Today, HashiCorp has announced a transition in license from the Mozilla Public License v2.0 (MPL 2.0) to the Business Source License v1.1 (BSL or BUSL) for future releases of all products and several libraries. HashiCorp APIs, SDKs, and almost all other libraries will remain MPL 2.0 HashiCorp is committed to continuing to develop our popular community products in the open with broad access and permissions for re-use.
You can find answers to the most common questions in the FAQ published on the HashiCorp website. If you have specific questions about how this license change may affect your use case, please post a question in this thread or send an email to email@example.com.
We know today’s announcement will cause many of you to have questions about any impact you may experience. For us to better assist everyone, we ask you to limit this thread to questions regarding the change and please be respectful in comments and responses (e.g. follow our community guidelines if you engage on this thread).
Details of the repository changes
https://github.com/hashicorp/terraform - re-licensed to BSL
https://github.com/hashicorp/vagrant - re-licensed to BSL
https://github.com/hashicorp/packer - re-licensed to BSL
https://github.com/hashicorp/waypoint - re-licensed to BSL
https://github.com/hashicorp/boundary - re-licensed to BSL
https://github.com/hashicorp/consul - re-licensed to BSL
https://github.com/hashicorp/consul/tree/main/api - licensed add for MPL
https://github.com/hashicorp/nomad - re-licensed to BSL
https://github.com/hashicorp/nomad/tree/main/api - licensed add for MPL
https://github.com/hashicorp/vault - re-licensed to BSL
https://github.com/hashicorp/vault/tree/main/shamir - licensed add for MPL
https://github.com/hashicorp/vault/tree/main/sdk - licensed add for MPL
https://github.com/hashicorp/vault/tree/main/api - licensed add for MPL
https://github.com/hashicorp/vault-secrets-operator - re-licensed to BSL
https://github.com/hashicorp/vault-csi-provider - re-licensed to BSL
https://github.com/hashicorp/go-kms-wrapping - re-licensed to BSL
This text will be hidden
This is a sad day for the opensource ecosystem
Should we expect changes in features available in the community vs the commercial editions of your various softwares ?
Hi, I’m a maintainer of an OSS called TFLint. Let me ask about an OSS that use Hashicorp projects (BSL-licensed) source code.
- Should OSS with partial copy of source code change license to BSL?
- The BSL terms say “All copies of the original and modified Licensed Work, and derivative works of the Licensed Work, are subject to this License”. Also, according to FAQ 14, the modified version cannot be distributed under another lisence.
- On the other hand, FAQ 12 mentions copyleft requirements as a difference between BSL and AGPL/SSPL.
- As a concrete example, TFLint keeps a copy of Terraform’s internal packages for emulating Terraform language semantics. This is due to Terraform’s package internalization.
- Should OSS that uses BSL-licensed source code as a library change license to BSL?
- Does the TFLint Ruleset powered by OPA violate BSL?
- I’m considering the possibility that this product will be recognized as a competitor to Sentinel.
I’m not a lawyer or from HashiCorp, but I’d make two comments:
You don’t have to do anything at all now. The code you are including is licensed under the MPL which doesn’t change anything for existing code. You only need to obey the BSL if you copy code that was created/changed since the licence change earlier today.
If you do decide to copy over code since the license change you will now need to obey the BSL, which means the license of your work has to be under the BSL too. So you’d need to change the license on your application - which may be simple (if 100% of the non-HashiCorp code is your own), or may be impossible (if you include code from others who don’t agree to change the license, or include libraries that are under a BSL incompatible license). This is similar to the restrictions when working with GPL code - some combinations just aren’t allowed. So I think if you use a project under a license which doesn’t allow relicensing you might be stuck (as HashiCorp require your project to be BSL).
So worse case if you are unwilling/unable to relicense your application to BSL you’d need to stop taking code changes from HashiCorp (or ask HashiCorp to license their code to you in a different way).
As to the question of if your tool is competing with Sentinel, that is one to ask HashiCorp directly. They give an email to use in the FAQ.
Thank you for the detailed inquiry! I’m working to get you some answers and will follow up with next steps.
Could you clarify on “competitive services” please?
If we’re using TF to manage customer infrastructure, does that compete with TF Cloud – or is that considered internal use?
I’ve read FAQ #7, and it reads like this use-case is not affected, but I find it too vaguely worded to actually rely on that.
Hi @wata727 ,
Thanks for your thoughtfully posed questions, I’ll do my best to answer here!
Should OSS with partial copy of source code change license to BSL?
HashiCorp BSL does not impose copyleft requirements for your OSS project, so you do not need to change your project’s overall license to BSL. However, the clarifications in FAQ 14 do still apply. In particular, if your copy/fork of Terraform internal packages are based on HashiCorp BSL licensed source code, then these derivative copies will need to also be BSL licensed with the same terms.
Should OSS that uses BSL-licensed source code as a library change license to BSL?
No. It will be bound by both licenses as it is mixed with BSL source code and the existing license of your project.
Does the TFLint Ruleset powered by OPA violate BSL?
After an initial review of the plugin on GitHub, it is not in violation of BSL as it does not appear to host or embed. If the scope of the plugin changes and you have additional questions, please reach out to us.
If you would like help with your use case more directly, please email firstname.lastname@example.org!
I have similar considerations and am eagerly awaiting this answer. The definition of “competitive products and services” is extremely vague when it comes to something that can have as broad a set of uses as Terraform.
Thanks for reaching out.
If you are a system integrator using Terraform to manage infrastructure for your customers, then you are not in violation of the license. If you are offering a hosted version to customers, please reach out to us at email@example.com with more details on your use case so we can help more directly. (See FAQ for more details.)
Thank you for clarifying so quickly.
Hello @dbd ,
Thank you for reaching out!
We remain committed to adding new features and capabilities in both the community and commercial editions of our products. Our development of the community products will remain in the open on GitHub and we welcome continued participation (via issues, feedback and pull requests) by the community that uses our products.
Sorry to hijack this thread. You had mentioned:
“After an initial review of the plugin on GitHub, it is not in violation of BSL as it does not appear to host or embed.”
Does this apply to Atlantis as well then? As it’s self hosted and doesn’t provide any pricing.
Would this mean that projects like Atlantis and Tflint can freely continue their development post Terraform 1.5 (or whatever version enacts BSL moving forward)?
Can you clarify a little more about what constitutes “production” usage?
If I use Terraform to deploy and manage my prod environment for my app, is that prod usage? Or is it specific to Terraform being exposed to customers, e.g. in a cloud orchestration platform?
Is there a threshold for revenue/size of company where this applies differently? E.g., perhaps a small startup can use Hashicorp products at no cost, but at $1MM ARR, they are required to pay?
If you are a system integrator using Terraform to manage infrastructure for your customers, then you are not in violation of the license.
This should go in the FAQ, please.
Would forks/extensions/plugins be considered a competing product under BSL?
For example, if we use Vault, but think some functionality is missing, and provide a fork/extension/plugin which offer functionality that is similar to your enterprise offering (e.g. multi-factor authentication).
As I read the license, any public sharing or collaboration of/on modified/extended code that provides competing functionality is effectively not permitted by this license.
This means that the code can only be extended/modified privately/internally - and not even privately between a consortium of companies.
Is that correct?
Will you indemnify existing compliant / non-competing users against future changes of business areas by Hashicorp or acquisition of Hashicorp by another company that competes with existing customers?
Thank you for reaching out. We are working on an answer to your question that also clarifies things a bit more broadly. We will get back to you ASAP.
Thank you for your question. HashiCorp has not previously offered indemnity for our free software regardless of license and does not plan to change that policy going forward.
Hi @george.herbert ,
This should be covered under question 21 now. Thank you for the suggestion.
Hi @brandonscript ,
Thank you for your question, for more details please email us your specific use case consideration at firstname.lastname@example.org