[HN Gopher] HashiCorp Did It Backwards ___________________________________________________________________ HashiCorp Did It Backwards Author : galenmarchetti Score : 32 points Date : 2023-09-05 21:50 UTC (1 hours ago) (HTM) web link (galenmarchetti.substack.com) (TXT) w3m dump (galenmarchetti.substack.com) | pacifika wrote: | One is best not to make any decisions on how something will be in | the future. This goes for pre ordering games, to buying software | licenses, to opensource contributions. | | People contributed to the software as it was licensed then, and | this software is still available under the open source license | and can't be taken away. Unfortunately that gives no guarantees | about future versions or versions that never got made. | galenmarchetti wrote: | 100% agreed with you...would be safest for everyone to take | this stance going forward. I do think, and I could be wrong, | that not everyone realized that the licensing worked this way. | Or had their guard up when contributing. I think that's the | issue...perhaps their fault, perhaps not, but I see the issue. | | I wonder if this will be an example moving forward that people | keep in mind when contributing to any OSS project | elashri wrote: | Doesn't this mean that people will be more cautious and less | likely to contribute on the long run? I mean that feels like | it is against the spirit of open source movement. And yes I | realize that this is idealistic position and the legal | aspects gets the upper hand at the end. I just wish things | didn't go this way. | wbl wrote: | Well it does if your contributions are made under the GPL and | not transfered via a CLA. | JonChesterfield wrote: | If they started out openly proprietary, they wouldn't have got | the same level of contributions from people outside the | organisation, and wouldn't have reached the current popularity. | | Hashicorp did it the right way round. Open source, friendly, rug | pull, profit, obsolete, forgotten. | galenmarchetti wrote: | haha...fair point! | | One thing that I've been curious to see, and not sure if anyone | has done it yet, is a quantification of contribution to | Terraform, comparing amount of work done from external | contributors to the work done by Hashicorp-internal | contributors. | | I know it's hard to make the comparison of what is "harder" | work or "more" work in a software project from looking at | commits alone, but would be interesting to see nonetheless. | tux1968 wrote: | It's not just the work donated via the open source channel, | it's also the associated credibility, enthusiastic coverage | and referrals, and general good will, that accrues to such a | project. None of which they would have enjoyed had they been | a private project. | galenmarchetti wrote: | definitely...and they get to keep that credibility and | coverage. at least, as long as this move didn't totally | alienate the folks that got on terraform back then | eatonphil wrote: | Well they didn't do it backwards compared to at least some subset | of peers. Cockroach: Apache -> BSL | https://www.cockroachlabs.com/blog/oss-relicensing-cockroachdb/ | Mongo: AGPLv3 -> SSPL https://techcrunch.com/2018/10/16/mongodb- | switches-up-its-open-source-license/ Elasticsearch: | Apache -> SSPL https://www.elastic.co/blog/licensing-change | MariaDB (I think): ? -> BSL https://mariadb.com/bsl-faq-mariadb/ | | I am sure there are more I'm forgetting. | galenmarchetti wrote: | this is a great point...further down the comments, an OpenTF | maintainer made a great point that all of these services are | "backend hostable" services. Terraform doesn't even have a | backend service component...Terraform Cloud does, but not | Terraform itself. | | I didn't contemplate this when writing the article but it seems | like this might be a pretty big factor in the reaction to the | change. At least to my memory, I don't remember as strong as a | pushback from any of these companies changing their licenses | eatonphil wrote: | > I don't remember as strong as a pushback from any of these | companies changing their licenses | | The Elasticsearch backlash was big for what it's worth, both | privately inside companies and publicly (AWS forked it). | galenmarchetti wrote: | ah wow...I guess that begs the question, "will this just | blow over". As far as I can tell Elasticsearch continues to | do well and is more or less in the clear (could be wrong) | gobins wrote: | This is probably going to get a lot flake but what did we expect | when big tech started eating up open source solutions and | competing with the companies who started the work . MongoDB and | AWS is a good example. Hashicorp probably realised that they | should preemptively change the licensing before bigger players | started using the products to directly compete with them. | | I want Hashicorp to survive and be profitable. Fact is, for the | majority of the users who use terraform, the change in licensing | does not impact them. | galenmarchetti wrote: | True...it's just difficult to draft a license that says | something along the lines of "If you're Big Tech, we have the | right to go after you, if you're small startup, you're safe". | | I think there's a swath of Terraform users (likely minority) | who find themselves in a legal gray area, or a legal black-and- | white area, where they're directly at risk. Even if Hashicorp | never intended to target small startups with this, the wording | of the license unfortunately applies and is enough to make | anyone nervous. | | I think MongoDB had a similar issue when they went source- | available, they seemed to intend to only protect themselves | from big tech but unfortunately a lot of smaller players got | spooked. I think (?) it's fine now though | woah wrote: | yea, that makes all the difference. If it was almost all | Hashicorp, the open source was a marketing gimmick and I | don't blame them for not risking the entire business on it. | If there was heavy involvement from external contributors, | then removing open source is more of a rug pull. | solomatov wrote: | > True...it's just difficult to draft a license that says | something along the lines of "If you're Big Tech, we have the | right to go after you, if you're small startup, you're safe". | | Take a look at the license of LLAMA2 by FB. It has a clause | just like this. I.e. limit by number of users. | galenmarchetti wrote: | wow, didn't know about this. very cool + would be | interesting to see this in more places. Just checked it | out. for those lazy: | | "If, on the Llama 2 version release date, the monthly | active users of the products or services made available by | or for Licensee, or Licensee's affiliates, is greater than | 700 million monthly active users in the preceding calendar | month, you must request a license from Meta, which Meta may | grant to you in its sole discretion, and you are not | authorized to exercise any of the rights under this | Agreement unless or until Meta otherwise expressly grants | you such rights." | arianvanp wrote: | AGPL it. | | Big tech hates it and bans it outright. Which means it's the | correct choice. | Znafon wrote: | It's not just big tech that hates AGPL. If Terraform was | under AGPL a lot of companies might have to release their | source code as AGPL too because of its virality. Where it | stops is not exactly clear from the license. | jen20 wrote: | Where AGPL stops is actually very well defined. | firesteelrain wrote: | I don't really care what license they use. It gets the job done. | izalutski wrote: | Yep, backwards they did | | (Disclosure: I'm from Digger and OpenTF so am biased) | | Hashi's biggest miscalculation is that they put Terraform (an | open language / ecosystem) into the same bucket as Vault and | Consul, which are hostable backend applications. | | BSL makes sense for Vault, just like it does for MongoDB. It is | reasonable to prevent others from charging for hosting your code. | | But with Terraform, the backend part (TF Cloud) was never even | open source. And it's not required for Terraform to work. | | Hashi shot themselves in the foot. Unlike with Vault or Consul, | there is enormous vested interest in the community to keep | Terraform truly open. Hashi trying to enforce everyone to use | their non-oss backend with it will only result in Hashi losing | the privileged (and well deserved) position among providers of | commercial products in the Terraform ecosystem. | galenmarchetti wrote: | this is a great point. I've been following your work decently | closely but this is the first time I thought about the | "hostable" vs "non-hostable" differentiation. And thinking more | deeply on it, of course it matters. There's a pretty big | distinction and, naively, perhaps their attempt to protect TF | Cloud with this doesn't even accomplish what they intended for | it to accomplish. If the backend part is the thing...that was | never even in contention, anyway. If this is the case, they | only managed to hurt the community. | wmf wrote: | 1. The elephant in the room here is VCs that pushed unsustainable | pure open source or open core business models during ZIRP. You | can't do it right from day one if your investors are pushing you | the opposite direction. | | 2. People keep talking about community contributions but hasn't | Hashicorp rejected all contributions for years? | galenmarchetti wrote: | would love to know a definitive/quantitative answer for #2, for | sure. I do think it makes a difference when it comes to the | "backstabbing" implications of the change ___________________________________________________________________ (page generated 2023-09-05 23:00 UTC)