Hi
i see that Redis licences Change, we are an impact change on Yunohost ?
(Answering as an individual and not for all YunoHost contributors)
Obligatory not a lawyer: as per point 17 of their FAQ, there is no impact on YunoHost. Though I think we should evaluate if we do need Redis integrated by default, and we should display a statement somewhere that reminds people of that license (especially for the ones building their business around distributing YunoHost).
To be seen also how things evolve in the future regarding wether or not Debian will continue to ship it (Iâm guessing no because Debian doesnât like SSPL, same story as MongoDB and Elasticsearch), but right now Redis is available in Bookworm and even Trixie (Debian 13) so I donât think itâs gonna impact things before at least 3-4 years, and by then maybe Redict will be the new drop-in replacement idk
They changed the licence once, they have the ability to change it to an even more restrictive one. Donât trust someone who betrayed you, heâs capable of doing it another time.
Itâs not as simple as âthey changed the licence to non-OSI-one, they must be bad guysâ !
The SSPL was created by MongoDB after realizing that Amazon were effectively selling MongoDB SAAS without contributing in return. Effectively you end up with having to choose between essentially :
- keep your software as FOSS, but megacorps will use it to earn money from your work without contributing back
- OR tweak the licence to prevent megacorps using it (or force them contributing back), but it wonât be FOSS anymore and FOSS folks will be complaining.
Who can really blame them for picking the second option ? FOSS has a fundamental, unsolved flaw of having nothing to say with respect to effectively funding large project. In fact Iâm curious about what are projects who found sustainable and ethical plans to keep the boat afloat economically speaking (NB: relying on the work of dozens of volunteers ainât really ethical nor sustainable). For example, Mozillaâs funding is 50%+ coming from Google, which on one hand raises many question regarding how âfreeâ they are to design Firefox especially regarding privacy-related or ad-blocking features, - on the other hand : good luck finding a model to get the hundreds of millions every year needed to keep Mozilla alive ÂŻ\_(ă)_/ÂŻ âŠ
Anyway, back to Redis and the SSPL : keep in mind that right now in the catalog, we have other apps relying on MongoDB and Elasticsearch, which are already licensed under SSPL. To me it just looks like thereâs a trend and FOSS folks should really start to wonder how sustainable FOSS projects are in a capitalist world
Does someone have a summary of what changed ? Iâm having an hard time figuring it outâŠ
I only mean the facts, for instance what can no longer be done now, what couldnât before but can now, if that open new possibilities for licensing changes or stuff like thatâŠ
What changed is that Redis is now licensed under the SSPL, which is basically the AGPLv3 (which already says "you must release any modification of the program), with the addition of a somewhat âaggressiveâ clause that says :
[entities] making SSPL-licensed software available to third-parties (modified or not) as part of a âserviceâ must release the source code for the entirety of the service, including without limitation all âmanagement software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make availableâ, under the SSPL.
Basically this is something created to disrupt the ability to simply âpick the software for free and sell it as SaaS on an online platformâ (cf the story of MongoDB vs Amazon), because then you have to release the code source of everything which probably is not good for the commercial activity.
The SSPL was not accepted as an open/free license by the FSF nor the OSI because basically it restricts the usage of the software (though basically only for commercial entities, so doesnât change anything for the average self-hosterâŠ)
People therefore end up saying that it is a âproprietaryâ license, which is honestly kind of funny considering itâs also âcopyleftâ, but FOSS folks only see license in binary terms, itâs either âfreeâ or âproprietaryâ, which leads to stupid stuff like âThe ACSL is not free software therefore it is proprietaryâ like yeah ⊠those licenses just try to solve the problem that commercial entities should not be able to simply earn money by just git-cloning a software and slapping a payment interface on top of it without ever contributing back
(I could rant about this for hours x_x)
Not to start anyone on a paranoid track here, but would any entity benefit from stoking that sentiment?
There is an official statement from the OSI about SSPL:
Yeah to me thatâs just plain boring and it sounds like they did not ask themselves why Mongo and Elastic went to the SSPL in the first place âŠ
Outside contributors donated time and energy with the understanding that their work was going towards the greater good, the public software commons. Now, instead, their contributions are embedded in a proprietary product.
cf my previous message, people are like âoh if itâs not FOSS therefore it must be proprietaryâ ⊠and thereâs some sort of dogma that âFOSS is for the greater good, and only the OSI or FSF definitions of FOSS are the for the greater good, everything else is evilâ.
One could also argue that âoutside contributorsâ probably did not expect that their free work would be used by FAANGS and other capitalist entities to print money. Hell, FAANGS are literally built on top of a mountain of FOSS project, then they just wrapped their proprietary stuff on top and created surveillance capitalism, probably for the âgreater goodâ âŠ
Iâm really wondering how can somebody demonstrate out of the 4 free software freedom that only respecting those 4 freedoms allows âgreater goodâ. All I see is 3 developers freedoms (so not âregular peopleâ), and only one actually about users (freedom to use the software for any purpose, no condition). Yet bombs running on FOSS do not free people. And somehow people should be âfree to use the softwareâ, but accessibility is a real issue, and itâs not uncommon to see proprietary solutions being effectively more accessible than FOSS ones.
Elasticâs relicensing is not evidence of any failure of the open source licensing model or a gap in open source licenses.
⊠except the Amazon/MongoDB the story that they donât mention, and wouldnât be surprised there are similar ones with Elastic
It is simply that Elasticâs current business model is inconsistent with what open source licenses are designed to do.
Itâs easy to say âjust find another business modelâ, but my understanding is that the very nature of MongoDB, Elastic and similar project is that it makes sense to create commercial SaaS out of it⊠?
If an artist creates an awesome piece of art and release it using a fully open license, and then some big company use this without asking and makes millions out of it, then are you really going to say âoh you should find a better business modelâ ? Fun fact thereâs the CC-no-commercial-use for that kind of case, which is also considered ânot FOSS-likeâ, same situation
I really wish some smart people could just sit around a table and deconstruct the dogma around FOSS being supposedly the only form of âethical softwareâ, and find something to go beyond the stupid status-quo of âdonât take away our right to freely use your work, but itâs *your* job to find a way to make money to eat!â
Ok, I understand it like that.
Then in my view this isnât harmful for the end users (which is the whole point of free software, people freedom as in emancipation), because it prevents another company to take the code and sell a closed source service or something like that. If itâs also protecting the business model that make the software available for free (as in free software), I wouldnât see why this could be an issueâŠ
I donât know much about Redisâ history, the company or how complex the whole thing is as software in the end. I do know a fair bit about FOSS licensing and governance though.
This became long, so Iâll try to make some order with headings.
Also, Aleks, Iâm not trying to pick a fight with you, just quoting you to keep the continuity of the thoughts flowing.
OSI, definitions etc.
Iâm not member of the OSI (was member and employee of FSFE though), so canât talk about their position. But knowing several key members there as well as being part of their licensing mailing lists and, I can assure you they know about the FOSS funding issue (DB or otherwise) and they are thinking about it.
OSD and the FS definition are something that exists and have worked for decades. There are occasional talks about changing them and these are taken seriously, but itâs also important not to throw away the baby with the bathwater when doing something as big as change a definition so many people rely on.
The good news is there are smart people sitting down and discussing this. I have participated in and even organised some of those gatherings. But itâs not an easy problem to begin with, and trying to not break things makes it even harder. Imagine if the OSD or FS definition changed and fixed this backend-as-a-service problem, but it pissed off half of the community. Imagine the schism that would ensue â and we just kind of mended the FS vs OSS schism.
SSPL analysis
Iâll keep it short, so people donât fall asleep. So I apologise for the terseness.
As mentioned before the biggest change is in SSPL-1.0 §13 (emphasis mine):
- Offering the Program as a Service.
If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Program or modified version.
§13 is also made even more important as it is explicitly called already in §2 Basic Permissions
But there is a much smaller, but equally important change in SSPL-1.0 §12 (emphasis mine):
- No Surrender of Othersâ Freedom.
If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot use, propagate or convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not use, propagate or convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program.
As a result, the issue is not just with Freedom 0, (arguably OSD5) and OSD6 caused by the change in §13, but also the question how to apply the changed §12 âliberty or deathâ clause in practice.
The scope of the copyleft clause â what else needs to be shipped with source code is much broader than under the (A)GPL. SSPL-1.0 namely requires (emphasis and square brackets mine) in § 13:
âService Source Codeâ means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces [APIs], automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available.
- minimalistic interpretation: as long as a package that was used unmodified in order to make the Program (or its modified version) run as a service is generally/publicly available FOSS, it does not fall under âService Source Codeâ.
- maximalistic interpretation: you need to provide all the âCorresponding Sourceâ for all the packages that were used to make the Program (or its modified version) run as a service, minus âSystem Librariesâ, and âgeneral-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the workâ.
And the maximalistic interpretation is one that several FOSS license experts (publicly, e.g. Van Lindberg) have pointed out as potentially impossible to fulfil.
FOSS devs need to eat too
I absolutely agree that FOSS development needs a way to survive and thrive. There are many challenges when it comes to making FOSS development and maintenance sustainable, and itâs a hard problem that has many facets â legal, economic and societal â and for all it shakes some long-established (quasi-)foundations such as copyright and consumer capitalism.
Absolutely! And oddly enough, this plays well into one of the counter-arguments: what makes database systems so special and different from the rest of the server stack, starting with Linux, GNU tools, ⊠or all the permissively-licensed projects, for that matter?
You donât hear Postgres and SQLite threatening to change their licenses.
(I am playing a bit of a devilâs advocate here, but only half)
Iâd separate this into two problems, if I may.
General problem
One is the general problem of funding FOSS development and maintenance. This is a field several smart people â Carlo Daffara as one of the earliest researchers â are looking into and itâs clearly changing (SaaS was one such change).
Setting up a business plan is hard as it is and doing it to support your FOSS, which you give to everyone for free makes it a bit harder still â you need to figure out what you can charge for th (and you probably need to re-evaluate this every few years)
One needs to take into account that many small businesses / startups and independent businesses donât survive â FOSS is here not an exception, really, as statistics have shown.
Some FOSS-compatible business models â some more, some less FOSS â that businesses tend to use and mixânâmatch:
- selling support & maintenance (& QA)
- dual-license â i.e. same software under a (strong) copyleft license and a proprietary license for those who donât want to deal with the copyleft
- open core â similar, but also not include certain features into the FOSS version
- SaaS â can be run as either dual-license or open core
- delayed FOSS release â the software is proprietary by default, but gets (automatically) released as FOSS after a certain time
- sell something else (hardware, services, âŠ) and just have FOSS help sell it, by building a striving ecosystem around it
- sponsored development & bounties â keep everything FOSS, but have customers pay you for adding more complex features
The alternative is, of course, to rely on donations and/or grants from organisations such as NLnet, Sovereign Tech Fund, Linux Foundation etc.
In Europe there is currently also in the works a European Digital Infrastructure Consortium (EDIC), where many EU countries are joining in to form a common consortium to fund development and maintenance of critical IT (FOSS!) infrastructure.
Specific problem
This leads us to the specific problem to MongoDB, Elastic, Redis &co.
On face-value what is common to all of these adopters of SSPL (and Commons Clause before it) are that they are all database back-ends as such, unfortunately, no existing FOSS license has a copyleft clause strong enough to apply to back-end software. As SSPL â as the best, yet very flawed, stab at it so far â shows, itâs not easy to make it work.
But that does beg the question why that would be needed, if Linux, Postgres, Apache etc. are fine, while the above are not âŠ
The typical âfree-to-feeâ conversion rate (e.g. FOSS users : paid customers) for FOSS businesses is said to be about 1-5%. Which may be much lower than what some might expect.
And here is where we come to another commonality of MongoDB, Elastic, Redis etc. â all of these changed their license from FOSS to source-available around the time they were either involved with VC (demand to return on their) investment or going public (IPO). Which means that their business suddenly was led (through money) in a way that demanded a quick return of investment.
Letâs say customers = conversion_rate Ă community_members
â in such a situation you have two options to make the customers
number go up:
- either grow the number of
community_members
â takes a long time, but is ultimately more sustainable - or force the
conversion_rate
to skyrocket â fast, but also breaks established relationships and trust
If you look at conversion_rate=0.05
as something you can live with and want to engage with the community, to help grow together, then youâll decide to take it slow and grow your community. (This is how these companies worked before VC/IPO)
But if you see 1-5% conversion rate as âplenty of room for improvementâ and realise that if you closed the source and through that force, letâs say 30% of community_members
to convert to customers
, taking into account you might completely lose, letâs say, 50% of the community members, thatâs a huge win. (This is how it was after VC/IPO)
Short-sighted? Yes. Profitable right now? Also yes.
⊠and back to Redis and its forks
Again, I donât know enough about Redis to judge, but I found this an interesting read: