When Mitchell and I founded HashiCorp, we made the decision to make our products open source because of a few key beliefs:
- We believe strongly in freely available source code to make it easy for practitioners to freely download, inspect source code, and solve their own problems.
- We believe in building an ecosystem and community around our products to enable broad integrations.
- We believe in the importance of transparency for our users.
For more than a decade, we’ve continued to build new products and features provided to the community under a free open source license. This has led to a large community of users, contributors, partners, and customers who participate in and benefit from the work on the HashiCorp products.
Our open source model has been made possible by the thousands of commercial customers who partner with us on their mission-critical infrastructure. We invest tens of millions of dollars in research and development in our open source products annually, and our commercial efforts enable us to continue to support, and sponsor, our vibrant community of users.
Our approach has enabled us to partner closely with the cloud providers to enable tight integration for our joint users and customers, as well as hundreds of other technology partners we work closely with. However, there are other vendors who take advantage of pure OSS models, and the community work on OSS projects, for their own commercial goals, without providing material contributions back. We don’t believe this is in the spirit of open source.
As a result, we believe commercial open source models need to evolve for the ecosystem to continue providing open, freely available software. Open source has reduced the barrier to copying innovation and selling it through existing distribution channels. Many vendors have shifted increasingly to closed source for this reason, however we did not feel that would preserve our original goals in adopting open source.
That is why today we are announcing that HashiCorp is changing its source code license from Mozilla Public License v2.0 (MPL 2.0) to the Business Source License (BSL, also known as BUSL) v1.1 on all future releases of HashiCorp products. HashiCorp APIs, SDKs, and almost all other libraries will remain MPL 2.0.
BSL 1.1 is a source-available license that allows copying, modification, redistribution, non-commercial use, and commercial use under specific conditions. With this change we are following a path similar to other companies in recent years. These companies include Couchbase, Cockroach Labs, Sentry, and MariaDB, which developed this license in 2013. Companies including Confluent, MongoDB, Elastic, Redis Labs, and others have also adopted alternative licenses that include restrictions on commercial usage. In all these cases, the license enables the commercial sponsor to have more control around commercialization.
Our implementation of BSL includes additional usage grants that allow for broadly permissive use of our source code. We believe this will offer a fair and sustainable way for HashiCorp to share its source code widely, for free use. We consulted with OSS licensing experts and other industry stakeholders when developing our license, so that our efforts would be in line with industry practices.
Our first goal with this change is to minimize the impact to our community, partners, and customers. We will continue to publish source code and updates for HashiCorp products to our GitHub repository and distribution channels.
End users can continue to copy, modify, and redistribute the code for all non-commercial and commercial use, except where providing a competitive offering to HashiCorp. Partners can continue to build integrations for our joint customers. We will continue to work closely with the cloud service providers to ensure deep support for our mutual technologies. Customers of enterprise and cloud-managed HashiCorp products will see no change as well.
Vendors who provide competitive services built on our community products will no longer be able to incorporate future releases, bug fixes, or security patches contributed to our products.
Our commitment to our community, partners, and customers has not changed. We understand the trust the community places in us and we’ve worked carefully to preserve our original goals in adopting an open approach. We look forward to continuing to invest in the community and our products.
We know there will be additional questions, and we’ve assembled a set of frequently asked questions to help you better understand the changes. You can also watch the short video below for more information: