On August 10th, HashiCorp announced a transition from the Mozilla Public License v2.0 (MPL 2.0) to the Business Source License (BSL, or BUSL) v1.1 for future releases of all products and several libraries. HashiCorp APIs, SDKs, and almost all other libraries will remain MPL 2.0.
Earlier, on July 11, 2023 , Redhat announced CentOS Linux is going End of Life. CentOS Linux 7, the last live version of the Community ENTerprise Operating System, is going end of life. This means the repositories will be shut down, no new versions will be released and no new updates will be made available. Here's what they meant:
Both are opensource software providers that cover wide or should I say almost entire infrastructure development community. And both just decided to turn the license switch on, just like that. They know very well that it wont be easy to find an alternative solution that easily and even if we did, it won't be easy and in some case it can be impossible to migrate.
That's why I ask:
Could opensource potentially evolve into the next method for businesses to vendor lock-in customers?
It may sound paradoxical, but is it possible for two opposing and competitive approaches to result in a similar outcome?
Nevertheless, given the ever-changing landscape of business dynamics and acquisitions, isn't it a common business goal to gain access to the user base of your competitors?
Let's say that happens someday, so how do we prepare better for this:
This weekend I tried to analyse what is happening to the open-source world and how it impacts us the tech practitioners.
Although Redhat dint mention if Centos Stream, the new repo for all RHEL sources will be licensed they didn't say it will be open source either. IBM (the company that owns redhat) subscription agreements specify that you’re in breach if you use those subscription services to exercise your GPLv2 rights. And now, as of June 21, IBM no longer publicly releases RHEL source code.
Here's a nice write up on this: https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/
So, I guess we will have to wait and see what happens post June 30th 2024. So organisations or individuals who ware using the Centos better be prepared , either migrate to RHEL and comply to its terms or switch to other linux alternatives. Some relief can be to use cloud baked amis, since in that case you wont need to personally manage licenses or even can go with free options available there.
In my opinion Redhat's shift is still manageable, since there are alternatives like open suse or ubuntu.
But the real challenge will be to integrate with Hashicorp's transition. Although, in their FAQ, they say :
"For end users who are using HashiCorp’s current open source products and new releases using the BSL license for their internal or personal usage, there is no change." HashicorpLicenseFAQ
So who is really impacted by this ? Here's what HashicorpLicenseFAQ says:
So does this definition of competitive offering apply to:
Consultants who are providing terraform modules ?
What about the number of online courses that include such code ?
What about the books that are being sold ?
And the training programs ?
I am yet to get an answer from licensing@hashicorp.com and I will keep you posted on this.
Now coming back to my question "Will OpenSource Become The New or Next Vendor Lock-in"
At this very juncture it sure looks like it is, especially with Hashicorp's move, its seems more relevant that no matter what anyone say, there is no free lunch. Its just another lead magnet.
So what should we as tech-practitioners do. Here is what I am going to do for both this cases:
For local development, keep a copy of the last open source version or both softwares. Download the lastest/last Centos7 .iso from the website and save it. You can always work on it for your local development.
For organisations it would be better to go with the licensed version as it would have updates and support.
From what I understand from HashicorpLicenseFAQ, terraform providers usage will remain opensource, so infra devs can rely on the existing setup. However, if have developed any custom provider and using it for commercial purpose, you will have to use their BSL and pay for whatever pricing they bring it.
In my case I am going to continue using terraform as it is, and if in future they license it , I would probably just buy it. It would be less of a headache than to migrate to another tool.
And, last but not the least, to mitigate Vendor lock-in always keep your options open. There are other options available, for both IaC or OS, remember DevOps can much before Hashicorp.
As I said there is no free lunch, likewise , where there is a vendor , there will be chances of lock-in, open source or not, thats how business work.
So what do you guys think would happen and how would you tackle these challenges ?
Do let me know your thoughts and suggestions in comment below.
I hope this article was helpful, please don't forget to share it forward and raise awareness.
I will keep you posted in any further update on this topic or similar one.
If you like this article, I am sure you will find the 10-Factor Infrastructure even more useful. It compiles all these tried and tested methodologies, design patterns & best practices into a complete framework for building secure, scalable and resilient modern infrastructure.
Don’t let your best-selling product suffer due to an unscalable, vulnerable & inconsistent infrastructure.
Thanks & Regards
Kamalika Majumder
Comments