Analysis After Redis Labs relicensed the modules it developed to complement its open-source database, from AGPL to Apache v2.0 with a Commons Clause, the free-software community expressed dismay.
And, inevitably, some responded by forking the affected code.
Today, the maker of another open source database, MongoDB, plans to introduce a license of its own to deal with the issue cited by Redis: cloud service providers that sell hosted versions of open-source programs – such as Redis and MongoDB database servers – without offering anything in return.
"Once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community," said Dev Ittycheria, CEO of MongoDB, in a phone interview with The Register.
Ittycheria pointed to cloud service providers such as Alibaba, Tencent, and Yandex. Those companies, he claims, are testing the boundaries of the AGPL by benefiting from the work of others while failing to share their code.
Redis has a license to kill: Open-source database maker takes some code proprietaryREAD MORE
But rather than follow Redis by adding a clause to prohibit commercial use of certain pieces of software, MongoDB has introduced a new license called the Server Side Public License (SSPL), and declared that all versions of MongoDB's Community Server released henceforth, including patch fixes for prior versions, will be governed by the SSPL.
The new regime has no effect on those who purchased a commercial license from MongoDB: it only covers the free version.
"The Commons Clause explicitly disallows running software as-a-service if it's not open source," said Eliot Horowitz, CTO of MongoDB. "What we're doing is different."
So, meet the new license, almost the same as the old license. What's different is Section 13, which says that if you offer SSPL software as a service, you have to make available not only the software source code and modifications, if any, but also the source code of the applications used to run the service. Horowitz said MongoDB intends to submit the SSPL to the Open Source Initiative for approval as a true open-source agreement. The initiative rubber-stamps and promotes licenses that meet the Open Source Definition.
For a cloud provider, the SSPL covers the licensed application and the code that presents it – automation, interfaces, management, monitoring, backup, and hosting. It requires the revelation of the technical bits someone would need to clone the cloud service.
Don't fork this up
Instead of restricting commercial use, MongoDB is imposing a condition. But because that condition may prove unacceptable for cloud businesses, the SSPL could end up achieving the same result as the Commons Clause – less usage of the covered code or a fork of the project.
MongoDB, which offers its database as a service, will not be playing by the same rules, however. "Because we own the IP, we are not obligated to open source our underlying management infrastructure," explained Ittycheria, who added that MongoDB has invested more than $300m developing its software.
"We're big believers in open source and we want the open source license to evolve in the cloud era," he said.
In an email to The Register, Doug Henschen, VP and principal analyst at research consultancy Constellation Research, said the licensing change isn't particularly surprising given how much software is now being delivered as a service.
"I've seen other providers of open source databases putting more functionality into their commercial versions," said Henschen. "In this case, MongoDB is saying that this license change won't de-feature or weaken the community edition."
Horowitz insists the SSPL respects the four freedoms that represent the foundation of the open source movement and its variations: the freedom to use, study, share, and improve software.
However, Paul Berg, an open-source licensing expert who advises the Idaho National Laboratory in the US, disagrees.
In an email to The Register, Berg said, "I feel the underlying motivation for such a clause is orthogonal to the motivation behind the open source and libre software movements in general. Free, libre and open source software has long accepted the 'four freedoms' as their defining conditions. These are freedoms the author grants to the recipient, not requirements imposed to benefit the authors and the community directly."
"The benefits of collaboration have always been a result of the recipients exercising those freedoms, not a requirement to do so," Berg continued. "Open source and libre software doesn't require you to give back to the community, it allows you to do so unimpeded. The rationale for these new licenses seems to me to be something different."
Berg also expressed doubts as to whether the license is workable because the boundaries between service providers like AWS and those selling services built on AWS could prove difficult to cover equitably in contractual language for all community members.
"This seems to imply that I cannot run the software on any cloud provider I am aware of," he said. "I'm not even sure there is an accessible OpenStack provider that I have full access to their entire stack including hosted modifications. It would seem that in order for me to deploy an application on AWS under this license, I would need to release all of AWS, which of course is impossible as I am not Amazon."
Henschen said that he inquired about scenarios in which companies might use embedded versions of MongoDB under the hood as part of a larger cloud-based application and was assured the license change would not apply there.
"The sole purpose of this change, they insisted, is to make it harder to offer the community edition as a service without giving back to the community," said Henschen. "That might impact some global companies that are trying to do business in China – specifically with the cloud providers being targeted by this license change – but I'm guessing that would be a tiny fraction of the overall MongoDB user community." ®
Serverless Computing London in November will give you the state of play on serverless and function as a service, and explain how to put them to work in your business. Full details, and ticket information, at the website here.
Sponsored: Webcast: Ransomware has gone nuclear