Open source can't win: Complacency has its price
Companies are pulling the rug out from under the communities that helped them gain popularity
Red Hat, famously, had a quote attributed to Mahatma Gandhi on the walls of its offices about the fight to drive Linux and open source adoption. "First they ignore you, then they laugh at you, then they fight you, then you win." While inspirational, it's a little misleading.
The quote probably didn't originate with Gandhi, and in any event it fails to address the reality that social movements are never really final. The full quote, after "then you win," should either be "then they try to co-opt your movement" or "and you have to keep fighting."
Open source is doing well, for now
Open source has had a good run, and it's enjoyed a lot of success. This hasn't been an easy road. There's been a lot of objection handling, not just about the quality of the code, but also the practices of open source development, security questions, and - of equal importance - acceptance of open source licences themselves.
In some cases this was merely an education exercise. In other cases, the community has had to adapt and adopt practices that look more like business practices to gain acceptance.
Organisations like the Apache Software Foundation (ASF), Linux Foundation, Eclipse Foundation and Software in the Public Interest (SPI) have done an enormous amount of work to make open source mainstream, even preferred.
It's easy to see the impact of open source everywhere. Linux powers the Internet and a majority of smartphones, e-readers, and countless other devices. WordPress powers, by some counts, the majority of websites.
Developers prefer open source languages, libraries and tools by wide margins. We know that customers trust open source databases, and even prefer them to proprietary software.
I could cite near countless examples of open source success. But that doesn't mean we've won. The playing field keeps changing and the goal posts weren't where we thought they were. Worse yet, some of the players wearing open source jerseys aren't playing for the open source team.
Challenging open source
Last year a company called Lightbend abruptly changed the licence of a popular tool, Akka, from open source (Apache Licence 2.0) to the so-called Business Source Licence (BuSL). Recently, Hashicorp did the same, abruptly changing the licence of its projects like Terraform from the Mozilla Public Licence (MPL) to BuSL.
BuSL is a "source available" licence that makes it easy to tinker with source and deploy binaries, but is decidedly business un friendly if you might be distributing software.
The effect in both cases was to turn a widely adopted open source project into a product only available from a single vendor.
Cloud vs community?
Prior to those, several vendors have adopted the Server-Side Public Licence (SSPL), an almost open source licence that has use restrictions meant to stop public cloud providers from providing SaaS offerings based on those projects.
It's easy to sympathise with the "David vs Goliath" story of startups and smaller vendors who are outgunned by public cloud providers. If AWS can scoop up the code and offer a turnkey service, how does the smaller vendor compete? They have to turn to a source available licence like the SSPL, right?
In a word, no. There's a perfectly good open source licence for SaaS type open source, the Affero GNU Public Licence (AGPL) that companies like Grafana have adopted.
But the AGPL doesn't give the anti-competitive (and anti-open source) edge that the SSPL does. So in the pursuit of a quick profit and business model fix, companies are pulling the rug out from under the open source communities that helped them gain popularity in the first place.
Nothing is over until we say it's over!
Recently Matt Asay, at MongoDB, published a piece arguing that "the open source licencing war is over." Developers, says Asay, care more about access and ease of use than licence purity.
That's an unsurprising view given that MongoDB is one of the projects that abandoned open source in favour of the SSPL.
But if it were really over, Asay wouldn't need to make the argument at all. The reality is more complex, but it's true that "licence purity" is not top of mind for a lot of developers.
Licence purity isn't a bad thing: It's pragmatic
Asay says "licence purity" like it's a bad thing. It's not. The OSD is well understood. Adhering to well-known and accepted terms is good thinking.
It's also worth noting that developers aren't the only constituents here. While vital to open source's success, developers aren't the only ones in need of convincing.
Organisations that use developers' code have to make concessions to adopt untrusted and toxic source available licences, too.
It took a lot of work to convince businesses to accept open source licences. Source available proponents are gambling they won't notice while they piggyback on the open source brand name and will slide into the business without the same friction.
The price of open is eternal vigilance
We shouldn't let them. You wouldn't allow software with a known backdoor into your environment, but organisations have happily adopted software that can go from open source to source available (or worse) overnight.
At the very least, organisations need to flag those projects and be aware that they pose risks of unexpected sudden costs and technical debt.
Open source, as a "movement" has become complacent. Perhaps that was inevitable since open source was spearheaded by folks focused on pragmatism, unlike the Free Software movement that sees its mission as an ethical one.
In the process of "winning" we've stopped focusing on the why of open source, and what we were fighting for in the first place. Open source is not and was not primarily about convenience and faster deployment. Those are, it's true, excellent side effects.
We've been content to adopt project after project that are in the hands of single vendors who can change licencing on a whim. We've done this, in part, because we have the right to fork open source projects. That works OK for one-offs, it doesn't work so well if it becomes a dominant trend. It doesn't work at all if BuSL and SSPL become de facto options we treat as equivalent to open source.
Open source proponents (including developers) have started to take notice of an eroding set of values and are working to shore them up. Open source hasn't won, but it hasn't lost yet, either. It can never "win," but we can make damn sure it doesn't lose.
Joe Brockmeier is head of community at Percona