Hacker News new | ask | show | jobs
by blagie 823 days ago
The new license is incompatible with Debian policy:

https://www.debian.org/doc/debian-policy/ch-archive.html#the...

The new licensing scheme effectively excludes redis from most of the open ecosystem, by cascading network effects from things like this. In this case, if you're building a package, if you pick redis, you've excluded yourself from distribution in many major distros.

Ditto for many other similar effects.

It's not fear-mongering. It's following laws and policies.
2 comments
hgs3 823 days ago
The "open ecosystem" does a poor job funding open source developers. It is completely understandable when a developer chooses to put food on the table over being part of their social club.
link
blagie 823 days ago
The vast majority of the "open ecosystem" does a fine job funding open-source developers:

- In surveys, the vast majority of Linux maintainers are paid

- Both I, and many other people I know, have spent most of their adult careers being paid to do open-source

I have no problem with developers who "choose to put food on the table over being part of their social club." I have a serious problem with developers who pull a bait-and-switch, and:

- get support from the open ecosystem to build out market share and technology; and promptly

- pull a bait-and-switch, and try to milk their supporters for $$$

I think the point Redis is missing is that SaaS relies on **trust**. SaaS is almost always a better deal in the short-term, but once you're wedded to a vendor, you're relying on them to not extort you or hurt you. A SaaS vendor can potentially:

- discontinue a product with zero days notice

- totally ignore security, leading to all your data landing online

- raise prices 10x overnight, leaving you in an impossible situation

- "pivot" in all sorts of other ways which disappear your business

A major reason for doing things yourself is business continuity and risk management. Once a vendor has done something like this, it's a good sign they'll do it again. After a vendor pulls a trick like this, I wouldn't consider relying on them even for proprietary work I do.

(Footnote: This is also why I would never use Google's cloud or Oracle's cloud; there's a track record of business-killing moves).

link
Pet_Ant 823 days ago
That only prevents them from adding newer versions of Redis. The current version is still fine and I'm sure that the community will patch any security holes that are discovered.
link
lathiat 823 days ago
It works for a year or two, then enough of a delta builds up that people get confused at why the version is so old. New docs don’t apply, etc. Similar issue has played out with MongoDB and Docker.

Plus it’s basically unmaintained so the bugs will build up and the security burden is higher since upstream will stop making their security patches under the old license (which they especially state they will do in the FAQ).

Best either retired or migrated to a fork (for Debian)

link
k_roy 823 days ago
And this will work out for what, 6 months?
link