Why do CockroachDB change Open Source-license

Original author: Peter Mattis, Ben Darnell, Spencer Kimball
  • Transfer
Note perev. : The flexibility and freedoms offered by Open Source licenses have allowed modern providers of large SaaS solutions to question the success of small businesses that are in the business of developing popular Open Source projects. In this article, from the authors of CockroachDB - a distributed and fault-tolerant RDBMS - the essence of the problem and the possible way to solve it are fully disclosed.



CockroachDB was conceived as open source software. In the years that have passed since the project appeared on GitHub (the code was first published in February 2014 - approx. Transl. ), we followed a relatively typical development path, balancing between an open source philosophy and creating a sustainable business. The main code was licensed under the Apache License 2 (APL), a managed service was launched, and some add-ons for companies were issued under an enterprise license.

But our past ideas about the right business model were based on the key norm of the OSS world: you can build a business around a powerful Open Source product without assuming that a larger technology company will come offering the same product as a service. This norm is no longer valid.

In principle, legally, nothing has ever prevented competitors from offering an as-a-service OSS product created by another company. And now we see that this is really happening. Today we are witnessing an increase in the number of highly integrated providers who take advantage of their unique position and offer as-a-service versions of OSS products. It is clear that their high integration greatly enhances the user experience. More recently, this happened with the fork of ElasticSearch, “borrowed” by Amazon (Salil Deshpande in the TechCrunch article skillfully described what happened as “self-serving and rational”).

Responding to such unfair competition, we change the terms of our license. Details are given below on GitHub.. Brief changes are as follows:

Starting today, we are introducing an exclusively permissive version of the Business Source License (BSL). CockroachDB users can scale our DBMS to any number of nodes. They are free to use CockroachDB and integrate it into their applications (regardless of whether they deliver them to consumers or offer them as a service). You can also run CockroachDB as a service for your company’s internal goals. The only thing you can’t do is offer the commercial version of CockroachDB as as-a-service without buying the appropriate license .

To ensure the further development of the project, our restriction has a moving time limit: three years after the release, the license turns into a standard Apache 2.0 license. By changing the conditions of the license and introducing a time limit, we have two goals:

  • Create a competitive database-as-a-service (DbaaS)
  • along the way, ensure that the main product remains fully open.

Comparison of Different Open Source Licensing Approaches


Some companies have already licensed their products for a similar dual purpose. Evaluating the existing methods, we found that they all tend to two main approaches: copyleft and a multi-level model. Unfortunately, none of them corresponded to what we would like to achieve by changing the license.

Copyleft model


The founder of the copyleft tradition is the GNU GPL. Its purpose is to prevent the appearance of proprietary forks, in some cases requiring the release of the source code. Affero General Public License (AGPL) and sister Server-Side Public License (SSPL) fall into this camp. It is in SSPL that special attention is paid to the problem of competing services.

However, we believe that all of these licenses are both redundant and insufficient. They are redundant in the sense that the details are complex, and copyleft requirements are not always clear. Many potential users are scared away by code disclosure requirements that are potentially too broad. They are insufficient in the sense that competitors are ready and can reveal enough of their code so that they do not have any questions, while not bringing any benefit to the developers of the core technology. Amazon did this with Open Distro for Elasticsearch , although the copyleft license did not require it.

We needed something simpler and more rigid.

Layered model


We also considered the possibility of using a three-level model: the Open Source core, enterprise components and a certain middle level with functions whose source code is closed, but they can be used completely free of charge. This model is quite popular in the software world; and with some variations we have used it to this day.

However, it generates the wrong message for our company. It turns out that it is unprofitable for us to implement new functions in an open core and it makes sense to concentrate all efforts on closed components. In fact, we are tempted to deceive the trust of our users and hide the most interesting features for a volume license. In the long run, this approach does not bode well for the Open Source ecosystem.

Solution Found: BSL


We began to study time-limited licenses and found that there was no need to create a new license from scratch. MariaDB's Business Source License (BSL) version 1.1 contains everything you need and has already been approved by OSI founder Bruce Perens. BSL is a parameterized license, so we use it differently than MariaDB.

The key difference is the Additional Use Grant - for example, MariaDB allows the use of MaxScale on up to three servers . Additional Use Grantat CockroachDB you can use our product on any number of nodes, provided that you do not offer it as a commercial DbaaS. For three years, our BSL version protects existing CockroachDB code from being used as a DBaaS without acquiring an appropriate volume license. After 3 years, this restriction is removed and the code becomes open (in the sense that is embedded in the Apache license) and can be freely used for any purpose.

We apply this license to the base version of CockroachDB (that is, to the code that previously fell under Apache 2.0). This means that the CockroachDB core is no longer open (according to the Open Source Definitionfrom OSI), although the full code is still available and any commercial use is permitted except DBaaS. We believe this is the best way to balance business needs with our Open Source commitment. The new license allows the vast majority of users to freely use, distribute and modify the CockroachDB code (and after three years it becomes open unconditionally).

What's what: how BSL works


We are introducing a new CockroachDB license starting with version 19.2. Now the code cannot be used to organize a commercial database-as-a-service (DBaaS) without entering into an appropriate agreement with Cockroach Labs. A three-year limit applies to each release.

CockroachDB Corporate Add-ons will continue to be released under the Cockroach Community License (CCL). Working with them requires an appropriate license agreement with Cockroach Labs; this license will not convert to Open Source after three years.

Let us explain with a specific example. CockroachDB 19.2 (scheduled for October 2019) will be the first release to adhere to the new licensing scheme. It will include code under both BSL and CCL. In October 2022 (three years after the release), the part of CockroachDB 19.2, which falls under the BSL, will be converted to APL. Patches do not change the date of conversion: all 19.2.x releases will be converted in October 2022, although at that time only three years old base release 19.2.0 will be executed for three years. CockroachDB 20.1 (scheduled for April 2020) will open in April 2023, and so on.



The old versions will not be affected: CockroachDB 19.1 will continue to work under the Apache license, and all future patches 19.1.x will also be released under the APL.

We are committed to the ideals of Open Source and strive to create a powerful open source product. Although formally BSL is not an Open Source license, this compromise is the closest to the spirit of Open Source, but at the same time it protects our business. In addition, three years after the release, our commitment to the open source software philosophy is automatically reaffirmed. We believe that the chosen path will allow us to support the company, while safeguarding the rich heritage of Open Source in this new reality.

PS from the translator


Read also in our blog:


Also popular now: