HashiCorp's new license is still open source-ish, just with less free lunch
Software house transitions to BSL, and fundies are furious
HashiCorp, the vendor of Vagrant, Terraform, and a number of other deployment-automation tools, is changing its software license to the Business Source License. You can still get the source code, but it's not technically FOSS any more.
The announcement came out yesterday from co-founder and CTO Armon Dadgar, who The Reg interviewed a year ago. Indeed, we've been following the company's funding as early as 2016. HashiCorp is probably best known for its Terraform infrastructure-as-code tool, which The Reg attempted to demystify in 2017. It's also behind Vagrant, which The Reg FOSS Desk has described more recently.
The Business Source License – the BUSL or BSL for short, and HashiCorp uses one abbreviation in the announcement and the other in its source code – was the creation of MariaDB, another company walking the tightrope between open source and making money. HashiCorp is at pains to point out that it's not alone in this:
With this change we are following a path similar to other companies in recent years. These companies include Couchbase, Cockroach Labs, Sentry, and MariaDB, which developed this license in 2013. Companies including Confluent, MongoDB, Elastic, Redis Labs, and others have also adopted alternative licenses that include restrictions on commercial usage.
The gist of HashiCorp's BSL is that the software's source code remains freely available, and you're granted "the right to copy, modify, create derivative works, redistribute, and make non-production use." Note the restriction about use in production.
Here's where it gets a little squirrelly: you "may be" granted the right to use the code in production provided you don't compete with HashiCorp. The exact wording is:
You may make production use of the licensed work, provided such use does not include offering the licensed work to third parties on a hosted or embedded basis which is competitive with HashiCorp's products.
If these terms prevent you from using HashiCorp's source, you have to purchase a special "commercial license."
That all said, after a cut-off period called the Change Date, the source code to that specific version automatically reverts to a full FOSS license of the company's choice. If the vendor doesn't specify a Change Date, then this happens after four years, so it still becomes FOSS even if the company goes belly-up – or the author gets run over by a bus or something.
The move has been controversial to say the least. The bunfight on Hacker News is still growing with some harsh words. Joe Duffy, founder and CEO of rival infrastructure-as-code vendor Pulumi, said:
The blog post is disingenuous. We tried many times to contribute upstream fixes to Terraform providers, but HashiCorp would never accept them. So we've had to maintain forks. They lost their OSS DNA a long time ago, and this move just puts the final nail in the coffin.
- MariaDB CEO: People who want things free also want to have very nice vacations
- Want to know the future of FOSS? You can look it up in a database
- Open source biz sick of FOSS community exploitation overhauls software rights
- Give 'em SSPL, says Elastic. No thanks, say critics: 'Doubling down on open' not open at all
There have been some approving comments: Avi Press, CEO of open source monitoring organization Scarf, tweeted: "HashiCorp has set a good bar for how to do a BSL switch smoothly. No misnaming anything, no attacks, just a difficult business decision carefully communicated. They are a well-meaning group of people who have shown they do care about OSS, whether or not you like their decision."
While OpenUK's Amanda Brock said: "The statements about BUSL are sadly open washing.
"It would be wrong to suggest these two ever intended a 'bait and switch' but they have indeed switched away from open source. The pressure of enabling their competitors with their innovations – an inevitability of open source – did not align with the need to generate share holder value.
"There's almost a bigger question here – how much money is enough? Is a lot of money with others generating a lot of money too a reason to stop?"
HashiCorp has an FAQ about its licensing policies, but we suspect it will not assuage the ire of many of its users. ®