I appreciate the letter and trying to work with Hashicorp -- I used to have a ton of respect for Hashicorp. But honestly... at this point...
...just fork it into a foundation. Don't wait for Hashicorp's response. I get wanting to have the appearance of working with Hashicorp, but we've been shown again, and again, and again, and a-fucking-gain that private corporations cannot be trusted to maintain public goods. Only community governed non-profit foundations can do that.
Private corporations will put the bottom line first every single time. And in the case of investor funded enterprises, the bottom line is never ending exponential growth or bust.
Even though I strongly believe the OpenTF fork could open up incredible possibilities for the community (I could go on and on about it), it is an equivalent of a civil war. It doesn't serve the community and our only interest is in the continued strength of the community that we continue to build for.
Based on my immense respect for what's been built under Hashi's umbrella I'd rather see a change of mind, and an opportunity to honor our pledge of resources (5 FTEs for 5 years) to the common rather than partisan cause.
Imagine a future CTO trying to pick the IaC tools for their company. They see Terraform as an option, but then learn there are multiple forks, licensing questions, and a big battle happening in the community. What do they do? They are now way more likely to pick a different tool that is genuinely open source. The same is true of every dev considering where to build their career, every hobbyist, every open source enthusiast, every vendor, etc. In the end, no matter which fork wins, everyone will be worse off: the community will be smaller and more splintered.
So we opted to ask HashiCorp do the right thing first. If they choose to do the right thing, we can avoid a fork, and avoid splintering the community. We still think that's the best option. But if that doesn't work, then a foundation + fork it is.
I totally agree. I do not think pleading with Hashicorp to reconsider will result in changing back the license
Doing the Fork and showing it IS sustainable and has broad community support can encourage Hashicorp to make concessions.
After taking this unilateral hostile step I do not think Hashicorp deserves the community trust and what industry needs is "Foundation Governed" Terraform like solution, whatever name this solution will have.
You can see example in Confluenct which builds proprietary solutions around Kafka, where Kafka itself is Apache project.
Why not get it under the umbrella of either the Linux Foundation or CNCF? Things like this and Ansible should be really kept under neutral companies and not companies like Red Hat and HashiCorp that have shown that all they care about open source is the free work they get from contributors.
We at Oxide were honored to be asked to add our name to OpenTF Manifesto. Our statement:
At Oxide, our vision has been that on-premises infrastructure is deserving of a system consisting of both hardware and software, at once integrated and open. Ensuring Terraform users can easily deploy to Oxide has been essential for realizing this vision: we want customers of an Oxide rack to be able to use the tools that they know and love! And while HashiCorp's move to the BSL does not immediately affect Oxide (our Terraform provider is and remains MPLv2), we recognize that the ambiguity in both the license and HashCorp's language has created widespread concern that gives customers pause. We support the OpenTF efforts to assure an open source Terraform. It is our preference to see an MPLv2 Terraform as led by HashiCorp, and we join the call from the OpenTF signatories for HashiCorp to renew its social contract with the community by reverting the change of Terraform to the BSL. That said, we also agree with OpenTF's fallback position: a BSL-licensed Terraform is not in fact tenable; if Terraform must be forked into a foundation to assure its future, we will support these efforts. Open source comprises the foundation of the modern Internet, and is bigger than one company: it is the power of us all together to determine our fate. But we cannot take that foundation for granted -- and we must be willing to work to exercise that power to assure an open source future.
Thank you to the consortium here that is coming together to guide Hashi to see the wisdom in an open source Terraform!
If any Hashicorp people are reading, can you please tell your middle and senior management that this decision has deeply soured my entire DevOps cohort on continuing to use Terraform in the future.
We're already exploring alternatives. Future client projects may not use Terraform at all.
Languages and frameworks must remain open or they will wither and die.
>Imagine if the creators of Linux [] suddenly switched to a non-open-source license that only permitted non-competitive usage.
Linux cannot even successfully switch from GPL2 to GPL3 because of the sheer number of contributors and the fact that not all of them have transferred their copyright ownership to any given organization. This patchwork of different copyright owners has historically been seen as a potential weakness for Linux, but it seems like perhaps license inflexibility is a strength for open source.
I thought Linus and other believed GPLv2 was fine and the improvements of GPLv3 did not outweigh the potential problems introduced by it. It never came to a point where all authors were asked to agree, or sign away their ownership.
Hey folks, so Terraform did a thing. They changed their license type, and a lot of people aren't too happy about it. There's this OpenTF Manifesto now where people are speaking up about wanting Terraform to be truly open-source again. Some are even thinking of making a new version if HashiCorp doesn't switch back. Just a heads up for anyone using or thinking of using Terraform
We, Terrateam, do not believe we violate the new license but we support Terraform being open due to how important it is to the ecosystem. Unlike Vault or Waypoint, Terraform is closer to a language compiler like Go or Java and benefits from a robust community that can build on top of a stable ecosystem. As such, we have announced our support of the OpenTF Manifest[0]
As an end-user, not competing with HashiCorp, this change doesn't worry me. According to their FAQ [1]:
10. What are the usage limitations for HashiCorp’s products under BSL?
All non-production uses are permitted. All production uses are allowed other than hosting or embedding the software in an offering competitive with HashiCorp commercial products, hosted or self-managed.
24. Can I host the HashiCorp products as a service internal to my organization?
Yes. The terms of the BSL allow for all non-production and production usage, except for providing competitive offerings to third parties that embed or host our software. Hosting the products for your internal use of your organization is permitted.
Even if you don't mind abiding by the terms of the BSL, the licensing change is a signal that Hashicorp is in dire straits and doesn't know how to operate as a sustainable business. They're flailing about trying to increase revenue, and in so doing they're removing one of the core components (the open source licensing) that made their tools ubiquitous to begin with. And what will their next cash grab be?
Here's the kicker though... before the change to BSL, the future of Hashicorp didn't really matter as much, since somebody could fork their projects and keep them going. But with this licensing change, if Hashicorp shuts down one day, nobody could create a fork for several years.
So to me, whether or not I can use the software as currently licensed isn't the biggest issue. I want the ability to have an "escape hatch" should Hashicorp continue its downward trajectory or shut down completely.
I think it should, to some extent. A really quick example comes to mind. Some of the best documentation on how to use Terraform properly comes from folks who provide competitive offerings.
I could also see someome like Amazon eventually launching a CloudFormation like tool that works natively with Terraform, but now that's off the table and I think a net negative.
It also sounds like projects like Atlantis also would be against the BSL, including self-managed installations of the tool.
How do you know you're not competing with HashiCorp?
That's not meant to be a redundant or snarky question. The key issue with the BSL and that FAQ is that the wording is intentionally vague. What does "competing" mean? What does "hosting or embedding" mean? Who decides?
In order to really know if you're a competitor, you have to reach out to HashiCorp (as the FAQ tells you to do). So whether your usage is valid is not controlled by the license terms, but is instead entirely at the whim of HashiCorp. So they switched from a permissive open source license to a HashiCorp decides license: they get to decide on a case by case basis now—and they can change their mind at any time.
That is very shaky footing on which to build anything.
It should worry you - it hurts the ecosystem. Terraform is just a tool. The providers, modules, not supported by HashiCorp, is what makes Terraform useful. Ige the ecosystem dies, Terraform becomes useless.
It won't affect you unless you're selling tooling that embeds TF in some form. That, unfortunately, covers too wide a space and there is no telling when your offering is going to be in competition with Hashi's.
As I see it Hashicorp has failed to create a viable business model in an environment where there isn't unlimited perpetual VC money. Now they're at the stage of giving up and simply trying to shake down those who have managed to make better business models.
It's usually not a good idea to be near a company flailing like this since who knows what their next rent seeking approach will be. A company with nothing to lose is a dangerous partner to have.
The worst part is they did create a viable business model. They were profitable when they had their IPO. They then pretended that the IPO was just another Series X investment, blew all the money, and went negative on their cashflow.
Hashicorps problem isn't that their business model doesn't work, it's that they are really bad at their jobs. They ignore customer feedback, laid off support people, and then jacked their prices up. It's a self inflicted wound, and instead of trying to fix it they just keep making it worse.
We say OpenTF is (or will be) a fork, and forks are bad, nuclear option, etc, but really, Hashicorp are the ones who made a breaking change, and the "fork" merely maintains that which already was, but for reasons, are not allowed to continue using their own name.
We need for the shortest sound-bite 3-word sentence to the non-technical to somehow use terminology that says that the entity that caused the problem is the one who did some action.
OpenTF did not (or is not prepareing to) fork this project, Hashicorp did.
If it was me and I wasn't legally prevented by something actually binding in writing with signatures, I'd even keep using the original name and duke that out.
These people have seriously contributed back to the Terraform community. Terraform doesn't have a test suite- Grunt made Terratest, as well as many other tools. These people have seriously contributed back to the ecosystem, in many ways beyond what Hashicorp has done.
Beyond that, I know some of these companies tried to be contributors to Terraform itself but were ghosted by Hashicorp.
At the same time there's only a handful of regular contributors to Terraform[1]. It would not be hard for these companies to provide more resources to Terraform than Hashicorp is.
This is reality of any successful Open Source ecosystem - folks who contribute the most (code, bug reports, marketing) in the project tend to be those who are making money on the project and these are the same folks who compete with you
Coopetition is name of the game in Open Source and too bad increasing number of the companies want to focus on capturing all economic value from ecosystem they have created with help from so many others
As a long time Gruntwork customer, contributor, and fan, it is really nice to see them stepping up as thought leaders here. They run a great open source community already. Our DevOps team has been buzzing all day with what we are going to do. For now, we are staying pinned to the last open source version of Terraform and will likely follow Gruntwork's lead when the time comes.
There is zero chance of Hashicorp donating Terraform to an open source foundation. If there was they would have never even considered this change in license. Honestly it's not a bad thing, maybe the maintainers of the Terraform fork will actually listen to feedback from the community of people who use it instead of ignoring them.
I like Terraform and will continue to use it. I'm just an end user that isn't involved in building other product offerings on it or a user of other derivative products.
Even though this really doesn't affect my use case it does feel like kind of a dirty bait and switch. I do hope for a future where there's a version (and Terraform provider module versions) that are actively maintained under a true open source license. I'll favor using those over the official BSL version as much as possible.
I guess it's the CLA that all of the contributors signed that allows this to happen? I wonder if there's a way for open source licenses to address this, and disallow the use of CLAs, or require some CLA clause that doesn't allow sudden switches to non-permissive licenses?
One thing I particularly hate about license change is lack of notice - If you operate in good faith you probably would want to give time to community to make arrangement, whenever it is negotiating agreement with you or looking for alternatives. Lack of notice this means everyone who embedded Terraform put their customers at risk immediately as in case any discovered CVEs they will not be able to ship security fixes to their customers.
Having recently picked up Rust (yes, sorry for mentioning it, I promise it's relevant), I picked up Terraform the other day. I was shocked by how weak its language-level developer experience story is.
I am working in VSCode, which by and large tends to be the editor supported best, with the most mindshare. Terraform has static and mostly strong typing, yet some testing revealed I was able to pass an argument of the wrong type to some variable I declared. This is type safety 101: variable declared `str` shouldn't accept `int`, ever. Yet `tf validate` was silent, so was all IDE-integrated tooling (whatever the VSCode TF extension does).
Jumping to/from symbol definitions/usages was also flaky (but not entirely absent).
Really disappointing! My excitement of diving into TF went poof. Maybe I'm overly sensitive, but I was so excited to escape YAML hell (Ansible).
Now I'm even firmer in the boat of just using a regular old language, like Pulumi with Python (with full typing).
Did I do something wrong or can anyone confirm my findings?
I think the problem is that if hashicorp thinks you are a competitor you and your clients now have legal/operational issues. Ie you are now a competitor because we are releasing a product just like yours, here is a letter from a lawyer telling you to stop using terraform.
This is precisely the problem with the new BSL license. Whether your usage of Terraform complies with the license isn’t determined by the legal terms, but instead is entirely at the whim of HashiCorp. And they can change their mind at any time. It makes it impossible to build anything on top of Terraform.
[+] [-] dbingham|2 years ago|reply
...just fork it into a foundation. Don't wait for Hashicorp's response. I get wanting to have the appearance of working with Hashicorp, but we've been shown again, and again, and again, and a-fucking-gain that private corporations cannot be trusted to maintain public goods. Only community governed non-profit foundations can do that.
Private corporations will put the bottom line first every single time. And in the case of investor funded enterprises, the bottom line is never ending exponential growth or bust.
[+] [-] fishnchips|2 years ago|reply
Even though I strongly believe the OpenTF fork could open up incredible possibilities for the community (I could go on and on about it), it is an equivalent of a civil war. It doesn't serve the community and our only interest is in the continued strength of the community that we continue to build for.
Based on my immense respect for what's been built under Hashi's umbrella I'd rather see a change of mind, and an opportunity to honor our pledge of resources (5 FTEs for 5 years) to the common rather than partisan cause.
[+] [-] brikis98|2 years ago|reply
Imagine a future CTO trying to pick the IaC tools for their company. They see Terraform as an option, but then learn there are multiple forks, licensing questions, and a big battle happening in the community. What do they do? They are now way more likely to pick a different tool that is genuinely open source. The same is true of every dev considering where to build their career, every hobbyist, every open source enthusiast, every vendor, etc. In the end, no matter which fork wins, everyone will be worse off: the community will be smaller and more splintered.
So we opted to ask HashiCorp do the right thing first. If they choose to do the right thing, we can avoid a fork, and avoid splintering the community. We still think that's the best option. But if that doesn't work, then a foundation + fork it is.
[+] [-] PeterZaitsev|2 years ago|reply
Doing the Fork and showing it IS sustainable and has broad community support can encourage Hashicorp to make concessions.
After taking this unilateral hostile step I do not think Hashicorp deserves the community trust and what industry needs is "Foundation Governed" Terraform like solution, whatever name this solution will have.
You can see example in Confluenct which builds proprietary solutions around Kafka, where Kafka itself is Apache project.
[+] [-] xinayder|2 years ago|reply
[+] [-] VectorLock|2 years ago|reply
[+] [-] bcantrill|2 years ago|reply
At Oxide, our vision has been that on-premises infrastructure is deserving of a system consisting of both hardware and software, at once integrated and open. Ensuring Terraform users can easily deploy to Oxide has been essential for realizing this vision: we want customers of an Oxide rack to be able to use the tools that they know and love! And while HashiCorp's move to the BSL does not immediately affect Oxide (our Terraform provider is and remains MPLv2), we recognize that the ambiguity in both the license and HashCorp's language has created widespread concern that gives customers pause. We support the OpenTF efforts to assure an open source Terraform. It is our preference to see an MPLv2 Terraform as led by HashiCorp, and we join the call from the OpenTF signatories for HashiCorp to renew its social contract with the community by reverting the change of Terraform to the BSL. That said, we also agree with OpenTF's fallback position: a BSL-licensed Terraform is not in fact tenable; if Terraform must be forked into a foundation to assure its future, we will support these efforts. Open source comprises the foundation of the modern Internet, and is bigger than one company: it is the power of us all together to determine our fate. But we cannot take that foundation for granted -- and we must be willing to work to exercise that power to assure an open source future.
Thank you to the consortium here that is coming together to guide Hashi to see the wisdom in an open source Terraform!
[+] [-] bloopernova|2 years ago|reply
We're already exploring alternatives. Future client projects may not use Terraform at all.
Languages and frameworks must remain open or they will wither and die.
[+] [-] aftbit|2 years ago|reply
Linux cannot even successfully switch from GPL2 to GPL3 because of the sheer number of contributors and the fact that not all of them have transferred their copyright ownership to any given organization. This patchwork of different copyright owners has historically been seen as a potential weakness for Linux, but it seems like perhaps license inflexibility is a strength for open source.
[+] [-] cies|2 years ago|reply
[+] [-] MrStonedOne|2 years ago|reply
[deleted]
[+] [-] ovuruska|2 years ago|reply
[+] [-] sausagefeet|2 years ago|reply
[0] https://terrateam.io/blog/opentf-pledge
[+] [-] new23d|2 years ago|reply
[+] [-] JeremyNT|2 years ago|reply
Here's the kicker though... before the change to BSL, the future of Hashicorp didn't really matter as much, since somebody could fork their projects and keep them going. But with this licensing change, if Hashicorp shuts down one day, nobody could create a fork for several years.
So to me, whether or not I can use the software as currently licensed isn't the biggest issue. I want the ability to have an "escape hatch" should Hashicorp continue its downward trajectory or shut down completely.
[+] [-] ryanisnan|2 years ago|reply
I could also see someome like Amazon eventually launching a CloudFormation like tool that works natively with Terraform, but now that's off the table and I think a net negative.
It also sounds like projects like Atlantis also would be against the BSL, including self-managed installations of the tool.
[+] [-] brikis98|2 years ago|reply
That's not meant to be a redundant or snarky question. The key issue with the BSL and that FAQ is that the wording is intentionally vague. What does "competing" mean? What does "hosting or embedding" mean? Who decides?
In order to really know if you're a competitor, you have to reach out to HashiCorp (as the FAQ tells you to do). So whether your usage is valid is not controlled by the license terms, but is instead entirely at the whim of HashiCorp. So they switched from a permissive open source license to a HashiCorp decides license: they get to decide on a case by case basis now—and they can change their mind at any time.
That is very shaky footing on which to build anything.
See https://blog.gruntwork.io/the-future-of-terraform-must-be-op... for more info.
[+] [-] nikolay|2 years ago|reply
[+] [-] diarrhea|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] orochimaaru|2 years ago|reply
[+] [-] bloopernova|2 years ago|reply
[+] [-] marcinzm|2 years ago|reply
It's usually not a good idea to be near a company flailing like this since who knows what their next rent seeking approach will be. A company with nothing to lose is a dangerous partner to have.
[+] [-] tedivm|2 years ago|reply
Hashicorps problem isn't that their business model doesn't work, it's that they are really bad at their jobs. They ignore customer feedback, laid off support people, and then jacked their prices up. It's a self inflicted wound, and instead of trying to fix it they just keep making it worse.
[+] [-] zzbn00|2 years ago|reply
[+] [-] brikis98|2 years ago|reply
If you want to help us keep Terraform open source, please show your support at https://opentf.org/!
[+] [-] Brian_K_White|2 years ago|reply
We say OpenTF is (or will be) a fork, and forks are bad, nuclear option, etc, but really, Hashicorp are the ones who made a breaking change, and the "fork" merely maintains that which already was, but for reasons, are not allowed to continue using their own name.
We need for the shortest sound-bite 3-word sentence to the non-technical to somehow use terminology that says that the entity that caused the problem is the one who did some action.
OpenTF did not (or is not prepareing to) fork this project, Hashicorp did.
If it was me and I wasn't legally prevented by something actually binding in writing with signatures, I'd even keep using the original name and duke that out.
[+] [-] dijit|2 years ago|reply
Name is identity, and thus the canonical representation of "Terraform" is now BSL.
However, if you don't have an identifier such as the trademarked name and you look at the project itself then I think you're right.
[+] [-] Fawlty|2 years ago|reply
[+] [-] jsiepkes|2 years ago|reply
[1] https://github.com/hashicorp/terraform/pull/28603
[+] [-] lijok|2 years ago|reply
[+] [-] tedivm|2 years ago|reply
Beyond that, I know some of these companies tried to be contributors to Terraform itself but were ghosted by Hashicorp.
At the same time there's only a handful of regular contributors to Terraform[1]. It would not be hard for these companies to provide more resources to Terraform than Hashicorp is.
https://github.com/hashicorp/terraform/pulse/monthly
[+] [-] PeterZaitsev|2 years ago|reply
Coopetition is name of the game in Open Source and too bad increasing number of the companies want to focus on capturing all economic value from ecosystem they have created with help from so many others
[+] [-] time0ut|2 years ago|reply
[+] [-] linuxdude314|2 years ago|reply
[+] [-] igorzij|2 years ago|reply
Our statement: https://medium.com/@DiggerHQ/diggers-statement-on-the-hashic...
[+] [-] ddon|2 years ago|reply
Here is how your post looks like: https://postimg.cc/Pvwdw8D3
[+] [-] yellowapple|2 years ago|reply
[+] [-] onedr0p|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] cube2222|2 years ago|reply
We nevertheless support this initiative, though, as written in the article itself.
[0]: https://spacelift.io/blog/spacelift-latest-statement-on-hash...
Disclaimer: Work at Spacelift
[+] [-] cattown|2 years ago|reply
Even though this really doesn't affect my use case it does feel like kind of a dirty bait and switch. I do hope for a future where there's a version (and Terraform provider module versions) that are actively maintained under a true open source license. I'll favor using those over the official BSL version as much as possible.
I guess it's the CLA that all of the contributors signed that allows this to happen? I wonder if there's a way for open source licenses to address this, and disallow the use of CLAs, or require some CLA clause that doesn't allow sudden switches to non-permissive licenses?
[+] [-] PeterZaitsev|2 years ago|reply
[+] [-] cyberax|2 years ago|reply
I would support (with my own money) a fork that would re-use the Terraform providers, and reimplement the language as something not so insane.
[+] [-] diarrhea|2 years ago|reply
I am working in VSCode, which by and large tends to be the editor supported best, with the most mindshare. Terraform has static and mostly strong typing, yet some testing revealed I was able to pass an argument of the wrong type to some variable I declared. This is type safety 101: variable declared `str` shouldn't accept `int`, ever. Yet `tf validate` was silent, so was all IDE-integrated tooling (whatever the VSCode TF extension does).
Jumping to/from symbol definitions/usages was also flaky (but not entirely absent).
Really disappointing! My excitement of diving into TF went poof. Maybe I'm overly sensitive, but I was so excited to escape YAML hell (Ansible).
Now I'm even firmer in the boat of just using a regular old language, like Pulumi with Python (with full typing).
Did I do something wrong or can anyone confirm my findings?
[+] [-] verdverm|2 years ago|reply
Imagine if that language covered more of the stack then just one tool too!
[+] [-] jen20|2 years ago|reply
[+] [-] rank0|2 years ago|reply
[+] [-] ms4720|2 years ago|reply
[+] [-] brikis98|2 years ago|reply
This is precisely the problem with the new BSL license. Whether your usage of Terraform complies with the license isn’t determined by the legal terms, but instead is entirely at the whim of HashiCorp. And they can change their mind at any time. It makes it impossible to build anything on top of Terraform.
I talk about that more here: https://blog.gruntwork.io/the-future-of-terraform-must-be-op...