SSPL, Confluent License, CockroachDB License and the Commons Clause - Michael Cheng [FOSDEM 2019]

A number of companies are founded on an open core business model. The goal of this is to get the benefits on open source but at the same time make money off the software. However, it turns out that cloud providers are using those stacks and make money off them without paying the original developers.

The open core vendors are saying that the cloud providers are doing something bad, and that they are doing something about it by changing the license. However, if they are indeed breaking the license, how is changing the license going to fix it? The open core vendors also say that the cloud providers are breaking the social rules around open source, but the question is then why the open source license explicitly allows to use it without contributing back.

The open core vendors made three critical decisions: they chose the open core model, they chose which part to keep proprietary, and they chose a license. The fairness argument is a distraction, because most likely many users did choose it exactly because the core was free. There is a fairness issue in open source, but the license itself is an expression of that fairness. So in the end, the discussion is really about the economic realities, not about fairness. The reality is that the open core vendors made a mistake in either chosing open core, or which part they kept close, or the choice of license.

The problem (according to the RethinkDB founder) is that there are so many high-quality options that you have to open up a whole lot to be competitive.

Commons Clause is an addition to an existing license that disallows selling the software. This is very insidious, because at first sight it looks like a normal open source license, but there is “small print” at the bottom.

The Confluent Community license says explicitly that it is not an open source license. Still, calling it “community” is marketing spin.

SSPL basically says that if you use the code in a SaaS stack, you have to make everything that is used in the stack available, and under the SSPL. They are only excluding the operating system. This was probably added as a practicality, but actually the rest of the requirements are probably also not practical.

There are a lot of debates going on whether these licenses are open source and practical. However, these debates are not very useful since they don’t actually modify the behaviour. On the other hand, the end result of these licenses is that they just end up on companies’ (e.g. facebook’s) prohibited license list.

The reality is that open core exists and is here to stay. What we need is some rules for open core. We need an ecosystem where new licenses are not needed or beneficial. First rule is that if you choose open core, you have to be clear about what is open source and what is proprietary. Second rule is to not use licenses for marketing, and definitely not to confuse people. Third rule is that if you made a mistake about your choice, be transparent about it. Finally, it is essential to seek consultation from the community.

Michael is a lawyer at facebook taking care of open source licensing.