Let the forking ensue. What a stupid move. They have illegally removed the BSD headers from contributions by various cloud vendors like Redhat and Amazon. I hope they can all get together to.maintain a fork, and maybe sue Redis Inc. for this unlawful infringment of there copyrights.
I don't see anything in the 3-clause BSD license indicating the copyright notice needs to be included in every file, though.
They've kept a copy of it in the repository, and it looks like they left the BSD header in files where the copyright holder's name was an external contributor.
They also mention that the license change only applies to future changes, not existing code - so it doesn't seem like there's any copyright infringement happening here, unless I'm missing something.
truly a bizarre way of doing a dumb thing - they do not own the copyright of all the Redis code, so they cannot "change the license" of the existing code at all.
instead, they need to license their new contributions under the new license, which will effectively make the combined blob of code only available under the new license.
doesn't change what they're doing, but it's just disrespectful, incorrect and a breach of everyone else's copyright to remove the existing license and headers.
Several Redis maintainers and contributors moved to development here, https://github.com/madolson/placeholderkv. KeyDB is not bad though, it's an older fork that isn't very widely adopted.
IANAL, but AFAICT the BASL is not open-source, but it is _eventually_-open-source is in the source will automatically transition to being open source (GPL v2 or compatible... not sure if either BSD or AGPL work).
But if you are going to go source available, license proliferation is still a problem, please try to maintain sanity.
I am building a major open-source package around redis.
This kills it.
AGPL, I could go with. AGPL/proprietary dual licensing works well. There's an open ecosystem and a closed one.
Non-free is a non-starter. It's no longer GPL-compatible. EVERY project under the GPL using redis now has a potential legal liability from (what's looking like) a sleazeball company.
Now I need to figure out if I should move to a fork or switch to a different package. Fortunately, I have a nice key-value store abstraction, so it's easy to switch.
I expect distributions like Debian, and Ubuntu by proxy, will move away from having a redis .deb as well.
The damnable thing here is the dishonest copy: "In practice, nothing changes for the Redis developer community who will continue to enjoy permissive licensing under the dual license."
most Linux distributions take free software/open source pretty seriously, and will not ship random proprietary things (at least) as part of the main distribution.
the new redis license is clearly not open source/free software, and so new versions won't be in Debian or Fedora etc. since it's a network daemon, no one is going to want to keep an ancient unsupported version and I doubt any distribution packager will want to maintain a fork, and so redis will be removed and at best a maintained fork will replace it.
The new licensing scheme effectively excludes redis from most of the open ecosystem, by cascading network effects from things like this. In this case, if you're building a package, if you pick redis, you've excluded yourself from distribution in many major distros.
Ditto for many other similar effects.
It's not fear-mongering. It's following laws and policies.
The "open ecosystem" does a poor job funding open source developers. It is completely understandable when a developer chooses to put food on the table over being part of their social club.
The vast majority of the "open ecosystem" does a fine job funding open-source developers:
- In surveys, the vast majority of Linux maintainers are paid
- Both I, and many other people I know, have spent most of their adult careers being paid to do open-source
I have no problem with developers who "choose to put food on the table over being part of their social club." I have a serious problem with developers who pull a bait-and-switch, and:
- get support from the open ecosystem to build out market share and technology; and promptly
- pull a bait-and-switch, and try to milk their supporters for $$$
I think the point Redis is missing is that SaaS relies on **trust**. SaaS is almost always a better deal in the short-term, but once you're wedded to a vendor, you're relying on them to not extort you or hurt you. A SaaS vendor can potentially:
- discontinue a product with zero days notice
- totally ignore security, leading to all your data landing online
- raise prices 10x overnight, leaving you in an impossible situation
- "pivot" in all sorts of other ways which disappear your business
A major reason for doing things yourself is business continuity and risk management. Once a vendor has done something like this, it's a good sign they'll do it again. After a vendor pulls a trick like this, I wouldn't consider relying on them even for proprietary work I do.
(Footnote: This is also why I would never use Google's cloud or Oracle's cloud; there's a track record of business-killing moves).
That only prevents them from adding newer versions of Redis. The current version is still fine and I'm sure that the community will patch any security holes that are discovered.
It works for a year or two, then enough of a delta builds up that people get confused at why the version is so old. New docs don’t apply, etc. Similar issue has played out with MongoDB and Docker.
Plus it’s basically unmaintained so the bugs will build up and the security burden is higher since upstream will stop making their security patches under the old license (which they especially state they will do in the FAQ).
Best either retired or migrated to a fork (for Debian)
It's reality not fear mongering. Most distros (maybe all?) don't include non open source projects in their repos/distribution channels. You'll likely have a separate install step to include RedisLabs repositories before installing redis.
