[fariszr]

> One option is through the usage of UBI container images which are based on RHEL and available from multiple online sources (including Docker Hub). Using the UBI image, it is easily possible to obtain Red Hat sources reliably and unencumbered. We have validated this through OCI (Open Container Initiative) containers and it works exactly as expected.

> Another method that we will leverage is pay-per-use public cloud instances. With this, anyone can spin up RHEL images in the cloud and thus obtain the source code for all packages and errata. This is the easiest for us to scale as we can do all of this through CI pipelines, spinning up cloud images to obtain the sources via DNF, and post to our Git repositories automatically.

That's quite the workaround, the rocky team has proven it's willing to get hacky if needed.

[Shakahs]

The public cloud route is pretty elegant. Red Hat is restricting source code to subscribers only, so Rocky contributors will just subscribe for an hour at a time when they need to download source code. There’s no way for Red Hat to stop this without terminating all public cloud licensing everywhere.

[dlor]

I'm not a lawyer, but that's definitely not their only recourse here.

Lawyers are not going to look at this coordinated attempt to subvert a EULA and say "oh well, nothing we can do here".

[musicale]

> I'm not a lawyer, but that's definitely not their only recourse here.

Agreed - Rocky Linux probably has other options, but these seem like decent ones.

> Lawyers are not going to look at this coordinated attempt to subvert a EULA and say "oh well, nothing we can do here".

It does seem like Red Hat wants to subvert the GPL, but I'm not sure who would be suing them for doing so.

[bubblethink]

>Lawyers are not going to look at this coordinated attempt to subvert a EULA and say "oh well, nothing we can do here".

Once you get lawyers involved, you lose a lot of goodwill. At that point, who can tell RH apart from Oracle?

[pipo234]

Indeed, who can?

RH is still leading and sponsoring a lot of Linux development — that's the goodwill part. But maaaann, for quite a while RHEL has not been a very welcoming and inviting distro (unless you're the one checking the boxes on the corporate procurement form).

[bonzini]

What could be done to improve it (while keeping in mind that Red Hat needs $$$ to continue development)?

[pipo234]

Okay, let's start with the software itself being free. That is, no-one pays for distribution or use, creation is sponsored voluntarily (contributions, donations) but this is not sustainable.

Customers may want to pay for training and consultancy, managed hosting, hardware, feature development, hand holding, insurance, productizing, etc. This is the business that RedHat is in, but so are MontaVista, AWS, vmware, Google, to name a few sponsors of Rocky. If everyone agrees to upstream a fair amount of their revenue, there should be plenty for RedHat to contribute into various projects.

Sure will be a bit of hassle to negotiate a fair price. But so far, these companies appear happy with the quote they pay Rocky, whereas the RedHat deal (per seat/per core/per instance/whatever) clearly is not. If RedHat had been more open to that kind of a deal with CentOS (8), there would probably never have been a Rocky Linux.

So yes, there is always the free loaders issue, but mostly people and businesses are open to sponsoring organizations that have a lot of goodwill.

[account42]

They seem to have been able to fund development before. So what changed? Just the new corporate overlord that wants a return on their investment?

[skipkey]

Honestly the UBI images seem like the best option. They publish those, they have to publish the source for them.

Sure, they can make it more difficult by making them static, but it seems doable.

[lars_francke]

The UBI images only contain a small subset of all RHEL packages.

The blog post is vague on this topic and I'm not sure if you can really get all sources that way. I have my doubts but I've never tried:

https://access.redhat.com/articles/4238681

[gbraad]

They are images tailored towards runtime use. They do not come with server components. For example, you can't get/download udhcpd in a UBI image.

[dizhn]

This is a very weird situaiton. As far as I know the whole Red Hat distribution is still open source. Now they put themselves in a position to refrain from publishing their open source changes. If those changes do not flow up or down stream, how are they going to keep calling themselves open source? (They don't call themsegpes free software as far as I can tell)

[gbraad]

UBI images are to host applications.

Do you need screen, udhcpd to do so? Nope, but you get httpd, etc. It is just a choice they made to make it easy to host your application in a RHEL container on top of OpenShift running on RHEL (fully supportable stack)

[emmelaich]

I wonder if Red Hat will provides sources for the rpms in the containers (or actually installed) and nothing else.

[musicale]

Breaking rpm in cloud and container instances seems like a losing strategy.

[geerlingguy]

Yeah, instead of just upsetting the downstream 'rebuilders', you start upsetting enterprise customers too.

[mroche]

The use of UBI to gather sources is maddening to me. It actively inhibits opportunities we have to get the UBI package set expanded, something I'm working on for my industry. Their use of UBI for this purpose is getting in the way of enabling officially provided and unencumbered containerized RHEL for public consumption.

[michh]

It sucks this hampers your goal of getting the UBI package set expanded but that's not because of the rebuilders using it as a loophole, it's because of the course IBM/RedHat set.

They decided their new course was 'compatible enough' with the GPL and this is one of those area where you start to feel the pain that's the difference between 'compatible enough' and actually compatible with the GPL and the ideas behind it.

[mst]

The entire situation smells like an iterated prisoner's dilemma that's going to end up locked in an eternal defect/defect cycle with assorted odd and unintended collateral damage on the margins.

Hopefully in your case - given what was being said about the options - the rebuilders will end up settling on the public cloud instance approach. If that happens, with a bit of luck you can go back to your UBI related advocacy once the rubble stops bouncing.

Hopefully.