Software

HashiCorp's new license is still open source-ish, just with less free lunch

Software house transitions to BSL, and fundies are furious


HashiCorp, the vendor of Vagrant, Terraform, and a number of other deployment-automation tools, is changing its software license to the Business Source License. You can still get the source code, but it's not technically FOSS any more.

The announcement came out yesterday from co-founder and CTO Armon Dadgar, who The Reg interviewed a year ago. Indeed, we've been following the company's funding as early as 2016. HashiCorp is probably best known for its Terraform infrastructure-as-code tool, which The Reg attempted to demystify in 2017. It's also behind Vagrant, which The Reg FOSS Desk has described more recently.

The Business Source License – the BUSL or BSL for short, and HashiCorp uses one abbreviation in the announcement and the other in its source code – was the creation of MariaDB, another company walking the tightrope between open source and making money. HashiCorp is at pains to point out that it's not alone in this:

With this change we are following a path similar to other companies in recent years. These companies include Couchbase, Cockroach Labs, Sentry, and MariaDB, which developed this license in 2013. Companies including Confluent, MongoDB, Elastic, Redis Labs, and others have also adopted alternative licenses that include restrictions on commercial usage.

The gist of HashiCorp's BSL is that the software's source code remains freely available, and you're granted "the right to copy, modify, create derivative works, redistribute, and make non-production use." Note the restriction about use in production.

Here's where it gets a little squirrelly: you "may be" granted the right to use the code in production provided you don't compete with HashiCorp. The exact wording is:

You may make production use of the licensed work, provided such use does not include offering the licensed work to third parties on a hosted or embedded basis which is competitive with HashiCorp's products.

If these terms prevent you from using HashiCorp's source, you have to purchase a special "commercial license."

That all said, after a cut-off period called the Change Date, the source code to that specific version automatically reverts to a full FOSS license of the company's choice. If the vendor doesn't specify a Change Date, then this happens after four years, so it still becomes FOSS even if the company goes belly-up – or the author gets run over by a bus or something.

The move has been controversial to say the least. The bunfight on Hacker News is still growing with some harsh words. Joe Duffy, founder and CEO of rival infrastructure-as-code vendor Pulumi, said:

The blog post is disingenuous. We tried many times to contribute upstream fixes to Terraform providers, but HashiCorp would never accept them. So we've had to maintain forks. They lost their OSS DNA a long time ago, and this move just puts the final nail in the coffin.

The Reg reported on HashiCorp's slow response to contributions just a few months before its very successful IPO raised one and a quarter billion bucks.

There have been some approving comments: Avi Press, CEO of open source monitoring organization Scarf, tweeted: "HashiCorp has set a good bar for how to do a BSL switch smoothly. No misnaming anything, no attacks, just a difficult business decision carefully communicated. They are a well-meaning group of people who have shown they do care about OSS, whether or not you like their decision."

While OpenUK's Amanda Brock said: "The statements about BUSL are sadly open washing.

"It would be wrong to suggest these two ever intended a 'bait and switch' but they have indeed switched away from open source. The pressure of enabling their competitors with their innovations – an inevitability of open source – did not align with the need to generate share holder value.

"There's almost a bigger question here – how much money is enough? Is a lot of money with others generating a lot of money too a reason to stop?"

HashiCorp has an FAQ about its licensing policies, but we suspect it will not assuage the ire of many of its users. ®

Send us news
25 Comments

AT&T sues Broadcom for 'breaking' VMware support extension contract

Telco giant slams silicon-and-software shop for trying to bully it into buying software it doesn't want or need, at huge prices

OneFileLinux: A tiny recovery distro that fits snugly in your EFI system partition

The kind of thing the big names should be doing instead of working with proprietary vendors

GNU screen 5 proves it's still got game even after 37 years

First major version in two decades is worth getting to know

Defense AI models 'a risk to life' alleges spurned tech firm

Chatterbox Labs CEO claims Chief Digital and Artificial Intelligence Office unfairly cancelled a contract then accused him of blackmail

Upgrading Linux with Rust looks like a new challenge. It's one of our oldest

From the crooked timber of humanity, no straight thing was ever built. Not even a kernel

FTC urged to stop tech makers downgrading devices after you've bought them

Some brick devices they'd rather not support, kill apps that drive functions, or add post-sale subscriptions

Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack

CISA wants you to leap on Citrix and Ivanti issues. Adobe, Intel, SAP also bid for patching priorities

Amazon congratulates itself for AI code that mostly works

Web services souk celebrates 'leader' designation for Q Developer

Rust for Linux maintainer steps down in frustration with 'nontechnical nonsense'

Community seems to C Rust more as a burden than a benefit

Google says replacing C/C++ in firmware with Rust is easy

Not so much when trying to convert coding veterans

If every PC is going to be an AI PC, they better be as good at all the things trad PCs can do

Microsoft's Copilot+ machines suck at one of computing's oldest use cases

Mind the talent gap: Infosec vacancies abound, but hiring is flat

ISC2 argues security training needs to steer toward what hiring managers want