Slashdot Mirror
MongoDB Switches Up Its Open-Source License (techcrunch.com)
MongoDB is taking action against cloud giants who are taking its open-source code and offering a hosted commercial version of its database to their users without playing by the open-source rules. The company announced today that it has issued a new software license, the Server Side Public License (SSPL), "that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions," reports TechCrunch. From the report: For virtually all regular users who are currently using the community server, nothing changes because the changes to the license don't apply to them. Instead, this is about what MongoDB sees as the misuse of the AGPLv3 license. "MongoDB was previously licensed under the GNU AGPLv3, which meant companies who wanted to run MongoDB as a publicly available service had to open source their software or obtain a commercial license from MongoDB," the company explains. "However, MongoDB's popularity has led some organizations to test the boundaries of the GNU AGPLv3."
So while the SSPL isn't all that different from the GNU GPLv3, with all the usual freedoms to use, modify and redistribute the code (and virtually the same language), the SSPL explicitly states that anybody who wants to offer MongoDB as a service -- or really any other software that uses this license -- needs to either get a commercial license or open source the service to give back the community. "The market is increasingly consuming software as a service, creating an incredible opportunity to foster a new wave of great open source server-side software. Unfortunately, once an open source project becomes interesting, it is too easy for cloud vendors who have not developed the software to capture all of the value but contribute nothing back to the community," said Eliot Horowitz, the CTO and co-founder of MongoDB, in a statement. "We have greatly contributed to -- and benefited from -- open source and we are in a unique position to lead on an issue impacting many organizations. We hope this will help inspire more projects and protect open source innovation."
So while the SSPL isn't all that different from the GNU GPLv3, with all the usual freedoms to use, modify and redistribute the code (and virtually the same language), the SSPL explicitly states that anybody who wants to offer MongoDB as a service -- or really any other software that uses this license -- needs to either get a commercial license or open source the service to give back the community. "The market is increasingly consuming software as a service, creating an incredible opportunity to foster a new wave of great open source server-side software. Unfortunately, once an open source project becomes interesting, it is too easy for cloud vendors who have not developed the software to capture all of the value but contribute nothing back to the community," said Eliot Horowitz, the CTO and co-founder of MongoDB, in a statement. "We have greatly contributed to -- and benefited from -- open source and we are in a unique position to lead on an issue impacting many organizations. We hope this will help inspire more projects and protect open source innovation."
That is a broad category that includes a *shitload* of software that has nothing to do with the source code of Mongo DB.
The lawyer who devised that nonsense clearly has some pals in the field who are looking forward to big lengthy but more importantly expensive legal discussions on the subject.
If I write some robotics software to rotate backup tapes for my MongoDB centric service, that'd be part of the 'backup software' and 'storage software' according to that definition, but it's hardly a very clear direct derived work, so how can the license I receive to use MongoDB apply to it?
The summary almost goes into the differences between AGPLv3 and SSPL, but then decides to fill space with a meaningless quote instead.
What are the practical differences?
IANAL, but the basic issue seems to be that a modified version of the OSS under AGPL would have to be provided, but nothing else needed to make your SaaS version of the original OSS product work would be.
AIUI, under SSPL if you now sell "MongoDB Instances" for people to connect to, and that you'll cover replication and backups for those MongoDB Instances them using some nifty new proprietary add-on you built, then you're going to need to open source that replication and backup code too.
I don't think this would cover some large SaaS provide that simply *uses* MongoDB on the backend, only one that's *selling* MongoDB instances as a service in and of itself.
Hire a Linux system administrator, systems engineer,
The SSPL to AGPL comparison makes it crystal clear that this new SSPL is a slightly modified AGPL, with the FSF copyright notice and preamble removed and a MongoDB copyright notice added in its place, with not much more than one section rewritten. Did the FSF give permission for this, and if not, by what logic would this be allowed?
Mongo is shit. UniFi uses the DB for its UniFi Controller application. I've seen more corruption with it than I care to keep track of; and all of it is the result of bad MongoDBs not mounting. There's ways of fixing it, but it's far easier to just shit-can the DB and start fresh with a backup of my config.
Life is not for the lazy.
They really don't care about unmodified versions. They do care if you add something to it. And their terms seem to capture all such additions. They have not yet submitted to OSI and I don't know if I'd recommend approval. I suspect I'd ask for some changes.
Bruce Perens.
Is it just me, or is SAAS hype? It appears that the big vendors want SAAS to succeed because they want to nickel and dime you for everything you do.
It would be like "Fee-Based Legos": you can snap together components easily to get an application/system up and going relatively quick, but you pay rent for each Lego block you use. The big IT co's would love this because you'd get hooked on most of the components such that you have to pay if you want to keep your software up without reworking much of it. And they'll probably jack up prices for older versions, meaning you gradually either pay more, or spend time constantly reworking your software for the newer versions.
The big IT co's appear to have found this more profitable than the pay-once approach because they push it with existing products. For example, Adobe stopped selling one-time-pay versions of their graphics suite (except maybe for students). If you want their graphics suite, you have to pay for a subscription.
Another annoyance of SAAS is that you have to often convert back and forth between JSON or XML and your shop's language. It's a lot of interface busy-work. If you make a programming-language-neutral service, then you are pretty much stuck building and managing such conversions. In some cases it can be made somewhat automated using reflection and other tricks, but such often has annoyances and glitches.
Table-ized A.I.
AIUI, under SSPL if you now sell "MongoDB Instances" for people to connect to, and that you'll cover replication and backups for those MongoDB Instances them using some nifty new proprietary add-on you built, then you're going to need to open source that replication and backup code too.
I don't think this would cover some large SaaS provide that simply *uses* MongoDB on the backend, only one that's *selling* MongoDB instances as a service in and of itself.
unfortunately this subtle distinction makes SSPL a non-free license. debian for example will be forced to move mongodb and anything under this SSPL license into the "nonfree" distribution section, thus ensuring that it is excluded from use in all and any debian critical core-level services.
it's a particularly sad state of affairs - a reaction to unethical corporate spongeing - that a major prominent software team has to consider changing the license to a non-free one just to be able to pay their developers to keep working, whilst corporations all around them make hundreds of millions of dollars in profits, using their work??
it's a repeat of the exact same pattern of corporate exploitation that caused me to stop working on samba-tng and exchange 5.5 reverse-engineering, 18+ years ago.
haven't these pathological spongeing corporations learned yet from heartbleed, shellshock and the lessons of the gentoo developer that was $45k in debt and had to go work for microsoft, and the GPG developer that was $10k in debt??
Just prior to the part you quoted, it tells WHO it applies to.
It applies to people who use it to offer a cloud database service. It doesn't apply to those who offer a different service, which happens to use the database.
The new Section 13 of the SSPL reads as follows:
âoeIf you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version.
âoeService Source Codeâ means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available.â
This is nothing to do with open source values or promotion of open source software. This is about monetizing software. They want to have all the benefits of open source software, including a community of free contributors, and to monetize their work. This is very similar to MySQL when they changed the license of the client libraries from LGPL to GPL and then complained that anything that acted as a client or interfaced with MySQL DB data had to either itself be open source or get a commercial license.
Software as a service, and using open source software integrated to provide a commercial service isn't new. Software as a service is far older in the server market that MongoDB applies to than it is in the home market. People have been able to pay for LAMP stacks nicely set up with glossy front ends and control panels for more than a decade, certainly long before MongoDB existed. The fact they are just now, once they have a successful open source product that has a certain amount of industry adoption, taking this step shows this is all about getting themselves money and not standing up for principles.
They are using a so-called open source license as a weapon and I hope they get spanked for it in the marketplace.
I see what you mean. That wording sucks.
Unfortunately, the full license says "you may use, modify, and distribute MongoDB without buying a license if you comply with the terms ..."
If you can't comply with the terms, you have no license to the software.
Imagine I say to you "you can have all the money in my bank account if you take me to the moon". That's a condition you can't meet. You can't to take me to the moon, so therefore you can't have all my money. Your inability to take me to the moon does NOT mean you get all my money without meeting the condition.
You can:
Comply with what we think they MEANT to say (risk here)
Buy a license
Not use MongoDB