The uproar is that people and coompanies contributed to the project without compensation, and are just now being told Hashicorp has altered the deal... unilaterally.

I for one would not have built my infra on non-free software, and I will certainly avoid it now.

> unilaterally

Posting again because this is also misleading: if you sign a DCO (developer certificate of agreement) and CLA (contributor license agreement) you are almost often (it not always) signing away the copyright of your work.

In doing so, the receiving party is legitimised to to anything, including changing the license of all sources (including your contribution).

If that’s not okay with you then you should not sign that CLAs. If you signed stuff without reading them… it’s your fault.

I’ll said this in the past and I’ll say this again: this whole scenario could have been prevented by using a free software license like the AGPL. Which is what Grafana Labs did, and last time I checked Grafana (the company) is doing just fine.

This all reeks of “Embrace, Extend, Extinguish.” Encourage the community contribute and use your project, help them setup and become integrated with custom extensions and plugins, then rip the rug out from under them and make them pay or else destroy their business.

I don’t remember ever being asked to sign a CLA back in 2016 when I contributed. But they moved my code out to a plugin which was kept MIT. That code was there in the core product for 5+ years while they were building their business. My contributions helped them build their business, and in turn, I used their contributions to help the companies I was working for.

They broke the covenant of OSS: You make your source open and MIT license it, you are giving it to the community to let them do what they will. That’s what the license says. But, in turn, you get hundreds of thousands of people contributing back, for free. Hashi puts in to it, the community puts in to it, and we all make a great tool. We send back bug fixes and write training blogs, etc., and they don’t tell us what to do with the project because they’re getting a lot out of the community anyways.

Hundreds of millions of people every day depend on OpenSSL, but how many people have contributed to maintaining it? How much of the web we use every day depends on ffmpeg, yet I don’t know anyone who has contributed to that project. Many tens of thousands haved blogged and promoted Terraform (et. al.) for free? Many thousands more gave talks and training, without any compensation from Hashicorp. The naysayers act like Hashicorp has provided everything to the OSS community and gotten nothing back.

- Terraform is written in Golang and utilizes gRPC to communicate between plugins and core. What if Google decided to re-license Go and gRPC and say that Terraform couldn’t use it because it was a competitor to Cloud Deployment Manager or that Nomad and Consul are competitors to GKE? It’s all up to the license holders to decide who’s a competitor and tell them they can’t do that anymore. - Hashicorp uses Lets Encrypt for their certificate authority for their website. Have they contributed back to that project, either monetarily or in dev time? Or do they just get free certificates for all their websites automatically provisioned from a public certificate authority supported and managed by other companies?

AGPL has nothing to do with it. Hashicorp wants all the contributions and bug fixes and blog posts and talks and marketing and promotion and support and training, for free, and also wants to be the only one to benefit. They should have never MIT licensed the code 8 years.

What are you talking about? The code is still there, the same version, under the same license - your contributions, if any, included. They just refuse to develop under the same license going forward, as is their right. And competitors are free to fork, as they did, as is their right. So what exactly is the problem? Do you feel entitled for them to keep developing under MIT license? Sorry, but you have no say in that, nor should you.

Legalized yes, legitimized, certainly not. This is not a copyright issue, this is a loyalty issue: Betraying the people who helped you get where you are is the kind of move a company makes when they no longer care to be perceived as ethical. This is not an important factor for everyone, but it's usually a pretty big deal in the open source world.

“Legitimise” is very subjective, this is why we have laws in place.

If you accept terms and conditions you don’t agree with, what are you complaining about?

Are you sure the MPL is free software?

Last time I checked, debian had to provide a forked version of firefox and thunderbird because their license (the MPL) wasn’t free enough.

Yes, the MPL is free software.

The FSF explicitly says so on https://www.gnu.org/licenses/license-list.html and the Mozilla project developed the license with the intent of it being used in other free software projects. The important difference is in its limited grant on patents.

The reason Debian avoids distributing Firefox is not because of copyright licenses but because Mozilla vigorously protects their trademarks, including "Firefox" and the various logotypes. You are not allowed to distribute them without permission, which Debian largely wants to avoid to have in order to not set a precedent which would impact further distribution of Debian and its derivatives.

Mozilla does this to avoid the risk of third parties offering Firefox with spyware-like modifications. One might ask why Debian itself do not seem to suffer the same problems. It seems like a problem mostly on proprietary software distribution platforms in practice, but it's certainly a possibility.

That was not about the license of the code I think.

The code for IceWeasel is still MPL, only they have changed the artworks and names that are trademarked or otherwise protected by Mozilla.