IT vendors still search for open source license sweet spot
Elastic returns Elasticsearch and Kibana to open source licenses while Sentry floats Fair Source, as balancing business and community success remains a work in progress.
Published: 05 Sep 2024
IT vendors' open source licenses continue to be in flux, as balancing the subtle equations between effective community outreach and sustainable business revenue remains elusive.
Three years after a high-profile move from an open source license amid a feud with AWS over use of its open source Elasticsearch code, Elastic Inc. said late last week it has brought back open source license options for Elasticsearch distributed search and Kibana data visualization software. Meanwhile, Sentry and a handful of like-minded software vendors launched a new software license definition project last month, Fair Source, that's meant to balance commercial and community interests. Sentry and partners are also preparing to launch a public campaign to fundraise for open source maintainers in October.
For Elastic, the Amazon Elasticsearch Service launched in 2015 was a thorn in its side, Elastic founder and CEO Shay Banon wrote in a blog post unveiling the move back to open source license options last week. The decision to put Elasticsearch and Kibana under a Server Side Public License in 2021 had the desired effect of forcing AWS to fork the project and develop its own separate OpenSearch service, according to Banon.
"The good news is that while it was painful, it worked," Banon wrote. "[Three] years later, Amazon is fully invested in their fork, the market confusion has been (mostly) resolved, and our partnership with AWS is stronger than ever. We were even named AWS partner of the year."
Shay Banon
With all of that behind it, Elastic is making Elasticsearch and Kibana available under the GNU Affero General Public License (AGPL).
"I had always hoped that enough time would pass that we could feel safe to get back to being an Open Source project -- and it finally has," Banon wrote.
Part of that sense of safety may come from the nature of the AGPL, which offers some protection against the kind of cloud provider behavior that started Elastic down this road in the first place, according to Stephen O'Grady, an analyst at RedMonk.
"Many large companies have historically avoided the AGPL because it closes the so-called 'network loophole,' which essentially means that if it's used -- whether that's internally or as an external service -- all changes are required to be made available under the exact same terms," O'Grady said. "It is the only OSI [Open Source Initiative]-approved copyleft license that does this."
A matter of trust
That doesn't mean the open source community is welcoming Elastic back with no questions asked, however.
"I maintain my position that the lack of open governance for the projects, combined with a CLA [Contributor License Agreement] that doesn't subject Elastic itself to the terms of the AGPL, explicitly allows Elastic to go proprietary again at any point in time," said Tobie Langel, principal and managing partner at open source consulting firm UnlockOpen. "So while this is unquestionably an improvement, it's also a reminder for everyone to consider governance when assessing open source projects."
Some industry watchers connected the move to recent lackluster earnings results from Elastic as it pivots into observability and vector search from its roots in log management and analytics.
Andy Thurai
"They got taken out to the woodshed" following the most recent quarterly earnings report, said Andy Thurai, an analyst at Constellation Research. "Lower revenue guidance, combined with the flurry of analyst rating changes, downgrades and lowered price targets, took a toll on the stock price, making it drop [nearly] 30% since its earnings [report]."
Thurai said he doesn't see a coincidence between that earnings report and Banon's blog post going out on the same day, Aug 29.
"Now that [Elastic is] trying to expand beyond observability by offering Elasticsearch as the runtime platform for RAG [retrieval-augmented generation] and building GenAI applications, [it needs] to gain quick traction as the competition from startups is very high in that area," Thurai said. "By reverting back to the OSI-approved open source license for Elasticsearch and Kibana, [Elastic's upper managers] are hoping they can achieve that."
Banon, meanwhile, had a pre-emptive answer for this take in his blog post.
"I will start by saying that I am as excited today as ever about the future of Elastic," he wrote. "I am tremendously proud of our products and our team's execution. ... Users' response has been humbling. The stock market will have its ups and downs. What I can assure you, is that we are always thinking long term, and this change is part of it."
Other industry observers say the Elastic license saga is emblematic of a more systemic problem with open source sustainability in the industry.
To me, this points to a failure on the part of the broader open source community to really engage as business people. How can we help avoid this in the future, so Elastic could have always been open source?
Adam JacobCo-founder and CEO, System Initiative
"I think it shows just how complicated this can be for startup founders. [Banon] clearly loved being open source but felt like he had no realistic options to compete in the market," said Adam Jacob, co-founder and CEO of System Initiative and formerly founder and CTO of Chef Software. "To me, this points to a failure on the part of the broader open source community to really engage as business people. How can we help avoid this in the future, so Elastic could have always been open source?"
Sentry and friends launch Fair Source initiative
Sentry, an application and performance monitoring software maker, has been in search of the optimal approach to source-available licensing and community engagement since it moved to a business source license for its products in 2019. It moved again to a functional source license in November 2023, following what its head of open source, Chad Whitacre, dubbed "The Codecov kerfuffle."
Since then, Whitacre has been working with a consortium of like-minded open source product maintainers to further refine a concept initially known as Software Commons. That effort has now been split into two separate initiatives: a Fair Source license definition and an OSS Pledge, Whitacre said in a recent interview with TechTarget Editorial.
Fair Source is an attempt to set standards for business source licenses, including Sentry's functional source license, in parallel with the OSI's definition of open source, according to Whitacre. A few other open product companies have signed on to Fair Source, including GitButler, PowerSync, Keygen and CodeCrafters.
"You've got open source the brand, and then [OSI has] a definition for what open source is, and a list of licenses that fit that definition," Whitacre said. "Fair Source is a wider brand that encompasses delayed open source as well as non-compete licensing."
A key emphasis of Fair Source licensing is making the burden of compliance on the user minimal, according to Whitacre.
"We actually had this conversation already, since launching Fair Source, with somebody who … uses a business source license based on [the user's company] revenue" he said. "We said that actually doesn't fit our definition, because it makes it too hard to comply with."
Whitacre credited a call to action on social media platform X, formerly known as Twitter, last year from System Initiative's Jacob as an inspiration for Fair Source, but Jacob said Fair Source doesn't quite jibe with his own open source philosophy.
"I'm glad that they've given what they want a name, and that it's distinct from being open source," Jacob said. "On a personal level, I think it removes much of what makes open source so compelling -- the ability for folks to take the software and build the life they want from it. That said, it does give their customers enough to overcome some objections to adopting their software -- namely that it's delayed open source and that they can inspect the source code if they need it."
To pledge or not to pledge?
In tandem with the Fair Source initiative, Sentry is spearheading a program called the OSS Pledge, which calls for member companies to contribute $2,000 per year per developer they employ to open source maintainers. The public call to fund open source maintainers, which will include billboards in San Francisco starting Oct. 7, grew out of an internal initiative at Sentry, Whitacre said.
"In 2021, Sentry gave $155,000; in 2022, we gave $260,000; last year, we gave $500,000; and this year, we're going to do $750,000, but my leadership has asked me to go get other companies to do the same thing," he said. Sentry gave these funds to foundations that govern open source tools the company uses, such as the Python Software Foundation, Django Software Foundation and Rust Foundation, along with services that give money directly to maintainers such as GitHub Sponsors and thanks.dev.
"It's one thing for Sentry to be doing this, to be giving significant amounts of money to kind of a broad, systematic set of maintainers that we depend on," Whitacre said. "But at the end of the day, $500,000 isn't actually enough to make the impact we need."
Sentry won't be handling these donations -- rather, the pledge will require participating companies to post annual reports documenting their contributions to foundations and other organizations of their choosing.
It's unclear at this point whether voluntary contributions from more companies will make a sufficient impact, either, according to Justin Warren, founder of tech consulting and analyst firm PivotNine in Melbourne, Australia.
"It's great that they are voluntarily paying a few people," he said of the OSS Pledge. "Time will tell if it exerts enough social pressure on large commercial entities to get them to pay enough to matter. I suspect that the coming legislative changes to software liability, such as in the EU, will have a bigger impact."
By the same token, it wouldn't take much, relatively speaking, for companies to make more of an impact on open source sustainability through pledges, according to UnlockOpen's Langel.
"If every company contributed $2,000 per developer, as the pledge suggests, we'd unlock $32 billion per year, given the number of professional maintainers I [calculated] in my '$1 Billion for Open Source Maintainers' talk," Langel said, referring to a presentation he gave at a conference earlier this year. "We'd need less than 3% of organizations to follow such a pledge for this to be massively transformative for the industry -- a $65 per engineer pledge would create a $1 billion per year outcome if every organization in the world played along."
Beth Pariseau, senior news writer for TechTarget Editorial, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.
Dig Deeper on IT systems management and monitoring
Shay Banon
Andy Thurai
