Personally, that blog post is just arrogance from OSI. I read it. It didn’t make clear which freedoms were being removed. They are still able to run cloud hosting just release their custom code?
And OSI thinking they alone get to decide what is and what is not open source is arrogant.
I think that arrogance is when a single vendor tries to single-handedly redefine open-source to fit their business needs better. Not just a license, but the definition itself.
A quote from the MongoDB CEO: "MongoDB was built by MongoDB. There was no prior art. We didn't open source it for help; we open sourced it as a freemium strategy". [1]
Whether the OSI was arrogant or not, I really don't want this person to define opensource.
I am not really sure what your issue is. What you think open-source as freemium isn’t a model?
If it wasn’t for copy-left licenses that forced companies to release code that they used to create their products we wouldn’t have Linux in its current state.
In a world, where many products are cloud based it seems fair and within the current model of open source to force code sharing.
> They are still able to run cloud hosting just release their custom code?
The SSPL license reads:
> […] you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License.
> “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available.
You just can't comply with those terms if you don't have access to the source code of your storage software, for example.
(but I'm not a lawyer, of course)
> And OSI thinking they alone get to decide what is and what is not open source is arrogant.
No, the term “open source” was in use before long before the OSI, and it was in popular/hacker culture in the 1980s. UNIVAC used it in for a major system in the 1950s. [1] I used it in 1993 (I wrote a small BBS).
The OSI looks and sounds like an authority on open source software, but their entire strategy is legal, political and quasi-philosophical. I get how easy it is to be mislead by them though — they’re good at spinning things and rewriting history.
There are 3 "competing" Open Source and Free Software definitions - from OSI, Free Software Foundation and Debian. MongoDB does not match any of them and most importantly does not match the spirit of Open Source Software Movement.
I could name more, but let me clarify something. I’m not a fan of the SSPL, but I get why it was necessary.
It was rough seeing huge cloud providers profit off open source projects without giving anything back. When they offered competing hosting services with no value added (well, past “integrated billing”), no contributions or innovation, and drove their new customers to the documentation and libraries of the companies backing these projects, they crossed a huge line.
And it’s not just MongoDB. Or Elastic. Just look at all the “services” AWS offers, and note how many AWS actually invented or even contributed to…
Monopolistic practices forced a lot of companies to either shut down, or find a way to survive. I’m glad MongoDB decided to use the SSPL instead of shut down like so many others. I’m glad they’ve continued to thrive.
Changing to the SSPL isn’t ideal, but it only impacts people who want to sell hosted versions of the software (not users, self-hosted or otherwise). For those infinitesimal few selling hosted versions of the software, it doesn’t even stop them from doing what they want — it just stopped the monopolies from destroying something a lot of people dedicated a lot of effort to... That seems like a pretty amazing feat to me, given the reality...
I wish the OSI wasn’t so successful painting users of the SSPL as somehow betraying the open source community. And I wish the SSPL wasn’t necessary. But until there a better option, I’m ok with the SSPL…
Again, I say this with all due respect, and this is just my opinion. Corrections and new perspectives welcome!
Well, In my opinion this is exactly how Open Source is suppose to work - you get benefit of collaboration on writing the code and promoting your software by broad community, you give more value to your customers because they have a choice of vendors rather than single vendor lockin but also as you give up on having monopoly it is well possible someone else will be making more money than you on your product.
You mention Elastic - do not forget it was built on top of Lucene, capturing most of the value in that project.
It DOES very much impact users because users increasingly want DBaaS experience and if the only one you can get is through MongoDB or MongoDB authorized partnershp it is really no different than proprietary software.
In any case I agree for certain users SSPL is just a good as Open Source, same however can be said about Proprietary Software - some who just "buy subscription" do not care.
Please state in what way they don’t? This is what I’m confused about. Apgl is open source but a sspl isn’t? They seem to be aimed at solving the same thing, which is cloud/server based code modifications.
SSPL goes way beyond AGPL as it contains an additional clause called "Offering the Program as a Service". It is not defined at all what constitutes providing MongoDB as a service. How many layers are needed to abstract MongoDB in a way that it doesn't trigger this clause? There are no answers for that in the SSPL. It comes with an enormous amount of risk compared to AGPL. There is a good article from Dor Laor at ScyllaDB which explains this in detail [1].
Moreover, cloud providers are not limited to AWS, Azure and GCP. Smaller providers whom we talked to are not able to negotiate licensing terms with MongoDB the same way as how AWS could. For this reason, these providers are not able to provide MongoDB as a service. Yes, it's great for MongoDB that they were stopped from providing MongoDB for free, but now they can't provide the service at all. This limits competition and choices, and that is never in the favor of users.
AGPL is basically the same thing, except far more reaching. AGPL, to my understanding, makes it a requirement if you allow people to use the software via network levels. “Program as a Service” seems a lot more limited in scope.
All new licenses come with risk since the decisions can only be made via court decisions.
> AGPL, to my understanding, makes it a requirement if you allow people to use the software via network levels.
AGPL requirements do not trigger if you don't modify the source code. The relevant text is in section 13:
> […] if you modify the Program, your modified version must prominently offer all users […]
See also [1], [2], [3].
> “Program as a Service” seems a lot more limited in scope.
AGPL scope:
> The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work.
Basically, the software itself and build scripts.
SSPL scope:
> “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available.
As noted in another thread, that's not only beyond the scope of the software itself – it is beyond the scope you _can_ relicense and arguably beyond the scope of the copyright terms themselves.
> As noted in another thread, that's not only beyond the scope of the software itself – it is beyond the scope you _can_ relicense and arguably beyond the scope of the copyright terms themselves.
This is not true. People who are saying this would have said this about GPL when it first came out.
Because the nature of software development and usage has changed massively since GPL was created. If GPL was created today it would most likely be like SSPL. The fact, GPL states "derivative work" must be released under a similar license shows to me that their intent was if you build anything where this is the core you must share that.
Well, AGPL did no allow to create Monopoly in practice - Compose.io, ObjectRocket and others could offer alternatives to MongoDB Atlas without any permission.
This was benefit for users but obviously not something classical corporaton would enjoy
It was a benefit for classical corporations not users. These companies can still create alternatives. It’s just they’re forced to share how they did it. It’s that forcing of sharing which is at the heart of GPL.
SSPL license text doesn't set any limits on the scope for source release. Verbatim quote:
> “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available.
Basically it is saying you need to release the source of every tiny bit in your stack and then some.
I think “including, without limitation, […]” applies to the breadth of components, not depth, right? I mean, I’m not a lawyer, but that seems to be what syntactic context and logic indicate… no?
If you disagree, could you indicate the relevant text?
Your interpretation ignores the sentence “all such that a user could run an instance of the service using the service source code”. That just means they need to be able to run the service. Not have the exact same stack.
Let's say you decided to run MongoDB as a service, and you are fine with releasing Service Source Code under SSPL. The problem is – you can't. You don't own the source code for your NAS and can't relicense it. Nothing in the text says, "relicense all you can, and then you are fine". Clause 13 puts requirements on software that are completely unrelated in terms of copyright.
> I am confused. If you use a custom storage system then you would have the code for it. No?
Nothing in the license text says that the storage system has to be custom.
> The idea you need to release code for the os, file system, network routers, etc is absurd.
I agree with you that this is absurd. But that's what the license text says.
I suggest you read section 13, not MongoDB's FAQs or other explanations of how it works. The actual legal tech is very different from what you seem to think it is.
Er, I could be wrong, but I think you’re missing the scope set in the first sentence:
If you make the functionality of the Program or a modified version available to third parties as a service, you must make the… SNIP …programs that you use to make the Program or modified version available as a service…
I’m eliding for clarity, but the NAS doesn’t make the program available as a service. The code that accesses the file system on the NAS to offer your service? Probably need to release code that calls fread/fwrite/NtFileX in your infrastructure code.
I get that it sounds vague and everything, but the FAQ also clarifies none of this applies unless you’re competing and targeting third parties. If you’re one of the few companies who want to do that, your legal team can formalize the line of demarcation.
Apologies, I hate defending the SSPL, but I can’t think of any better way to stop the monopolistic and EEE practices against open source projects. If anyone has a better solution to protect the freedoms of open-source developers, please, please publish it!
No, full list is in the license, but it’s only those components that they provide MongoDB as a service to end users. Doesn’t penetrate OS abstractions AFAICT, but I’d check the license and/or consult an expert if starting a relevant business!
FWIW, just realized it doesn’t even apply if deployed internally (within an organization and/or subsidiaries)…
And OSI thinking they alone get to decide what is and what is not open source is arrogant.