
Relicensing CockroachDB - SEJeff
https://www.cockroachlabs.com/blog/oss-relicensing-cockroachdb/
======
dhd415
This is more validation of the threat that cloud providers (mainly AWS) are to
businesses built around open source products. Yes, AWS and others are legally
permitted by existing open source licenses to create SaaS versions of these
open source products, but with cloud computing becoming an increasingly
winner-take-all market, it leaves little room for the software's authors to
generate revenue via hosted offerings of their software. If you think that the
Cockroach Labs, Redis Labs, Mongos, Elastics, etc., of the world provide a net
benefit to the software world, I think you have to contend with the fact that
there is going to be fewer such companies in the future if AWS keeps eating
their lunch.

~~~
DannyBee
The problem with this argument is that there has always been a before and
after.

IE This is not the first business model issue OSS has dealt with.

For example: It seems ridiculous now, but at one point authors were
significantly squeezed by commercial distros offering support and feature work
directly to customers for their packages.

(And this was even a similar kind of disintermediation applied to authors as
you see now - people only cared what they got from redhat, not from the
original author)

One interesting constant is that most of the projects that felt a need to
change licensing to react to business model issues over the years are dead ;)
. Not all of them, mind you. But the failure rate seems really really high.

The underlying issue here in this one is that people (apparently so far!) want
to use AWS/GCP/etc more than they want to use mongo, redis, cockroach, or any
particular technology.

No license change will fix that. In that case, AWS actually controls your
customer more than you do. Unless something comes along that is "better
enough" that people are willing to buck AWS to use it, this approach of
relicensing fails.

(and the customers certainly don't care about your licensing scheme)

~~~
matthewaveryusa
You're completely missing the point. The point isn't to stop AWS from
integrating. The point is to get a slice of the pie if AWS does decide to do
an integration because now, with the new license, AWS needs to come to them
first and ask for a license, which I'm sure they would give with reasonable
terms.

~~~
cabalamat
Indeed. If AWS makes a load of money out of Cockroach's hard work, why
shouldn't Cockroach get a slice of it?

~~~
growse
> Indeed. If AWS makes a load of money out of Cockroach's hard work, why
> shouldn't Cockroach get a slice of it?

They should have thought about that before benefitting from it being open
source.

~~~
cabalamat
> They should have thought about that

They have thought about it! That's why they are using the BSL.

I note that they are using a time-delayed open source approach (after 3 years
it becomes open source) which I understand Stallman has endorsed in the past.

~~~
growse
They're using the BSL _now_. If they cared about revenue protection, they
shouldn't have opened it in the first place.

Starting an open source project, taking contributions from the community and
getting popularity and traction because you're open source, and then closing
it again because you're so popular Amazon might "steal" your revenue? That's
just abusing the community.

~~~
asymmetric
I can see where you’re coming from, but the work of the community is still
(and forever) under the license that was in place when they contributed.

Someone could fork CoackroachDB and continue working on the open source
license.

------
xwdv
I’m still not sure why people open source great products then get outraged
that someone else would simply resell the product and make money off of it,
possibly even more than them.

When I put something out as open source, I’m doing it fully aware that I am
leaving money on the table, but it will be worth it if a community of
maintainers springs up around the project and ends up making it far better and
more useful than I ever could alone. Then I could use that same project
perhaps to do other things, which may lead to better money making
opportunities.

~~~
dhuramas
Does that mean we shouldn't revisit our decisions and all your decisions
should be set in stone?

CockroachDB tried something. It seems to not be working- so they are changing.
It's not as if they are doing it retroactively.

~~~
paxys
Does everyone who has contributed to this project over the years have a say in
this decision? My code itself will also be relicensed, whether I like it or
not.

~~~
Barrin92
You actually have the right to appeal that decision, because you own your
contributed code. (unless you already agreed in advance through a Contributor
License Agreementt.)

------
stingraycharles
It’s interesting to see the mindset over here at HN change over the year. I
recall when MongoDB introduced their “commons clause”, RedisLabs did the
relicensing and ElasticSearch doing the dual license open source code, there
was quite some outrage over here.

I guess everyone is accepting that these clouds are in fact major threats to
these projects, as providing these databases as a service is pretty much the
only realistic way to get decent revenue numbers.

I think it’s good that CockroachDB is preemptively doing this, now that it has
become more acceptable a practice.

~~~
BillinghamJ
Imo the key difference here is that they're owning the decision and not trying
to paper over the fact that it is no longer OSI Open Source.

The three year change is also a big deal in my mind. Would make me a lot more
comfortable to adopt knowing it is absolutely guaranteed to become OSI Open
Source later.

~~~
stingraycharles
My point is that they are able to own the decision only because the public
opinion has accepted it as a new reality. If CockroachDB was the first OSS
database company to do this, they would have a much harder time explaining
their rationale. MongoDB et al have paved the way for them.

~~~
bigiain
Completely agree.

Cockroach also have the benefit of hindsight to avoid some of the problems
Mongo/Redis et al encountered.

Calling this a "Business Source Licence" avoids the terminology problems so
many people complained about with Mongo's perhaps badly chosen "commons
clause" rider on top of (and fundamentally changing) a well know open source
license.

I think the rolling three year time limit is probably a smart reaction to some
of the complaints people have about other companies attempts to tie down some
of the rights while providing assurance that there's at least be an option
open in the future no matter what happens to the company.

I wish them well with this.

------
makkesk8
It's a good move and I even welcome it. However, I would have loved to see the
removal of their enterprise version of the product at the same time. I love
cockroachdb to death, but the key features that prevent me from using it in
any real projects I'm doing are the backup/restore feature, which is currently
locked behind their enterprise version. I also would love to use CDC and table
partitioning. Nevertheless, great product.

~~~
napsterbr
Never used CRDB so this question may make no sense, but given it builds upon
Postgres (AFAIU), couldn't you use any of the many backup solutions Pg offers?

~~~
ansible
CRDB is compatible with the PostgreSQL wire protocol, so you can use existing
database drivers (in C#, Golang, whatever) to talk to a CRDB instance. The SQL
itself is slightly different (no two databases are the same these days), so
that would have to be adjusted.

If your backup solution is fine with "SELECT * FROM table1; SELECT * FROM
table2; ..." you can use the client interface for backups. But usually you
want to a snapshot of the entire database at some (self-consistent!) point in
time, and back up that.

~~~
olavgg
Would ZFS snapshots work? It is what I use to backup PostgreSQL, much easier
and faster than ordinary backup

~~~
benesch
Not unless you like pain. CockroachDB is distributed and uses Raft consensus
under the hood, so you can't take a snapshot of just one node; you need to
take a snapshot of _all_ the nodes in your cluster, and you need to take those
snapshots at the same logical instant. If the snapshots are from slightly
different moments, when you boot the cluster up from the backup, the nodes
will panic because you'll have corrupted the Raft state or otherwise caused
the multiple replicas of the data to become inconsistent with one another.

There is one safe way to make this work: turn off your cluster, back it up
with ZFS snapshots, then turn it back on. (Some of Cockroach's production
tests do exactly this, in fact, because restoring from ZFS snapshots is so
unbelievably fast.) But if you have the flexibility to power cycle your
production database off and on in order to back it up... you probably don't
need a distributed database, because fault tolerance likely isn't among your
requirements.

(I'm a former CockroachDB engineer.)

------
louis-paul
Recently discussed with somebody at a major cloud provider and IIRC their
response was in essence “I think we’re doing them a favor: ask Neo4j about our
release of [hosted graph database service]. We’ve taken a share of their
business, but the overall market is much bigger, and they’re doing great. Our
hosted products are not even the most polished in the market, and companies
like Elastic can easily be compete with us.”

Thoughts?

~~~
gregwebs
Yes, some cloud providers readily suggest competing with them by making
something better. In the end, the DB is still running on their infrastructure
(required to keep the customer's latency low) and they are still capturing
profit even if it is not as much as their DBaaS profit.

There is a problem though that a DBaaS provider is still at an inherent
disadvantage. You aren't in the AWS/GCP cli tool and APIs. And the DBaaS has
to setup VPC peering across accounts, which has some inherit limitations (e.g.
no DNS resolution on GCP).

~~~
merb
> (e.g. no DNS resolution on GCP)

actually you do not need DNS resolution on GCP since you can actually have a
high available IP way easier (which is way better). in AWS it's also possible
to have a highly available IP, but it's way harder to do so.

------
gtirloni
CockroachDB is an excellent project but it doesn't have the massive adoption
that would prompt AWS/Azure/GCP to implement it as a managed service.

Companies are much more likely to just go with AWS Aurora than to consider
CockroachDB at this point.

I'm still amazed as how promising open source projects continue to undermine
themselves with this "commons clause" movement. I hope something good comes
out of it but I'm pessimistic.

~~~
staticassertion
Why would this undermine their efforts? It seems totally reasonable to say
"You can't just sell a hosted version of this yourself". Anyone who was
planning to use Cockroach still can, it even seems that you could be a
CockroachDB shop that provides consulting services, so long as you don't
manage and host it.

~~~
gtirloni
Simply because if I'm using CockroachDB and don't want to manage it myself, my
only option is Cockroach Labs.

While they are experts in the technology they've created, offering a managed
service is much more than just having awesome developers. Not to mention some
companies have other restrictions (on premises, local presence, etc, etc,
etc).

For a customer, unless I'm completely sold on their technology and really need
it for my company, they just added a restriction on my choices.

~~~
bdarnell
> if I'm using CockroachDB and don't want to manage it myself, my only option
> is Cockroach Labs.

Cockroach Labs is not your only option; you can also use other providers that
have a license agreement with us. Our first partner in this area is
ObjectRocket:
[https://www.objectrocket.com/blog/cockroachdb/introducing_co...](https://www.objectrocket.com/blog/cockroachdb/introducing_cockroach/)

~~~
IMTDb
Quick question : my company uses a "devops as a service" partner. Basically we
pay a monthly fee to have their guys on call 24/7 in case something starts to
go wrong. Additionally they update and manage our kubernetes cluster,
installing and setuping any dependency we require. From our point of view, we
have a fully managed kubernetes cluster.

Financially, we pay AWS for EC2 instances and other expenses + them on top of
that for consulting service, they have root access to the cluster. We do not
have any devops/infra guy in the office.

Would they be allowed to install (and manage) CockroachDB on our cluster if we
need to ?

~~~
jkaplowitz
I'm not a lawyer or in any way speaking for Cockroach Labs, but the Additional
License Grant in their license looks to allow "contractors" to do that kind of
thing. It's you or your lawyer's call as to whether you're safe in your
scenario, but it seems to me that the answer is yes.

------
makapuf
Unrelated, but it never occurred to me that cockroachdb and gimp were made by
the same persons ! Kudos ! (If I'm not mistaken)

~~~
sbuttgereit
Over in PostgreSQLand ... Tom Lane is an important member of the PostgreSQL
core team and also was involved in the PNG image format (and other graphics
related efforts).

~~~
tus87
Yeah well the guy who wrote qemu also did ffmpeg.

------
archit3cture
It is nice to see that CockroachDB's team keep their original vision of
creating a long term open source "commons" of their database.

What I don't totally understand when I take my developer's hat is why the
split between "enterprise" features under CCL and core features under APL/BSL
is kept. Without the "enterprise" features, CRDB does not feel like beeing
totally open source and open source users are sort of second-zone users.

Are open-source fans supposed to write clean-room implementations of the
features (would it even make sense in the licencing model CRDB uses) ?

It would also be nice to have a licencing clause where a change of ownership
of CockRoach Labs or the bailout of the company would trigger a licence change
for the enterprise features (maybe even after N years).

But as I said congrats on the product and all the best in your commercial
endeavour ! may this licence change open new cloud opportunities !

------
ThinkBeat
I always hate these discussions.

If you want to get paid, then create proprietary software and sell it, if you
can. Nothing wrong with doig it.

But if you are developing something you call open source software and you use
GNU/Linux for it, then how much money should GNU and Linus get for you doing
that?

You could go with Windows insteand and pay the licensing fee.

Here we have people building things on a foundatino of free and open source
software, and they feel that they should get paid for the slice that they
built, but are they themselves paying every party that was resposible for
creating the stack on which they are working? I think usually not.

Everyone is quite happy to accept the free work done by others but they
miraculously expect to be the person getting paid.

Now RedHat took GNU/Linux and figured they ought to get paid for creating a
packages, a bit of an eco system around their version and sell support and
such. Was that fair?

AWS offering some service, are basically doing hosting and support on the
product. A lot of people trust AWS/Google/Microsoft to run things in the cloud
for them.

Nothing is stopping me from creating ThinkBeat Linux and charge for support.
Probably I would do very poorly because people now trust RedHat or Linode, AWS
to handle issues around Linux for them.

I dont think if you create a new database managment system that ou think is
great, users will flock from Azure/AWS/GCP/Oracle/IBM to pay you for hosting
it for them. You are too small and too risky. Obiouvlsy some people will sign
up and if you can earn money you need on that then good.

~~~
nickpsecurity
"If you want to get paid, then create proprietary software and sell it, if you
can. Nothing wrong with doig it. But if you are developing something you call
open source software and you use GNU/Linux for it, then how much money should
GNU and Linus get for you doing that? You could go with Windows insteand and
pay the licensing fee."

The problem with these discussions is they always set up this false
comparison. Then, what's going on looks hypocritical. Here's what actually
happened:

1\. Linus et al released Linux with a license that says, "Pay us nothing. Just
give back any changes in code you distribute." That's their goal. Those with
permissive licenses said "Use it and don't share anything unless you want to."
That's their goal per the license agreement.

2\. Cockroach Labs started with a goal of making a huge pile of profit on a
database whose core they keep as free and OSS as possible. The profit takes
priority due to VC funding. That's their goals.

Cockroach making profit on Linus et al's work without paying them isn't
hypocritical since their license's actual goal was to do that. Whereas, the
SaaS vendors are posing a challenge for Cockroach achieving _their_ goals
which require making money off their activities. Balancing giving code out as
OSS and profit-seeking, they lightly-modified a license that starts as
proprietary but goes Apache after 3 years. Personally, I think they're being
way, way, too altruistic given what rate of return they're expected to come up
with.

If anything, people that wrote their dependencies using freeloader-loving
licenses are either achieving their goal of commercial uptake or need to pick
a license that incentivizes their goals (or just blocks things they hate). If
contributors, probably should contribute to software with strongest copyleft
available. AGPL and Parity come to mind. Folks using licenses that don't
require payment shouldn't expect payment. If folks want payment, then they
should sell the software somehow with licenses worded to bring in revenue.

------
quotemstr
So they're taking their product proprietary. They're not the first to try this
move. They won't be the last. It never works.

This change guarantees one of two outcomes: 1) CockroachDB becomes irrelevant,
as cloud providers stop providing it, or 2) a FOSS implementation of
CockroachDB's API (perhaps based on the last FOSS CockroachDB release) becomes
dominant.

~~~
im_down_w_otp
3) The cloud provider forks at the version under the previous license,
continues to iterate on it by adding valuable features that are exposed to
users, which the OSS version won't have, and now the OSS vendor is playing
both marketplace & technical catch-up at the same time and with each
reinforcing the downside of the other. Effectively forcing original innovator
into the position of being a fast-follower.

~~~
senderista
You mean like what AWS did with Elastic?

~~~
_msw_
No. In that case, AWS built and released new Apache licensed, 100% open source
extensions for Elasticache to make essential functionality like TLS encryption
and authentication available to anyone. It did not fork Elasticsearch, it
released a collection of software that works with the OSS core version of
Elasticsearch.

Disclosure: I work at AWS on EC2, and sometimes provide my opinion on open
source topics to other teams.

------
paxys
While I understand the move (similar to what Redis Labs, MongoDB, Confluent
and many others have done recently), as one of the many contributors to these
projects not affiliated with any company, it feels like a slap in the face. If
such licenses gain prominence then having a healthy open source community for
large-scale projects will be a thing of the past. As an outsider, it makes
zero sense to be involved in the project if my code isn't really going to be
open source until 3 years from now, and that can be delayed further or
indefinitely if the company wants.

IMO the best way forward is for such projects to be run by non-profit
foundations, not VC-backed companies.

~~~
Hermitian909
I'm curious about this take. If I'm reading the article correctly it appears
if you did not have plans to turn the software into a managed service this has
no practical impact on you. Personally, for every open source project I've
contributed to if this license has been in place rather than an open source
one no one would have been impacted at a practical level (including those
doing it professionally).

Aside from purely ideological concerns, what about these changes do you think
will kill communities?

~~~
paxys
I think it's a combination of ideological and practical (and in some sense
they aren't all that different). If they changed the license once, they can do
it again. As a for-profit company they are obligated to their investors and
shareholders, and at some point it is inevitable that they will find ways to
start charging those who want to self-host as well.

The second part of this is that a large number of open source contributions
come from employees at large software companies while on company time, and
they aren't going to be allowed to do so any longer if the company isn't happy
with the licensing terms of the project.

------
docapotamus
Well played cockroachlabs. I find it awkward being an AWS user and knowing
there products are something else under the hud, even when they do use the
product name. It leads to user lock in, which is what they want. These
addendum to licenses are what the world needs. Not sure it would work for
certain products, like BSDs though, although they seem to get a lot more back
from those who use them in products (Netflix is a good example)

------
chuckgreenman
This is pretty interesting, I'm thinking about how edge cases will be handled.
Consider a product like Airtable: at present I think most people would
classify it as a consumer productivity tool. Firebase on the other end would
be a platform as a service. Airtable is adding features that make it more of a
platform as a service. I wonder where the line will be drawn for the new BSL.

~~~
bdarnell
(Cockroach Labs founder)

The details are in the "additional usage grant" clause:
[https://github.com/cockroachdb/cockroach/blob/8acfe8ffd0028c...](https://github.com/cockroachdb/cockroach/blob/8acfe8ffd0028ce1d81a9b1148f7e9ba2673bf95/licenses/BSL.txt#L8-L16)

We decided to draw the line at whether the end user has direct control over
table schemas. If users can specify the schema to be used, it's a database
service and needs a license. If you're fitting everything into a generic
schema (even if the user can specify things that look like new columns in the
UI), it's an application and doesn't need a special license.

~~~
bdarnell
I'd like to thank our friends at TimescaleDB for the idea to use schema
control as the dividing line (they're doing the same thing in their license)

~~~
mfreed
Thanks, @bdarnell!

We at TimescaleDB spent a lot of time thinking about how to best express this
dividing line in a manner concretely understandable by engineers. Glad to see
others starting to take a similar approach.

------
tracker1
The biggest thing that keeps me from even trying CockroachDB is that there's
no clear licensing or managed server pricing on the website. It's all a sales
funnel.

Of course, I don't mind and understand the license change. I just wish they
were more upfront about pricing without being subjected to sales.

------
JoshTriplett
And one more database removes itself from the Open Source community, and
disqualifies itself as a dependency of other open projects.

~~~
api
So the open source community is about giving free labor to Amazon?

I've been an OSS user and contributor since the middle 1990s and I very much
welcome these moves. SaaS has been getting a free (in the unfair sense) ride
without contributing in any way.

~~~
jasonlotito
No, the open source community is not about giving free labor to Amazon. But
that's not what we are talking about. We are talking about members of the open
source community taking free labor from the community and then pulling back on
the open source promise. As someone in the same boat, I'd hate to see a
project I contributed to change it's license to something that limits how the
applications can be used. If something is licensed as MIT, I expect it to stay
MIT.

Furthermore, the presumption that users of the software are now required to
contribute back flies in the face of the agreement.

I'm not against people using a license like this. It does however seems a slap
in the face to change the license after benefiting from the fact that you are
releasing an open source product.

tl;dr: It's a bait and switch, and dislike it.

~~~
amenod
That is a valid point. Of course the question is, how big the contributions
from the random people were. Judging by the list of contributors [0] a
relatively small core contributed most, but I wasn't involved at any point so
this is not a reliable assessment.

[0]
[https://github.com/cockroachdb/cockroach/graphs/contributors](https://github.com/cockroachdb/cockroach/graphs/contributors)

~~~
gtirloni
Code is not the only type of contribution in an open source project.

------
ShakataGaNai
Open source is great, open everything is great. But if 99.9% of companies
can't make any money on open source because someone big swoops in ... then
open source isn't of much use to anyone. It'll drive everyone who tries, out
of business or into forced acquisition by said big player. Then people will
give up on OSS for anything but hobbies and software they don't care about...
and the world as a whole loses out.

So... :+1:

------
PeterZaitsev
CockroachDB has raised over $50M of Venture capital which obviously pushes
them on the "grow revenue fast" track, which is much easier if you do not have
competition from the cloud vendors.

I think there is so much black and white positioning of this issue -
competition from AWS does not eliminate revenue for the project, but reduces
it, by a lot. It may not be enough for Open Source company which relies on
heavy monetization

------
RcouF1uZ4gsC
Can outside contributors to CockroachDB get a cut of the licensing revenue? I
mean, if cockroachlabs is upset that people are taking their open source code
and making money without giving them a cut, should they also be upset that
they are taking people's open source contributions to that code and not giving
them a cut?

------
amenod
Hm, wasn't one of the conditions to use BSL (the name of the license) that one
of the "Change licenses" must be GPL?

I remember distinctly because while I liked BSL, I never understood why I
couldn't use AGPL as fallback (which would be much better suited to my use
case).

EDIT: It seems I was wrong:

> To specify as the Change License the GPL Version 2.0 or any later version,
> or a license that is compatible with GPL Version 2.0 or a later version,
> where “compatible” means that software provided under the Change License can
> be included in a program with software provided under GPL Version 2.0 or a
> later version. Licensor may specify additional Change Licenses without
> limitation.

[https://mariadb.com/bsl11/](https://mariadb.com/bsl11/)

So Apache is OK, because such software can be incorporated into GPL app. AGPL
is not, because it places additional restrictions.

------
bithavoc
Good for CockroachDB, they need to make money. I understand I'm not their
target user though, I stopped using them when they released Follower-Reads as
an enterprise feature.

I'm back to Postgres for now but I can't stop thinking about the opportunity
CRDB is missing by not releasing the enterprise features as part of the BSL-
licensed core, that way I can use them from the very beginning(when I have no
money) and when I grow and have traction, money and what not, then I can pay
to scale beyond X amount of nodes/capacity a la MemSQL[0].

[0] [https://www.memsql.com/blog/announcing-memsql-free-
tier/](https://www.memsql.com/blog/announcing-memsql-free-tier/)

~~~
espadrine
> _I stopped using them when they released Follower-Reads as an enterprise
> feature._

I read Cockroach Labs’ strategy to be good on single nodes, great on single-
datacentre cluster, phenomenal worldwide.

They offer single-DC features open-source, and worldwide enterprise-only.

Apart from SQL features, their open-source cluster offer seems superior to
PostgreSQL. Sure, they do not have follower-reads, but neither does PG (which
does not even have AS OF SYSTEM TIME, a prerequisite), and it is only
beneficial with multi-DC.

Reads are still distributed by range, so there is no particular negative
compared to Postgres.

Why was Follower-Reads a dealbreaker?

~~~
bithavoc
I'm not necessarily exhausting the physical capacity of a single datacenter to
expand to another datacenter, I may expand early or from day one to run
queries closer to the user even if the workload is a few seconds behind. I
don't think Follow-the-workload works well for that scenario.

------
gflarity
Couple questions:

1) Is CockroachDB actually popular? Like sure they have a couple big users,
but is it gaining traction?

2) Would it be as popular as it is if they'd started with this license from
the very start?

------
zem
this seems like an excellent licence, clearly spelling out the intent of the
copyright, rather than trying to fashion a one-size-fits-all set of rules. it
reminds me of cory doctorow's point that, intuitively, if some community
theatre wanted to dramatise one of his works, they should be able to just do
so, but if a major hollywood studio wanted to film it they should require a
licence, and it is hard to draft a copyright law that does this properly.

------
grumpydba
> The one and only thing that you cannot do is offer a commercial version of
> CockroachDB as a service without buying a license.

This is dishonest and deceptive. One other thing you cannot do is use their
code and incorporate it in your open source project.

They used to provide an open source parser for postgres' sql syntax. Now it is
closed source for 3 years.

I don't mind the license change. Lying however is not a good way to behave
with customers or open source communities.

------
pratio
As the link says: The one and only thing that you cannot do is offer a
commercial version of CockroachDB as a service without buying a license

I like the idea and would support initiatives like this. If i really want to
use CockroachDB then i'll install and maintain it myself on my own instances.
In the long run this would also ensure that if i want to move away from AWS to
another provider, i am not locked to an AWS service.

------
throw2016
Do bad actors get to hold good actors to the good actors principles? This
seems unsustainable and a recipe for disaster, ie tolerating the intolerant
whose objective is to gain power and stamp down on dissent and impose their
own values.

Similarly If you do not believe in open source can you hold anyone else to
account by the principles of open source? And if you are committed to open
source do bad actors need to be given the same privileges that are extended to
everyone else? Do they get to play the 'principle' card that they themselves
do not adhere to?

Cloud providers are profitable and the work of these app developers arguably
has a role in their growth and profits. AWS, GCE and others are solving all
their business problems. Why should it be so difficult for them to build a
mutually beneficial relationship with open source projects? Or the pipeline of
projects they can use breaks down.

If they just want to take without adhering to the spirit of open source, then
playing the open source card whenever confronted seems too self serving.

------
galaxyLogic
Mongo is doing great for an OS product. Wonder if CRDB is trying to take a
lesson from their playbook.

[https://www.google.com/search?q=mongo+db+capitalization&oq=m...](https://www.google.com/search?q=mongo+db+capitalization&oq=mongo+db+capitalization&aqs=chrome..69i57j0l2.6033j0j8&sourceid=chrome&ie=UTF-8)

------
haney
I wasn't able to find a link to the new license in the blog post but it is in
their github repo for anyone interested
[https://github.com/cockroachdb/cockroach/blob/master/license...](https://github.com/cockroachdb/cockroach/blob/master/licenses/BSL.txt)

------
hartator
> The one and only thing that you cannot do is offer a commercial version of
> CockroachDB as a service without buying a license.

How much a SaaS has to do to not be consider as selling CockroachDB as is?

These questions apart is worth noting that AWS can still copy CockroachDB
APIs, rename it AWS Ants, and called it a day.

~~~
ComputerGuru
The "API" you are referring to is known as SQL, transmitted over the wire
using the pgsql protocol. There's nothing to copy. The magic of Cockroach is
in the implementation.

~~~
hartator
Not sure why they changed their license then. Doesn't AWS have already a
Postgres-like database with RDS but also with DynamoDB?

~~~
ComputerGuru
Yes, it is indeed a little puzzling. CrB's biggest benefit is to people not
interested in engineering their own scaling/sharing solutions for existing
RDBMS options or if they care about optimal resource utilization (under a
certain subset of conditions), neither of which are particularly draws for the
AWS team. Perhaps they are more worried about other vendors.

------
meddlepal
Smart move and I really hope the BSL can be used by others outside of
Cockroach DB either in its current form or as a template for a similar
license. This is badly needed in our industry to protect innovators from rent
seekers.

------
forty
This is really tough. I really want the redis and cockroachdbs to make money,
but on the other hand I don't want to give my customer data to everyone. I
give them reluctantly to AWS because, well, I guess at least one company has
to have them, and while they are probably not perfect, I reasonably trust them
to keep the data safe, but I'd really rather keep this to one. We could run
the software on ec2 and pay a licence (we occasionally do that) but when we
don't want to maintain things ourselves, we always turn to AWS, which saddens
me a lot

~~~
CaliforniaKarl
I just had a look at
[https://redislabs.com/pricing/](https://redislabs.com/pricing/)

If I understand it correctly, you can get Redis Enterprise Cloud, deployed on
AWS. So, it's running on AWS, and it looks like they manage it.

That sounds to me like they are making an effort to meet your needs, of having
it running on AWS (their FAQ mentions making sure that the AWS AZs are in
sync), but not maintained by you.

------
didibus
I'm all for businesses coming up with whatever licensing terms they want. That
said, as a user, it'll be a harder sell if I can't easily understand or
validate what the license permits and doesn't.

For example, with their new license, could I fork cockroachDB, rebrand it, add
considerable improvements of my own, and then offer that as a service? Or what
if I'm not offering cockroachDB as a service directly, but the service I'm
building and offering as a service can still be argued to be some sort of
data-store?

~~~
toyg
_> could I fork cockroachDB, rebrand it, add considerable improvements of my
own, and then offer that as a service?_

If you were to do that, even with current licenses, you probably couldn't call
it CockroachDB anyway.

~~~
didibus
Ya, and I wouldn't, that's why I mentioned rebranding it.

------
DVassallo
This is not the best way to compete with Amazon. The believe that their
feature set is enough of a differentiator is probably delusional. CockroachDB
does "massive scale SQL without manual shading". BSL won't hinder Amazon
offering those features too.

If CockroachDB remained OSS, there would have been a chance of Amazon offering
Elastic CockroachDB eventually, and at least make the Cockroach brand more
popular. But now it will likely be an Aurora feature.

If you want to compete with Amazon, do something Amazon cannot do.

~~~
lacker
_The believe that their feature set is enough of a differentiator is probably
delusional._

If their feature set isn't a good differentiator from other databases, then
their company isn't going to succeed in any situation.

This strategy _is_ CockroachDB doing something that Amazon cannot do.

~~~
DVassallo
I estimate the odds that AWS Aurora will offer "massive scale SQL without
manual shading" in the next 3 years to be >95%. Then why would anyone want to
to use Cockroach? They need to differentiate on something else. Ideally
something that Amazon is unwilling to do, or would find very hard to do.

~~~
espadrine
Amazon may be unwilling or unable to be multi-cloud. Companies worried about
being stuck in a silo may think twice if they have a more convenient option.

Besides, crdb does worldwide SQL databases now, and the only competitor at
that level is not Aurora, it is Google Cloud Spanner, at a much higher price
range and with very limited options.

~~~
lmeyerov
The #2+ cloud vendors are hungry for marketshare, so they're showing signs of
multi-cloud already (and already global). A bit reductive, but CRDB is now in
an arbitrage game: will Google/MS/IBM/Oracle/Baidu/... pay $200M-$1B to buy
them ($50M is a lot on the cap table), or they somehow pull off a rev share
similar to "Azure Databricks" that they can bail before it goes to zero / find
something more differentiating long-term.

Once every top infra team at MS & Google realized they can be a saas/paaas
revenue center, not just saving 1% in internal costs, that made the whole
"Google for everyone else" VC funding wave feel like musical chairs.

It does feel like a good ("least bad") move given the environment. We have
taken an "embrace" approach to using/contributing to OSS and assuming
commoditization of database+compute tech (Apache Arrow, Nvidia RAPIDS, ...).
We've wanted to further open most of our code, not just those libs, so we're
not the only ones writing funny distributed GPU webapp+etl stuff... but
couldn't find a way that made sense so far. So, I've been watching with great
interest, and good luck to the teams involved!

------
NelsonMinar
I'm curious about the legal process of relicensing. Did they have significant
open source contributors from outsiders? If so, did they have copyright
assignment? And if not, then how valuable is it to them to be open source in
the first place?

(Not trying to cause trouble; I admire Cockroach DB and its founders greatly!
But I've watched open source struggle with this kind of thing for 20+ years
and am increasingly curious about why businesses choose to open source their
core technology.)

~~~
vortico
If community patches are licensed under MIT or BSD, all CockroachDB has to do
is include those license texts in their proprietary distribution, which is the
only requirement by both licenses. Proprietary derivative works are allowed
under MIT and BSD.

~~~
paxys
It's different in this case, since there isn't a separate proprietary
distribution. The entire codebase is being relicensed.

~~~
vortico
That's not how it works. Each commit is a "derivative work" of the last. If
today a codebase is licensed under MIT, tomorrow you can change a single line
of code, and this produces a brand new work under US and international
copyright law. You can license this work under any license, provided you
comply with the MIT license of the work that has been derived.

------
k__
I had the impression cloud providers like AWS would move to using their own
core services to emulate other systems and not host the original thing.

~~~
sangnoir
They already have - Amazon has Aurora, which has MySQL and Postgres
compatibility. I'm sure if there's enough demand, Amazon will add CockroadDB
compatibility to Aurora in the not-too-distant future.

~~~
mixedCase
> Amazon has Aurora, which has MySQL and Postgres compatibility

Which lags behind upstream in versioning and has its own quirks.

Or Redshift, which is still stuck in Postgres 8 and _absolutely_ has its own
quirks.

~~~
sangnoir
> Which lags behind upstream in versioning and has its own quirks.

No doubt re-implentation will lag and will not be perfect (either buggy, or
_not_ buggy enough to match reference). The big question: is it AWS users
shopping for DBs, or MySQL/Postgres/CockroachDB users shopping for *aaS
services? I suspect the former outnumber the latter, and they will likely
tolerate being behind the bleeding edge.

~~~
mixedCase
I think it's still the majority of developers that first deal with databases
outside a cloud environment and then want a managed version of it in their
environment (which btw, Amazon does offer in RDS Postgres/MySQl, but it's
their forks that have these problems).

And being behind the bleeding edge is problematic at least these days that
databases are incorporating great features, but the bigger problem is
incompatibility and subtle differences. Those are the truly annoying issues.

------
zinlencer
When will CockroachDB release their managed service? Can't find any clear
pricing nor a registration form on their website.

~~~
pakshi
(Cockroach Labs employee here)

CockroachDB managed service is available today - you can sign up on the
website and we'll get in touch with you [https://www.cockroachlabs.com/get-
cockroachdb/](https://www.cockroachlabs.com/get-cockroachdb/) We will release
a self-service offering where you can set up a managed cluster without having
to talk to us later in the year. Re: pricing, we have different packages based
on # of nodes, and size of node (storage, vpcu etc.) and happy to share that
in a call.

------
didibus
Could someone say just take a normal open source license, like MIT, and just
add a provision saying, if you are Amazon, Google, Microsoft, this license
doesn't apply to you and you are not permitted to use the code in any way?

Basically, just blacklist certain companies that compete with you directly.

~~~
amenod
It's still not free/open/libre source anymore, because you are discriminating
against someone, so it's not in-line with the set of freedoms as defined by
both OSI and FSF.

Whether this matters to you or not is another question, of course... :)

~~~
didibus
Hum, I feel there's some ambiguity there. Like FSF says from here
[https://www.gnu.org/philosophy/free-
sw.en.html](https://www.gnu.org/philosophy/free-sw.en.html):

> A free program must offer the four freedoms to any user that obtains a copy
> of the software, provided the user has complied thus far with the conditions
> of the free license covering the software.

It's unclear what "obtains a copy" means. You could make it that certain
companies are not allowed to "obtain a copy", and thus if they do, it is
through illegitimate means.

For example, it goes to length to say Free software does not mean gratis. So
I'd suspect it would claim that if software is sold, and you pirate the copy
instead of paying for it, you have broken the conditions of the free license.
But if you paid, and a copy is delivered to you, from that point on, the four
set of freedoms are granted to you over the copy that was given.

So, I can see something where, it is gratis, but obtaining the copy is not
granted to everyone, but only to some, depending on if you're a potential
competitor or not. And that seems like it could still fall under that
definition of Free Software.

~~~
amenod
Sure - except that under their definition of freedoms you are allowed to share
software with anyone, so while you can sell it to the first person, they can
freely share it with anyone.

But truly, I don't think looking for holes in definition of freedom would help
anyone. The question if, do these definitions achieve what we have set out to
do, and in what way? If yes, great. If not, maybe the time has come to define
another set of freedoms, which still protect users better than closed source,
but allow developers and maintainers to make money from their creations. And
yes, they will not be open source, so we might as well come up with a
different term.

------
iblaine
Even if cloud providers give back more than they take, there nothing legally
stopping them from stealing an open source project as their own. The Business
Source License (BSL) seems like a good reaction. What Amazon did to
confluent.io and so many others seems pretty cold hearted.

~~~
DVassallo
Stealing an open source project would be like saying stealing quick sort. You
can't steal something if it was given to the public domain.

~~~
vageli
> Stealing an open source project would be like saying stealing quick sort.
> You can't steal something if it was given to the public domain.

Most open source projects are not given to the public domain, but encumbered
with clauses in the form of their license.

~~~
DVassallo
Permissive licenses are basically public domain with some attribution clauses
and litigation indemnity.

------
antirez
Since "Redis" and "Redis Labs" are mentioned multiple times among the
comments, here is my gentle reminder that Redis is BSD licensed, and only
additional modules provided by Redis Labs have a different license.

------
jillesvangurp
I wish them well but fear this won't work out for them. This sounds like a
smart move until you realize that they are just one of many players in a
crowded market and that this actually decreases their value proposition for
end users and external contributors. Having less of both is bad news for an
OSS project, no matter how you spin it.

The way I see it this type of company has a short term value that derives from
them being first (more or less) to market with whatever it is they do well. In
this case, their thing is having a sharded/clustered db that can replicate
across datacenters and with serialized transactions.

Awesome, that's a great thing to have and it will take other databases a while
to get there. But they will eventually and that matters. This stuff
commoditizes quite rapidly. It's based on published research by Google half a
decade ago and people can look at the source code and algorithms. It's just a
matter of time before somebody else figures out how to replicate what they do
in some other product. Somebody like e.g. the postgresql developers:
[https://tapoueh.org/blog/2018/07/postgresql-concurrency-
isol...](https://tapoueh.org/blog/2018/07/postgresql-concurrency-isolation-
and-locking/) and
[https://pgdash.io/blog/postgres-11-sharding.html](https://pgdash.io/blog/postgres-11-sharding.html).
It's probably not perfect yet but they are obviously heading the same
direction and there's a notion of good enough and diminishing returns.

When it does catch up, it all reverts to which is the best product in the
market. Part of that is features but another part of that is a robust
developer community and having access to robust support and hosting options
from multiple companies. A failing VC backed company that controls the code
base and treats it like a walled garden means that community is only as good
as that single company behind it, i.e. not very good. It simultaneously repels
potential users and contributors thus slowing down adoption and development
speed while increasing the R&D burden for the single backing company to not
fall behind any further. They can't win that game.

In a nutshell, postgresql does not have that problem and it never will. Mysql
doesn't have that problem either. Both developer ecosystems consist of
collaborating frenemies that work together because it is better than not doing
so. Both provide pretty good database solutions with plenty of hosted
solutions (including Amazon and other cloud providers), commercial support via
several companies, etc. Also both are pretty much guaranteed to continue to
have active development for as long as there are people willing to sell their
time doing that and there are so many companies using both that there is just
no way that that would change within the next few decades or most likely this
century. Essentially all of the current companies behind both could go
bankrupt and all that would do is create an opportunity for new companies to
step in and take over.

------
erichocean
I really like this company, and their developers. Solid tech vision and the
actual tech chops to pull it off.

 _I don 't like the drama that seems to surround it._

This post is just one more vote in the "this company has a lot of drama
associated with it", and that to me is always a giant blinking warning sign.

Without knowing anything about them (though I do), at this point, I would bet
this company flames out eventually, fails to get further funding, and
institutes yet another license change to milk the dying cow while the talent
flees for greeter pastures. Best case they get acquired by Microsoft, worst
case Oracle (I'm sure their users would _love_ that). Or just fade away.

Anyway, my $0.02. I hope I'm wrong.

------
janemanos
Will be interesting to see how other open source projects like ArangoDB
(Apache2), Timescale (Apache 2) or Scylla (AGPL/Apache2) will react.

------
revskill
The interesting thing is that, some of AWS products have weird name (hard to
remember, strange or new), while it's actually built from OSS.

------
gtirloni
If you have this page open, please beware of your battery. It's currently
consuming 200% CPU whenever it has focus.

~~~
PetahNZ
Works fine for me.

------
buckminster
So BSL now means "Boost Software License" and "Business Source License".
That's not confusing.

------
m0zg
TBH, I think _renaming_ CockroachDB would do it more good than relicensing.
All other things being equal, I think it is safe to say that nobody wants any
cockroaches in their infrastructure. I think it's also safe to say that few
people know in detail what CockroachDB is, and its name creates additional
friction to more people figuring it out. If you disagree, call your next
database project TurdDB or something and see how it does in the marketplace.
Names matter.

Call it something high-tech sounding and inoffensive. Now that it has some
notoriety it no longer needs a controversial name.

------
tus87
> or embed it in their applications (whether they ship those applications to
> customers or run them as a service). They can even run it as a service
> internally. The one and only thing that you cannot do is offer a commercial
> version of CockroachDB as a service

Great so I will write a little shim that loads libcockroach and call it
TermiteDB and I'm set.

~~~
otterley
Intent matters in the law, and judges see right through transparent attempts
to evade the spirit of agreements on a frequent basis. They aren't stupid.

------
jacquesm
Maybe a good time to change the name as well? Funny names are cute and all but
if you want to gain mainstream acceptance for your database product
CockroachDB is not the one I would have picked.

Downvoters: if you think names for products do not matter you are mistaken.

~~~
reificator
> _Downvoters: if you think names for products do not matter you are
> mistaken._

Disagreeing with your particular opinions on a particular name doesn't imply a
belief that names don't matter.

~~~
justin66
The belief that names are particularly important to corporate software
adoption _and_ that _CockroachDB_ is a good name for such a purpose is
probably pretty rare.

~~~
reificator
I don't care one way or the other about the name. But if you're marketing
directly to engineers who want a resilient solution, there's probably an
argument to be made.

