Well, that was awkward. In July I wrote about shifts in the open source licensing landscape, arguing, “It’s not that open source doesn’t matter, but rather it has never mattered in the way some hoped or believed.” The furious backlash was sanctimonious and condemning. But, according to HashiCorp last week, it was also wrong.
For those who missed it, HashiCorp changed the license for its popular open source projects like Terraform and Vault to the Business Source License (BSL). The reason? To push back against “vendors who take advantage of pure [open source] models, and the community work on [open source] projects, for their own commercial goals, without providing material contributions back.” In other words, they needed to block free riders so that they could continue to invest in their products. As they conclude, such free riding isn’t “in the spirit of open source.”
Except that it is.
Every single one of us—including every company on earth—is an open source free rider. That’s nothing new; Tim O’Reilly called it out way back in 2009. But what HashiCorp and other “open source businesses” are trying to do is not to eliminate free riding, but rather to make it a bit less injurious to their ability to invest in the underlying code. For those who think licensing isn’t the answer to this problem, I’ll explain, while also pointing to the opportunity for cloud vendors such as AWS to further their own self-interest while helping the HashiCorps of the world.
Et tu, Hashi?
It used to be easy to pillory companies like Elastic or MongoDB (Disclosure: I work for MongoDB but, fuller disclosure, I’ve been writing about this topic for more than 20 years, far longer than I’ve worked for MongoDB.) as being pillaging profit-seekers, trading in open source for a buck when they changed their licenses. This was always a superficial and somewhat silly argument because it didn’t probe the why of such decisions. After all, as RedMonk analyst Steve O’Grady highlights, it’s not obvious that changing licenses has helped, at least in Elastic’s case, and actually may have hurt its revenue. (Serial open source executive Zack Urlocker disagrees with O’Grady’s assessment, but O’Grady’s is absolutely a fair critique.)
So why do it? These are monumental decisions made at the board level of fast-growing public companies. Why on earth would anyone do something as momentous as fundamentally change the software license that paved the way to a company’s success?
To understand this, it’s worth going back to a seminal blog post written by former AWS engineering executive Tim Bray. Bray starts, “In AWS engineering, we develop stuff and we operate stuff. I think the second is more important.” That focus on operations undergirds a cloud business that generates more than $80 billion each year. It has driven AWS to launch cloud services around Linux, MySQL, and pretty much every popular open source project, all in the name of removing the “undifferentiated heavy lifting” of managing infrastructure for its customers.
This operational success, however, is often at odds with the people who create the software in the first place, something Bray acknowledges: “The qualities that make people great at carving high-value software out of nothingness aren’t necessarily the ones that make them good at operations.” And vice versa. It’s telling that the vast majority of open source projects that AWS monetizes are built by others. Yes, as I’ve written, AWS is getting better at partnering. The real question is why.
Et tu, AWS?
Of course, I should stress that AWS is not the only cloud vendor implicated in HashiCorp’s (or others’) moves. But it is the biggest cloud vendor and has traditionally been the worst at partnering due to a poor application of its own Leadership Principles, as I’ve written.
Not many years ago, AWS made the wrong kind of headlines, accused by The New York Times for “strip-mining open source.” This was never really true, but it wasn’t completely false, either. Product teams, searching for ways to obsess over customers, looked for open source projects upon which their customers depended, but which needed AWS’ operational love. In so doing, however, those same teams often ignored the longer-term implications of pulling money out of open source projects without giving cash or code back. This not only led to mounting technical debt, but it also exposed AWS (and their customers) to supply chain risk: AWS could build a service around, say, Elasticsearch, but what would happen if Elastic changed its license to try to right the balance a bit?
Several corporate license changes later, that supply chain risk gets more pronounced every day. But there’s also a very positive side to such changes. A change in license shifts the dynamic between the cloud vendor and the software creator. Why? Remember: AWS (and other clouds) are under no moral obligation to contribute cash or code back to the projects upon which they depend, as I wrote way back in 2011. That’s not an open source requirement.
What I’ve personally seen, both while I worked at AWS and now as a partner to AWS, is license shifts like HashiCorp’s still yield “broadly permissive use of our source code,” which helps developers, while forcing the cloud vendors to enter into meaningful partnerships. These partnerships, in turn, help developers because they encourage the clouds to give their customers what those customers really want (e.g., “full-fat” MongoDB rather than an “expired skim milk” version of the same).
Getting over the rainbow
“But it’s not open source!” you protest. As I wrote in July, this does not acknowledge what developers (and companies) have most wanted when they sought out open source: free, easy access to great software. For that, HashiCorp writes, “End-users can continue to copy, modify, and redistribute the code for all noncommercial and commercial use, except where providing a competitive offering to HashiCorp.” How many companies (or developers) will run afoul of that “commercial use” exception? I can count the companies on one hand, and each one will now become a much better partner to HashiCorp because they no longer have the choice.
This is what HashiCorp’s license change is all about. No one in the company would have been excited to change the license. But it’s also not really about open source; rather, it’s about giving HashiCorp more leverage with the cloud vendors to encourage them to do what is in the best interests of their customers anyway: partner to give customers improved access to great software such as Terraform, Consul, and Vagrant, without the risk of the development well (HashiCorp) drying up. Yes, it would have been great if all this could have been done while keeping the open source license, but we don’t live in a world of open source unicorns and rainbows. This is realpolitik, and it will help all involved: HashiCorp, developers, customers, and partners such as AWS, Google, and Microsoft.
Copyright © 2023 IDG Communications, Inc.