Ask HN: Derivative product license that forbids us...

[pipo234]

Is there a difference between the products, or is it just the Apache versus commercial license? Ie. will you be able, but not allowed, to view and make changes to the commercial product?

I can think of a couple of reasons why the company might suggest this; the most obvious being that they don't need to guess how many instances your enterprise is using. Whether it makes sense to you and whether the Apache license allows for that kind of legalese is still another matter.

[PS.] you might want to add an "Ask HN:" prefix to your submission subject line

[mvnuweucxqokii]

> Is there a difference between the products, or is it just the Apache versus commercial license? Ie. will you be able, but not allowed, to view and make changes to the commercial product?

The commercial product extends the open source project to add other capabilities. The source for these extensions is not distributed. (The result is a tool distributed in binary form).

[pipo234]

Presumably, the extension binaries plug into the FOSS Apache licensed product using some kind of API and therefore might better be shipped and sold separately. This, for instance works with proprietary httpd Apache Webserver modules (shared objects linked against webserver headers). In that case there would be no reason to use the commercial bundled version as the core would be essentially identical to the FOSS version that's included in (almost) any Linux distro.

If such separation is not possible, the commercial version spells trouble. For one license wise, but on a technical level it's probably a fork. A fork might have its own security flaws and bugs, but will also need to maintain updates and backports from upstream / main branch. The commercial entity is responsible for this, whether they intend to or not.

In theory, this could lead to a better commercial product, but in practice I would recommend sticking with the FOSS version.