[dig1]

It's interesting how Redis's decision is often defended while AWS and other 'big corps' are criticized. Let's not forget that Redis was a collaborative effort built on the contributions of many, including those funded by big corporations: gcc/compilers, kernel, editors, VMs, etc. If the Redis authors, who were part of this collaborative ecosystem, decided to change their approach, it's their prerogative. However, it's worth noting that many others were left with a sense of dissatisfaction after the license change.

The same is true for ES, Mongo, and Grafana (to name a few). If you want to use a restrictive license, start your project with it, period. Don't bait people by giving something for free and then making all sorts of excuses later.

IMHO, small companies and developers ultimately lose here. ES and Mongo still use and rely on AWS for their managed offerings. OpenSearch (mainly pushed by AWS) is vibrant and very alive. Redis will be ditched by distros and die a slow death, and (probably) Valkey will be in the next distro major versions. But we (small companies and devs) now have to spend time migrating and moving things around without any additional value.

[skybrian]

I largely agree, except what the “bait” is.

Here’s where antirez said he chose BSD because he wanted to allow forks that change the license. [1]

Under BSD, forks that change the license and forks that don’t change the license are both okay, full stop. When antirez chose a BSD license, thinking he might do a proprietary fork later, it wasn’t “bait,” it’s how it works.

But when Redis, the company, said that Redis “has always been and will continue to be BSD licensed” [2], this was an implicit promise about what license the company would use for their own future improvements to Redis. In that sense, what they said is misleading, and maybe that’s bait.

So giving things away for free isn’t wrong, and making a proprietary fork isn’t wrong. It’s promising that you won’t do it and then doing it.

[1] https://news.ycombinator.com/item?id=39863371 [2] https://lwn.net/SubscriberLink/966631/6bf2063136effa1e/

[tecoholic]

I get that people get upset that their software of choice license is changed at the philosophical level. But I don’t get it at the economical level. When a project changes the license for a future version, the older versions are still available in the older open license right? So the contributions from collaborative effort is still usable under the same terms in those versions. So what’s this “bait and switch”? License changes, people don’t like the new license, they don’t contribute anymore (let’s keep the forks aside for a second), all new change are now by the employees of the company, they own the rights to that like every other product company. What am I missing here? Why do people get upset about the economics of effort and benefit?

I have always been to afraid to ask this ask this question for fear of appearing stupid. But gotta live and learn. So here goes nothing.

[mooreds]

What you're missing is that people contribute (time, energy, code, attention) in the now expecting to be able to reap the benefits into the future.

When I learn redis, I spend time and want to amortize that over a long period. When I integrate elastic search into my application, I expect to be able to use it in the same way far into the future.

Relicensing, as you point out, doesn't affect past versions, but it sure does future ones.

Now I have a surprise chore on my plate, to figure out if and how I need to replace the existing component or learn about an alternative.

More than that, my confidence is shaken. Will they make changes in the future requiring more work on my part?

Changing a license is very similar to an increase in price, but even more fundamental in terms of uncertainty. And people hate change.

(I'm explicitly not addressing the impact of a license change on software freedom because I think it is very important to some. But IMO most folks are more interested in free as in beer than free as in speech. I don't know enough to speak to the free as in speech aspect, so won't.)

I think you asked a great question, hope my answer sheds some light.

[zokier]

But you are not forced to upgrade. You can just keep using the foss version indefinitely exactly the same way as before. That's the great benefit of foss, upstream changes can never force downstreams to do anything.

[skipkey]

Depends on the regulatory environment you work in. If you are in anything related to the financial industry, when CVEs are filed, you absolutely do have to upgrade to the version that doesn’t have them. The company I was working for at the time of the license change did three things. One, they initially forbid the new version to be used. Two, they recommended no new projects use redis. And then they negotiated a license with them, but still kept the recommendation to not use them. So they got some short term revenue, and long term they will be replaced.

[dontupvoteme]

sounds like a problem for the financial industry, thank God they have money to pay for it! they certainly don't use any of it to actually support anything of course.

[shermantanktop]

An ever-increasing list of CVEs represents erosion of value over time.

Software is a shark - if it stops moving, it dies.

(I heard that saying somewhere, and I think it is untrue of actual sharks but it is definitely true of software)

[tecoholic]

Thank you. I was more interested in the “free as in beer” part of the reaction. So it absolutely addresses my question.

[Fr3ck]

But why do you feel like you need to replace Redis because of this license change? The license change impacts the hyperscalers which at the end of the day contribute little to the project but try to profit off of it the most.

[1] https://www.infoworld.com/article/3714688/the-bizarre-defens...

[chipdart]

> So the contributions from collaborative effort is still usable under the same terms in those versions. So what’s this “bait and switch”?

It's undoubtedly bait and switch.

You have a company that portrays itself as the host of a project that relies on community contributions for maintenance, and all of a sudden that host unilaterally forces a licensing change where all users, including those who have been directly and indirectly contributing to maintain the project, are faced with an invoice-or-lawyer threat.

Yes, the source code is still available. Yes, anyone can pick up the last release and run with it. But it isn't business as usual anymore.

It disrupted day-to-day operations of all companies that have been using the software. Managers of all levels had to hold meetings, internal and across organizations. They had to ask lawyers questions and decide what to do and how to act based on their answers. People scrambled to react to this change.

To make matters worse, this change was overtly designed to extort money from it's users. There is no two ways around it. The first step is a sudden change in licensing terms, and expectedly the second step of sending in the lawyers to collect payments under threat of legal action.

[clvx]

Which is included in the as is part of the license.

A ton of projects have stopped working which forced to fork or replace completely due maintainers not caring anymore, getting sick or just switching priorities. Why is this different. For all the licenses change cases, contributors who disagreed forked and stablished a new route. This is 100% the spirit of the license.

[chipdart]

I have no idea what you tried to say. Your comment sounds like machine-generated garbage.

[pizza234]

> forces a licensing change where all users [...] are faced with an invoice-or-lawyer threat.

You're spreading misinformation. See other comments about RSAL/SSPL.

[chipdart]

> You're spreading misinformation. See other comments about RSAL/SSPL.

I think you are commenting on things you know nothing about.

Take the time you need to read through the license you are quoting.

Here's a link to the Redis Source Available License 2.0 (RSALv2):

https://redis.com/legal/rsalv2-agreement/

With RSALv2 you do not need to reach very far in the licensing terms to read the part where it explicitly prohibits users from providing Redis as a service, or even a modified version of it.

With Server Side Public License (SSPL) it's an even bigger shit show, as it forces any business that uses the software to release under the very same license all software and systems and even user interfaces (?!) that directly or indirectly interact with their project. As it is very easy to understand, this prohibits any company from adopting any software released under that license.

And of course it's so very convenient and an incredible coincidence that the same company that tries to force-feed these licenses to the world just so happens to sell proprietary "enterprise" versions of the same project.

[graemep]

> With Server Side Public License (SSPL) it's an even bigger shit show, as it forces any business that uses the software to release under the very same license all software and systems and even user interfaces (?!) that directly or indirectly interact with their project. As it is very easy to understand, this prohibits any company from adopting any software released under that license.

Not "any business", only a business that offers a hosted version of the software. AWS has a problem offering a hosted Redis service, but no one who self-hosts (including running it on a cloud) is affected.

[growse]

> Not "any business", only a business that offers a hosted version of the software. AWS has a problem offering a hosted Redis service, but no one who self-hosts (including running it on a cloud) is affected.

Does "hosted version of the software" mean that the hosted service has to exactly match the API semantics to count? Or does it mean any service that's semantically similar (and powered by) the software (e.g. simply storing and retrieving data on a user's behalf)?

Or does it mean something else?

Where is this actually defined?

[growse]

The bait and switch is because people feel the social contract has been broken.

If you start a project, invite people to come along and donate their free time to making it better, building (and benefitting from) a community of people working towards a common goal, suddenly switching that project to proprietary is a bit of a dick move.

Sure, it's legal, but for the people who thought they were collaborating together on something it feels a bit crappy.

[readams]

You can't just use old versions of software. You need security fixes, dependency updates, etc just to keep it running

[physicsguy]

As soon as there’s a security problem you have to update though.

[pizza234]

Have you actually taken the time to understand the RSAL and SSPL?

> If you want to use a restrictive license, start your project with it, period

There is essentially only one restriction (the other is about formal notices) imposed by the RSAL, and it forbids to "Commercialize the software or provide it to others as a managed service".

> IMHO, small companies and developers ultimately lose here

This is an uninformed opinion. Nothing changes for small companies and developers. Actually, nothing changes even for larger companies, unless they are cloud providers.

Large companies can actually provide Redis as service for internal use ("as a service internally or to subsidiary companies"). Companies are even free to sell support for Redis.

[Kwpolska]

The licence forbids

> offering a product or service, the value of which entirely or primarily derives from the value of the Software or Modified version

How do you define how much value your app derives from Redis? If Redis is the primary data store for your app, does it count?

[graemep]

> How do you define how much value your app derives from Redis? If Redis is the primary data store for your app, does it count?

It will be if your app is a data store service . i.e. your apps is a thin wrapper around Redis.

If your app is more than that, then its clear the value does not primarily derive from Redis.

There are inevitably grey areas (e.g. if your app is a Redis based data store but adds a lot of functionality) but 99% of users do not need to worry.

[growse]

> If your app is more than that, then its clear the value does not primarily derive from Redis.

This is about as far from clear as it's possible to get.

[Kwpolska]

How thin is “thin”? If I build a chat app on top of Redis, is it safe? There’s a tutorial on the Redis website: https://developer.redis.com/howtos/chatapp/ — is it a sign that it’s too simple to be distinct?

Or I can just migrate my app to Valkey and be sure I’m safe from lawyers.

[graemep]

Its a chat app not a data store, so it fails the "primary purpose" test so its safe: its pretty obvious that a chat app serves a different purpose to a key value data store.

Nothing is definitely "safe from lawyers". In some ways BSD is less safe than SSPL - no patent licensing clauses for example.

[redwood]

Re "But we (small companies and devs) now have to spend time migrating and moving things around without any additional value."

You shouldn't have to do anything: I don't get it I think you're making a choice because you have a preference for non-copyleft licenses in software you use? That's your choice

[thayne]

Sure you do. You have to worry about which fork has the best chance of succeeding in the long run (and my bet wouldn't be on the one from the company that was struggling enough that it felt the need to risk upsetting the community with a licence change). You need to worry about if the new license is acceptable, and even if you aren't selling a managed service for the software, these licenses make lawyers nervous (and I suspect that is intentional). And you have to evaluate if the license change is an indication that the company no longer values the community and users.

[Y_Y]

Is there any way to show a real commitment upfront to openness?

As far as I know there's nothing that can stop a project from switching license (for for new code only, of course) and this can feel like a deception. There may be a legal/corporate mechanism I don't know about, like a permanent kind of charter, but it seems not.

The best option I can think of is giving control (board seats or copyright assignment or whatever) to trusted institutions like Apache or the FSF or Linux Foundation.

It seems too easy for big "open" endeavours to change their mind after they've built trust and a userbase. It would be great if there was a way to guarantee that that won't happen.

[kouteiheika]

> Is there any way to show a real commitment upfront to openness?

Of course there is. Don't require a CLA and use GPL instead of permissive licenses. Then any derivative work will have to legally be GPL compatible.

[zeckalpha]

More details on the why behind no CLA: There are dual licensed GPL/Proprietary projects out there. The trick is whether copyright is assigned to a singular entity. If copyright is retained in a distributed (but licensed) manner, then it is harder to relicense.

[cqqxo4zV46cp]

No. The solution is to use a different license, one that doesn’t allow contributions to be re-licensed in this way. This isn’t as complicated as people are making out. They just don’t want to admit that the license is operating as intended, but rather, their feelings about classical ‘open-source’ have changed. Admitting that would be admitting that the Software Gods of the last ~50 years are imperfect in their eyes, which is jarring for the sort of people that complain about these situations in the first place.

[sanxiyn]

The best option is to use GPL.

[binary132]

How old is Redis again? It seems like a pretty big stretch to accuse them of having just been baiting people into depending on it this entire time.

[TuringNYC]

>> IMHO, small companies and developers ultimately lose here. ES and Mongo still use and rely on AWS for their managed offerings. OpenSearch (mainly pushed by AWS) is vibrant and very alive. Redis will be ditched by distros and die a slow death, and (probably) Valkey will be in the next distro major versions. But we (small companies and devs) now have to spend time migrating and moving things around without any additional value.

While I agree with you on not changing licenses mid-way, what is a small software company supposed to do? What is the Day Zero playbook that balances the desire for growth, creating customer value, and co-existing with the big cloud companies? I'm disappointed about the outcomes for companies like Redis/Elastic who obviously did create much value.

[Dalewyn]

>It's interesting how Redis's decision is often defended while AWS and other 'big corps' are criticized.

We in the same universe? I've seen nothing but Redis thrown to the wolves for daring to ask for money, at least around here anyway.

[jasode]

>I've seen nothing but Redis thrown to the wolves for daring to ask for money,

Reducing it to purely "asking for money" is not what the criticism is about. The issue is the changing of licensing terms and not the money.

Other open source projects that also have commercial paid products/services include SQLite, Bitwarden, TrueNAS, etc and yet there isn't endless arguments about those projects "asking for money" because their licenses have remained stable and don't change. GPL, AGPL, BSD, public domain, etc. doesn't matter; they didn't change the license.

That's what the whole "rug pull" arguments have been about.[1] One can choose to side with Redis Inc over Amazon but you can't mischaracterize what the debate has been focused on: changing the license.

Did Redis Inc have legal right to do that?!? Yes. But the debate wasn't about their legal right.

The following 2 types of timelines have very different reactions from the community:

- start with SSPL license on day 0 and never change

vs

- start with BSD license and keep it for 15 years and then change to SSPL

[1] 2018-08-22 >, this is Yiftach, CTO and Co-founder of Redis Labs. First, let me assure you that Redis remains and always will remain, open source, BSD license. -- from https://news.ycombinator.com/item?id=17819392

[raverbashing]

> start with BSD license and keep it for 15 years and then change to SSPL

Well, the competition landscape was a lot different 15 yrs ago.

In the same way, GPL went from version 2 to 3, in response to the landscape

I think it's unwise to not respond to environment changes.

[BSDobelix]

>I think it's unwise to not respond to environment changes.

True, but killing your company and make your code proprietary is most likely the wrong response.

[dontupvoteme]

so trillion dollar public companies get to use all their legal rights (and lobby governments to extend them), but the little guy can get fucked if he does?

[BSDobelix]

It's not "asking for money", it's shutting down a usage of the code, and that's completely against the spirit of "free software", and even against the broader meaning of opensource[1].

However, I think everyone understands that it's a problem to make a living from small but important part of an bigger infrastructure, but this is the wrong way.

The Linux Foundation will throw money at Valkey, Amazon will still sell the service and Redi's will lose (because it's just one company and not opensource).

[1] https://opensource.org/blog/the-sspl-is-not-an-open-source-l...

And I'm not even talking about external contributors whose work is re-licensed under a proprietary license.

[justincormack]

The Linux Foundation won't "throw money" at it, it will probably provide some legal support if needed, but project work is largely funded by the membership fees for the subfoundations, and at this project membership level thats not much unless eg AWS etc are contributing it.

[BSDobelix]

>but project work is largely funded by the membership fees for the subfoundations

That's something completely different you are right ;)

>>Linux Foundation Launches Open Source Valkey Community

>>Industry participants, including Amazon Web Services (AWS), Google Cloud, Oracle, Ericsson, and Snap Inc. are supporting Valkey.

https://www.linuxfoundation.org/press/linux-foundation-launc...

[dontupvoteme]

You don't know what restrictive means.