Open source has been the backbone of cloud innovation for the past decade, from Linux and MySQL to Kubernetes, Spark, Presto, and MongoDB. But recent developments have thrown a dark cloud over the business model behind open source, and the industry must act now to avert stifling one of its greatest sources of innovation.
As a co-creator and former project lead for Apache Hive, I know that incentives are critical for an open source ecosystem to thrive. Independent developers need the incentive to contribute their time and skills to open source projects, and those with an entrepreneurial mindset need the incentive to build companies around those projects to help them flourish.
The public cloud threatens to undermine these incentives because it changes the dynamics of open source. It’s too easy for a large cloud provider to take an open source project and offer it as a managed service. If it does this without giving back to the community, it profits unfairly from the work of others and upsets the incentives that open source needs to thrive.
We’ve seen this in the current discussion around AWS, which has been accused of taking open source projects and rebranding them without always giving back to those communities. This has prompted vendors including Confluent, Redis Labs and MongoDB to develop new licenses that prevent large commercial cloud providers from offering their code as a managed service.
I don’t think this is the right approach. These new licenses are not yet recognized by the Open Source Initiative, and they have the potential to muddy the waters around usage rights for open source software. As Bradley M. Kuhn, president of the Software Freedom Conservancy, has said, software freedom should be “equal for everyone, whether they’re a commercial actor or not.” Open source has thrived because this principle has always been respected, and any confusion may deter people from the community.
I sympathize with open source companies seeking to protect their businesses. Despite the best efforts of independent developers, it takes the resources and stewardship of a company for open source projects to be viewed as stable enough for widespread enterprise use. Linux took off in the enterprise because Red Hat and IBM threw their weight behind it. Kubernetes flourished as quickly as it did because it was backed by Google. There are certainly exceptions, but an open source project is more likely to succeed in large businesses if it has the weight of a company behind it.
Let me also be up front about my biases. My company provides a cloud-based platform for data analytics that relies heavily on open source components such as Spark, Presto, and Hive. At the same time, we have been good open source citizens by giving back to the community through two projects — Sparklens, a framework to improve the performance of Spark applications, and RubiX, a caching framework that accelerates performance for Presto and Spark.
Providing open source software in the cloud helps those projects to attract more users and developers. But if commercial cloud providers profit unfairly, it creates a disincentive for the next generation of entrepreneur coders to build open source companies and for investors to support them.
So if new licenses aren’t the solution, what is?
Part of this depends on the large cloud providers playing fairly. I don’t believe AWS is being “evil;” they are acting in what they see as their best business interests. But they need to recognize that undermining open source will hurt them as much as anyone else in the long run. Open source advocates should continue to raise awareness of this issue and apply public pressure on cloud providers to act responsibly. We have seen evidence that this pressure can work.
We also need a “code of ethics” for open source, created by the community — contributors, project leads, and open source organizations like OSI and Apache. It’s possible to be 100 percent compliant with an open-source license but still act in a way that harms the community. Being able to point to a widely-agreed upon code of ethics that lays out unacceptable practices will make it far easier to hold companies and individuals accountable for their behavior.
The final thrust is competition. It’s true that the large cloud providers have an advantage in attracting customers; they are seen as an “easy” and “safe” choice for CIOs. But customers go where the best software and support lies. If open source companies can provide better features and better support for their own distributions, they will convince customers to select their own products.
I’ve outlined actions the community can take to improve the situation, but there actions each of us can take as individuals, too. We all have the power to influence the market by letting cloud providers know of our concerns. Asking them to contribute specific features back to the community, via feedback forms and product forums, is one way to make your voice heard. Developers at these cloud providers also hang out in open-source forums and want to be part of the community; bringing these requests to their attention creates more pressure for change.
There’s no easy solution to this challenge, but it’s one we need to take seriously. The open source model is not fragile and won’t be broken overnight. But if commercial cloud providers continue to exploit projects without giving back, they will whittle away at the incentives that have helped open source become as successful as it has. It is not in their interest to kill the goose that lays the golden egg, and it is certainly not in the interest of developers and customers.
Ashish Thusoo is co-founder and CEO of Qubole.