HashiCorp's new license is still open source-ish, just with less free lunch

Software house transitions to BSL, and fundies are furious

HashiCorp, the vendor of Vagrant, Terraform, and a number of other deployment-automation tools, is changing its software license to the Business Source License. You can still get the source code, but it's not technically FOSS any more.

The announcement came out yesterday from co-founder and CTO Armon Dadgar, who The Reg interviewed a year ago. Indeed, we've been following the company's funding as early as 2016. HashiCorp is probably best known for its Terraform infrastructure-as-code tool, which The Reg attempted to demystify in 2017. It's also behind Vagrant, which The Reg FOSS Desk has described more recently.

The Business Source License – the BUSL or BSL for short, and HashiCorp uses one abbreviation in the announcement and the other in its source code – was the creation of MariaDB, another company walking the tightrope between open source and making money. HashiCorp is at pains to point out that it's not alone in this:

With this change we are following a path similar to other companies in recent years. These companies include Couchbase, Cockroach Labs, Sentry, and MariaDB, which developed this license in 2013. Companies including Confluent, MongoDB, Elastic, Redis Labs, and others have also adopted alternative licenses that include restrictions on commercial usage.

The gist of HashiCorp's BSL is that the software's source code remains freely available, and you're granted "the right to copy, modify, create derivative works, redistribute, and make non-production use." Note the restriction about use in production.

Here's where it gets a little squirrelly: you "may be" granted the right to use the code in production provided you don't compete with HashiCorp. The exact wording is:

You may make production use of the licensed work, provided such use does not include offering the licensed work to third parties on a hosted or embedded basis which is competitive with HashiCorp's products.

If these terms prevent you from using HashiCorp's source, you have to purchase a special "commercial license."

That all said, after a cut-off period called the Change Date, the source code to that specific version automatically reverts to a full FOSS license of the company's choice. If the vendor doesn't specify a Change Date, then this happens after four years, so it still becomes FOSS even if the company goes belly-up – or the author gets run over by a bus or something.

The move has been controversial to say the least. The bunfight on Hacker News is still growing with some harsh words. Joe Duffy, founder and CEO of rival infrastructure-as-code vendor Pulumi, said:

The blog post is disingenuous. We tried many times to contribute upstream fixes to Terraform providers, but HashiCorp would never accept them. So we've had to maintain forks. They lost their OSS DNA a long time ago, and this move just puts the final nail in the coffin.

The Reg reported on HashiCorp's slow response to contributions just a few months before its very successful IPO raised one and a quarter billion bucks.

There have been some approving comments: Avi Press, CEO of open source monitoring organization Scarf, tweeted: "HashiCorp has set a good bar for how to do a BSL switch smoothly. No misnaming anything, no attacks, just a difficult business decision carefully communicated. They are a well-meaning group of people who have shown they do care about OSS, whether or not you like their decision."

While OpenUK's Amanda Brock said: "The statements about BUSL are sadly open washing.

"It would be wrong to suggest these two ever intended a 'bait and switch' but they have indeed switched away from open source. The pressure of enabling their competitors with their innovations – an inevitability of open source – did not align with the need to generate share holder value.

"There's almost a bigger question here – how much money is enough? Is a lot of money with others generating a lot of money too a reason to stop?"

HashiCorp has an FAQ about its licensing policies, but we suspect it will not assuage the ire of many of its users. ®

Send us news

Terraform fork OpenTF renamed and relocated as OpenTofu

Open wide!

GNU turns 40: Stallman's baby still not ready for prime time, but hey, there's cake

It turned the software industry upside down regardless

The Pentagon has no idea how to deal with bad cloud contracts, say auditors

Terrible IT practices at the DoD? You don't say

NixCon drops Palmer Luckey's AI combat drone maker Anduril as sponsor due to military ties

NixOS event organizers say community unhappy about funding from Pentagon contractor

Getting to the bottom of BMW's pay-as-you-toast subscription failure

Fuming customers steamed as they'd already paid luxury prices

California governor vetoes bill requiring human drivers in robo trucks

Route 404: Human driver requirement not found

Beneath Microsoft's Surface event, AI spreads everywhere

Windows gets its own Copilot to help operate the operating system – Edge, Bing, Outlook, 365 not spared, either

US Trademark Office still wants to keep faxes, but is willing to try this cloud thing

Finally, we've arrived in the future

Unity apologizes, tweaks runtime install fees after gaming world outrage

Is this the engine maker's final continue?

Mastodon makes a major move amid Musk's multiple messes

Federated social network adds n00b-friendly features to the 'Fediverse'

Signal adopts new alphabet jumble to protect chats from quantum computers

X3DH readied for retirement as PQXDH is rolled out

Linux distros drop their feelgood hits of the summer

A quiet period for the IT industry is a good time to rebuild and refresh, apparently