Language Selection

English French German Italian Portuguese Spanish

MongoDB Becomes Less Affero GPL-Like

Filed under
Server
OSS
Legal
  • Fed up with cloud giants ripping off its database, MongoDB forks new open-source license

    After Redis Labs relicensed the modules it developed to complement its open-source database, from AGPL to Apache v2.0 with a Commons Clause, the free-software community expressed dismay.

    And, inevitably, some responded by forking the affected code.

    Today, the maker of another open source database, MongoDB, plans to introduce a license of its own to deal with the issue cited by Redis: cloud service providers that sell hosted versions of open-source programs – such as Redis and MongoDB database servers – without offering anything in return.

    "Once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community," said Dev Ittycheria, CEO of MongoDB, in a phone interview with The Register.

    Ittycheria pointed to cloud service providers such as Alibaba, Tencent, and Yandex. Those companies, he claims, are testing the boundaries of the AGPL by benefiting from the work of others while failing to share their code.

  • MongoDB switches up its open-source license

    MongoDB is a bit miffed that some cloud providers — especially in Asia — are taking its open-source code and offering a hosted commercial version of its database to their users without playing by the open-source rules. To combat this, MongoDB today announced it has issued a new software license, the Server Side Public License (SSPL), that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions.

    Previously, MongoDB used the GNU AGPLv3 license, but it has now submitted the SSPL for approval from the Open Source Initiative.

  • MongoDB license could push open source deeper into cloud: Is this what industry needs?

    Things just got serious in open source land. Despite the occasional Commons Clause or Fair Source licensing attempt to change the meaning of the words "open source" to include "the right for a private company to make money from its open source efforts," we've stuck to the Open Source Definition, and it has served us well. Open source communities have become the center of the innovation universe, giving us exceptional code like Linux, Kubernetes, Apache Kafka, and more.

  • It's MongoDB's turn to change its open source license

    The old maxim that the nice thing about standards is that there are so many to choose from could well apply to open source licensing. While now nearing a couple years old, the last WhiteSource Software survey of the top 10 open source licenses found close competition between the GPL, MIT, and Apache licenses. While the commercial-friendly Apache license has dominated the world of big data platforms and AI frameworks, MIT and GPL (which has "copyleft" provisions requiring developers to contribute back all modifications and enhancements) continues to be popular. GPL and variants such as the AGPL have been popular amongst vendors that seek to control their own open source projects, like MongoDB.

  • Matthew Garrett: Initial thoughts on MongoDB's new Server Side Public License

    MongoDB just announced that they were relicensing under their new Server Side Public License. This is basically the Affero GPL except with section 13 largely replaced with new text, as follows:

    "If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version.

    “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available."

    MongoDB admit that this license is not currently open source in the sense of being approved by the Open Source Initiative, but say:"We believe that the SSPL meets the standards for an open source license and are working to have it approved by the OSI."

    At the broadest level, AGPL requires you to distribute the source code to the AGPLed work[1] while the SSPL requires you to distribute the source code to everything involved in providing the service. Having a license place requirements around things that aren't derived works of the covered code is unusual but not entirely unheard of - the GPL requires you to provide build scripts even if they're not strictly derived works, and you could probably make an argument that the anti-Tivoisation provisions of GPL3 fall into this category.

"submitted the SSPL... approval from the Open Source Initiative"

Bradley M. Kuhn's Take

    • Bradley M. Kuhn: Toward Community-Oriented, Public & Transparent Copyleft Policy Planning

      More than 15 years ago, Free, Libre, and Open Source Software (FLOSS) community activists successfully argued that licensing proliferation was a serious threat to the viability of FLOSS. We convinced companies to end the era of “vanity” licenses. Different charities — from the Open Source Initiative (OSI) to the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better off with fewer FLOSS licenses. We de-facto instituted what my colleague Richard Fontana once called the “Rule of Three” — assuring that any potential FLOSS license should be met with suspicion unless (a) the OSI declares that it meets their Open Source Definition, (Cool the FSF declares that it meets their Free Software Definition, and (c) the Debian Project declares that it meets their Debian Free Software Guidelines. The work for those organizations quelled license proliferation from radioactive threat to safe background noise. Everyone thought the problem was solved. Pointless license drafting had become a rare practice, and updated versions of established licenses were handled with public engagement and close discussion with the OSI and other license evaluation experts.

      Sadly, the age of license proliferation has returned. It's harder to stop this time, because this isn't merely about corporate vanity licenses. Companies now have complex FLOSS policy agendas, and those agendas are not to guarantee software freedom for all. While it is annoying that our community must again confront an old threat, we are fortunate the problem is not hidden: companies proposing their own licenses are now straightforward about their new FLOSS licenses' purposes: to maximize profits.

      Open-in-name-only licenses are now common, but seem like FLOSS licenses only to the most casual of readers. We've succeeded in convincing everyone to “check the OSI license list before you buy”. We can therefore easily dismiss licenses like Common Clause merely by stating they are non-free/non-open-source and urging the community to avoid them. But, the next stage of tactics have begun, and they are harder to combat. What happens when for-profit companies promulgate their own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key policy goal of “selling proprietary licenses” over “defending software freedom”? We're about to find out, because, yesterday, MongoDB declared themselves the arbiter of what “strong copyleft” means.

Late coverage of this

  • MongoDB introduces the Server Side Public License for open source

    Recently, a group of disgruntled developers and companies took to the Commons Clause as a way to protect their open-source work. However, this caused great controversy within the open-source industry because the clause added restrictions to open-source licenses, therefore violating the accepted definition of open source as well as the guidelines for the Open Source Initiative’s (OSI) approved open-source licenses, according to Vicky Brasseur, vice president of the OSI.

A week later again

  • MongoDB Changes License

    MongoDB has revamped its open source license type in an attempt to prevent commercial organizations in Asia using the database commercially without sticking to the open source rules.

    The problem MongoDB has had is that some cloud service providers have been offering the Community Edition of its database as a service to clients. In a bid to prevent this happening, the database company has issued a new software license called the Server Side Public License (SSPL). This will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions. Until now, MongoDB has been using the GNU AGPLv3 license.

    In practical terms, this doesn't make a lot of difference to most users as the changes to the license terms don't apply to them. The changes are only designed to apply to companies who want to run MongoDB as a publicly available service.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Open Hardware and Devices/Laptops With GNU/Linux

  • The open-source community is building medical kit to fight coronavirus

    Amid shortages of personal protective equipment (PPE)—like face masks, face shields and gloves—the coronavirus pandemic has spurred the world’s hobbyists into action. At-home DIY experts are collaborating en masse on online forums to come up with designs for homemade protective equipment, as well as medical equipment, in a huge effort to kit-out the world’s doctors and prepare them for the front line. The solutions are nothing short of genius. For instance, snorkels left buried in cupboards after old beach holidays have been dug up and refashioned into medical equipment.

  • 3D printers are on the front lines of the COVID-19 pandemic

    On March 20th, as the coronavirus situation in New York City hurtled toward full-blown crisis, Madiha Choksi was packing a taxi with two Flashforge 3D printers and as much filament as she could fit. Choksi, a librarian specializing in research and educational technology, had received an urgent email the night before from Pierre Elias, a cardiology fellow at NYP-Columbia University Medical Center. Elias desperately needed to produce more protective gear for hospital workers treating COVID-19 patients. He hoped Choksi, the administrator for Columbia University’s 3D printing lab, might be able to help.

  • megaAI 4K AI Camera Board Features Movidius Myriad X VPU (Crowdfunding)

    megaAI 4K AI camera board reminds me of Kendryte K210 based boards such as Maixduino used for computer vision for tasks such as object tracking or face recognition, but instead of just handling QVGA at around 15 to 18 fps, megaAI can supports inference at 4K resolution up to 30 fps. The tiny board can achieve this feat by leveraging the 4 TOPS of AI processing power delivered by Intel Movidius Myriad X VPU (Vision Processing Unit) while consuming only around 2.5 Watts.

  • $13 RPI_AC108 Audio Board Ships with a 4-Mic Array for Raspberry Pi

    X-Powers is a subsidiary of Allwinner, better known for its PMIC chips for Allwinner Cortex-A processors., but we also discovered X-Powers AC108 quad-channel ADC chip for microphone arrays in 2017. Soon after, Seeed Studio launched ReSpeaker 4-Mic Array for Raspberry Pi, but I had completely forgotten about the audio chip since then. That’s until this morning when I came across RPI_AC108 audio board also coming with four microphones and several LEDs.

  • Top 15 Best Chromebook Laptops in 2020: The Experts’ Recommendation

    Even years ago, Chromebook was considered as an obsolete form of the laptop whose tasks were only confined to browsing online, checking emails, streaming low-quality videos, and playing low-end games. With the advent of the latest technology, as well as, at the users’ behest, the Chromebook has finally turned into a formidable piece of device to all the users with a transformation from clamshell design to sleeker or even opted for 2-in-1 design.

Update on DebConf20 and Israel

  • DebConf20 registration is open!

    We are happy to announce that registration for DebConf20 is now open. The event will take place from August 23rd to 29th, 2020 at the University of Haifa, in Israel, and will be preceded by DebCamp, from August 16th to 22nd. Although the Covid-19 situation is still rather fluid, as of now, Israel seems to be on top of the situation. Days with less than 10 new diagnosed infections are becoming common and businesses and schools are slowly reopening. As such, we are hoping that, at least as far as regulations go, we will be able to hold an in-person conference. There is more (and up to date) information at the conference's FAQ. Which means, barring a second wave, that there is reason to hope that the conference can go forward. [...] In an effort to widen the diversity of DebConf attendees, the Debian Project allocates a part of the financial resources obtained through sponsorships to pay for bursaries (travel, accommodation, and/or meals) for participants who request this support when they register.

  • Israel Wants to Extend use of Proximity Detection App, but Tender Process Raises Questions

    The Israeli Ministry of Health issued a tender earlier this month calling for proposals for the establishment and maintenance of an application to help battle viral pandemics on the national level. According to the tender, the ministry wants to expand the use of the Magen (Hebrew for shield) app, which it launched to battle the outbreak of Covid-19 "to benefit the war on viruses in general." The notion of ​​expanding the use of the app, originally developed by Matrix IT Ltd, the health ministry and information security, and open-source experts, is based on the app’s success so far. According to the health ministry the app that tracks individuals’ exposure to identified coronavirus carriers using location data from their mobile phones, has been downloaded by about one million users so far. The goal now is to expand its distribution to four million users. [...] The terms of the new tender do not require the app to be based on open-source code, but only on the existing app, with the goal of "expanding its functionality,” according to the announcement.

OSS: SOC, Benchmarks, Mozilla, and Databases

  • #HowTo Cut Costs in the SOC

    This is also a good opportunity to revisit your packet capture solution, where your spending should be focused on hardware and storage. If you’re paying for expensive software licenses as well, check out open source alternatives like Moloch. [...] Look for open source alternatives Whether it’s replacing a point security tool or simply augmenting what you have, try to periodically justify the cost of your commercial tools. Open source projects for blue team have come a LONG way in the last few years, and many of them now rival (or, in our opinion, exceed) the capabilities of expensive commercial tools. Conduct an analysis of alternatives for your big-ticket items on an annual or semi-annual basis. That way, you’ll always have a recent justification for the money you’re spending, and you’ll stay aware of potential challengers. Mitre has posted some guidance on Analyses of Alternatives (AoAs) here. Just keep in mind the total cost – do you have, or can you create, the engineering talent to manage new or open source tools?

  • Phoronix Test Suite 9.6.1 Released For Cross-Platform, Open-Source Benchmarking

    One month after the big Phoronix Test Suite 9.6 release, Phoronix Test Suite 9.6.1 is out as the first and only planned point release to this quarter's feature series. Phoronix Test Suite 9.6.1 comes with some export improvements, continued tweaking of the new (PTS9) results viewer, a new phoronix-test-suite rebuild-test-suite sub-command, reporting of more perf events via the LINUX_PERF module, external dependency updates, and more. On the Phodevi (Phoronix Device Interface) front are improved detection of newer Arm Neoverse cores, Sway compositor version detection, and better CPU model handling on newer Apple Mac computers.

  • Mozilla Mornings on advertising and micro-targeting in the EU Digital Services Act

    On 4 June, Mozilla will host the next installment of Mozilla Mornings – our regular breakfast series that brings together policy experts, policymakers and practitioners for insight and discussion on the latest EU digital policy developments.

  • How Redis scratched an itch — and changed databases forever

    Why would you ever write a new database? Particularly an in-memory database, which, back in 2009, made zero sense to the ruling database class of the time. Salvatore Sanfilippo didn’t really care. He wasn’t trying to change anyone’s minds about what a database should be. He just needed to scale a real-time analytics engine, and MySQL couldn’t do so cost-effectively. [...] In the early days of open source, some of the more well-known projects like Linux and MySQL tried to copycat the functionality of their proprietary, expensive peers (like Unix and Oracle). Over time, these (and other) projects have trended toward innovative, rather than imitative. At the same time, there were always projects, like Redis, that broke new ground or trod old ground in new ways that dramatically expanded the universe of users. And often they started with one person’s “itch.” For example, Daniel Stenberg just needed to be able to download and transfer currency rates for fellow IRC users, but there wasn’t a good way to do that. So he built Curl, which now boasts billions of users. In fact, you probably use Curl every day without knowing it.

  • Why I'm enjoying learning Rust as a Java programmer

    It's been a long time since I properly learned a new language—computer or human. Maybe 25 years. That language was Java, and although I've had to write little bits of C (very, very little) and JavaScript in the meantime, the only two languages I've written much actual code in have been Perl and Java. I'm a co-founder of a project called Enarx, which is written almost entirely in Rust. These days I call myself an "architect," and it's been quite a long time since I wrote any production code. In the lead-up to Christmas 2019, I completed the first significant project I've written in quite a few years: an implementation of a set of algorithms around a patent application in Java. It was a good opportunity to get my head back into code, and I was quite pleased with it. Here are some of my thoughts on Rust, from the point of view of a Java developer with a strong object-oriented background.

today's howtos