Generally my stance with these forks born from community drama is "wait and see." Sometimes the fork will gain traction and become the de facto "true" version (see Hudson -> Jenkins). Sometimes the fork will flop and people will largely stick to the original despite whatever caused the schism (see Terraform -> OpenTofu).
Many of these recent forks are being done because people won't want AWS/GCP/Azure to slap a UI on top of their free open-source product and resell it, making tens of millions of dollars per day in the process. I can't really blame them.
I agree. It has only been a few months since the split. I have noticed more and more uptake of OpenTofu amongst colleagues, and I've personally switched. The thing that makes the difference is what is running on people's laptops, because that's what people will eventually put into prod.
The point is that once they are no longer compatible, people would standardize on the one that they're familiar with which is most likely the one that's running on their machine.
But currently, people are equally comfortable with both; the CLI commands are exactly identical between the two, save for the name of the binary itself. In any org where both are in use, if people are forced to choose at some point, they will have to balance many other factors besides familiarity, such as features and confidence in the platform.
> The thing that makes the difference is what is running on people's laptops, because that's what people will eventually put into prod.
I disagree—I think support of deployment tooling (like Atlantis) is the bigger proof. If you are running terraform on your local machine it is likely a very small company.
Just to clarify, provider-defined functions are coming in OpenTofu 1.7, along with e2e state encryption. Generally, I recommend not comparing version numbers of Terraform and OpenTofu post-1.6.
Implementing the e2e state encryption was non-trivial, and we wanted to make sure we get it right, so that's why the release took us a while. We also got a slight additional delay due to needing to handle the C&D letter OpenTofu got from HashiCorp[0], but that's all sorted now.
The beta for 1.7 however is coming out this week, with the stable release planned in the next ~3 weeks.
In the very early days of Terraform, when it was 2 months or so old I helped a little. How many people did (so much more than me) with all these projects to be later betrayed by relicensing.
> git log --pretty=format:"%h %an %ad %s" --date=short | grep "Luke Chadwick"
dcd6449245 Luke Chadwick 2014-07-30 Add documentation for elb health_check
0eed0908df Luke Chadwick 2014-07-30 Add health_check to aws_elb resource
96c05c881a Luke Chadwick 2014-07-30 Update documentation to include the new user_data attribute on aws_launch_configuration
15bdf8b5f9 Luke Chadwick 2014-07-30 Add user_data to aws_launch_configuration
8d2e232602 Luke Chadwick 2014-07-29 Update documentation to reflect the addition of associate_public_ip_address to the aws_instance resource
974074fee9 Luke Chadwick 2014-07-29 Add associate_public_ip_address as an attribute of the aws_instance resource
> How many people did (so much more than me) with all these projects to be later betrayed by relicensing.
Were you betrayed? They did a thing you licensed them to do. That’s the whole point of non-copyleft free software licenses, after all! It’s kind of odd to specifically choose a license which allows others to use one’s code in proprietary software, then be upset when others use one’s code in proprietary software.
If one wishes one’s software and its users to remain free, the answer is to use a copyleft license.
They can and did use it in commercial software before relicensing. I don't have a problem with that. It's a betrayal to get a huge community together under one expectation and then decide you don't like that expectation any more. Had they used, even something like AGPL from the start it would not have been successful in the same way, would not have gotten the same levels of outside contributions, so yes it's a betrayal.
It's a limited betrayal, because that license also allows for OpenTofu to exist and fork, but the need to do that is just annoying.
> Many of these recent forks are being done because people won't want AWS/GCP/Azure to slap a UI on top of their free open-source product and resell it, making tens of millions of dollars per day in the process. I can't really blame them.
I won't blame them for regretting their past actions, but I hope the lesson would be learned: if you want to put limitation on the use of your software, you shouldn't have licensed it in a way that doesn't allow such. You can't recall a gift because you don't like how the recipient is using it. Though you are more then welcome not to gift them ever again.
> Though you are more then welcome not to gift them ever again
That's actually an accurate description of what's happening with these re-licensing dramas. Redis versions from before the split are still BSD-licensed. They can't recall those gifts. The re-licensing only applies to newer versions.
Of course, it wasn't just people employed by Redis, Inc. who were providing the gifts. My (vague) understanding is that a lot of contributions came from people at AWS, etc. Technically, AWS was providing those "gift" contributions to Redis -- because Redis, Inc. maintains the copyright for community contributions -- and Redis was then re-gifting those contributions to the world, via the BSD license. That's all fine and dandy until the big contributors realized they're actually fiercely competing with each other for cloud customers, and it's not realistic for Redis, Inc. to compete with the largest cloud provider on Earth without any technical moat whatsoever. Hence the re-licensing.
I think the breakdown in trust for Redis, Inc. is overblown. By far the biggest contributor to valkey (madolson) is employed by AWS. Does the OSS community really think that's a better organization to back in the long term?
First of all, you can "recall a gift", if it is legal. I don't think I've seen people arguing that these re-licensing actions are not legal.
But if you mean that you can't recall a gift without making people mad, then yep, that's true! But keeping people from being mad is not the only thing that matters.
But the real problem I have with, "I hope the lesson will be learned" is that the lesson people are learning is "don't try to build ambitious software requiring a lot of work from a dedicated core team using an open source license; you're going to find yourself damned if you do and damned if you don't".
And I think that really sucks! And sadly the ship has already sailed here. I'm certain we're going to see way fewer products with open source licenses because of all of this. And I think it's unlikely we'll even see as many products with "source available" licenses because, how is it worth the hassle to release source when the community has shown more good will to projects that are entirely proprietary?
I really think I'm going to look back at the last 15 years or so in awe at how often I had the luxury of digging into the behavior of software I rely on, by reading the code.
We're living in a society, with certain systems baked into it.
Fighting to change those systems and norms is a Good Thing™, but I'm too pessimistic to act today as if the change is coming tomorrow. I'll both work to change those systems, AND act as if they're here to stay.
I'm not sure if this was a purposeful allusion or not, but I entirely agree that you "can't recall a gift" in exactly the same sense that you can't keep talking on a payphone for a long time when someone is clearly waiting; because, you know, we're living in a society!!
Unlike the payphone analogy, where there is metering rules, and as long as you abide by them, you can keep talking, even if it's impolite, there is a legal definition for gifts (it is, after all, a transfer of ownership, and such things are regulated), which, as far as I know, matches the social norm of not being able to claw those back.
Ha, except, to go full circle, then if you're using that legal definition of a "gift" requiring a transfer of ownership, it's clear that open source software is not actually a gift, because there is no transfer of ownership.
You can't have it both ways! If it's a "gift" in the colloquial sense of something freely given, then it breaks social convention to claw it back, but it is not illegal. If you want to use the legal definition of a "gift" - ie. for tax purposes, implying a transfer of ownership - then contributions to open source software are not at all a "gift" in that sense.
> And I think it's unlikely we'll even see as many products with "source available" licenses because, how is it worth the hassle to release source when the community has shown more good will to projects that are entirely proprietary?
This, thousand times. Looks like FOSS advocates feel so threatened by "source available" licenses that they will do everything possible to keep them from gaining momentum (see Commons Clause).
It's a shame really. It would be nice to have a standard and well known license that would both allow users to use software freely (for using and adapting) and still protect makers from their competitors (AWS comes to mind) undercutting them with their own product. Oh well.
EDIT: ...and here comes the first (anonymous) downvote. Proves my point about FOSS sentiment, I guess? Come on, it's a discussion, you can do better than that.
FOSS originalists insist on no limitations on use of the software.
The FSF prohibits such in what they call freedom 0:
> The freedom to run the program as you wish, for any purpose (freedom 0).
And OSI explicitly forbids it in their open source definition:
> 6. No Discrimination Against Fields of Endeavor
>
> The license must not restrict anyone from making use of the program in a
> specific field of endeavor. For example, it may not restrict the program from
> being used in a business, or from being used for genetic research.
This rules out no-CSP licenses from those definition, as well as the original JSON license, as it used to read something like "this software shouldn't be used for evil". Those rules would also block banning software from being used for war crimes, human rights abuse, etc. And while I can understand the legal minefield with prohibiting some use, I'd really wish we had a good license that would indeed try to also curb using software for committing real atrocities (and not just possibly reducing shareholder value). But I digress.
Sure, I know, but I mean that's just their subjective line in the sand. (Their maximal-freedom in this kind of infinite dimensional space.)
After all wouldn't a user be more free if they were able to just do whatever they want with it, not just run it? Ie. free to copy/modify/sublicense it in any way? Why is program execution more important than other use of the intellectual property?
If they want to maximize freedom for all potential users, then they ought to think about sustainability of the software. (As in economic incentives and market share and whatnot.) To me it seems they have a static worldview, the only thing they care about is that current set-in-stone version of the work, but that's basically putting their head into the cool refreshing sand of ignorance.
(That said, I'm nowhere near FSF/OSI circles (duh! :P), so I have no idea what's their current thinking of this. Maybe they are fully aware of this, but ... based on HN chatter it seems that they realized it's a hard problem and picked an oversimplified worldview as workaround, and now it's institutionalized denial.)
> And while I can understand the legal minefield with prohibiting some use, I'd really wish we had a good license that would indeed try to also curb using software for committing real atrocities.
I'm very skeptical of the practicality of it (after all if there's one thing states in general are good at, it is waging large scale wars and appropriating everything required for it), but if adding naive sounding clauses to FOSS-ish projects can prevent at least a few drone attacks it will have worth it.
Also, if people want to somehow put these use-restrictions into "the right context at the right time" then they can add a clause for that.
Ie. add a clause listing categories of uses and/or users (military, law enforcement, surveillance, and any state, state-owned, significantly state-sponsored entity) that require express written authorization from a named organization/institution, and folks could simply pick this when they start a project. (From Apache2-NATO to AGPL-ChaosComputerClub and so on.)
> But the real problem I have with, "I hope the lesson will be learned" is that the lesson people are learning is "don't try to build ambitious software requiring a lot of work from a dedicated core team using an open source license; you're going to find yourself damned if you do and damned if you don't".
Yeah, for things running server-side that could be used by Amazon and Microsoft, they should use SSPL from the start. In this case everything is clear and everybody knows what to expect. For regular users, there is absolutely zero difference between SSPL and OSI-certified licenses.
Yes, they definitely should use something like that from the start, in my view. But I think they won't, because there is now a lot of evidence that this will result in a bunch of bad press, whereas just making it proprietary will go without comment.
the best strategy is still to start out with something that's press-positive (Apache2) and switch to BSL/SSPL after funding is secured. bad press will happen, but at least later, after the good press phase.
With the noise people make when you don't use an OSI open-source license, little wonder. But when Redis started I think we didn't yet boardly understand the limitations of OSI licenses in the era of big tech cloud computing.
To people starting projects today, you have no excuse, we know better. Don't use OSI open-source unless it's entirely a labor of love that you're giving away free.
OSI Open-source business models are dead. Don't make that mistake.
> That is, if I was still in charge, would I change license? But that's an impossible game to play, I'm away from the company for four years and I'm not facing the current issues with AWS impossible-to-compete-with scenario.
Not saying he would have decided any differently, just that cloud computing has changed open source situation for the worse.
It looks to me like people start with open source licenses because that's helpful to get them market-share (and in some cases community contributors and maintainers), and then they switch to a non-open-source license reserving certain rights to profit to them hoping to maintain the users that they wouldn't have gotten if they started with that license.
I am curious for examples of any projects now *starting( with one of these non-open-source rights-to-profit-reserved licenses, now that is clearly "understood". Are there any examples? Are they successfully attracting users? Contributors?
Wikipedia suggests it was initially apache, changed to BSL in 2019. https://en.wikipedia.org/wiki/CockroachDB. But still perhaps an example of fairly quick switch to BSL before it had gotten wide market/mind share? I don't know the history.
"We’re adopting an extremely permissive version of the Business Source License (BSL). CockroachDB users can scale CockroachDB to any number of nodes. They can use CockroachDB or embed it in their applications (whether they ship those applications to customers or run them as a service). They can even run it as a service internally. The one and only thing that you cannot do is offer a commercial version of CockroachDB as a service without buying a license."
> Don't use OSI open-source unless it's entirely a labor of love that you're giving away free.
Well, know what your secret sauce is. I think performance is really the best differentiator. Make a fully behaviourally compatible (maybe not bug for bug) version available and then sell a proprietary faster version.
Think an compiler that doesn't due any optimisation and outputs naive code. You know have a useful OSI project, and a clear value add, and a clear boundary between the two.
This is really applicable for databases, and it still leaves you with something useful for learning small projects, and for developers to run locally on their own machines.
>I think performance is really the best differentiator.
I don't understand this at all. Most open source projects start out equally as a means to give back to and collaborate with the community as well as showcase one's skills. You're asking me to purposefully publish badly optimized software? I don't have it in me. That offends my sensibilities of craftsmanship. A 'slow' open source project will never get traction. Even if it did, I also don't know how an open source project wouldn't immediately have it's obvious performance bottlenecks fixed.
Far better to go the VSCode route. Release a useful project, then release paid extensions for it.
this is the open core model, it works well for things like GitLab (as far as I know)
and in effect GitLab is doing a BSL-like thing by after a few years they release features to the free tier
but it rarely works if you need to decline contribution from people who would eat into your profit margins. I think ElasticSearch had this problem (and the community basically ended up with a few forks, because people sent the patches for security features that were in the enterprise version, and to no one's surprise they did not get merged ...)
so, I guess it works if there's a huuuge scope with plenty of things to contribute, to shoot for the moon together, without hurting the business side too much.
You can probably set up a decent privately-funded venture to deal in OSI software. The problem comes (as it always does) when the founders think they're the reincarnation of Steve Jobs and deserve a nine-or-ten-figure net worth for making a few nice, but ultimately not earth-shattering, software tools. Then they have to enshittify to get ready for the IPO.
The hyperscalers weren't selling Terraform though, Hashicorp was losing to Terragrunt, Spacelift et al, who had decent to good offerings.
I'd say Elasticsearch is still the comparison to make here for a product that clouds just resold, then again, Redis the company didn't build Redis the software and their latest marketing smells more of VC hawkery than any reasonable pitch
> Hashicorp was losing to Terragrunt, Spacelift et al, who had decent to good offerings.
Would love some data in support of this statement. Not saying you're wrong necessarily, just it feels like a perception vs. reality comment potentially.
Don't have any data I must say, just a series of discussions here and elsewhere over the years, voicing either appreciation for the platforms above or displeasure with the logistics/price of TFcloud, e.g. with one I remember
The vast majority of projects that I've come across at work just had the tf CLI wrapped in a CI/CD pipeline + some bucket, but the managed competitors seemed to come up more often (compared to other tools/platforms) when people wanted to use/were using something as a service.
Perhaps it's really just a perception thing, I never checked their financials
edit: I think I went off-track from the point. The point was that the ones selling managed versions were not the hyperscalers, but people building wrappers and similar around it. The other commenter with the list of fork-backers illustrates that nicely.
> people won't want AWS/GCP/Azure to slap a UI on top of their free open-source product and resell it
If it wasn't open-source it won't be as popular as it is in the first place, Redis is also using ton of open source software or libraries for free.
Not defending AWS/GCP/Azure, I actually got my software used when i was young by a large company for free (not even a mention- Still using it i think, 5M+ Play Store Downloads), but that is the spirit of open source
Open Source is, by and large, intended by the creator to donate their ideas to benefit humanity as a whole; many people feel that using their thing to help strengthen an (ethically questionable) monopoly is acting against that core goal.
I think it's less about strengthening a monopoly and more about zero sum business models.
If AWS/Azure/GCP/et al. ran a cloud version of X and the main company supporting the open source project was a going concern, I doubt many would have a problem with the entire scheme.
However, in reality, every enterprise support dollar that goes through a third party cloud-managed offering is one that doesn't go to the first party.
In which case, what dollars are left to pay the independent company that creates and supports the software?
Granted, there are a lot of nuances to the above, but I think it's generally fair to say that third-party cloud companies are making more off managed open source offerings than they're paying to contribute to them.
This is why the most viral AGPL license you can find is the only right license for Open Source. There is no downside: for honest, upstanding developers who want to use your code, there's no problem, because their code was going to be Open Source, too. For the soulless corporations, they'll either not use your code, or contribute back their modifications, a win-win for everyone.
The only losers are people who are engaging with the Open Source community in bad faith, viewing it as something to steal from, rather than participate in.
is there a stronger version of AGPL where if you run it as a SaaS you need to publish the source for the infra/management/self-service/payments machinery too?
When I fix a bug in OpenSSL, it benefits humanity regardless of who deploys it. Maybe slightly less beneficial if it fixes an evil service, but still... Better to have a successful TLS handshake and get on with the evil.
I don't think anything else open source I've done has been widely deployed, but if I save a bit of someone's time because they can use something I did, or save some users' cpu and bandwidth, it doesn't matter to me if that's a user of a free service or a propriatary one, I still helped their user.
Redis actually has very few external dependencies compared to most modern FOSS:
IIRC, it only need libc and OpenSSL (the latter only if you build TLS) on your system, and provide their forked copies of Jemalloc, LUA, fpconv, HiRedis, Linenoise and Hdr_Histogram.
I work for a large enterprise and we use terraform open source atm, but I can pretty much guarantee we move to OpenTofu once the dust settles a little more.
I remember when we had the libav fork. Turns out 10 bickering idiots pronouncing the freedom revolution were ultimately not half as productive as one Michael Niedermayer.
tbf, ffmpeg‘s api and thus libav is so obscure that it would be impossible to fork it and create a nice looking api, without bothering people.
I vaguely remember the news about the Microsoft guy that was called out on twitter and I’ve read the issue and looked at some cli/api parameters and was stunned. So much possible flags. I hope that I will never need to deal with it.
But still kudos for all the maintainers. It works and has probably support for all codes and all options of these codes.
> people won't want AWS/GCP/Azure to slap a UI on top of their free open-source product and resell it, making tens of millions of dollars per day in the process
Then build that UI yourself and sell it and make millions of dollars per day yourself, noone is stopping them.
Ah but you see there are 2 problems: 1/ "UIs" are harder than people think, especially by those that use that term derisively like you did. There are PLENTY of popular products that are basically just UI on existing data.
2/ AWS/GCP/Azure aren't slapping UIs. They're offering "managed operations" for these products. What is it? And sure, Hackernews is likely to scoff at that - we know how this site feels about dropbox -> https://news.ycombinator.com/item?id=9224
But if it didn't offer value, people wouldn't pay for it. Redis engineers are good at building a key value storage. AWS/GCP/Azure engineers are good at building managed operations. Combine them together and you've got the best of both worlds.
AWS/GCP/Azure aren't making money off Redis, they're making money off their experience in operating cloud infrastructure. And the free market wants to pay them to do so.
>Generally my stance with these forks born from community drama is "wait and see."
They are generally a
good thing, save for the poor souls that will end up maintaining a project that was started with them while they were still active. The success of the fork doesn't matter so much as the direction it inevitably pulls the original project.
The io.js drama gave us a huge step forward with NPM once their hand was forced. Hopefully some good ideas come of this too.
I'm actually surprised by how well received Valkey is right now, given that they forked not too long ago. Below are GitHub engagement insights for the two projects:
Part of the bet is probably that since Terraform is almost necessarily going to run on a cloud service that is already being paid for, the user might not care that a bit gets added to the bill.
Redis? I'm not sure. Like you say, they don't want Big Tech to slap a UI on it and profit. And, really, once they start competing on price (which they might sooner rather than later to keep people from going back to on-prem) you can guess they might use something that's free so they don't have to pay the license on a per-server instance.
Important to note that the "people" in this case is the company that bought the rights to the Redis trademark from the original creator and then took on $350M in VC funding. The community that created and supported Redis since its inception was not involved in the decision, and isn't getting any of the benefit.
I'm using Gitea locally. I haven't come across forgejo before. It seems to be forked on the basis of providing a fully open source solution (it states that some Gitea enterprise features are not present).
Do you know what the main differences are and whether it is worth switching?
1. Gitea, Inc replaced the prior community leadership structure with one controlled by Gitea, Inc and have pivoted into being primarily about a hosted code SaaS they launched this year that didn't exist for the first 7 years of the project. They could do it because they had 2 of the 3 seats on the community stewardship organisation at the time to vote for it, but that wasn't always true. For a lot of people, Gitea's primary motivation was for the self-hosted and fully open use case, but now it's not clear that that will remain any more of a priority for Gitea Inc as it is for e.g. Gitlab
2. There were also some contributors who were interested for the sake of decentralising code forges (and not just git), and so were big into the forgefed project which was an activitypub based federation protocol. Gitea Inc were officially on board with that, but the contributors felt they weren't helpful enough to actually implementing that with missteps like letting grant funding from NLNet expire.
The contributors from groups 1 and 2, and Codeberg banded together to make Forgejo after the Gitea change.
Until the latest release (just last month) Forgejo was one way pulling all changes from Gitea, but they've diverged enough that they're now hard forks. Both have active development, but Forgejo's main unique focus is the federation stuff, while Gitea's was enhancing their CI offering. But while Gitea may have more development effort, being funded by a commercial organisation rather than volunteers and a non-profit, I think they have a long way to catch up to Gitlab in that front, so it feels like they've dropped their unique factor to try chase Gitlab.
At the moment forgejo does not have features I'm interested in as I'm not making my internal gitea instance public. However, I'd be interested in it if it provides support for things like hierarchical project grouping and organiation/group-wide project and issue tracking. So I'm going to keep an eye on the project to see how it evolves.
One thing that concerns me is Forgejo's statement that they will diverge further from Gitea without migration commitments. This would make it harder for me -- and others -- to switch after upgrading to Gitea 1.22 and later. A similar concern is the other way around: if I switch to Forgejo and want to move back to Gitea, I won't be able to if the projects have sufficiently changed (e.g. if they implement project grouping differently).
I think Hudson -> Jenkins is not really a fitting example here, because it was more of a rename caused by Oracle owning the Hudson trademark. While Oracle halfheartedly indicated to continue Hudson on its own, from what I remember it was pretty clear from the start that Jenkins was the new Hudson.
>> Generally my stance with these forks born from community drama is "wait and see."
Whats funny about this one is as follows:
1. The license: BSD? LGPL? Do both... nothing says that you cant make the product available under both licenses. You prevent another rug pull...
2. The platform: Do both, Run the thing on GitHub like it always has been and back it up to the other platform. If MS makes GitHub into the next source forge... then you're already half way out.
3. The name: Not a hill any one should die on. Pick three, ask amazon legal to clear them or FSF legal to clear them and vote. Redict and valkey are both fucking stupid names... Yea you might have to live with storage mcstoreface but that would be better than either of the current options.
As for FOSS drama... Lacking any clear leadership, peoples ability to self organize is limited. These sorts of things happen all the time (systemd, x vs waylaid, how many unix forks?) The winning side is almost always the one with clear leadership.
What AWS/GCP/Azure provide with managed Redis is much much more than just a UI. There are a lot of technical issues that come with running Redis reliably in the cloud. I’d say UI work is probably 5% of that at most.
Many of these recent forks are being done because people won't want AWS/GCP/Azure to slap a UI on top of their free open-source product and resell it, making tens of millions of dollars per day in the process. I can't really blame them.
I can.
Free software is, at its core, wage theft. It is truly unfortunate that so many people don't understand "big picture" economics, not the $2 for a loaf of bread economics, but the creation of value, it's consumption, and allocating resources to maximize creating the "right kind" of value. Most programmers "get" that writing code has value, hell tech companies will pay $5,000/week in total compensation just to do that, of course "coding for money" isn't the same as "coding on something you love", or are invested in, or does something you want. But here is the detail that so many miss, it is still $5,000/week "worth" of value. Whether or not someone is paying you to do it, there is still value there. And when you think about it is it all that surprising that putting that value into a thing doesn't make it something others might value too? Others who don't have the chops or the time to make it themselves? THAT is economics. And there are so many people who can see that value just sitting there and say, "Hmm, I bet I know someone who would value that, and I could get them to pay me some of that value in cash money in exchange for hooking them up." And it's game on buddy. And what is that game? Stealing the 'value' that would have been returned as a wages to a coder if they had been hired and keeping it for themselves.
You might as well decorate your front lawn with $100 bills and put up a sign that says, "These bills are decoration I forbid you from using them to go buy things for yourself." Sure some folks would respect that sign but a whole lot more would say, "Uh, good luck with that, and thanks for the cash."
If you write code for "free", no matter what license you try to put it under that "prevents" people from profiting off of it, they are gonna profit. You can either make it possible for them to profit and cut you in on some of that, or you can decide for yourself that you're okay with all of that value you created funding someone else's lifestyle.
Many of these recent forks are being done because people won't want AWS/GCP/Azure to slap a UI on top of their free open-source product and resell it, making tens of millions of dollars per day in the process. I can't really blame them.