Elastic N.V. (previously known as Elasticsearch B.V.), the company behind the widely used Elastic Stack (Elasticsearch, Logstash, Kibana, Beats and others), announced they will change their open source license for Elasticsearch and Kibana.
The company will move their open source code base from the very open Apache 2.0 license to a dual-license consisting of the Server Side Public License (SSPL) and the Elastic License. The latter has already been in use for the last three years as Elastic points out.
When choosing the SSPL, it will be mandatory for developers (and companies) to make their modifications and management layers around the Elastic stack public – if the product is sold directly to customers (as a service). What exactly Elastic means by "public" was not defined (no examples were given in the announcement).
The change in licensing will be applied on all maintained branches (including Long Term Support versions) and will happen at the upcoming Elastic 7.11 release. As the company highlights in their announcement, there will be no impact on most of the users.
No change for most Elastic users and customers
Elastic claims that for most users nothing will change:
This change in source code licensing has no impact on the overwhelming majority of our user community who use our default distribution for free. It also has no impact on our cloud customers or self-managed software customers.Shay Banon, Elastic
The reason for this, which is not very clear in the announcement, is that most users actually download the application binaries from the Elastic websites. These are the packaged installation files, which Elastic created from their own source code. This also applies to the packages downloaded using a package manager, such as apt (in Debian Linux and derivatives). To all these users, the Elastic License applies – which has been in place for more or less three years already.
The license change is only relevant to users and developers which directly download and manipulate the source code from the repositories. The modifications on the source code or top-layer management applications to manage software from Elastic must be published publicly. How exactly and where is not defined – the most important part: It must be public.
Why did Elastic change the license and are "less open" now?
The SSPL, a license which was introduced by MongoDB Inc., forbids other companies than Elastic to offer Elasticsearch as a service (SaaS). The founder and CEO of Elastic, Shay Banon, even mentioned the name of the company which seems to have triggered the urge to change the license: Amazon Web Services (AWS).
[…] companies that take our products and provide them as a service, like Amazon Elasticsearch Service, and profit from our open source software without contributing back.Shay Banon, Elastic
It is nothing new in the open source community, that AWS makes use of a lot of open source projects, such as Elasticsearch, and sells them as their own product. Sometimes using the software name in the product and sometimes rebrand it to something entirely different. Sounds unfair, but is fully allowed with the liberal Apache 2.0 license.
But this is not the only reason: When using Open Source Software, it is "expected" that by using the Software for free, something is returned in exchange. Whether this is contribution to code, documentation or monetary contribution. Sure, a small developer company may not have the resources to do so, but the biggest cloud provider in the world definitely has the manpower and the financial resources. Breaking with this "social contract" (a purely ethical one) upsets the Open Source Community. Already back in 2018, an almost similar thing happened to Apache Kafka and Jesse Anderson, an experienced Data Scientist and Engineer, wrote about it.
From the point of view of Elastic, it is absolutely understandable that they had to change something. Why put all the efforts in creating, improving and maintaining Software when your competitors simply use your own software and sell it as a service (and do not contribute to the project)?
I'm confused. Do I have to pay now?
No, according to Elastic, the products remain free of charge. Some features have been and will remain to be only available with a (Gold+) subscription:
What does the license change mean to a software developer?
If you are a software developer and you are using Elasticsearch (or another product from Elastic) with the Elastic license in the background, this remains free. Elastic points out:
We will continue to develop our code in the open, engage with our community, and publish our releases for free under the Elastic License as we have done for the last three years. We remain committed to keeping all of our free features freeShay Banon, Elastic
Meaning: Nothing changes, as long as you don't build/install Elasticsearch from the open source code repositories.
If you are however a developer actively using and modifying the source code of Elasticsearch or Kibana, you will have to publish all your modifications, as long as your product will be available (and sold) as SaaS on the Internet. The easiest thing to do in this case is probably to simply fork the source code repository and (publicly) release all your modifications.
If you have been using the "OSS builds" or packages in the past, this will be a major change for you: These "-oss" packages will be gone starting with the 7.11 release.
What does license change mean to a company using Elasticsearch on-premise?
The same applies to companies which installed Elasticsearch on-premise. In almost all cases the installation was made from the Elastic binary packages or package repositories. This remains under the Elastic License. Whether or not a subscription contract exists.
Only if a company built own Elasticsearch packages from the source code, modifications and top-layer management code must be published – if the resulting technology is sold. For internal only use, there is no need to publish the adjustments.
What does license change mean to a company building and selling solutions with an Elasticsearch setup included?
As in the previous scenario, using the packages from Elastic, will not change anything. The Elastic License remains in place. Typical example: A company is selling a complete Log Analysis Tool setup which uses Elasticsearch in the background (and not directly accessible to the customer). As long as the Elastic packages were used for the installation, this is allowed. Even if this company wants to sell this solution as Software as a Service (SaaS).
But if a company built own Elasticsearch packages from the source code, modifications and top-layer management code must be published.
What does license change mean to a cloud provider company offering Elasticsearch as a service?
Direct selling of Elasticsearch or Kibana as a service to customers is not allowed anymore – unless all involved code (including the management layer) is publicly published. The only possibility would be to have a SaaS product of which Elasticsearch is a part of in the background – but not the essential service and not directly available to the customer.
The eyes are clearly on Amazon Web Services (AWS) on this matter. How will they react? As it was made known to us from a source working at Elastic, AWS used the source code of Elasticsearch, modified and repackaged it and started selling the final product to (direct) customers.