Yes. Worse than that, they changed to a license that prevents companies to use their product freely - if they chose some "cloud protection license" that simply handicaps possible competitors to their commercial offwrings, this fork would probably not happen, or at least it wouldn't have such momentum.
They really didn't. They changed it to prevent companies from building commercial products around terraform, which is what you've suggested as a cloud protection license.
Companies that use terraform to manage their infrastructure are not practically impacted in any way, except by this OpenTF effort (which I don't personally oppose either!) which will create a schism and leave us with competing tools that are not quite interoperable over time (thinking about ZFS/OpenZFS, MySQL/MariaDB, etc.).
It isn't the AGPL, but I am just sort of stunned at the uproar around this. Is Hashicorp supposed to just shrug and clap while a competitor takes (primarily) their work and competes with them using it? That's what the MPL allows, and they don't want to do that anymore, so they... changed the license to protect their interests. What do you expect them to do?
That’s a hot take. Considering their repos has thousands more contributors than they have had employees, ever. Giving the middle finger to literally thousands of people who have contributored to the Hashi core projects, not including the tens of thousands that have contributed to the plugin ecosystem. Many doing it on company time. Many more doing it for free in their spare time. Millions of dollars worth of contributions in developer time over the last 7+ years. That Hashicorp didn’t have to pay a penny for.
Also, I haven't read a lot about this, but I would be very surprised if the Spacelifts of the world could not work out a licensing arrangement.
The actual license at https://www.hashicorp.com/bsl says "provided such use does not include offering the Licensed Work to third parties on a hosted or embedded basis which is competitive with HashiCorp's products." To me this sounds like a self-hosted version of something could still work with terraform, and you just have to provide the binary yourself vs. it being pre-packaged. IANAL; it would be pretty shitty if they started going after products that support terraform as a tool that way.
Well that does suck. I would also wonder if that's a legal battle they would win.
I've never used Spacelift, etc. so I may be off base with the comparison. But I think about them like specialized CD tools that do nice things with/for terraform. Their value is that you don't have to implement these nice integrations yourself in e.g. Jenkins.
So replace Spacelift with Jenkins. There are some community plugins that idk, facilitate reporting plan impact from code changes. Is Cloudbees now in violation of Hashicorp's license?
It would kind of make sense though? When part of the product you are selling is made and supported by someone else, don't they deserve a part of your income?
I know that FOSS works differently, but that's also the reason why a lot of open source software is of questionable quality. When the development becomes a burden (is not fun anymore) and nobody is compensated, why would someone waste their time on it? Good will only goes that far.
Not suggesting that proprietary software is without faults, but maybe such licenses are a good comprise?
You certainly have to appreciate the irony of Hashi calling others freeloaders, having integrated Open Policy Agent into TFC/TFE and contributing nothing in exchange.
It's also ironic that most of the companies supporting OpenTF have closed-source products, yet they demand that HashiCorp keep their products open source.
env0 founder here, and core member in the OpenTF initiative. Thank you for your note. I wanted to mention that indeed env0 enjoyed Terraform being free, but also contributed back to the Terraform ecosystem, with github.com/env0/terratag OSS and TheIaCPodcast.com for education. Also important to mention another and probably a more important key member in the OpenTF initiative - Gruntwork, creators of Terragrunt and Terratest. I believe we all contributed nicely to the community, especially compared to our size / being small compared to Hashi. Just my 2 cents, in order to add a bit more context to "companies supporting OpenTF have closed-source products".
The core of every HashiCorp product is/was OSS. None of Spacelift is OSS, for example.
I’m not claiming it’s not the same monetization model, but with endless talk from these companies about the commitment to OSS and the virtues of OSS and the benefits HashiCorp has and would continue to receive by keeping their code OSS - it’s just ironic to see most of these companies have no open source code and aren’t actually willing to commit to an OSS model.
I can't say I'm familiar with the other companies/their tools but I assume they're all somewhat nebulous to terraform - did they not try to contribute back to hashicorp terraform?
In the TF scenario specifically it seems like it would have been smarter for hashicorp to open the core oss project to some outside contributors more directly (potentially moving to a different "ownership" on GH).
Maybe they'll relent and throw support behind the new project. Who knows.
Two sources (mariadb and fossa.com) claim that by BSL any production use requires a different (commercial) licence, while HashiCorp's explanation [0] indeed tells that there is no change except for those providing competitive offerings (I'll take their word for it). Which seems... more than fair? Not sure what the uproar is about either, if anything, I understand (and support) HashiCorp. Too bad about the split though.
The uproar is that people and coompanies contributed to the project without compensation, and are just now being told Hashicorp has altered the deal... unilaterally.
I for one would not have built my infra on non-free software, and I will certainly avoid it now.
Posting again because this is also misleading: if you sign a DCO (developer certificate of agreement) and CLA (contributor license agreement) you are almost often (it not always) signing away the copyright of your work.
In doing so, the receiving party is legitimised to to anything, including changing the license of all sources (including your contribution).
If that’s not okay with you then you should not sign that CLAs. If you signed stuff without reading them… it’s your fault.
I’ll said this in the past and I’ll say this again: this whole scenario could have been prevented by using a free software license like the AGPL. Which is what Grafana Labs did, and last time I checked Grafana (the company) is doing just fine.
This all reeks of “Embrace, Extend, Extinguish.” Encourage the community contribute and use your project, help them setup and become integrated with custom extensions and plugins, then rip the rug out from under them and make them pay or else destroy their business.
I don’t remember ever being asked to sign a CLA back in 2016 when I contributed. But they moved my code out to a plugin which was kept MIT. That code was there in the core product for 5+ years while they were building their business. My contributions helped them build their business, and in turn, I used their contributions to help the companies I was working for.
They broke the covenant of OSS: You make your source open and MIT license it, you are giving it to the community to let them do what they will. That’s what the license says. But, in turn, you get hundreds of thousands of people contributing back, for free. Hashi puts in to it, the community puts in to it, and we all make a great tool. We send back bug fixes and write training blogs, etc., and they don’t tell us what to do with the project because they’re getting a lot out of the community anyways.
Hundreds of millions of people every day depend on OpenSSL, but how many people have contributed to maintaining it? How much of the web we use every day depends on ffmpeg, yet I don’t know anyone who has contributed to that project. Many tens of thousands haved blogged and promoted Terraform (et. al.) for free? Many thousands more gave talks and training, without any compensation from Hashicorp. The naysayers act like Hashicorp has provided everything to the OSS community and gotten nothing back.
- Terraform is written in Golang and utilizes gRPC to communicate between plugins and core. What if Google decided to re-license Go and gRPC and say that Terraform couldn’t use it because it was a competitor to Cloud Deployment Manager or that Nomad and Consul are competitors to GKE? It’s all up to the license holders to decide who’s a competitor and tell them they can’t do that anymore.
- Hashicorp uses Lets Encrypt for their certificate authority for their website. Have they contributed back to that project, either monetarily or in dev time? Or do they just get free certificates for all their websites automatically provisioned from a public certificate authority supported and managed by other companies?
AGPL has nothing to do with it. Hashicorp wants all the contributions and bug fixes and blog posts and talks and marketing and promotion and support and training, for free, and also wants to be the only one to benefit. They should have never MIT licensed the code 8 years.
What are you talking about? The code is still there, the same version, under the same license - your contributions, if any, included. They just refuse to develop under the same license going forward, as is their right. And competitors are free to fork, as they did, as is their right. So what exactly is the problem? Do you feel entitled for them to keep developing under MIT license? Sorry, but you have no say in that, nor should you.
Legalized yes, legitimized, certainly not. This is not a copyright issue, this is a loyalty issue: Betraying the people who helped you get where you are is the kind of move a company makes when they no longer care to be perceived as ethical. This is not an important factor for everyone, but it's usually a pretty big deal in the open source world.
The FSF explicitly says so on https://www.gnu.org/licenses/license-list.html and the Mozilla project developed the license with the intent of it being used in other free software projects. The important difference is in its limited grant on patents.
The reason Debian avoids distributing Firefox is not because of copyright licenses but because Mozilla vigorously protects their trademarks, including "Firefox" and the various logotypes. You are not allowed to distribute them without permission, which Debian largely wants to avoid to have in order to not set a precedent which would impact further distribution of Debian and its derivatives.
Mozilla does this to avoid the risk of third parties offering Firefox with spyware-like modifications. One might ask why Debian itself do not seem to suffer the same problems. It seems like a problem mostly on proprietary software distribution platforms in practice, but it's certainly a possibility.
I just went through about 20-30 SRE interviews while hiring an SRE II for my team. Every single one of them that had state management at all used terraform cloud. I found that really interesting because I've never heard positives about it vs the others (spacelift, env0, terrateam, brainboard etc). Not a single one of them had anything other than tfc. Not even atlantis.
Never used terraform cloud and probably never will. Its too expensive and doesn’t really provide all that much benefit over using terraform with eg atlantis.
env0 founder here. What were the main reasons that they used TFC? was it the ability for Hashi to fix things in Terraform CLI/providers? was it their size / "nobody gets fired for buying IBM"? something better in the product? something else?
would love your insights here
I've only used Atlantis as well! We actually need to decide on a service next month. I haven't demoed it yet but I'm really aiming to use brainboard.co if it actually does what it says. It's priced per user, not some weird deployments a month price and it honestly looks amazing. Gives you a gui to move resources around, imports your current state, etc.
I have a dumb BUSL question- if you don't compete with Terraform, but you do with something else, like Boundary, can you still use TF? If Hashi releases a new product that competes with you do you have to stop/license TF?
> 11. What are the usage limitations for HashiCorp’s products under BSL?
> All non-production uses are permitted. All production uses are allowed other than hosting or embedding the software in an offering competitive with HashiCorp commercial products, hosted or self-managed.
I'm amazed and a bit dismayed by the general vibe in the comments.
I'll preface this with I don't know anything about Terraform, OpenTF, HashiCorp, etc. I couldn't even guess what Terraform is. I'm in mobile dev. However, I work on open source a lot and think about sustainability and revenue streams quite a bit.
I read the manifesto. I saw the "revert the license or we'll fork". What I didn't see is any form of trying to work with HashiCorp on their goals. It seems like very considerable resources have been pulled together to fork, but I didn't see the part where anything remotely like that level of effort and resources was on offer to HashiCorp to rethink the plan and come up with a better answer.
As I understand it (which is based off of some comments. See above about not knowing anything about this), a good chunk of the resources are actually from competitors. If true, it takes a lot of the sting out of the "HashiCorp are jerks" argument. I mean, I'm not saying they're not, but it's more like, "HashiCorp changed the license so they could push back on competition, so the competition forked the code". I don't really expect "right and wrong" from companies, or open source for that matter. But the spin and vibe feel a little misdirected.
I mean, don't get me wrong. Building up a community who contributes, then doing a rug pull, sucks. However, the "company does a risky thing and builds this awesome tool, then a bunch of others fast follow and exploit it" has become very common, and it is going to be a bad thing in the long run. You can say "We believe that the essential building blocks of the modern Internet, such as Linux, Kubernetes, and Terraform need to be truly open source", but to be fair, Terraform was not an essential building block until somebody built it.
As much as license rug-pulls damage user/community investment, fast-follow competition and the threat of forking will ensure far less investment in the very kind of open source everybody wants.
There is a financial sustainability problem involved in "big open source", and we are seeing the changes. In many ways, it simply has to happen. Going forward, I do hope new products like this start with a license that works rather than changing, as that is obviously not appreciated, but many devs reflexively avoid that kind of arrangement, even if it costs nothing to use.
Anyway, just thinking out loud. Hashicorp might be run psychopaths. I have no idea. In a general sense, though, the whole industry is going to need some new models. If it's just "fully open source or nothing!", there's a whole class of tools that won't exist. Building things is risky and expensive. I don't want to go back to when everything was closed source and needed a license, but open source without a reasonably protectable revenue model will definitely limit what gets built and why. And as we like to say, "if you're not the customer, maybe you're the product", or something like that :)
Not sure about others but at Spacelift we tried to partner with Hashi, especially that ours is a higher level platform that connects various tools (eg. Ansible, Kubernetes, CloudFormation etc.), policies and processes, and it would not be hard to imagine how it could work with TFC/TFE's remote execution. The answer was a very loud and clear "NO".
Fair. Like I said, I don't know the context. I would include rebuffed attempts to work with Hashi as this kind of changes the situation. I run a company that does publish several libraries, and we are trying to figure out revenue models and things going forward. We don't really have anything in this category, but the general problem is a problem. A lot of companies tried to monetize open source, then the obvious risk happened, which is a lot of competition came in and just tried to monetize the same thing. Now some orgs are changing licenses, and people are upset. I can see both sides, and the industry does need to find some kind of middle path for reasons I mentioned in the post. The degree to which Hashi is a bad steward impacts the perception and response. If the license change didn't impact users and only competition, and Hashi had been trying to work with everybody to figure it out, then it would very much change how this looks. If they're a bunch of aholes, well, same but in the opposite direction.
Regardless of how they behaved towards us in the more distant and very recent past, I still hope there's a way out of that, and I will not be the one to start the war. It's not my desire to portray HashiCorp in a bad light, and I much prefer the perception to be shaped by what we can and will accomplish as OpenTF.
> fair, Terraform was not an essential building block until somebody built it.
If terraform wasn’t available and wasn’t oss, its very likely that a competitor would have enjoyed the success and network benefits that were essential to its success and ubiquity.
Perhaps people don’t remember but not long ago there were many IaC tools to choose from, and it was a matter of taste as to which tool was adopted by a company. Chef, Ansible, Salt and a few others, all had pretty decent support as building blocks for infrastructure. Then terraform came along and was widely adopted, not just because it was better but also because it was oss (like its competitors).
Now that its won, Hashi feels comfortable to pull the rug and change the license.
Regardless of what the competitors think or do, this is a very unethical move from Hashicorp. I really want openTF and other clones to succeed and for Hashi to die. At the very least they should never again be trusted as good OSS stewards and any new product they come up with should be treated with scorn.
Which reminds me… when was the last time they built anything? Seems like all their effort is focused on commercialization. Which is…fine, they are a public company after all. They’re just not the same institution that they used to be. Just the name is same, and that is really fucked up.
> If terraform wasn’t available and wasn’t oss, its very likely that a competitor would have enjoyed the success and network benefits that were essential to its success and ubiquity.
Of course, but then would also have "enjoyed" the competition that didn't need to invest resources to build the thing.
> Now that its won, Hashi feels comfortable to pull the rug and change the license.
Not saying you're wrong. I'm saying the industry needs a better model for open source investment. The "tough shit, making money is your problem" view is not great, but the "open source until we're essential, then rug pull" is also terrible.
There is no such thing as an open source license that prevents others from doing something specific with the software, that's basically the point of open source.
OpenTF is the same MPL license under a different name.