HashiCorp's Licensing Shift: Impacts on Customers and the Industry

In the dynamic world of software, change is inevitable. Companies constantly adapt to meet new challenges, harness fresh opportunities, and evolve with the technological landscape. One area where this often manifests is in the choice of licensing. Recently, HashiCorp, a leader in cloud infrastructure automation software, announced a significant shift. They've chosen to transition their source code license for future releases of their products from Mozilla Public License v2.0 (MPL 2.0) to the Business Source License (BSL, also known as BUSL) v1.1.  

This impacts all of HashiCorp’s suite of products including Terraform, Packer, Vault, Boundary, Consul, Nomad, Waypoint, and Vagrant. 

But what does this transition mean for the industry, and more specifically, for HashiCorp's diverse array of customers? Let's delve in. 

Understanding the Licenses 

Before dissecting the impacts, it's essential to understand the licenses themselves.  

The MPL 2.0, under which HashiCorp has previously licensed their software, is a free and open-source software license. It allows users to freely use, modify, and distribute the software, with the primary condition being that modifications to the original MPL-covered code be made available under the MPL as well.

On the other hand, the BSL is a bit different. This license restricts the use of the software in specific commercial ways, typically for a set period, after which it transitions to an open-source license. The BSL aims to strike a balance - to provide the software company with commercial benefits while ensuring that the software becomes fully open-source after a defined period. 

Impact on Customers

1. Monetization and Commercial Use: With BSL, there might be restrictions on how customers can use the software commercially. For instance, direct monetization or offering services around the product might come with conditions, or perhaps even fees, depending on the specifics of the BSL terms. 

2. End Users: There is no impact on end users using these products for internal or personal usage. 

Impact on the Industry 

1. Rethinking Open Source: HashiCorp's move could prompt other companies to reconsider their licensing strategies. The BSL offers an interesting compromise between fully proprietary and open-source licenses. As more firms witness its effects on HashiCorp's business model, they might be inclined to adopt it, leading to a broader industry shift. 

2. Innovation and Collaboration: MPL 2.0 thrives on collaboration, with modifications mandatorily made available to the community. With BSL, there might be a reduced immediacy to this shared innovation, but only for a set period. After transitioning to an open-source status, the collaborative benefits return. 

Learning from Precedents: Other Software Licensing Shifts  

HashiCorp's decision to change its licensing strategy isn't unique. Over the years, several software firms have modified their licensing terms, largely driven by the need to strike a balance between open-source principles and business sustainability. By studying these historical shifts, we can gain insight into the potential repercussions of HashiCorp's decision. 

Several notable software projects and companies have undergone similar transitions: 

1. Redis: While the core Redis database remains under the BSD license, Redis Labs introduced the Redis Source Available License (RSAL) for some extended modules. This move was an attempt to deter cloud providers from profiting from their work without contributing back. 

2. MongoDB: Originally under the AGPL, MongoDB unveiled a new license called the Server Side Public License (SSPL). This change was motivated by the desire to ensure cloud providers offering MongoDB as a service would also open-source their accompanying service code. 

3. Elasticsearch and Kibana: Elastic NV switched the license for both from the Apache 2.0 License to the SSPL, mainly due to concerns about large cloud providers, especially AWS, commercializing their open-source products. 

4. CockroachDB: Initially released as open source, CockroachDB later adopted the Business Source License (BSL) to limit third-party commercialization. 

5. MariaDB: While the core MariaDB server remained GPL v2, MariaDB Corporation introduced BSL for certain enterprise features. 

6. TimescaleDB: Adopting a dual licensing approach, core features are available under the Apache 2.0 license, while some components adopted the Timescale License (TSL) to prevent offering the software as a cloud service. 

Each of these decisions led to intense debate within the respective software communities. While the essence of open source revolves around collaboration, freedom, and transparency, software companies must also grapple with sustainability challenges. Often, these firms face competition from large cloud providers who can offer these open-source tools as managed services, sometimes without significant contributions back to the project. 

Incorporating such licensing changes usually results in two primary outcomes: 

1. Business Protection: Companies can shield their business models, ensuring consistent revenue streams that fund further development and innovation. 

2. Community Backlash: The open-source community is passionate and protective of its principles. Any perceived departure from these ideals can lead to skepticism, concern, or even forks of the project. 

For HashiCorp's stakeholders, understanding these precedents can offer valuable context. The balancing act between being open and ensuring profitability is tricky, and HashiCorp's latest decision is just another chapter in the evolving story of open source in the business world. 

A Way Forward

HashiCorp's decision is emblematic of an industry in flux. As software companies grapple with the challenges of sustaining innovation while ensuring financial viability, new licensing models like the BSL might gain prominence.

Tools that are built with HashiCorp’s code will have to fork the latest versions and continue to build features, improvement, bug fixes, and security patches themselves. As an example, after Terraform 1.5.5 companies will be unable to incorporate the source code or embedded or distribute newer versions of Terraform. Another option for tools built on HashiCorp’s code will have the option to partner with HashiCorp to continue getting updates and pay HashiCorp for that option. 

It remains to be seen how this licensing experiment plays out, but it's evident that the industry is set for some transformative times ahead. 

Resources: HashiCorp Annoucement