HashiCorp’s Licensing Change is only the Latest Challenge to Open Source

It’s an inconvenient truth of the Internet age that everything that makes the modern world possible – smartphones, video game consoles, cloud computing, even the Mars Ingenuity helicopter – is powered on some level by open source software.

That software is often built by dozens, hundreds, sometimes even thousands of developers working in concert from around the world, usually with no expectation of compensation and very little public recognition. And yet, the code that they create has gone on to appear in commercial products that can generate millions or billions for their parent company.

Some see that gulf between value created and value captured as a necessary and acceptable side-effect to all the good that open source brings to the world: Philosophically speaking, the benefits of having free code that’s simultaneously owned by everybody and nobody outweigh the inevitable frustration of one of the Internet giants using that code for their own gain.

But over the last few years, a new perspective has been gaining ground, particularly among those companies that have built their entire business on building open source software. While the details differ from case to case, the upshot remains the same: Open source companies are putting limits on how their code can be used, in the name of protecting their revenue streams.

The latest example has been the brouhaha over the future of Terraform, the popular Infrastructure as Code tool. HashiCorp, creator of Terraform, recently announced its decision to switch up the software’s license. Rather than the Mozilla open source Mozilla Public License v2.0 (MPL 2.0), under which it’s been available since 2014, Terraform is now under the Business Source License (BSL) v1.1 – which is considered “source-available,” not open source in any traditional sense. In response, the Terraform community on Friday announced OpenTF, a fork of Terraform born of frustration with HashiCorp’s decision.

So how did we get here, in a place where open source software companies find themselves at odds with their own communities? The answer, as almost always, is to follow the money.

No Such Thing as a Free Lunch

The concept of open source, as codified in the Open Source Initiative’s official Open Source Definition, is very clear that it “doesn’t just mean access to the source code.” Among other things, being “open source” also means allowing end-users to tweak and modify that source code according to their needs and put it into production – without violating anyone’s copyright.

That element has proven to be a double-edged sword for the open source community. It means that corporate users are much more likely to adopt open source software, because by definition they can use it, tweak it, scale it, and even use it to build commercial products, without fear of a licensing audit or intellectual property lawsuit.

On the other hand, though, it gives full license for companies – particularly major cloud providers like Amazon Web Services or Alibaba Cloud – to take open source code, tweak it, and sell it to their own customers for cash. As the global cloud market only gets larger by the day, the addressable market for those open source-based products only grows, and their revenue alongside it.

For many volunteers working on open source projects, this dynamic has led to increased stress and burnout, as they get paid nothing to do the vital work of supporting the code that underpins so much of the modern Internet. Some have called on the larger companies to do more and supply more resources to open source, even as platforms like GitHub Sponsors and Ko-fi have emerged to help developers crowdfund financial support for their work.

At the corporate level, a similar sentiment has slowly but surely been taking hold. The current moment in open source really started in 2018, when MongoDB and Redis Labs added new terms to their licensing agreements that restricted the ability to resell their code. Several others followed suit, including Cockroach Labs, Confluent, and Sentry. Notably, in so doing, Sentry created the Business Source License (BSL) that HashiCorp just adopted for Terraform.

A Battle of Philosophies

The discourse around these topics has become, ultimately, a philosophical battle between those who believe that the integrity of open source is more important than anything else, and those who see the business case for being more cautious with how software is licensed.

For instance, the biggest blow-up around open source in recent memory was Red Hat’s decision to make the source code of its flagship Red Hat Enterprise Linux operating system available only to paying customers.

The move was met with hostility from many: For the decades leading up to its $34 billion acquisition by IBM, Red Hat had been held up as the shining example of how to build a massive business without sacrificing the ideals of open source. Red Hat, in response, framed the decision as a necessary one to protect the future of RHEL, particularly to hamper rivals like Oracle and SUSE from taking its code and building their own Linux distros with it.

HashiCorp’s rationale for making its licensing changes are similar to Red Hat’s.

“There are other vendors who take advantage of pure OSS models, and the community work on OSS projects, for their own commercial goals, without providing material contributions back. We don’t believe this is in the spirit of open source. As a result, we believe commercial open source models need to evolve for the ecosystem to continue providing open, freely available software,” wrote HashiCorp co-founder and CTO Armon Dadgar in a blog post.

Critics charge that the publicly-traded HashiCorp’s financials show strong growth, undermining the notion that this move was strictly necessary for the future of the business.

Either way, it continues to be a tough situation with no easy answers: Open source was, is, and will always be integral to the internet economy. But it’s also true that it’s hard to make money with free software. The open source community will continue to push and pull in all of these directions until a suitable middle ground is reached. In the meanwhile, however, the licensing waters remain surprisingly turbulent.