
MySQL founder tries a new software licensing model - phire
https://techcrunch.com/2016/08/19/mysql-founder-tries-a-new-software-licensing-model/
======
evanelias
Applying BSL to the MaxScale proxy is proving to be, so far, an unpopular
decision among a large segment of the MySQL community.

The TechCrunch article didn't address this specifically, but the license for
MaxScale requires a MariaDB Enterprise Subscription if you use MaxScale with
just 3 or more database servers at your company.

Since MaxScale is a proxy, it isn't particularly useful for companies that
only have 1 or 2 database servers, except as a very limited trial. So this
move effectively makes MaxScale commercial software for most production use.
This is a strange business decision, considering there are other third-party
proxies available, such as ProxySQL, that have same (or better) functionality
and no requirement for purchasing a commercial license.

I also wonder how MariaDB Enterprise Subscription pricing works for companies
that just want to use MaxScale to connect to stock Oracle MySQL or Percona
Server MySQL? Seems strange to tie the licensing to MariaDB Enterprise even
for companies that just want to use MaxScale alone. Although a good proxy
takes a lot of development work, it's still tiny compared to building a
relational database. I wouldn't expect the two to be priced the same.

~~~
montywi
Most usage of MaxScale is one of the following: \- One Master with one Slave
(for backup and high availability) \- Galera with 2 masters and the Galera
Arbitrator This covers possible 90% or more of the common usage cases.

MaxScale is usually included in the MariaDB enterprise subscriptions and one
can also get standalone licenses for MaxScale.

------
CraigJPerry
Its easier to procure paid for software than open source in many large
enterprises.

There was a culture of fear for open source promulgated by proprietary vendors
and major consultancies in the early 00's - the "know the facts" campaign by
Gartner and Microsoft springs to mind.

Although this idea is generally dead now, the scars live on in the purchasing
and licencing approval flows at many large enterprises.

I am familiar with several organisations where a paid for software licence can
be acquired with nothing more than trivial approval for the spend. Yet
adoption of an open source product requires multi layer approval of the
licence and recording of licence risk against the project.

There is a valid case for that due diligence but its not a particularly strong
case and if it were the reason for this situation, then proprietary software
licences would be subject to the same scrutiny.

~~~
corecoder
Paid for software usually comes in two flavours: turnkey or with consultants.
In both cases the promise is that the software will in the end run, and those
who need to will actually be able to use it. Also, that the software does
something that should be useful to you.

Open source software comes "AS IS", WITHOUT WARRANTY OF ANY KIND. So, who is
promising that the software will run, that people will be able to use it and
that it does something actually useful to the large enterprise?

If the enterprise has never used that software, long time employees have
usually no professional experience with it, so it is risky have them install
and run it.

In my limited experience, adoption of open source software by large
enterprises comes most of the times through consultants, hired not to install
the software but to solve a business problem. The consultants promise to solve
the problem with the software, and that the software will run etc.

~~~
cyphar
> Open source software comes "AS IS", WITHOUT WARRANTY OF ANY KIND.

As far as I'm aware, most proprietary licenses have the same disclaimer. Have
you ever seen Oracle getting sued when their database segfaults and loses data
(in a similar way that a contractor would get sued for building a bridge that
crashes)? You usually pay for support contracts with big enterprises, which
have external guarantees and experts on call. Luckily, free software companies
provide the same services without taking the freedom from the users of that
software.

~~~
corecoder
I'm not talking of the proprietary license, but of the exchange between buyer
and seller. I've never talked to an Oracle salesperson, but I doubt that
they'd say that the software isn't guaranteed to run and/or be useful.

The same goes for FOSS when a consulting company is involved: they say that
the software will work; my point is that that's the most likely way in which a
large enterprise can run FOSS.

There are other ways, of course: the decision can come from a high enough
manager (or even from the CEO or CTO) who's willing to take the risk, but,
indeed, they are taking a risk.

------
tomcam
I don't say this lightly, but wasn't the open source license of MySQL the main
source of its success? As I recall, it didn't really get huge until they
loosened up the licensing terms. And wasn't that one of the main reasons it
made $1 billion? Not criticizing – his business is his business. Just curious.

~~~
ben_jones
Would PHP have become popular if MySQL had maintained a strict license? I
wasn't a web developer at the time and am genuinely curious what the database
landscape was like back then.

~~~
kyriakos
Postgre would probably been used instead. The demand for an easy to use Web
scripting language existed, php fit the bill that's what pushed mysql to
become popular.

~~~
oblio
I kind of doubt it. The Windows port of PostgreSQL was kind of lacking for a
long time (8.0, released in 2010, brought the first native Windows server
version) and a large group of PHP developers were Windows developers.

~~~
mpol
I don't remember Postgres having much traction around 2000 or before.

Since there was "always" MySQL available, Postgres wasn't in need of
development, for most people MySQL was sufficient. If MySQL had been less
open, Postgres might have gotten momentum years earlier to fill that gap on
the low web-end.

I can imagine Postgres popularity in recent years is because people are
replacing Oracle databases with Postgres, they are looking for a way out of
that. Or even more, newer companies don't even look at starting with Oracle,
but start on Postgres right away.

------
teddyuk
I think it is a great idea, you can charge when people use it in production
and it reverts to oss on a specific date.

I worked at a startup and companies would want us to put a version of the
software into escrow and were wary of us going under, giving them something
like this would have been perfect.

~~~
justincormack
As was pointed out elsewhere, it becomes GPL, which is not normally
unencumbered enough for escrow, where you get unrestricted rights. You also
want them immediately on failure, not after the timeout. So it doesnt work
well for this use case.

~~~
nabla9
GPL works perfectly with dual licensing.

If you want unencumbered, you pay for commercial license.

~~~
cowsandmilk
But that's the point, top parent was suggesting this as a replacement for
commercial escrow. Most people wanting commercial escrow would not be
satisfied with this.

~~~
montywi
I have been in several business discussions regarding source code in escrow
and in all of them they have agreed that having the code released as BSL or
eventually Open Source would be ok with them.

After all, companies using your software wants just to be sure that they can
continue to use it as before if you stop supporting it. For this purpose BSL
works perfectly as a default. If they need more, then you make an explicit
contract just for them where you give them more rights to the software.

------
athenot
This is great from the perspective of contributing intellectual property back
to the ecosystem. They are trying to balance the revenue aspect with growing
an open community which benefits the product as a whole.

My one concern is that the thrifty users will ride the expiration line,
installing versions that don't cost money but which are outdated. I can see
where that would be an acceptable tradeoff in many situations where the
latest-and-greatest is not required. But from a security aspect I wonder if
that also means that vulnerability fixes would only be available to the paying
users. They are definitely worth paying for, no doubt; but would that then
foster an ecosystem of not-really-patched installations out there?

(Then again, that might not be that different from the current situation.)

~~~
montywi
The old versions of MaxScale will of course get security and critical bug
fixes. The MariaDB corporation will also accept patches to the GPL and BSL
versions of the code.

------
apo
It's surprisingly hard to find the actual text of the Business Source License.
Where is it?

The link in the article points to a FAQ, which also does not appear link to
the text of the license:

[https://mariadb.com/bsl-faq-adopting](https://mariadb.com/bsl-faq-adopting)

A Google search did not turn up the text of the license itself.

~~~
edmccard
[https://mariadb.com/bsl](https://mariadb.com/bsl)

------
nickpsecurity
This interesting given I brought up a similar model talking to people here. I
agree with the founder that licensing trumps support agreements in terms of
supporting development of the product. He didn't even mention amassing patent
portfolios or defending patent suits. These are relevant given big tech uses
them to stop competition. Development, sales to increase amount of it, and
legal investments all take _much money_. Licensing from paid users is best way
to get that.

So, how to balance that versus wants of OSS community that might test,
contribute code, and so on? One thing I posted was that the license would come
with source, allow fixes, allow local extensions, and simply block
redistribution unless its to paying customers. Covers most OSS benefits. To
address lockin, I suggested provisions to cap what they can charge for given
software and (relevant here) make it go GPL if it's abandoned.

Only got two reviews on this so far. I'm interested in getting some more. I
think I've gotten pretty close to getting almost all benefits of OSS software
while ensuring it stays paid for. Btw, one can also give out free or
supported-at-cost copies to those help out in docs, debugging, whatever. One
could also do free, AS-IS licenses for small businesses or startups so long as
their revenue is below certain point.

The only thing I didn't try to do is restrict by number of CPU's, servers,
whatever. It seems natural in mainframes, clouds, enterprise, whatever. I'm
just concerned about its effects on how product is used in terms of innovation
or robustness. One example is desktop virtualization at level of individual
apps for security or failure isolation purposes. Your user experience at OS
level is still about the same given you're using same OS to run same apps. The
deficiency of OS in isolation means you had to add a virtualization solution.
So, should people be charged an extra $100+ an instance to make up for that
deficiency? Or same thing in high-availability setup where extra nodes don't
contribute to throughput? So, I'm undecided on usage licensing.

~~~
bad_user
> _Covers most OSS benefits_

No it doesn't, it's not even close. Other companies tried to bring this same
argument but failed. Some people think that the primary benefit of Open Source
is having some level of access to the source code and fortunately this didn't
fly, in spite of the effort of companies, such as Microsoft with their "shared
source" initiatives. Open source [1] brings with it two major benefits:

1\. the ability to use the software for any purpose, any field of endeavor,
with no discrimination, for any business model. By your own admission, your
license would be incompatible with such a contract.

2\. open source can be forked, just like Monty here forked MySQL and
(arguably) kept it from dying. The importance of this cannot be overstated.

But more to the point, you say you'd allow "fixes" and "local extensions", yet
restrict redistribution to paying customers, but well, you clearly have
boundaries in mind for derivate works, as you clearly only want to allow small
improvements. Can those improvements be redistributed as source code, for the
benefit of others? And if not, then clients could find themselves in a gray
area. For example what happens if these clients hire contractors to provide
those improvements? That's always possible with open source, just like how it
is (still) possible to take your car to any repair shop. You can quickly see
how this can go out of hand.

And the restriction for paying customers sounds awful - first of all, what's a
"paying customer"? Do money need to exchange hands? Are trial versions
permitted? What if you want an alternative business model, ads-based or
whatever. Etc.

But the biggest benefit of Open Source is the right to fork. First of all,
this implies that ownership over such software is achieved by anybody that
wants it. And it's an important right, especially if things go wrong.

You say that you could maybe have a clause somewhere, or a promise, to make
the software GPL should it become abandoned. Oh well, what is abandonment?
Plus, abandonment is not the only bad thing that could happen. You could also
steer the project in a direction that people don't want, you could
intentionally cripple it, you could raise prices so much as to make it
unfordable and when you get bored of it, you could simply sell it to another
company. Notice how neither of these conditions do not classify as
abandonment.

Now don't get me wrong. I have nothing against proprietary software, heck, I
would be a hypocrite if I wouldn't admit to developing and making a living off
of proprietary software myself.

But I see _marketing_ attempts to redefine what Open Source means, only
because Open Source is _marketable_ , being extremely attractive at least to
developers and for good reasons. And look, I get it, we need to make a living,
but it's dishonest. Your product can survive and flourish as proprietary, but
stop with the bullshit and call a spade a spade.

[1] [https://opensource.org/osd-annotated](https://opensource.org/osd-
annotated)

~~~
samuellb
3\. open source software projects (and distributions, e.g. Debian) usually
don't want to be dependent on non-open source software. And they are usually
very strict with licenses, so "almost open source" won't cut it. So I think
BSL licensed software would get less adoption and less of the "free marketing"
that open source software normally gets.

------
supersan
This is a little off topic and maybe controversial because it is against the
spirit of open source but in all earnestness if you make a software that you
want to make available to all open source projects but then you want to charge
a recurring monthly fees if the software is being used to make money - is
there a standard license for that?

I've seen sites do this like readme.io but can you do that for a software
library?

~~~
unabst
It's called a dual license. And yes, you can do it for anything. Copyright is
automatic, and it grants you control over the right to copy your creation. You
just need to make sure you're the one that created it.

Found this to be a good overview:

[http://oss-watch.ac.uk/resources/duallicence2](http://oss-
watch.ac.uk/resources/duallicence2)

------
quickben
Is he trying to sell mariaDB now too?

I mean, it's genius from the business side. Unless i got the story wrong, he
sold MySQL after people helped him create it. Forked it, and now it's turning
the fork into MySQL/Oracle profit cow.

Either somebody correct me, or I'm going to assume "for as long as there's are
sheep..."

~~~
syshum
WHile I despise this new licensing, your redition of history is not correct

Monty sold MySQL to Sun, he believed Sun would be good steward of the project,
provide it the resources it needed, and allow it to flourish remaining Open
Source

When Oracle bought Sun, Monty and most of the MySQL devs where very very very
very very concerned that Orcale would be detrimental to MySQL going forward so
they forked it and founded MariaDB to replace Oracle's mySQL

Some of their fears never came to be, but Oracle has closed the development of
mysql is many ways, it is not as bad as it was orginally feared, but it no
where near as open as it was under Sun.

~~~
johannes1234321
The fork already happend during the time with Sun.

~~~
syshum
The fork happened while the sale was happening.

------
jomamaxx
This licence is the basis for a business model - and should not be considered
along side gpl, mit etc..

It's not particularly relevant to the discussion.

This is a business and commercial issue, not a 'details of the license' issue.
The text could take on so many forms, and it's not particularly useful unless
you're a very startup and can't afford a lawyer.

Example:

What is the price? What are the terms of payment? What about discounts? What
is a 'CPU' when you're using virtualized hardware? How do the terms hold up
against IP rights in the rest of the world? (Europe has very different laws
for Software).

It's great that there's some text that a company can grab, but any company
that is going to be licensing software should eventually consult a lawyer
about this.

------
boyter
Very interesting. It's a bit like the fair source license model
[https://fair.io](https://fair.io) but more open in event the project looses
traction is abandoned etc...

Sold. I will be moving my project searchcode server over to this within a
week.

------
oolongCat
Going to be interesting seeing how they will figure out where to draw the line
(in legal terms) between testing and production. Would health checks be
considered as testing the system or production type work?

~~~
phire
A simple test of "Can the intended end users access the system" would work.

Would also be a great motivation for developers to not test things in
production, as it's cheaper to test them in the development/testing
environment.

~~~
seanp2k2
How can you accurately measure that via software though? What differentiates a
developer from a user or a customer? IMO these are hard problems to solve and
problems which are not worth the engineering effort to attempt solving.

~~~
phire
It's not a software issue, the licensee has access to the source code and can
modify it in anyway they want, including removing any software-enforced
licencing restrictions.

It's the responsibility of the licensee to make sure they are in compliance
with the licensing terms (buy enough licenses to cover the number of CPU cores
they are running in production), otherwise the copyright holder will sue them.

This idea of licencee self-compliance is not an innovative concept, it's how
most licensing in large enterprise companies already works (and that's where
this license is targeted), the company checks how many copies of the software
they are running and pay that much.

It's not quite an honer system. Companies conduct regular audits (done by an
external company) to prove they have everything licensed correctly.

------
Grishnakh
When I see the abbreviation "BSL", I can't help but think it stands for
"bullshit license"....

However, it actually sounds like a great idea to me, and a great way for
companies to make money licensing software to commercial users while still
keeping it free and open source for individuals, while providing a safety
mechanism in case the company goes belly-up.

~~~
johannes1234321
There is nothing the individuals can do with the open source version. It's old
and has bugs and maybe security issues. In theory they could look at the
source of the "commercial" version, but then have to be careful - they can't
change it and if they ever write code they have to be careful about not doing
plagiarism.

~~~
Grishnakh
Sounds good to me; I don't see the problem.

If you want to redistribute, then you need to use the old buggy version. I
don't really see a problem here.

If you want to use the latest-and-greatest in a non-commercial capacity, you
can do just that. And it's open-source, so you can modify it all you want and
use it. You just can't distribute it.

What's the problem?

No, it's not as Free as GPLed software, nor is it meant to be. It's meant to
allow a company to make a profit on software licensed to other businesses or
for commercial use, while still allowing it to be open-source, and allowing
private individuals to use it without paying a license fee. (At least, that's
how I read it from the article.) It sounds like a great way to balance the
competing interests of a commercial software company, the users (both non-
commercial and commercial), and the community at large. It would be a terrible
license for basic infrastructure software like OpenSSH or PostgreSQL, but for
business-oriented application software, it sounds absolutely perfect.

(Note, again, what I've written above about the way the BSL works is what I've
gleaned from reading the article; if I'm incorrect, someone please feel free
to correct me.)

------
jpalomaki
This might create some complicated situations when the older versions become
free and somebody decides to fork it to fix bugs that are present in the old
(free) version, but fixed in later (not-free) releases. I believe then you end
up with the question was this fix back ported from new version or did the
developer come up with it independently.

~~~
stephenr
Percona is already maintaining a fork, as they do with MySQL itself.

At this point I don't understand why anyone needing a MySQL solution wouldn't
use Percona's packages.

Edit: yes, Percona not persona.

~~~
ebcode
Persona -> Percona

------
cheriot
Giving up revenue from customers that don't want to change and are happy to
pay is a huge loss. AOL still makes 600m/yr from dial up.

The open source freemium is cool, though. Those are two powerful forces.

------
trengrj
Interesting concept, like how code will turn into GPL after a few years. Glad
though that MariaDB is and could not be BSL.

------
simbalion
They are switching to a BS License?

Are we supposed to take this seriously?

~~~
Maskawanian
And most retail shops use a POS system for their checkouts, what is your
point?

~~~
simbalion
[https://twitter.com/VadimTk/status/766333511514992640](https://twitter.com/VadimTk/status/766333511514992640)

