In a surprising move for both the open-source and Elastic communities, Shay Banon, founder and CEO of Elastic, recently announced that Elasticsearch and Kibana will once again be open source. The two products will soon be licensed under the AGPL, an OSI-approved license.
Just over three years ago, Elastic relicensed their main products from Apache 2.0 to a dual-license model under the Server Side Public License (SSPL) and the new Elastic License, neither of which are OSI-compliant open-source licenses. This change prompted AWS to fork Elasticsearch, leading to the creation of OpenSearch, which continues to operate under the Apache 2.0 license. Banon explains the goal of this latest change:
We never stopped believing and behaving like an open-source community after we changed the license. But being able to use the term Open Source, by using AGPL, an OSI-approved license, removes any questions, or fud, people might have.
Sometimes referred to as the "server-side GPL," the AGPL was approved by OSI in 2008. It requires that the source code of all modified versions of the software be made available to all users who interact with it over a network, offering protection against challenges by cloud service providers. Banon adds:
We have people that really like ELv2 (a BSD-inspired license). We have people that have SSPL approved (through MongoDB using it). Which is why we are simply adding another option, and not removing anything. (...) We chose AGPL, vs another license, because we hope our work with OSI will help to have more options in the Open Source licensing world.
While Luc van Donkersgoed, principal engineer at PostNL, described this as one of the weirdest press releases ever, Peter Zaitsev, open-source advocate, writes:
I wonder though if community trust can be repaired as quickly? Can we count on Elastic to stick to Open Source this time or is the license likely to be changed to serve the need of the moment?
On HackerNews, Adrian Cockcroft, tech advisor and formerly VP at AWS, references an article he wrote in 2018 about the Open Distro for Elasticsearch and comments:
At the time we didn’t think a new license made sense, as AGPL is sufficient to block AWS from using the code, but the core of the issue was that AWS wanted to contribute security features to the open source project and Elastic wanted to keep security as an enterprise feature, so rejected all the approaches AWS made at the time.
Lars Larsson, field CTO at Elastisys, comments:
I find it hard to believe that the community will flock back to Elasticsearch: When Elastic closed the source, a lot of companies and individuals saw their contributions to the Apache 2 codebase all of a sudden locked into only creating value for Elastic. This burns the community, just like when Hashicorp took all their previously-open products and closed them up.
Guido Iaquinti, CTO and co-founder at SafetyClerk, agrees:
Trust is something that takes a long time to build but can be shattered in an instant. Only time will tell, but for now, I see no reason why people shouldn’t continue to stick with OpenSearch.
In the article, Banon acknowledges that the community might experience confusion and surprise and attempts to address the main questions. He denies that the 2021 license change was a mistake and wants to dispel concerns that the AGPL is not a true open-source license.