258: XZ Backdoor Attack, Linux Mint 22, Fedora Switch to KDE?, Flathub Unverified & more Linux news

Hi Michael

With regards to the Redis license change: have you considered that those small companies might be forced to change their model because they are exploited. They provide the tech and the big cloud provides make the money.
In recent years there have been multiple instances of such license changes: Elasticsearch, Terraform, Akka, and now Redis.

The topic of explotation was brought to my attention by this recent talk at NDC London conference.

Maybe that is a topic you could discuss on Destination Linux.

Just to give an example I experienced recently at a big governmental client in Germany. After Docker changed their model for Docker Desktop to a paid model, all developers (they have a couple of thousand) have been forced to move to WSL without Docker Desktop (something I dont mind in general). At the same time, they are luckily paying (probably) millions to Oracle and Microsoft.

The topic is probably very nuanced because you cannot apply this to all Open Source projects. The Kernel is developed by many big and small corporations as well as individuals. The problems seems to be for small tech stacks which are mainly exploited by companies and cloud providers.

1 Like

Hey @Brainspiller, welcome to the forum! Thanks for sharing your thoughts and I agree with a lot of what you said as I do think there is an element of taking advantage of open source projects that should be considered. This kind of thing can happen fairly easily but in the cases of Elasticsearch, Terraform, Akka, and Redis; I think these companies are much to large to be defended by this and they chose bad licenses in the first place that made it all possible.

First, Redis is not really small. Redis has raised a net amount of $347 million in funding to-date. We don’t know what their revenue is because it is not shared publicly but we do know they raised this much through funding rounds. Redis was originally made by a single individual who left the project in 2020 however Salvatore was involved with the project when the license was originally switched to SSPL in 2018. The biggest issue for Redis in my opinion was they originally licensed it under BSD which is one of the worst licenses for anyone who wants to protect intellectual property. However, it could be argued that it being BSD licensed was the very reason it gained as much popularity in the enterprise sector because some companies avoid GPL software due to the restrictions on them. Double-edged sword kind of thing.

Second, Elasticsearch is far from a small company because they reported a revenue of $1.2 Billion last year. They also originally released under the Apache 2.0 license which effectively has the same pros and cons that the BSD licenses have.

Third, Terraform is made by Hashicorp and they are also far from small with an annual revenue of $583 Million. Terraform was licensed under MPL which is much better than Apache and BSD but still offers some leniency that the GPL doesn’t.

Fourth, Lightbend raised funding of $42 million making it the smallest of the bunch but still not small. Akka was released under Apache license so similar situation as the others.

With all that said, I do think that a lot of open source projects are exploited and taken advantage of by companies. I think these companies or projects chose bad licenses that helped them grow and ultimately hurt them in the long run.