[blagie]

I am building a major open-source package around redis.

This kills it.

AGPL, I could go with. AGPL/proprietary dual licensing works well. There's an open ecosystem and a closed one.

Non-free is a non-starter. It's no longer GPL-compatible. EVERY project under the GPL using redis now has a potential legal liability from (what's looking like) a sleazeball company.

Now I need to figure out if I should move to a fork or switch to a different package. Fortunately, I have a nice key-value store abstraction, so it's easy to switch.

I expect distributions like Debian, and Ubuntu by proxy, will move away from having a redis .deb as well.

The damnable thing here is the dishonest copy: "In practice, nothing changes for the Redis developer community who will continue to enjoy permissive licensing under the dual license."

[martinky24]

> I expect distributions like Debian, and Ubuntu by proxy, will move away from having a redis .deb as well.

What about this change indicates that? This sounds like fearmongering, the new licenses really shouldn't affect this use case?

[bananapub]

this is a very weird claim.

most Linux distributions take free software/open source pretty seriously, and will not ship random proprietary things (at least) as part of the main distribution.

the new redis license is clearly not open source/free software, and so new versions won't be in Debian or Fedora etc. since it's a network daemon, no one is going to want to keep an ancient unsupported version and I doubt any distribution packager will want to maintain a fork, and so redis will be removed and at best a maintained fork will replace it.

[blagie]

The new license is incompatible with Debian policy:

https://www.debian.org/doc/debian-policy/ch-archive.html#the...

The new licensing scheme effectively excludes redis from most of the open ecosystem, by cascading network effects from things like this. In this case, if you're building a package, if you pick redis, you've excluded yourself from distribution in many major distros.

Ditto for many other similar effects.

It's not fear-mongering. It's following laws and policies.

[hgs3]

The "open ecosystem" does a poor job funding open source developers. It is completely understandable when a developer chooses to put food on the table over being part of their social club.

[blagie]

The vast majority of the "open ecosystem" does a fine job funding open-source developers:

- In surveys, the vast majority of Linux maintainers are paid

- Both I, and many other people I know, have spent most of their adult careers being paid to do open-source

I have no problem with developers who "choose to put food on the table over being part of their social club." I have a serious problem with developers who pull a bait-and-switch, and:

- get support from the open ecosystem to build out market share and technology; and promptly

- pull a bait-and-switch, and try to milk their supporters for $$$

I think the point Redis is missing is that SaaS relies on **trust**. SaaS is almost always a better deal in the short-term, but once you're wedded to a vendor, you're relying on them to not extort you or hurt you. A SaaS vendor can potentially:

- discontinue a product with zero days notice

- totally ignore security, leading to all your data landing online

- raise prices 10x overnight, leaving you in an impossible situation

- "pivot" in all sorts of other ways which disappear your business

A major reason for doing things yourself is business continuity and risk management. Once a vendor has done something like this, it's a good sign they'll do it again. After a vendor pulls a trick like this, I wouldn't consider relying on them even for proprietary work I do.

(Footnote: This is also why I would never use Google's cloud or Oracle's cloud; there's a track record of business-killing moves).

[Pet_Ant]

That only prevents them from adding newer versions of Redis. The current version is still fine and I'm sure that the community will patch any security holes that are discovered.

[lathiat]

It works for a year or two, then enough of a delta builds up that people get confused at why the version is so old. New docs don’t apply, etc. Similar issue has played out with MongoDB and Docker.

Plus it’s basically unmaintained so the bugs will build up and the security burden is higher since upstream will stop making their security patches under the old license (which they especially state they will do in the FAQ).

Best either retired or migrated to a fork (for Debian)

[k_roy]

And this will work out for what, 6 months?

[mhitza]

It's reality not fear mongering. Most distros (maybe all?) don't include non open source projects in their repos/distribution channels. You'll likely have a separate install step to include RedisLabs repositories before installing redis.