As HashiCorp adopts the BSL, an era of open-source software might be ending

HashiCorp announced Thursday that it is switching the license that governs the use of its open-source projects from the Mozilla Public License to the Business Source License (BSL), a license that does not meet the traditional definition of open source as described by the Open Source Initiative.

HashiCorp co-founder and CTO Armon Dadgar speaks at last year's HashiConf. Credit: HashiCorp
HashiCorp co-founder and CTO Armon Dadgar speaks at last year's HashiConf. Credit: HashiCorp

"Open source has always played a critical role in infrastructure software and that trend has recently only accelerated," HashiCorp's founders wrote in their 2021 IPO prospectus. Less than two years later, that trend is heading in a different direction.

HashiCorp announced Thursday that it is switching the license that governs the use of eight open-source projects under the company's wing from the Mozilla Public License to the Business Source License (BSL), a so-called "source available" license that does not meet the traditional definition of open source as described by the Open Source Initiative. Under the BSL, users of HashiCorp projects like Terraform and Vault will be able to use and modify the source code associated with those projects but will not be allowed to use the code as part of a commercial service that competes with HashiCorp's commercial versions of those projects.

The move comes after years of second thoughts about open-source software by several enterprise infrastructure vendors, starting with Redis Labs, MongoDB and MariaDB and more recently with the rise of AI projects that allow users to inspect the code but place restrictions on its use. For its part, HashiCorp simply grew tired of companies that are making money through services that rely on its open-source projects, said Armon Dadgar, the company's co-founder and CTO, in an exclusive interview with Runtime.

"Given the sort of capitalistic incentives these other companies have, I don't think asking them politely is going to change their behavior," Dadgar said.

But capitalistic incentives also powered a generation of open-source enterprise infrastructure companies. As noted in HashiCorp's IPO letter, releasing software under permissive open-source licenses was almost standard practice over the last decade among enterprise tech startups, who hoped to encourage developers to kick the tires on interesting technologies they wouldn't have otherwise paid to try out and then sell support contracts and additional services to those developers once they realized the software could play an important role in their tech stack.

Those days appear numbered, and this has caused a great deal of angst for backers of the traditional approach to open-source software, which revolutionized enterprise tech. However, it's also becoming clear that the romantic notion of community-supported software simply does not work the way it used to in the modern cloud-centric enterprise tech landscape, and that changes are coming.

"One trendline has more commercial open-source vendors, most typically single-entity projects rather than collaboratively developed efforts, moving away from open-source licenses," wrote Stephen O'Grady, principal analyst and co-founder of Redmonk, in an email interview. "On the other hand, many open-source foundations continue to expand the number and reach of their open-source projects. But at a minimum, we're likely to see more complicated mixes of noncompete licenses each with varying restrictions that are incompatible with one another."

With partners like these

HashiCorp's move will not affect any current customers of its managed cloud services or self-managed products, but starting with the next releases of the various open-source projects steered by the company, the BSL will be in charge.

Created by MariaDB in 2016, the BSL restricts the commercial use of software bearing that license for four years, after which it reverts to a more traditional open-source license that doesn't come with strings attached. HashiCorp intends to follow that path, Dadgar said, and it also plans to keep traditional open-source licenses around the integration software that helps businesses use its projects in their own environments.

When asked to explain their thinking, most companies that decided over the last several years to restrict the use of open-source projects under their influence pointed squarely at Big Cloud. As cloud computing became popular, businesses that had built tech stacks around open-source software wanted to consume that software on the cloud, and the providers were very willing to accommodate them.

But vendors that had raised hundreds of millions of dollars from venture capitalists to write and maintain that open-source software felt cheated by the ease at which cloud providers could offer that software as a service. There was nothing illegal or even immoral about charging money to make it easier to use permissively licensed software, but companies like MongoDB and Elastic decided they couldn't afford to subsidize competitive services provided by deep-pocketed cloud platform companies.

HashiCorp is a little different. Its products make it easier for cloud laggards to get up and running on cloud infrastructure, serving as almost a pipeline for cloud salespeople, and Dadgar insisted that the licensing change was not designed to poke companies like AWS, Microsoft, and Google.

Instead, it's targeting several major independent software providers that are reselling HashiCorp's open-source projects with their own bells and whistles.

"Some of these vendors have a broad portfolio where we integrate with them in certain areas and partner with them in some areas. But we also, frankly, compete with them in other areas where they commercialize it," Dadgar said, refusing to name specific companies.

Tragedy of the commons

Open-source purists often point to the benefits of a community-driven approach to building software, but for many companies — including HashiCorp — creating open-source software is an internal affair.

More than 95% of the code in a new release of one of the eight projects under HashiCorp's wing was written by HashiCorp employees, Dadgar estimated, and he said that trendline dates back to its earliest days. Third parties contribute bug fixes from time to time, and play an important role in writing the glue code that makes it easier to use those projects in bespoke corporate tech stacks, but they are not developing new features, he said.

"The challenge with any of these — whether it's Terraform or Vault or Consul —is that they're incredibly complex," Dadgar said. "It takes a new HashiCorp employee months to get ramped up and really productive because these are complicated, large code bases."

Still, by deciding to restrict the use of the code that helped make Dadgar and his co-founder Mitchell Hashimoto billionaires at the time of its IPO, HashiCorp is closing one chapter of its history and perhaps ending an era when releasing software under open-source licenses was a given part of an enterprise tech startup's product strategy.

(Editor's note: A YouTube video of Dadgar and Hashimoto talking about HashiCorp's commitment to open-source software was mysteriously taken private after it was published right here.)

Dadgar argued that for almost all users of that code, nothing really changes. And he believes that keeping the source code available, as opposed to completely closing it off, provides operational and security benefits for users, which Redmonk's O'Grady seconded.

But there are obviously commercial motivations behind HashiCorp's decision, with revenue growth declining over a rough 12-month period for enterprise tech in general and its stock down 67% since its 2021 IPO.

"If your competitors are commercializing your IP, you either stop giving it to them by not making it open, or you stop giving it to them by changing your license," Dadgar said. "We're not the first and we're not the last (to make this move). And I think that trend is going to continue; there's this sort of fundamental problem that sits at the heart of open source, which is there's a bit of a tragedy of the commons here."

(This post was updated after somebody at HashiCorp took down a YouTube video and to clarify what users of the open-source projects can do under the BSL.)

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Runtime.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.