HashiCorp's new license is still open source-ish, just with less free lunch

HashiCorp, the vendor of Vagrant, Terraform, and a number of other deployment-automation tools, is changing its software license to the Business Source License. You can still get the source code, but it's not technically FOSS any more.

The announcement came out yesterday from co-founder and CTO Armon Dadgar, who The Reg interviewed a year ago. Indeed, we've been following the company's funding as early as 2016. HashiCorp is probably best known for its Terraform infrastructure-as-code tool, which The Reg attempted to demystify in 2017. It's also behind Vagrant, which The Reg FOSS Desk has described more recently.

The Business Source License – the BUSL or BSL for short, and HashiCorp uses one abbreviation in the announcement and the other in its source code – was the creation of MariaDB, another company walking the tightrope between open source and making money. HashiCorp is at pains to point out that it's not alone in this:

The gist of HashiCorp's BSL is that the software's source code remains freely available, and you're granted "the right to copy, modify, create derivative works, redistribute, and make non-production use." Note the restriction about use in production.

Here's where it gets a little squirrelly: you "may be" granted the right to use the code in production provided you don't compete with HashiCorp. The exact wording is:

If these terms prevent you from using HashiCorp's source, you have to purchase a special "commercial license."

That all said, after a cut-off period called the Change Date, the source code to that specific version automatically reverts to a full FOSS license of the company's choice. If the vendor doesn't specify a Change Date, then this happens after four years, so it still becomes FOSS even if the company goes belly-up – or the author gets run over by a bus or something.

The move has been controversial to say the least. The bunfight on Hacker News is still growing with some harsh words. Joe Duffy, founder and CEO of rival infrastructure-as-code vendor Pulumi, said:

• MariaDB CEO: People who want things free also want to have very nice vacations
• Want to know the future of FOSS? You can look it up in a database
• Open source biz sick of FOSS community exploitation overhauls software rights
• Give 'em SSPL, says Elastic. No thanks, say critics: 'Doubling down on open' not open at all

The Reg reported on HashiCorp's slow response to contributions just a few months before its very successful IPO raised one and a quarter billion bucks.

There have been some approving comments: Avi Press, CEO of open source monitoring organization Scarf, tweeted: "HashiCorp has set a good bar for how to do a BSL switch smoothly. No misnaming anything, no attacks, just a difficult business decision carefully communicated. They are a well-meaning group of people who have shown they do care about OSS, whether or not you like their decision."

While OpenUK's Amanda Brock said: "The statements about BUSL are sadly open washing.

"It would be wrong to suggest these two ever intended a 'bait and switch' but they have indeed switched away from open source. The pressure of enabling their competitors with their innovations – an inevitability of open source – did not align with the need to generate share holder value.

"There's almost a bigger question here – how much money is enough? Is a lot of money with others generating a lot of money too a reason to stop?"

HashiCorp has an FAQ about its licensing policies, but we suspect it will not assuage the ire of many of its users. ®