Elasticsearch BV announced a license change for the Elasticsearch search, analytics and storage platform, as well as the Kibana web interface.
As of the Elasticsearch 7.11 release, the project it will be migrated from the Apache 2.0 license to the SSPL license (Server-side public license), which adds additional usage requirements to ensure cloud services work. For those who are not satisfied with the terms of the SSPL license, a commercial license is provided, while the client libraries will continue to be distributed under the Apache 2.0 license.
The project MongoDB is already using SSPL and provides the ability to modify and distribute code, but has not been peer-reviewed by the Open Source Initiative (OSI), an open source licensing enforcement organization.
Red Hat lawyers had a non-free SSPL category license, followed by the Fedora Project to prohibit the insertion of packages with products under this license in their repository.
OSI approval is considered unlikely, as there are controversial issues in the license regarding discrimination against certain categories of users (cloud service providers).
In addition, SSPL authors did not complete the review and they withdrew the previously submitted request to review this license on OSI.
The SSPL license is formulated in such a way that, in practice, the applications under this license cannot be used in cloud services without purchasing a commercial license; otherwise, the code of all components involved in the operation of the cloud service, including those of third parties, will need to be re-licensed under SSPL.
Recall that the SSPL license is based on the text of AGPLv3, in which changes were made to section 13. The changes are reduced to the addition of the requirement to supply under the SSPL license not only the code of the application itself, but also the source code of all the components involved in the provision of the cloud service.
According to Matthew Garrett, co-director of the Free Software Foundation, this requirement violates GPL compatibility and other copyleft licenses that prohibit the renewal of someone else's code licenses.
As a reason for the change of license, the desire to prevent parasitism of suppliers stands out of cloud services in open source software. Developers are dissatisfied with the fact that cloud providers are reselling Elasticsearch in the form of cloud services, but they do not participate in the life of the community and do not help in development. A situation is created where cloud providers who are not connected to the project benefit from reselling out-of-the-box open solutions, and the developers themselves are left with nothing.
The license change will not affect Elasticsearch users that use the platform as a backend, but it will affect cloud service providers who sell Elasticsearch functionality out of the box in the form of a cloud service.
Cloud services will need to purchase a commercial license, fully open your infrastructure code, stay on the previous version of Elasticsearch, which has a limited support time, or jointly continue development of a fork of Elasticsearch under the license of Apache. Fork Elasticsearch can be created as a separate extension of the Open Distro for Elasticsearch project developed by Amazon.
Some analysts evaluate the continued use of Elasticsearch under the new license in enterprises who develop online services as an additional risk for the business, since the conditions to open related developments are practically impractical. For example, due to imprecise wording, the SSPL may be required to re-license the entire software stack, including the operating system.