Redis modules and the Commons Clause
The "Commons Clause", which is a condition that can be added to an open-source license, has been around for a few months, but its adoption by Redis Labs has some parts of the community in something of an uproar. At its core, using the clause is meant to ensure that those who are "selling" Redis modules (or simply selling access to them in the cloud) are prohibited from doing so—at least without a separate, presumably costly, license from Redis Labs. The clause effectively tries to implement a "no commercial use" restriction, though it is a bit more complicated than that. No commercial use licenses are not new—the "open core" business model is a more recent cousin, for example—but they have generally run aground on a simple question: "what is commercial use?"
Redis is a popular in-memory database cache that is often used by web applications. Various pieces of it are licensed differently; the "Redis core" is under the BSD license, some modules are under either Apache v2.0 or MIT, and a handful of modules that Redis Labs created are under Apache v2.0, now with Commons Clause attached. Cloud services (e.g. Amazon AWS, Microsoft Azure, Google Compute Engine, and other smaller players) provide Redis and its modules to their customers and, naturally, charge for doing so. The "charge" part is what the adoption of the clause is trying to stamp out—at least without paying Redis Labs.
The clause itself is admirably brief, just three paragraphs that are meant to be tacked on as an additional restriction to a permissive license, such as the Apache License 2.0. It overrides the license text to prohibit selling the software and defines what it means by "sell":
One can immediately see some "wiggle room" that will have to be evaluated
by lawyers (and, eventually, judges) to define various pieces of that
sentence. "Value derives
", "entirely or
substantially
", and even "from the functionality
" are
all open to interpretation. The Redis Labs announcement tries to
make it clear what is being targeted:
Redis is an example of this paradigm. Today, most cloud providers offer Redis as a managed service over their infrastructure and enjoy huge income from software that was not developed by them. Redis' permissive BSD open source license allows them to do so legally, but this must be changed. Redis Labs is leading and financing the development of open source Redis and deserves to enjoy the fruits of these efforts. Consequently, we decided to add Commons Clause to certain components of open source Redis. Cloud providers will no longer be able to use these components as part of their Redis-as-a-Service offerings, but all other users will be unaffected by this change.
That provides some of the reasoning behind the move, but it may make others
who are outside of the target zone leery of using the Redis modules that
are now covered by the clause. The "this must be changed
"
wording about the BSD license may also make some worry about the license for
the Redis core
(which remains under the BSD without the addition of the clause) down the
road. There is a contributor
license agreement [PDF] for at least some contributions to the project,
which might allow relicensing if Redis Labs—or some company that buys
it—decides that is in its interest. It should be noted that the agreement
allows Redis Labs to make money on any contributions made under it, which
is the norm for such things but might be seen as a tad hypocritical.
The Redis Labs page clearly disclaims
the possibility of changing the license, though that assurance may not be
ironclad:
So it is not quite a "no commercial use" clause, at least as interpreted by Redis Labs, but that brings problems of its own and may provide ways for the cloud providers to evade the clause entirely. As both the Commons Clause and Redis Labs pages clearly note, adding the clause to an open-source license does not result in something that falls under the Open Source Definition. That means that the Redis modules in question are no longer open source, thus Linux distributions and others may not be willing or able to distribute them any longer. The issue has already been raised for Fedora; Debian is looking into it as well and others will likely follow. That alone shows some of the collateral damage that can occur when licenses are changed this way.
Redis Labs is not alone in using the clause for licenses; other projects are adopting it as well. Neo4j Enterprise has added the clause to the AGPLv3 and Dgraph has switched from AGPLv3 to Apache v2.0 with the Commons Clause, which it called a move to a "liberal license". The clause is addressing a real problem, but the cure could be worse than the disease.
Permissively licensed code (e.g. BSD or Apache v2.0) is subject to the "abuse" that is being claimed—in fact, that is much of the point of those licenses. Permissive licensing means that the code can be changed and distributed without making any of those changes public. But copyleft-style licensing wouldn't necessarily help the problem that Redis Labs is complaining about. Large (or small) cloud providers probably do not make substantive changes to the Redis modules in question—if they do, it seems likely they would be unfazed by having to release the changes if they were required to. The AGPL was meant to help with this "as a service" loophole in the GPL, but it is not meant to stop people from running the software any way they want—quite the opposite.
And that is really the crux of the matter. Being a part of the open-source world means accepting some things, including that code you release under those terms might be used in ways you don't like. It may also be used in ways that make money for someone else. It is part and parcel of what open source is all about.
There was a time when licenses with no commercial use clauses were relatively common. Before the turn of the century or thereabouts, lots of software was distributed under those terms (e.g. Linux 0.01, the Majordomo mailing-list manager). That was an accepted practice, mostly because people weren't really paying that much attention to the terms under which all of this free (as in beer) software was being made available. That changed along the way; as it did, the perils of no commercial use clauses became more apparent.
Redis Labs has tried to clarify what it means by selling the modules and others have tried to do so with their licenses as well (e.g. the NonCommercial interpretation from Creative Commons). But a restriction of that sort, with all of its various gray areas, rarely actually hits the target sought. It is the smaller cloud providers that will be affected by this move more than Amazon, Google, or Microsoft will be. It will also split off distributions and users that are not willing to get involved with non-open-source software. Restricting the use cases for a piece of software just makes it harder to actually use that software because no one truly knows which uses are blessed and which aren't.
One of the reasons that Redis is open source is presumably for attracting a community of users, developers, and others who will help broaden the reach of the project. Redis Labs appears to want to have its cake and eat it too. Perhaps this move will give the company some time to find a way to appease its investors, but it is not a community move—and the community has noticed. A look at threads on Hacker News or Reddit will show that many are not pleased with this change. Not surprisingly, longtime free-software advocate Bradley M. Kuhn has also criticized the clause.
The clause was written by Heather Meeker, who has been involved in multiple open-source disputes (on both sides) along the way. It is being pushed by FOSSA, which is a company that provides license-compliance tools. While the problem of financially supporting open-source development is real, and that is what FOSSA/Commons Clause are trying to promote, doing so with a clause restricting the scope of open-source licenses is a non-starter.
Buried in the text of the FAQ at the Commons Clause site may be a clue to what the real goal is. In two places, it mentions conversations that it is hoping will start:
[...]
The Commons Clause was drafted by a group of developers behind many of the world's most popular open source projects who feel pressure from rapidly-developing projects and ecosystems. Honestly, we're not entirely sure what the best long-term solution is. However, we need to start a conversation on what we can do to meet the financial needs of commercial open source projects and the communities behind them.
These conversations may truly be the goal, though it may be more difficult
to have that first conversation with those that have been labeled as
"predatory
".
The latter conversation is welcome, though it is hard to see licensing as
much of a tool to use in pursuit of that goal. Smaller open-source
projects (or even critical infrastructure projects like OpenSSL prior to Heartbleed) often struggle to
make ends meet, which is a shame. Finding better ways to fund open-source
development (for projects small and large, company-backed or not)
would be fabulous;
changing licenses in a way that violates one of the core tenets of
open-source software seems like the wrong way to go about it.
Posted Aug 22, 2018 21:08 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (9 responses)
And smaller players don't have resources (or want to) support such a basic component as the database.
Posted Aug 22, 2018 22:15 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (4 responses)
Posted Aug 23, 2018 13:26 UTC (Thu)
by bengen (guest, #14957)
[Link] (3 responses)
The timing would be about right for negotiations about further funding. Perhaps some early investors really want to extract some profit from their investment, right now?
Posted Aug 24, 2018 1:07 UTC (Fri)
by jberkus (guest, #55561)
[Link] (2 responses)
Posted Aug 24, 2018 14:44 UTC (Fri)
by jubal (subscriber, #67202)
[Link] (1 responses)
Posted Aug 24, 2018 21:00 UTC (Fri)
by armijn (subscriber, #3653)
[Link]
Posted Aug 22, 2018 23:54 UTC (Wed)
by gerdesj (subscriber, #5446)
[Link] (3 responses)
I respect you as a commentard - have another go.
Posted Aug 22, 2018 23:58 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Redis? Not so much. It's used in a lot of small and mid-range companies, and it's not a good place to be.
FreeBSD suffers from the same issues - it's not used a lot, so it's moving at fraction of Linux's speed.
Posted Aug 23, 2018 7:03 UTC (Thu)
by nhippi (subscriber, #34640)
[Link]
Posted Aug 25, 2018 18:55 UTC (Sat)
by jrn (subscriber, #64214)
[Link]
Posted Aug 22, 2018 21:20 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (3 responses)
"You may charge any price or no price for each copy that you convey,
which the Commons Clause is now trying to take away. Possibly it is not compatible with section 7 of AGPL 3, and then people could just remove Commons Clause for Neo4J Enterprise and use plain AGPL3:
"If the Program as you received it, or any part of it, contains a notice stating that it is
and all that would be left is a bitter taste.
PS: I am not a lawyer, this is not legal advise, etc. etc.
Posted Aug 23, 2018 3:04 UTC (Thu)
by bkuhn (subscriber, #58642)
[Link] (2 responses)
IANAL either but I don't think one needs to be a lawyer to figure out what's going on with that. The main issue is that it's hard to know without digging into the code, but when I read that text that mentions combination of Commons Clause and AGPL'd code, I suspect what's happening is that Commons Clause parts are coming only as part of the Enterprise edition, which is not the demo-ware version that's AGPL'd on GitHub. The thing that makes me most concerned about these situations is that none of the people that get trapped into one of these predatory business practices of “try the AGPL version and if you like it get the Enterprise one” have enough background knowledge on what's happening to even begin considering the creative solutions you're suggesting. Companies and individuals with the resources to research and understand these things just avoid codebases like this. Their target market are, as other poster have said in this thread, small to medium businesses who just won't know what they're getting into until their stuck. This is a problem, BTW, with any copyleft relicensing business model. The Commons Clause is almost a complete red herring for the companies that already have proprietary relicensing going on. I suspect they like it mainly because they sense solidarity with other businesses that are trying to build a block of businesses that can give “something akin but not really Open Source is good enough” legitimacy. What we've learned here that if one company or a small group of companies hold all the copyrights on software that you rely on, be worried, even if the license seems ok.
Posted Aug 24, 2018 7:23 UTC (Fri)
by kronat (subscriber, #117266)
[Link] (1 responses)
More philosophically, I do not understand BSD license: its permissiveness allows a company to take/use/modify a project (and I'm thinking about small projects, done in the spare time, and things like that) without even the share-alike requirements of the GPL. But I don't want to forbid the using of BSD license, or making defamatory statements against who is using it, just because I don't understand it or I do not believe in it. I will, more honestly, avoid contributing to projects which are distributed under BSD license.
Going back to my first paragraph, I would like to ask if freedoms 2 and 3 make sense in today's environment. What I feel is that one of the most logical ways to develop is to distribute the software under the freedom 0 and 1. Then, anyone that wants to share their improvements should do it by passing the changes upstream (for free or by receiving compensation in doing so). I believe who created the software and who maintains it has more power than who arrives later and make a contribution, but I don't see this reflected in any license. The problem is that only in recent times big fishes (adapt the definition of "big fish" to the size of the project we are considering) have discovered plenty of software that they can use "for free", while their creators and maintainer have to do two jobs to pay bills (well, apparently it is not the case of Redis by looking at the amount of money they received these years).
Posted Aug 24, 2018 15:12 UTC (Fri)
by bkuhn (subscriber, #58642)
[Link]
Your comments were interesting, kronat. My responses are below: kronat wrote:
I believe there are cases in which maybe the freedom 2 and 3 gives too much power to who is just exploiting the work done by others. This seems more of a general criticism of non-copyleft licensing, not of the four freedoms. I agree with you that licenses that fail to ensure freedom 2 and 3 in perpetuity generate other types of problematic power imbalances, but that particular issue seems orthogonal.
But I don't want to forbid the using of BSD license, or making defamatory statements against who is using it, just because I don't understand it or I do not believe in it. I will, more honestly, avoid contributing to projects which are distributed under BSD license. Neither do I. I've licensed some of my own copyrights under 2-Clause BSD before. I have also not made defamatory statements about anyone; I criticized bad policy and pointed out manipulative strategies in use to advocate for that policy.
I believe who created the software and who maintains it has more power than who arrives later and make a contribution, but I don't see this reflected in any license. The goal of copyleft is to give equal rights to the original author and all later contributors and users. No copyleft license is perfect, and if you have ideas for how to improve copyleft licenses to address some of its flaws, Fontana's coypleft-next project might be a good place to do that. there are roughly two passages in which you state your opinion in the way Catholics politicians want to make abortion illegal for everyone, Catholics politicians want to make abortion illegal for everyone, regardless of the reasons, just because they believe that the right way is the only one they think. The analogy is not apt nor accurate. I did not argue that it should be illegal for Redis or anyone else to publish software under the Commons Clause. I said that it is bad policy, and exploits a power relationship granted by existing copyright laws in a way that I find inappropriate and bad for society. I have never argued that proprietary software should be illegal. Even though I'm morally opposed to proprietary software, I don't think (e.g.) changing copyright law to only allow FOSS licensing would be successful in eradicating proprietary business models.
Posted Aug 23, 2018 2:55 UTC (Thu)
by bkuhn (subscriber, #58642)
[Link] (5 responses)
So many people were writing to me and Conservancy to ask for an opinion on this Commons Clause thing, that I wrote a blog post so I wouldn't have to keep responding individually. The one point I didn't make in the blog post is that I think we're all (including me) giving this more attention than it deserves. This is one silly non-Open-Source licensing thing drafted by one lawyer who is promoting multiple “sounds like Open Source but really isn't” licensing schemes. In turn, a very small group of companies think is coolest licensing thing they've ever seen, presumably because it sits better with their VCs than actual FOSS. There's not much more to the story than that. While Jake's article is well written and covers all the angles, I worry that giving it this much attention (including the attention I'm admittedly giving it by writing a blog post and by posting here) actually is helping these anti-Free-Software folks promote this thing, and that our response subtly legitimizes something that really is just “yet another creative way to do proprietary software”. That's the trap of press coups like this: someone proposes something outrageous, everyone feels compelled to respond because they fear that something this outrageous might get traction, then it looks like it was a legitimate and widely held position from the start (instead of the fringe activity that it is), and then suddenly, the position is granted legitimacy because the response in outrage gave the position legitimacy it wouldn't otherwise have. The best outcome, which fortunately is still pretty likely for the moment, that everyone will have trouble even remembering what the Commons Clause was in five years, and the codebases that chose it will fall to obscurity, or have since been licensed another way, or both.
Posted Aug 23, 2018 22:18 UTC (Thu)
by nilsmeyer (guest, #122604)
[Link] (4 responses)
Ironically, most of the hosted, managed services perform worse than building something on the basis of virtual machines alone.
Posted Aug 23, 2018 22:38 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
I'm seriously interested.
Posted Aug 23, 2018 22:40 UTC (Thu)
by nilsmeyer (guest, #122604)
[Link]
Posted Aug 25, 2018 5:26 UTC (Sat)
by wmf (guest, #33791)
[Link] (1 responses)
Posted Aug 25, 2018 7:25 UTC (Sat)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Aug 23, 2018 3:37 UTC (Thu)
by sml (guest, #75391)
[Link] (1 responses)
Plenty of companies have relicensed their previous Free Software product with a proprietary license. Anyone who signed the CLA would know that they are signing the rights to their code over to Redis Labs. And Redis Labs wanting to make money from their product is not a bad thing.
However Apache 2.0 is a well known and well regarded Free Software license. "Apache 2.0 modified with Commons Clause" is a dirty trick to take advantage of the good reputation of Apache 2.0. If Redis Labs renamed their license to something more honest like "Redis Labs Proprietary License" it would fix all the problems I have with this.
And FOSSA should be ashamed for promoting such weasel wording.
Posted Aug 23, 2018 18:44 UTC (Thu)
by david.a.wheeler (subscriber, #72896)
[Link]
Posted Aug 23, 2018 5:33 UTC (Thu)
by pabs (subscriber, #43278)
[Link] (8 responses)
https://www.influxdata.com/blog/its-time-for-the-open-sou...
Posted Aug 23, 2018 8:50 UTC (Thu)
by nim-nim (subscriber, #34454)
[Link]
Basically, they want the community, without surrendering control, and can't stand that anyone else can “take over” their project by funding a greater dev team (that's the real sticking point, not that they can't get funding, but that someone else may get more of it).
Posted Aug 25, 2018 3:01 UTC (Sat)
by pabs (subscriber, #43278)
[Link]
https://www.theregister.co.uk/2018/08/23/redis_database_l...
http://antirez.com/news/121
Posted Sep 2, 2018 6:33 UTC (Sun)
by pabs (subscriber, #43278)
[Link] (3 responses)
https://medium.com/@mattklein123/the-broken-economics-of-...
Posted Sep 2, 2018 19:02 UTC (Sun)
by cladisch (✭ supporter ✭, #50193)
[Link] (2 responses)
He argues from a venture capitalist point of view, which is, frankly, not very relevant for anybody else.
Yup, those off-the-table methods are how you do generate revenue from OSS.
Posted Sep 2, 2018 20:09 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
And for individuals perhaps Patreon or similar services might provide just enough money to be able to eat.
Posted Sep 3, 2018 6:30 UTC (Mon)
by cladisch (✭ supporter ✭, #50193)
[Link]
In other words: it is in a VC's interest to change an (Open-Source) company into a high-growth one, but not necessarily in the company's interest.
Posted Sep 2, 2018 6:35 UTC (Sun)
by pabs (subscriber, #43278)
[Link]
Posted Sep 11, 2018 2:23 UTC (Tue)
by pabs (subscriber, #43278)
[Link]
Posted Aug 23, 2018 10:19 UTC (Thu)
by aigarius (subscriber, #7329)
[Link]
Distributors will likely fork the last free version of the modules and move on from there without Redis Labs, like it has happened numerous times in the past.
Posted Aug 23, 2018 18:38 UTC (Thu)
by jberkus (guest, #55561)
[Link]
Odds that it was forced on them by their funders?
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Bain Capital, isn't this the “investment” company Romney was involved with?
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
and you may offer support or warranty protection for a fee."
governed by this License along with a term that is a further restriction, you may remove that term."
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
The Commons Clause really isn't as important as we think it is
The Commons Clause really isn't as important as we think it is
The Commons Clause really isn't as important as we think it is
The Commons Clause really isn't as important as we think it is
AWS NIH
AWS NIH
ENAs have a lot of "secret sauce" inside. But to be fair, lots of larger instances just use a regular Intel network card using PCI pass-through.
Redis modules and the Commons Clause
Misleading/confusing text is the real problem
Redis modules and the Commons Clause
https://news.ycombinator.com/item?id=17822257
Redis modules and the Commons Clause
Redis modules and the Commons Clause
https://news.ycombinator.com/item?id=17838448
Redis modules and the Commons Clause
Redis modules and the Commons Clause
The most telling sentence:
> If we take consulting, services, and support off the table as an option for high-growth revenue generation (the only thing VCs care about), we are left with open core, SaaS, or some blurring of the two.
Redis modules and the Commons Clause
Why is that? For individuals or small companies another option might exist - paid support, but this is really a thin gruel. It's unlikely you can grow your company just with that.
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause
Redis modules and the Commons Clause