Our current Change License for HashiCorp projects

Re:

[rta]

What you're describing has been a tension in OpenSource as long as its existed, and to some degree it IS weird how much of our modern computing world is based on basically volunteer work.

That said, all of the projects currently under discussion here, are new enough that they already knew what they were getting into.

What rubs me the wrong way about the recent trend is that these companies kind of do the OSS thing for a while to get traction and then once they get adoption they start the extortion because the

Re:

[gweihir]

"This pattern erodes trust. Rather than thinking Open Source projects are started in good faith, developers will start to expect that projects will only be open source during the early stages of development and when, if successful, they will transition to be fully or partially proprietary software. This would be a massive loss for the industry as a whole."

Indeed. And that is why what HashiCorp is doing is really bad for everyone. I hope the "fork" is a success.

Re:

[drinkypoo]

I'm all for open source. I've written some myself years ago. But I don't view open source as freeware.

Since "open source" only means the source code is accessible, it doesn't always mean freeware. That depends on the specific open source code license. But sometimes, it does mean that, and more. And when it doesn't, intelligent people avoid it because they want to avoid lock-in. Hence FreeDOS > OpenDOS, for example.

I often hear people say that open source means free as in free. They can take something that someone else wrote and released under some open source license and turn around and profit off of the work without a thought about the copyright holder.

If the copyright holder chooses to use an open source license like BSD or MIT then their intent was clearly to give away the code for any use purpose. They had the option to use a Free Software

Re:

[gweihir]

The extreme problem with the license is that it ties you to HashiCorp. If their offering becomes worse (and there are apparently signs of that happening), you are locked in and that is what they intend. Not good at all.

Re:

[coofercat]

I read (some of) the same, and arrived at roughly the same conclusion: For now at least, Terraform is perfectly fine to use.

However, now OpenTF is becoming a thing, I'd be inclined to want to use that for new projects (I haven't checked it's readiness - assuming it's workable, obviously). I feel like Hashicorp will try to differentiate themselves by adding features or messing with things, specifically to "screw" open-tf - and in the process, most likely the users as well. OpenTF at least insulates you from

blabla

[carnivore302]

"Terraform, arguably the most popular Infrastructure as Code products,"

Never heard of it.

Re:

[gweihir]

That is because you have no clue about that space.

In essence HashiCorp says they cannot compete

[gweihir]

They are saying "we cannot compete on merit", because that is what a good FOSS company does: Publish everything, allow competitors to use it commercially (as long as what they do stays FOSS), but retain business by offering better services and support than those competitors.

Probably time to move away from HashiCorp offerings, they seem to want to make them worse and more expensive. Obviously the "fork" has better value and it looks like that will get more and more pronounced over time.

Re:

[mitchy]

I read "we don't want Amazon to give us the Elastic treatment, and this is the only option we got at the moment."

Corporations need to make money

[IceManNCSU]

They are a publicly traded company and have a responsibility to make money for their investors first and foremost. https://www.google.com/finance... [google.com]