CockroachDB license change(cockroachlabs.com) |
CockroachDB license change(cockroachlabs.com) |
Never sign contributions agreement: it will be used against you when the license inevitably get changed.
> Individuals and businesses, under $10M in annual revenue, can use CockroachDB Enterprise for free
Plenty of us have had to deal with this scenarios before with Oracle. Cheap or free to get started, then your product takes off and Oracle shows up and starts to demand their cut. I'm not suggesting that Cockroach is the new Oracle, but this type of licensing introduces a significant uncertainty into your future plans.
Ignorance was maybe excusable the first 15 times, but if you keep falling for corporate owned rug-pull OSS packages in 2024, you deserve what's coming for you.
Weird databases are NFTs for startup founders. You're not too cool for Postgres. Use it.
You can make your substantive points without it, so please do that instead.
If you're absolutely opposed to ever paying for a software solution, then sure, avoid commercial projects. I'm happy to spend my (company's) money on useful software.
There are new hooks, but paywalling capabilities was not the point here.
I'd hope that'd be automated, but could also be a "contact us" tier to audit revenue. Time will tell.
It's still nice that I can audit the code and contribute (unpaid) changes, but I no longer assume anyone is acting in good faith.
It is definitively not one solution for all. There are many cases where it just won't work.
I would like to see more IBM Z servers being used. $$$$$$$$ though
Scaling up is fine for a few things, but hopeless for many others.
For multi-region, indeed, that will not be possible. Master-slave would be the way.
Does it perform significantly better to justify the cost? Back in the day I worked heavily with databases and we always tilted towards open source.
Then, there's a class of databases that tries to actively commit across multiple geographies. You pay a cost (in terms of latency, and typically also $$$), but when a commit succeeds, it has been written durably and reliably, using some consensus protocol, across multiple geographies.
The exemplar is probably Spanner, which uses atomic clocks to get very specific about time to narrow the latency gap as much as possible. Cockroach is broadly in the same class, although without atomic clocks I believe it's using network roundtrip measurements and/or some kind of mathematical time abstraction (like counters of come kind) to do the same thing. Can't ever be quite as fast, but you don't need atomic clocks!
What's _really_ funny is when people start out choosing Spanner because of its global replication, then decide it's too expensive, and settle on regional non-replicated Spanner DBs to save cost. Like, that's just a database, man. (Or maybe something slightly above a single database, like Aurora replicated across Availability Zones in the same Region).
Other folks can chime in, but there are a growing number of databases in this class. TiDB I believe is one. I _thought_ PlanetScale was just sharded mysql (Vitess+MySQL = clever auto-(re-)sharding), but perhaps it does replicated writes too - I see it getting mentioned here a bunch.
It really looks like every database company is trying to become Oracle. You want your clients to be trapped and unable to leave, so if you hypothetically just up the price by 30 or 40% upon renewal they either have to rewrite their entire stack, or pay the piper.
Presumably only a small subset of postgres users really need this feature - and those that do, are big enough to need an enterprise licence.
For example if I have a company that provisions databases on behalf of my clients, is this 10 million revenue cap for my company, or for the clients themselves .
The pricing isn't even on the website for self hosting, I presume it's one of those if you need to ask you can't afford it type situations.
Plus you're locking yourself into a vendor that has no worries about changing its terms again later on.
>Required only during the trial period. Businesses that cannot accommodate telemetry may contact sales to request an exception. Paid use does not require telemetry.
From some of the industries I've worked in, this is a massive red flag. We don't want to give you telemetry at any point in our process.
https://www.youtube.com/watch?v=DNHMYp8M40k
Of special interest is that they are maintaining a completely free pre-rugpull version of CockroachDB that was forked before Cockroach's retroactively relicensed security fixes.
I would look seriously at using that instead of starting down Cockroach's free with telemetry offering.
The downsides are:
- slower - Postgres (if it can handle the amount of data, which is very much on proper hardware and partitioning of > 1B row tables) is much faster, esp. for joins
- features
- ecosystem (see the countless extensions)
- cost of course
This feels dishonest. What percentage of the world’s business need a system like CockroachDB? Of those, what percentage are under 10 million in revenue?
After quite a lot of work, introductions, and back and forth, they told us: sorry, Google Ventures is investing and we're kicking everyone else out, despite we expected an allocation at that point (50k, not very large). Not nice by them, and not nice by GV, but... Just another lesson learned in the epicenter of startup investing which is San Francisco. This was Feb 2015. Wow, almost 10 years ago. Time flies.
I am still happy to see they've been successful at building the company. I loved the product from the very beginning.
"CockroachDB will remain source available under a new license" sounds correct but it's still sidestepping the question. And "the source code will still be available for viewing and contributions" is completely shit. Why would anyone contribute to a commercial product unless they're getting paid to do so.
Also, the use of this kind of "evolving our" and "advancing our" phrasing is so incredibly gross. No one speaks like this except in corporate announcements.
Because they'd be getting paid to do it for their company? I know of a few customers who, if they could, would have their employees contribute minor features to AWS services to solve issues.
CockroachDB hasn't been open source for over 5 years: https://web.archive.org/web/20190604173131/https://www.cockr...
Because they need a bug fix in the code as soon as possible without waiting for the vendor's priorities to match their own?
Because they get to use it for free?
Even if the name is taken, the community and independent providers would carry on.
> Required (excluding ephemeral clusters of 7 days or less)
Does that mean the cluster will stop working when it can no longer report?
:/
Postgres also has some separate large entities supporting it but it rolls up to the same codebase
[0] - https://www.cockroachlabs.com/blog/netflix-at-cockroachdb/
Btw, Spanner and Cockroach both have fully serializable transactions. Even single-node Postgres doesn't do that by default (though it can) because they didn't think the performance tradeoff was worthwhile. Read-committed is good enough.
these things are easy to evaluate - 1. what's your appetite in running infra ? low - then use the SAAS offering 2. doable - then use a db that has good scalable solutions in this case mysql -> vitess since those products don't come from a database vendor. mongo might qualify too
> we are updating our licensing model to better serve our diverse community of users
One could hope that whoever wrote this at least had the decency to blush while doing so. So here's what's actually happening, as I understand it at least:
CockroachDB used to be split into "Core" and "Enterprise". Core was Apache 2.0 licensed (open source), Enterprise was BSL (fake open source, "source available", bullshit). After three years, BSL code becomes real open source. This setup that they are sunsetting is already pretty restrictive, and is by no means uncontroversially "open source".
The New And Improved(tm) idea they have to "better serve" their "diverse community of users" is even worse: it's free as in beer to use, but other than that it's completely proprietary, and it also includes *mandatory telemetry* for non-paying users. Any reference to "open" in regards to this product is a complete lie, because being able to read the source code does not make a product open source -- Microsoft allows you to read their code too, if you sign a piece of paper with them.
I've never used CockroachDB, but I'm glad I saw this, because now I know there's a 0% chance I will ever consider using it.
If you did that and called it GPL, things would be different.
"4. Does this mean CockroachDB is no longer open source?
CockroachDB will remain source available under a new license. While the new license is a proprietary enterprise license, the source code will still be available for viewing and contributions."
I mean... "The answer is kinda sorta 'No', but we really would prefer not to phrase it like that."
The architecture is ingenious, though.
It's like saying "freedom".
reading this:
https://en.wikipedia.org/wiki/The_Open_Source_Definition
"the definition is the most common standard for open-source software."
It is not exclusive.
saying "open source" does not describe a license. It is a generic term.
And the point is that unless someone points to a standard or a license, they can call their software open source, just show you the source with restrictions and use ambiguity to do different things than expected.
You can’t just take a well established term and say “well actually I don’t agree” and don’t expect to annoy people. If you don’t agree with the ideas of FLOSS then use something else and call it something else.
As for your last part, the top answer of this SE question answers it nicely: https://opensource.stackexchange.com/questions/8367/is-the-t...
[0] - https://www.youtube.com/watch?time_continue=97&v=jCjrfpF64Kc
The Core offering made this palatable, one could fallback to Core features if the relationship with Cockroach Labs degraded, which made it possible to entertain the Enterprise license since there's was a way to walk back from it. But now there's no such mitigation available. By using non-PG native features, users of the Enterprise edition are accepting to get in bed with Cockroach Labs for effectively forever (databases), a single provider that has no competition.
I think this may backfire, as it now seems imprudent to go all in on Cockroach Labs. They may be nice folks today, but who knows who will run the place in 5y when the next round of squeeze comes?
I wish them the best, they're a great team and I always liked the project and toyed with it for years, and currently am involved with a paid Enterprise license. But this change in the dynamics is really giving me pause.
Getting in bed with a single vendor for an incredibly sticky tool comes with a _lot_ of risk. It took at least 17y for Amazon to get rid of its last Oracle database: https://aws.amazon.com/blogs/aws/migration-complete-amazons-...
IMO, it's not really open source if its run by a company that will eventually use its position to squeeze its users for cash.
I know it's not as popular or sexy as it used to be, but the whole point of a foundation like Apache was to avoid these situations, even more than the way the Linux Foundation is setup. Apache _explicitly_ manages projects to avoid these downsides.
- Single corporation ownership. Projects cannot get out of the Incubator unless they demonstrate a diverse and healthy community. That doesn't mean popular, it doesn't necessarily mean best-in-class, but it means that there shouldn't be just one entity backing a project.
- Membership in Apache is _personal_ not a seat for a given company. If you're a committer on an Apache project and you move jobs, you're _still_ a committer on that project
- The Foundation owns the trademarks. There have been fights about this in the past, but the whole idea is that the _community_ owns the name, so some corporation can't claim to be the sole or official owner by naming their company or product after the open source product.
The core premise of the Apache Software Foundation is community over code, that healthy, diverse communities have a better chance of standing the test of time than open source projects backed by a single individual or company. That's the thesis at least.
The is starkly different from several other foundations, notably the Linux Foundation or Eclipse Foundation which are modeled more around industry consortiums.
Both models have their place, but I believe Apache better models the core values many of us feel strongly about when it comes to free and open source software.
Sure <VC funded editor company> can have people spend years of their life working on something, but release it as open source because VCs are paying for it, and that leads to more mindshare, but it leaves a bad taste in my mouth. Similar reasons to not use VSCode (commoditizing the complement by using billions of dollars from other products).
The "must be open source (I think they actually mean free as in $$) at all costs" crowd baffles me because the money to support the humans creating the software in the real world doesn't just magically appear.
What you say is true in that you shouldn't view a VC backed opensource offering as 'permanently' opensource by the same group.
As always: “If you have to ask, you can’t afford it.”
I'm not criticising a company's business decisions here, it might make sense for CockroachDB's business and profit goals; but such decisions also impact the decisions of dependent users, and I've been too long in this to recommend products and services with increasingly restrictive licensing or technical features that create unhealthy dependencies.
Since the AWSification of software licenses, I'm seeing more and more projects where a company is trying to get out of product/service X or license Y because they're unhappy or pivoting and the license or tech just doesn't fit the purpose any more, at high cost, occasionally even taking down the company.
I guess it's not trivial to balance abusive practices from big players that don't contribute much back with necessary freedom for smaller customers to experiment and freely move between technical solutions.
this is from CockroachDB license, pretty much straight out of Oracle's playbook:
> You will not perform Benchmarks against any products or services provided under terms that restrict performing and disclosing the results of benchmarks of such products or services, unless You have the lawful right to waive such terms. If You perform or disclose, or direct or permit any third party to perform or disclose, any Benchmark, You will include in any disclosure and will disclose to Licensor all information necessary to replicate such Benchmark, and You agree that Licensor may perform and disclose the results of benchmarks of Your products or services, irrespective of any restrictions on benchmarks in the terms governing Your products or services.
> a future Oracle/landlord
I don't think I've ever heard Oracle's business model described so accurately.
https://www.reddit.com/r/AskHistorians/comments/weva2v/did_p...
we can see that as long as there were "expoitable resources" competition led to "good times".
as long as "software lordships" are competing for users, users tend to enjoy "lots of rights".
The same idea applies to political questions. A politician I like is proposing a policy I approve of. Great! Now what happens in the next election cycle, when a politician I don't like gets to use that same power to do something I don't approve of? Woops.
Building critical features on a single, closed-standard database means you can’t leave unless you rewrite all code that relied on it. The new code must integrate in the system well. The change must also happen without taking down the business.
For these reasons, politicians and laws change regularly but companies rarely escape database lockin.
Seems to me that it's still free for development, and small business use. If you're over $10M in revenue, with a business or product built on CockroachDB, they want a share of what they made possible. That seems totally reasonable to me.
> Annual term. Can be renewed subject to meeting the then-current eligibility requirements
I think CR Labs needs to make money from their activities. However they do it, should be in a way that incentivizes a win-win for them and their customers. Right now I think they attempted to "correct" for the uncaptured value, but the game theory switched toward discouraging adoption (in my perspective). I may be wrong, probably am.
They don't say that this was the reason for the change. What makes you presume it was "perceived" if they had said it was a reason for the change? I think it's the opposite: Too few used the open core edition, as it is quite limited. They want to increase the overall usage. They want to get growing companies using it. I think it's a fair move: Use it for free as long as you grow. You benefit. When you're large, pay us back. We benefit.
> feels like taking a bite of this edition is possibly getting into bed with a future Oracle/landlord type of relationship where you end up squeezed by your database vendor
That's about the strongest negative allegation one could come up with. Unobjective content and wording. There're thousands of software vendors or service providers out there (DB and not) that are competitive (they all are) but fair. Every of our much liked startups like Supabase, Neon, Vercel makes the entry very cheap or free and compensates for that with larger fees from the larger customers. There's nothing shady about it.
As I said, your post has to much negative bias in content and esp. wording. I don't see that. Factually, there's not risk at all. Every company (see Redis) can change their license of their future work. So you never have any guarantees. With or without a core edition.
If you want "true" open source, you can't choose a software developed by a company. The goal of a company is to make money. That should not be surprising.
I do a simple sanity check with any OSS software before using it:
- Make sure there is no contributor agreement requirements. This is a gigantic red flag that the license can and probably will be changed at some point.
- Make sure the license is not overly restrictive (like AGPL). I appreciate people have good reasons for picking this license; but it comes with some serious restrictions in a commercial environment. And like it or not, a lot of companies have active policies against this. Either way, I avoid anything with this license.
- Make sure the project is actively maintained. You don't want to get stuck with unmaintained software. Replacing dependencies is a PITA.
- Make sure the project is not overly dependent on VC funding. Startups fail all the time at which point anything they worked on turns into abandon ware.
- Ideally, make sure the project has a healthy diverse group of committers. Healthy here means more than one company is involved. Most projects that fail one or more of the above tests usually aren't very healthy in this sense.
> CockroachDB will remain source available under a new license. While the new license is a proprietary enterprise license, the source code will still be available for viewing and contributions.
The word you're looking for is "yes".
Discussion from five years ago:
Relicensing CockroachDB June 4, 2019 (487 points, 282 comments) https://news.ycombinator.com/item?id=20097077
The blog post is a 404, here's the archive: https://web.archive.org/web/20190604173131/https://www.cockr...
Other issue: Telemetry is mandatory on the free tier and cost to avoid it is to high. Some industries cannot have telemetry enable, or at least not without a heavy amount of reviews, think finance or healthcare.
This at least gets the full-fledged product in the door at startups. Say what you want about the timing or the BSL but I think this makes sense business-wise.
I do love Cockroach, but the old licensing model was pretty brutal if you required any enterprise features (ex: incremental backup).
For reference, some other data stores doing "horizontal scale of writes" ..any others I'm missing ?
* MySQL: Vitess, Planetscale, TiDB, MariaDB Spider
* Postgres: Citus, YugabyteDB, YDB, Neon
* SQLite: mvsqlite, marmot
* Document: ScyllaDB, Cassandra, DynamoDB
That is incredibly short notice.
We showed our lawyers that we were using the FOSS version. But, they didn't care and demanded we remove their product (despite being FOSS) immediately on all our systems.
That was a crazy crazy week.
You can say that's a problem with our lawyers. But still, who wants to go to court even if you know that you'll win eventually? It's expensive and incredibly annoying as an engineer to have to deal with lawyers.
But completely doing away with Core and requiring license keys even for free users [2] (which I assume is for revenue auditing purposes) ... I feel like that's a big step backwards. All of this because their Enterprise offering seemingly wasn't valuable enough (or from the comments -- it was too expensive).
I'd of focused there, on making Enterprise more valuable or more accessible, instead of doing something this drastic.
AFAICT, they're also doing away with BUSL and DOSP [3], which is a big bummer.
[0]: https://techcrunch.com/2024/08/15/cockroach-labs-shakes-up-i...
[1]: https://www.reddit.com/r/Unity3D/comments/82mfwh/how_could_u...
[2]: https://www.cockroachlabs.com/blog/enterprise-license-announ...
I don't understand why pure open-source license such as Apache2, MIT or BSD should be replaced with some source available license in order to increase profits from enterprise support contracts:
- The license change won't force cloud companies signing the enterprise agreement with you in most cases. If they didn't want paying you before the license change, why they will change their mind after the licence change? It is better from costs and freedom perspective forking open-source version of your product and using it for free like Amazon did with Elasticsearch.
- The license change leads to user base fragmentation - some of your users switch to forks run by cloud companies. Others start searching for alternative open-source products. So, you start losing users and market share after the license change.
- The license change doesn't bring you new beefy enterprise contracts, since it doesn't include any incentives for your users to sign such contracts.
That's why we at VictoriaMetrics aren't going to change the Apache2 license for our products. Our main goal is to provide good products to users, and to help users use these products in the most efficient way. https://docs.victoriametrics.com/goals/
Cluster optimization, and enhanced security sure. And responsive support, absolutely.
Then you're two or three founders, you set up G Suite, and think oh, let's use SSO for this service, and then you're paying $$$.
We will be outlining our current direction in an RFD[2] that we will make public -- and we will also make public our RFDs that pertain to our selection of CockroachDB and the other alternatives that we evaluated; stay tuned!
[0] https://www.illumos.org/issues/15254
[1] https://oxide-and-friends.transistor.fm/episodes/a-debugging...
The revenue driver as a driver for freemium tier is interesting as it seems like it would require company to regularly disclose their revenue to CockroachDB which looks intrusive.
In my daily life I use a lot of essentially source-available software that I pay for. I spend like 4+ hours a day every day in IntelliJ IDEA etc. I don't have a problem paying for software, I have huge problems paying for software that I don't sufficiently control and/or it's closed-source nature affects it's ability to get it's job done - i.e anything mission critical where uptime and security are paramount.
It's bad, but it's not unusual if you use closed-source software.
Assuming you pay for a license, does the license prevent you from building your own fork, and patching out the telemetry code?
A rug pull is when you buy into something and then it's taken away, like when a cryptocurrency token is busted out or you spend money on something and then it's cancelled or nerfed.
Don't like it? Write your own distributed fault tolerant database, or contribute an extension for Raft replication to the Postgres open source code base.
Sole source vendors are really risky, so open source gives a little control back to the buyer that the vendor won't lock them in then screw them later (oracle).
So now if you're paying for Cockroach, you're effectively on proprietary technology with no negotiating levers.
I think investing into integrating a tool into your infrastructure is not exactly "paying $0".
And as you're surely aware, competent OSS contribution is worth thousands
Thus it would be up to the the BSL promoters and marketers to decide whether or not this is a rugpull. As an open source user and proponent, I don't really care.
> Telemetry Required (excluding ephemeral clusters of 7 days or less)
So not free, then.
Is there already a popular fork?
Why not 002019? 6 digits. That would be valid a lot longer.
Linux and Postgres are not reliant on any one commercial entity being successful for their continued existence. Even many of the maintainers are not reliant: if the company/foundation Linus Torvalds is working for at the moment has to close down, someone else will pay him to keep working on Linux. And even if he couldn't personally work on Linux anymore, there are enough other people in a similar position that Linux won't die.
I'm sure there are many much smaller and more obscure projects in a similar boat, especially in academia. If the code is not dependent on a single entity for maintenance, both in terms of someone knowing it and in terms of someone paying for it, then it will naturally thrive for a very long time.
If you're using it and paying for it, then this doesn't seem like a problem. If you're not using it, then it shouldn't matter. If you're using it but not paying for it, then maybe it's okay that you have to start paying for it.
I agree that current cloud providers are gaining more benefit from open source than they're putting in. So, it seems logical that the main developers want to recapture some of that.
On the other hand, open source is supposed to help build a bigger pie. If the pie gets bigger faster (i.e. more people using CockroachDB) then is the recapture worth it?
It seems the smaller companies think so. But, I don't know of a solid analysis that shows this to be true.
If you have more than $10M revenue, why on earth would you run the limited open core version of CochroachDB just to save some $1K-$10K (which is about the enterprise license cost). The open core version has limitations you don't want to miss esp. reg. backup and restore, encryption, follower reads. Now all those features are available for free if you're small.
They’re clowns.
They took down the blog post (I'd be curious to know why), but here is the announcement: https://web.archive.org/web/20190604173131/https://www.cockr...
What started as a neat project with a vibrant and enthusiastic community is now just another dull beige enterprise vendor.
BSL is a totally fair compromise for commercial open source licensing imho.
If you see BSL as the first step to an announcement like today's, that's a fair criticism. Not sure how often that happens. But BSL doesn't disqualify software from being open source.
TBH that's nothing new for Cockroach. Even back when they were open core, the core was so restricted it didn't include backup & restore.
I think that may have changed, but only when they changed the license of the core to BSL, that is making the core non open source for three years.
Is there a better solution?
The first of these open source companies to switch to a closed source license because the big bad cloud was eating their lunch was MongoDB, which was already AGPL. The AGPL, by design, doesn't stop anyone from offering your code: it merely makes sure that they provide the source code and installation instructions to anyone who is using the service. Amazon is only to happy to provide this, and they always have for all of the services they offer (that require it). They even contribute to some of these projects.
Also, from the perspective of the free software movement at least, there is nothing to solve here. The whole point of the GPLs is that you don't get to have any special power over the code that you create: everyone who gets a copy has the exact same rights to it that you do, including the right to run your company under the ground if they can outcompete you.
Would be far easier to recommend CockroachDB if it were more competitive with Planetscale.
In my understanding, last time I talked to sales it's approximately 3x worse (because Planetscale offers 1 primary + 2 replicas) with CockroachDB you'd have to triple the CockroachDB license fees to even be competitive to achieve the same HA .... on hardware you purchase and run yourself.
For example, planetscale charges 3x as much per gb of storage if I read the pricing correctly.
weather it's a good idea to commit to it if you might not want to afford it once your revenue went up is another matter
and 10M$ annually is not little but also no absurdly huge, I mean a ~80 person company probably will struggle to be profitable with that revenue (if it's 80 good paying jobs like software developer).
Ran the core version for around 3 years in production for a smart city project. The company I worked for has been running it for around 6 years. Not sure what you are talking about. Of course, we would love to use features like stale replicas for exports. But this isn't something we absolutely need.
Also, not all alternatives listed are ACID compliant with serializable transactions like CockroachDB is.
https://www.cockroachlabs.com/blog/living-without-atomic-clo...
For me it was the multiple regions. It's like.. with that disabled why are we even here? Data residency is the whole point...
- employee
You can't out compete Amazon here. I vastly prefer to use MIT or Apache code for my projects. It just makes things easier, but I also respect companies like yours have a right to seek a profit.
There is close to zero probability that Amazon will pay us for this product, so there is no any sense in changing the license from Apache2 to some BSL-like license, since they never sign long-term contracts with open-source product vendors.
Consider me skeptical.
P.S. IMHO, the main reason to change the license at CocroachDB, Redis, Elasticsearch, MongoDB, TimescaleDB, Grafana and other products is weak revenue growth rate. Shareholders falsely think that the license change may help increasing the revenue growth rate, but I don't understand why...
And it makes sense (for Enterprise "tech stack" software). A license violator would just crack your software anyway and legitimate paying users pay for it and want less hassle.
You probably will save on some support calls if their engineers can take a quick look themselves.
Same goes for any "secret Sauce" in the Code. Most Software of that Type isn't algorithmically novel enough to warrant drm and obfuscation.
And again a serious criminal comoetitor would spend the money to reverse it
This is why standard APIs, protocols, and languages are a more important thing than specific pieces of software. If there is compatibility you have choice.
Having different parts written in different languages is awful too, because it brings some micro improvements (if any) but makes project look complex and scary for many new-comers :(
We're currently in discussion with them to see if we can resolve this licensing change to our satisfaction. If not, we'll do the obvious (use a different database) as you said.
https://www.gnu.org/licenses/why-assign.en.html
So while I agree with other commenters that a CLA is a clear indication that the entity seeking to have copyright assigned wants to reserve the right to take some kind of legal action at some point (like changing the license), it also applies in cases where the legal action is benevolent rather than malevolent (like defending the copyright).
EDIT: as another commenter wrote below, OSI is driven by massive cloud vendors, who have a vested interest in having their freedoms to take projects and monetize them. Perhaps a somewhat restrictive license isn’t a bad thing.
But if you open source your revenue-generating parts, and only charge for support/managed version/enterprisey features you'll end up with quite weird incentives, particularly with infrastructure tools, in which the big cloud providers will happily compete with you, using the version you open sourced and providing and ecosystem to their customers that one simply cannot compete with
There are still native shops that rely on very little open source, though at this point probably only in niches like gamedev or defence.
Defense is a weird place, but open source is used quite a lot there, it's often required to do so and to record the open source consumed to produce a product. And often times, it must be commercial open source where you can get engineering support for the lifetime of the product's existence.
Many c/C++ libraries are not open source - even more .Net ones
If cone entity does the development, they can change direction or licensing and it is hard for anyone to fork.
If you have more of a bazaar form of development with many contributors neither is as easy (even less so if you do not have a CLA). Even if you have a small core team of developers, a really bad direction is likely to lead to a split.
The AGPL is absolutely viable in commercial contexts. There are a handful of companies that have hangups about it, but the industry overall has long since realized that it is almost identical to the GPL for most practical purposes.
The issue here is that if you're an org with less than $10M turnover, you're currently on the Core plan and don't want to negotiate the full "Enterprise" licence (which is presumably priced towards larger users than you anyway), then you can't use the thing at all anymore unless you agree to telemetry and some vague disclosure of personal data thing that will get your lawyers in a spin (especially if you serve states in which GDPR applies).
EDIT: oh, and PCI-DSS requirements if you want to take credit cards? That's going to be fun.
> Extended date representations are not currently supported (±YYYYYY-MM-DD).
https://docs.python.org/3/library/datetime.html#datetime.dat...
> MAXYEAR is 9999.
https://docs.python.org/3/library/datetime.html#datetime.MAX...
I'm also waiting for longnow.org to start using long dates behind the scenes, like image urls, html metadata, http headers, etc. They need to eat their own dog food as far as software goes.
<link rel="icon" href="https://static.longnow.org/2022/06/favicon.png" type="image/png">
<meta property="og:image" content="https://static.longnow.org/2021/10/header-talks.jpg">
<meta property="article:modified_time" content="2024-06-11T17:21:23.000Z">I remain curious about the perception that cockroach is a meaningfully more expensive product. Where does that idea come from?
The project called for a minimum of 4 replicas and likely 8 vCPUs per, so right off the bat that's close to $60k/year before you even do anything. Plus the unwelcome addition of "license anxiety" to the whole development experience, and being forced to make a big decision up front.. it's not how I like to work or what a startup needs.
I just don't understand how for-profit company can develop true open source software. You can have a non profit foundation and a for profit support studio. Godot effectively does this.
Plus if you've taken VC money you can always get voted out in a few years. Or just have a nice exit. I wouldn't be mad at anyone for taking a large payday and retiring. But then the for profit company is free to change the license.
It feels more straightforward to use a proprietary or copy left license from the start. Your company exists to make money, and I think most of us can respect that. We just don't want to start building our projects off of open source software, that converts to some other license years down the road.
We develop open source products, we are profitable and we have good revenue growth rate. We make money mostly on high-quality enterprise technical support for our open-source products. Some of our products have enterprise-only features [1], but most of our paid customers continue using open-source versions of VictoriaMetrics products.
If I ever have a need for a metrics solution I'll consider your products.
> Source code in this repository is variously licensed under the Business Source License 1.1 (BSL), the CockroachDB Community License (CCL), the MIT license, BSD-style licenses, and other licenses specified in the source code. Source code in a given file is licensed under the BSL and the copyright belongs to The Cockroach Authors unless otherwise noted at the beginning of the file.
Is the caveat in this part (that I didn't catch before)? "Source code in a given file is licensed under the BSL and ..." That is sucky.
[0] https://github.com/cockroachdb/cockroach?tab=License-1-ov-fi...
Many things would have to be re-added from scratch in a fork.
They are still pretty limited compared to what's in the enterprise version, but it's not right to say basic backups are closed source and have never been there.
CCL, BSL = "source available"
Apache = open source
Parts of CockroachDB under CCL that do NOT transition to Apache OSS: https://github.com/cockroachdb/cockroach/tree/master/pkg/ccl
> the sub-tree under pkg/ccl is under a different license (CCL) that does not transition to APL2 after a set duration.
CCL, BSL = "source available"
Apache = open source
Parts of CockroachDB under CCL that do NOT transition to Apache OSS: https://github.com/cockroachdb/cockroach/tree/master/pkg/ccl
> the sub-tree under pkg/ccl is under a different license (CCL) that does not transition to APL2 after a set duration.
They wrote up their rationale here: https://www.yugabyte.com/blog/why-we-changed-yugabyte-db-lic...
It's just an arbitrary number
Yes, that’s right!
> But BSL doesn't disqualify software from being open source.
No, that’s wrong: https://spdx.org/licenses/BUSL-1.1.html
> The Business Source License […] is not an Open Source license.
One good way of looking at the goals of open source licenses is to force companies to compete on offering services related to the code. Whether this is a sustainable idea is a different question, but this is one of the bedrock ideas about OSS (and FLOSS as well). The other is of course that the rights of those running the software are absolute and trump any rights that the original creators have, except where the users would try to prevent other users from gaining the same rights.
I agree it’s a reasonable license. But it’s not an open source license.
The BSL is clearly not open source since it requires approval from the licensor in certain applications, but the OSI also rejected the SSPL, which is just an extended AGPL that requires source code publication in even more cases, and is clearly open source because of that.
As to the specifics of SSPL, I personally don’t see the rationale for accepting AGPL but not SSPL.
if nobody forked it five years ago, they probably aren't going to fork it now
if somebody did fork it five years ago, they probably aren't going to try to merge in new source code drops as they convert to open source
So did Debian and Red Hat. Do you think AWS leads them both?
— The Business Source License
So not just a license change
It used to be Apache2. :)
Their blog post announcing this in 2019 happens to now 404:
https://www.cockroachlabs.com/blog/oss-relicensing-cockroach...
But see also: https://news.ycombinator.com/item?id=40058332.
As far as I know, this is case for most GNU projects.
Linux only requires a confirmation that you wrote the patch; previous poster was mistaken about that, but they were correct about GNU.
The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License “or any later version” applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation.
And so when you see things like https://directory.fsf.org/wiki/Coreutils
Note also the "if you used the GPL without a version number, you can relicense it under any version"
---
The "why they require a CLA" is for enforcement.
https://www.gnu.org/licenses/why-assign.en.html
In order to make sure that all of our copyrights can meet the recordkeeping and other requirements of registration, and in order to be able to enforce the GPL most effectively, FSF requires that each author of code incorporated in FSF projects provide a copyright assignment, and, where appropriate, a disclaimer of any work-for-hire ownership claims by the programmer's employer.At this point the GNU foundation mostly just runs relatively small, older projects and that definitely does not include the linux kernel. That one has its own foundation called the Linux foundation. The Linux foundation runs many hundreds of projects and they operate mostly without contributor licenses as far as I know. And in so far they do those agreements are not about transferring ownership of the copyright but asserting ownership to ensure that the contributions people make are actually legal.
Big corporations moving code bases under their control seems to be a regular thing and that includes some pretty high profile projects recently. And of course there are many more projects on Github that use one of the GPL licenses. The vast majority of which don't have any contributor license.
So, I don't think I'm that wrong here at all that this is not that common. The previous poster seems to confuse the license with the GNU foundation which is a tiny subset of the overall GPL licensed software ecosystem.
No one claimed this is the case. The only person conflating "GNU" with "GPL" is you.
You said projects with copyright assignments should be distrusted. Someone pointed out that GNU projects require this, which you promptly denied, and I just wanted to correct the record on that. Nothing more, nothing less.
You mean the GNU Project.
Ironically, CLAs like the one Google and Meta use for their projects on GitHub do not require ownership transfer -- only the rights to redistribute, because the prevailing Lawyer-brain belief is (roughly, to my understanding) that just assuming that right from the license itself isn't necessarily sound.
For licenses like Apache 2.0, assignment/ownership is a kind of irrelevant practical distinction because entities can just distribute proprietary versions anyway (and because it's not clear if you really agree to much more than e.g. Apache 2.0 implies), which is the prevailing worry people have. Most of the people here actually want GPL-style copyleft licenses along with some vague idea of a "communal project", even if they don't know it. Because that's the only way to achieve the practical desired outcome, where your code and contributions stay open and are difficult to "rework" in this way. The talk about CLAs and all the other stuff is irrelevant; it's a matter of the politics and composition of the project, not the exact legal words in the license.
> everyone that contributed, even if it's just a 1 line change
That depends on the jurisdiction. There is a concept called the "threshold of originality" in the US which states roughly that some obvious, trivial things just can't be copyrighted. Typofix patches that change "form" to "from" aren't meaningful enough to be given copyright, so you literally do not need to be consulted on the matter at all. It is not clear that simple bugfixes fit under this definition either for example, because they may be obvious. Realistically, I'd say there are very few contributions that are going to fit in 1 line while being original enough for copyright to apply. They could also just not include your patch too or rewrite it, in that case, so the "1 line" case is pretty much meaningless in practice.
No they do not. Individual GNU software projects might require it, but this choice is up to the project, not the FSF.
I actually prefer the approach of LF, EF or CNCF where it's transparent where folks work for and your affiliation is disclosed upfront. In the CNCF for example, we separate out technical project decisions (maintainers) from funding decisions (members). That is healthier than blending it all in one at the ASF imho and having no idea where person is working for imho.
And when was Apache more popular? I thought it was the uncool place where stuff was written in Java, that became popular because people's conception of Java (and the language/ecosystem itself) changed.
I also think the popularity of the Apache license is part of what makes Apache popular.
> I thought it was the uncool place where stuff was written in Java
They have lots of projects running on the JVM, but “written in Java” isn’t a requirement, nor is “running on the JVM”. See https://projects.apache.org/projects.html?language
[1]: https://www.apache.org/foundation/license-faq.html#IsItFree
[2]: https://www.apache.org/foundation/records/incorporator.html
> anytime you see a CLA, you see the true intentions of the project. A project that will always be FOSS won't have a need for a CLA.
If there are conditions to the statement, it isn't "anytime you see a CLA".
Many CLAs are just a hassle (basically, DCO that has to be reviewed by the legal department). But a lot are asymmetrical in a substantial way and the original developer gets to play by different rules than the rest. CLAs in the second category tend to be problematic.
Even that is not a completely clear indicator because in some cases, the asymmetry is only intended to help with potential future relicensing in alignment with the project's goals, and not to enable commercialization (either today or at some point in the future). Some organizations have resisted direct commercialization of the code they have been entrusted with for decades, so that can happen even with an asymmetrical CLA.
For many contributors, they're ok giving full ownership of their contributions to a project owner on the owner's terms. Some contributors may not be ok with that of course, but it doesn't mean that every project owner has nefarious plans with said code ownership.
CLA = Contributor License Agreement
Good examples are React from Facebook, and TypeScript from Microsoft. Both require a CLA. But these projects are never going to go closed-source. They are complements to the companies' core business strategies.
There's this balance between being a project forever run out of someone's garage and actually growing into a larger and more used system. I'd say the line is dilineated by many factors: who is the project's primary user? Enterprise? Devs? How much money is changing hands? What's the business model? Is there investment involved? How restrictive is the primary license? How restrictive is the CLA?
I think any open-source project that has aspirations to actually make money for the creators is shooting themselves in the foot without a CLA. And it's fine to judge them for this, but we live in a system where people have to extract value out of this shit even if it's against their ethos.
If people truly and ultimately believe in open-source, then the most logical conclusion is that capitalism does not allow for open source and that must be changed. Fighting things at the license level can only delay the inevitable. But people want to have their cake and eat it too: "I want the system to stay the same AND I want open-source creators to keep pumping out stuff for free forever."
1. Company builds cool OSS and releases it to the world.
2. The product becomes stable, mature, and users are happy with its feature set. Development slows down.
3. Company starts having to make money so they relicense future code.
4. A few large users of the software (that company was hoping for $$$ from) realize that since it's mature and stable it's massively lower cost to just maintain the last OSS version.
5. At the time of the license chance the new OSS fork is identical to what everyone is already using and so it's the the least resistance migration.
6. The consortium of actual users of the software drive its future direction instead of the company.
I'm not mad about the cycle, it's the moment VC backed software gets turned over to the community. But I always wonder how it turns out for the companies in the long run.
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Redis, rhymes with this. Redis Labs, which captures the smallest sliver of the value OSS Redis provides, is valued at $2 B, with 2023 revenue of $151 M.
MongoDB, aka AWS "DocumentDB" (Microsoft/Azure Cosmos DB seems to have a different lineage). Mongo had $458 M in revenue Q4 2023 [1].
[1]: https://www.businessinsider.com/redis-labs-ceo-ipo-2-billion...
[2]: https://investors.mongodb.com/news-releases/news-release-det...
And that's why "open source" is a really bad term that no one should use unironically, unless they want to confuse the hell out of people.
There are protective (copyleft) licenses, and there are permissive licenses - and they're very different beasts. And it's, like, software licensing 101.
> that want to go from LGPL to MIT or something
I find this extremely weird.
In a sane world, picking a copyleft license must mean that you care about user freedoms and want to make sure they're respected no matter what happens. Because that's the whole point of picking a copyleft license - not about letting people peek or tweak some code, not about social brownie points, and most certainly not about marketing campaigns - but about granting users their freedoms.
Either people get confused about "open source" and pick... I don't know, whatever looks cool, without even understanding what they're doing; or they're giving up on their principles when they smell the money.
I can understand wanting to go from, say, GPL to AGPL, or GPLv2 to GPLv3[+] - it would make sense, as it all goes in line of protecting freedoms. But LGPL to MIT is truly a weird one.
Copyleft licenses were the default choice at some point in time, but then in the '10s most big projects seemed to pick a permissive license, and many switched.
This is a personal bias and disregards others' definition of true do-whatever-you-want freedom. Different project owners may think differently on what free means and alter the license to respect their principles (and may consider copyleft to be the restrictive/anti-free mistake made early on based on these same kinds of personal biases).
And many contributors don't really care what the project owner does with their code and the CLA lets them delegate responsibility.
Someone who is has a strong preference for copyleft licences may not want to contribute to a project with a permissive license.
The intent may not be for the project owners to use the code in proprietary software, but it would be to allow someone to do so.
However that would also mean that the core project couldn't accept your changes without the CLA since that would also bind them to never switching the license or relicensing your contributions for an enterprise license.
... I think. My head hurts when trying to consider the implications for CLAs and AGPL and the endless debates that lawyers could have over this.
It's not SQL.
While MongoDB has come a long way in terms of ACID compliance, etc., you still would need to map everything you've done to MongoDB.
That's more work than forking code you're familiar with that already is working.
I guess my deeper point is there's sort of the illusion of a comprehensive analysis in the post when actually engines that haven't been widely used in 5-10 years were analyzed when more widely deployed engines weren't even analyzd that's what was odd
Just to clarify - FoundationDB was never open source before 2018. Binaries were available under certain conditions, but no source.
(so much misinformation in this thread, this isn't hard to check)
Well, here we go. Your "open" isn't so open in the end.
Nope, just the same API, completely unrelated codebase.
None of that seems like a "why" to me; to cynically paraphrase it, "our policies require our polices." Why does your record-keeping require a CLA? Why is a CLA required to enforce the GPL?
However, I thought about it and I think I can get the cases where monetary opportunities started to outweigh what's essentially are political ideals. Happens all the time, heh. I guess I can imagine person not being honest with themselves until the temptation really comes. Especially if it's about casual developers trying to have some money to live comfortably (as opposed to lowering their standards of living), rather than getting rich.
I can only hope it's that and not a simple ignorance.
it's all volunteers/open source, but this isn't an ASF project.
I'm gonna go embarrasingly delete this thread tail between my legs...
"NoSQL systems (e.g., Cassandra, Riak). The challenges of building relational, transactional applications atop these systems is well known. These systems also generally predate the modern emphasis on hands-off operation, which is critical for supporting a system that we will not be operating directly."
[0] https://rfd.shared.oxide.computer/rfd/0508
It seems a little short of the claim in their FAQ though, but it's something:
> The purpose of the Corporation is to engage in any lawful act or activity [...] including the creation and maintenance of "open source" software distributed by the Corporation to the public at no charge
The reason for the "any lawful act" language is to allow the ASF to do things like run a conference, accept donations, sell t-shirts and other activities. If the statement was only "develop open-source software" there are all kinds of important activities that support open source development that would be impossible.
The fact is, however, that certificates can be changed by the people who can vote. IN the case of the ASF, the members are the ones who vote. Getting those ~800 members to radically trash the traditional goal of the foundation is not going to be possible as long as the current membership is active.
Their FAQ says "all software free no exception" and this document says something weaker.
People who value attention over principles are known as "pick mes" apparently.
unless the corp owns the rights, they cannot "close it", nor take away everyone else's freedom. The old version that was open source licensed is always going to be available.
Unless you're talking about the additions these corporations made, which they keep closed, and charge you for it. But if they are able to charge for it, they deserve it.
This is an extremely black-and-white view. If I make a competing product to you and it’s superior to yours, then yes, I deserve profits (though of course consumers may still choose yours for a litany of other reasons). If a trillion-dollar corporation becomes a competitor, that’s not exactly fair. They can, if they want, spin up an entire team dedicated to the product, and by sheer numbers, they will win. Is it legal? Yes. Is it ethical? That’s subjective.
In my opinion, Stallman has been proven right many times over.
However, increasingly more and more services which could've been an on-premises deployment become SAAS. This includes games (live services they call it). It is _designed_ to end, and designed to not be able to run locally.
Tell me who's the greedy one.
2. Need revenue to pay for the Cloud services.
3, Charge mouse users for the Cloud services.
It's the (stupid) circle of life.
I can see it has some disadvantages for companies incorporating GPL software in their products, but none for companies merely using GPL 3 software.
If I had to guess - The patent rights clause weirds out a lot of lawyers. Obviously anyone who works with hardware doesn't like the anti-tivoization clause. Another possibility is the AGPL (which IS lethal for obvious reasons) is often conflated with GPLv3.
All I know is GPLv2 is fine, GPLv3 is usually not, and AGPL is never possible in corporations that I've worked for.
Richard Stallman himself doesn't seem to make money from any software he made directly, but from various grants and such, for example:
https://web.archive.org/web/20220123032418/http://tech.mit.e...
I thought he was on the payroll for FSF, but his reportable compensation has been zero from 2002 to 2022 according to:
I highly doubt that the FSF, who developed the GPL licenses and values free software above anything else, would change the licensing of their projects like "these companies" do.
It will be even worse after the GPL developer generation is gone.
As a developer, I don't want to rely on code from a project that "seems particularly profitable", because one day it's 100% certain they're going to start making their profit off me.
I'm _extremely_ wary of any "open source" projects that're VC funded, because the entire VC industry exists to make rich people richer at everybody else's expense, throwing a few bones at a few of the founders and a vanishingly small portion of the startup employees. As soon as they think that can get away with it because they have enough "free" open source users locked, they're gonna turn all the screws to chase the "100x or bust" exit strategy the VCs rely on. At the expense of everybody who foolishly built something on to of that project without an easy way to replace it.
As an alternative to working on a second job to fund their passion, we are seeing developers trying various things to make their one passion job pay, such as licensing tweaks or VC funding. These don't seem to work out very well, I think it's best explained here:
https://apenwarr.ca/log/20211229
"So it is with free software. You literally cannot pay for it. If you do, it becomes something else."you're just seeing survivorship bias.
Plenty of them would've also disappeared, because their core contributor no longer wanted to give out free labour and moved on.
And is also subject to survivorship bias. For every OSS project that makes it, tens of thousands do not.
He resigned in 2019 following allegations of inappropriate behavior towards women (https://news.ycombinator.com/item?id=20990583).
- Prevent piracy
- Extract more money per user (subscriptions, repeated purchases in-game)
Look, you can live perfectly fine without all of those services, there are indie games and there are old games and, according to some, they're much better than any online crapware from today.
Make it a point not to buy Free to play online crap, forbid your kids from playing that crap. Absolutely don't give them any money for this crap.
If enough people stop buying the we'll see a shift to the DRM & no hassle approach of indie games. I'd also prefer giving my money to a small team of devs than some corporate ladder who happend to purchase the latest AAA game built by a studio of overworked and underpaid devs.
Probably would only delay the move to the cloud a little bit, and perhaps make AI less capable.
https://arstechnica.com/gadgets/2024/07/logitech-has-an-idea...
An example of a project making it optional is GCC itself: https://gcc.gnu.org/pipermail/gcc/2021-June/236182.html
The problem is that these conditions do not always prevail.
I used to think this was fixable: https://pietersz.co.uk/2009/11/fix-capitalism
I now think it is more complex and we need a mixed economy.
Eventually, on the free market there are winners, and these winners form a monopoly. See Nestle, Tyson foods, Apple. The big corps, having cornered the market, then squeeze the hapless users (and the ecosystem, in Apple's case) into exorbitant prices, because there is no competition. You started with your beloved "free market", ended up with a monstrous monopoly. Surprise, this is how any "free market" story ends.
If you want to avoid the trash situations that we are in today, you need to regulate the shit out of companies with antitrust, breaking them down when they become too big, not allowing them to acquire others under certain conditions and forcing them to treat their workers and customers well. This is the opposite of "free markets", and is the only way if you want a stable society.
AGPL is not a problem for server-side software if you don't need to modify it. Your application (talking to the server) doesn't become infected by AGPL.
In the context of the thread (the claim GPL 3 provides more of a motive for people to by paid licences for dual licensed software) I think that "small refinement" covers most of what we are talking about though.
I feel out of touch
Why?>
My limited experience with IP lawyers at big software companies is that they have zero understanding of software licensing and patent law. They just seem to parrot some line they learned in college 10 years ago, even when the plain text of the license or law sitting in front of them proves them wrong. It's honestly baffling how they get these jobs.
> I can't say for certain why they can't use GPLv3 - just that no company I've ever worked for (n=4 since GPLv3 came out) - will allow it on premise
So they do not allow the use of things like Bash or GNU coreutils? That seems quite restrictive and difficult.
Apple is different as they produce their own OS. I am asking about non-software companies avoiding GPL3 which would be necessary for (as the comment I responded to earlier in the tread claims) the use of GPL3 providing a motive to pay for licenses for dual licensed software in a way GPL2 does not.
Otherwise it works great for end-user adoption.
The AGPLv3 is exactly the same as the GPLv3, except with the added clause that connecting to a server counts as distribution for the purposes of triggering the right to obtain source code.
That means all the usual GPL copyleft rules apply: if you include an AGPL library in your server binary, the entire binary becomes subject to the AGPL. And being subject to the AGPL, you are obligated to provide access to the source code for your entire server binary to anyone who connects to and interacts with your service across a network.
Quoting from https://www.fsf.org/bulletin/2021/fall/the-fundamentals-of-t... :
> Simply put, the AGPLv3 is effectively the GPLv3, but with an additional licensing term that ensures that users who interact over a network with modified versions of the program can receive the source code for that program...
> These terms cover the distribution of verbatim or modified source code as well as compiled executable binaries. However, they only apply when a program is distributed, or more specifically, conveyed to a recipient...
> The AGPLv3 does not adjust or expand the definition of conveying. Instead, it includes an additional right that if the program is expressly designed to accept user requests and send responses over a network, the user is entitled to receive the source code of the version being used.
It is "dual licensed". AGPL and proprietary license according to Wikipedia
I am unsure how that works...
Oracle
From the FSF’s licensing FAQ:
> Where's the line between two separate programs, and one program with two parts? This is a legal question, which ultimately judges will decide. We believe that a proper criterion depends both on the mechanism of communication (exec, pipes, rpc, function calls within a shared address space, etc.) and the semantics of the communication (what kinds of information are interchanged).
Eben Moglen wrote a little about the intent here [0], I'll excerpt a little:
"This form of explanation was unfortunately unhelpful. It led to years of fruitless discussion about the role of “derivative works” doctrine (a US concept) in software (where US courts have largely failed to provide any guidance). So in GPLv3, we and our clients at the Free Software Foundation decided to drop all illustrative reference to US “derivative works,” returning to the base concept only: GPL covers the licensed work and all works based on the work, where “based on the work” is defined as any modification or combination with the licensed work that requires copyright permission to make."
I don't know if that broadens or narrows, but I think that's the point: case law on "derivative works" was pretty vague (I'm unfamiliar but I'll take Moglen's word). But, to me it sounds like an effort to be more concrete rather than an effort to broaden the conditions under which you have release obligations.
> From the FSF’s licensing FAQ: ...
A couple things.
First, this FAQ entry is about aggregation; the paragraph above what you quoted is this:
"An “aggregate” consists of a number of separate programs, distributed together on the same CD-ROM or other media. The GPL permits you to create and distribute an aggregate, even when the licenses of the other software are nonfree or GPL-incompatible. The only condition is that you cannot release the aggregate under a license that prohibits users from exercising rights that each program's individual license would grant them."
This isn't some kind of "I run a Kubernetes cluster" situation, it's a "I ship a Linux distribution on ISOs" situation.
Second, I was in a different GPL thread [1] discussing some similar things, but all contracts, licenses, statutes, and founding documents have ambiguity in them. I listed a couple reasons (authors can't/don't want to exhaustively enumerate every scenario, human language is imprecise) but I realized I omitted a third reason: times change. You generally want whatever you're authoring to last a little while, not only because legal fees are expensive, but also because relicensing isn't always easy (GPLs have clauses in them letting you additionally license them under any later version, I would assume this is why).
And finally, there's a real double standard--or at least cargo culting--when it comes to the GPLs here. Here's some ways other licenses are ambiguous or potentially unbounded in their coverage:
- Apache License version 2: refers to "derivative works", also: "'Object' form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types." (i.e. does minification count?)
- BSL: also refers to notoriously vague "derivative works"
- SSPL: defines propagation partially with the phrase "in some countries other activities as well."
It's true the GPLs are more complex and ambitious than something like the ISC license (the favorite comparison around here, I think) but that license is something like 100 words. It's not comparable.
[0]: https://softwarefreedom.org/resources/2014/SFLC-Guide_to_GPL...