A lot of comments on this topic seem at odds with reality.
If you accept that it takes a lot of effort to produce what Red Hat produces and you accept that you cannot buy food with a list of your open source contributions, then the people who work for Red Hat need to be compensated in some way.
If your answer to this is that there is a big, distributed pool of people willing to do this work instead of Red Hat then you don’t believe that Red Hat adds value. But the question remains: who compensates those people?
And this big distributed pool of people ready to do free work definitely doesn’t exist already. Well, it does, but it’s just Redhat. And they are rightfully changing that.
It could be the companies they work for (like is done with the Linux Kernel), but that doesn’t exist and starting it is a pretty big undertaking.
At the end of the day the comment in the post about the anger coming from people who “do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit” rings pretty true.
Why did Red Hat's previous model stop working now, after 25 years of success? I'm not angry about what Red Hat is doing. I'm just puzzled and I suspect that its a very stupid move.
What Red Hat is doing now will probably increase their license sales in the short term. But they will do so by cannibalizing the entire Red Hat-compatible ecosystem. All the "freeloaders" provide RHEL with most of its share in the distro market. Kill them off and it will become a technical backwater, all the small and medium users will go somewhere else and there will be no on-ramp for new customers (as Red Hat is too technically different from what they have). It can take a while, they might get RHEL for their old systems but they'll go SUSE/Debian/Ubuntu for new stuff.
I'd say that they are literally doing what Travis CI and other companies have done in the past, they have no vision of growing their market anymore, now its all about cost cutting and squeezing the most out of their existing share while the music is playing. So no, I'm not angry about it, but on the other hand I can't see it as anything but a sign of irreversible decline.
For a somewhat simplistic explanation, RHEL became very successful as a tool to replace proprietary RISC Unix servers (often running Oracle DB) with x86(-64) and Linux, offering a traditional "enterprise" support model those proprietary UNIX customers were used to. So what has changed?
1. The above market is pretty much "saturated" in the sense there aren't many proprietary UNIX systems left to convert to x86+RHEL. So not much growth potential there.
2. Oracle has their own RHEL rebuild that they aggressively(?) market to Oracle customers. And I guess it makes sense if you have a server to run Oracle DB on, to also use the Oracle RHEL rebuild to avoid the situation where you have a problem and Oracle and Redhat point fingers at each other and nobody takes charge of solving the issue.
3. Cloud. Cloud is obviously big these days, and it seems for one or another reason cloud deployments often choose some other distro than RHEL, be it one of the free rebuilds (CentOS, Alma, Rocky, OEL), or something else entirely like Ubuntu.
While I'm not privy to any RH internal info, it wouldn't surprise me if they're worried about the above trends continuing. Whether this recent change to make life for rebuilds a bit harder will materially affect anything, and if so how, remains to be seen.
re 2) - we once fell into this marketing trap of "Oracle runs best on Oracle". If it only were true!
We had Oracle databases running on Oracle Solaris running on Oracle SPARC servers, because the bosses were convinced of the synergies. When the problems started (with Solaris zone clusters) it was a happy merry-go-round of fingerpointing between Oracle support groups.
Oracle is on a rather short list of companies I'll try to avoid doing business with if at all possible.
This strategy is doubling down on the real reason that 3 is killing them: price. Their pricing structure in fundamentally incompatible with cloud native workloads. We treat workloads like cattle scaling them quickly and on demand to OS counts never dreamed of decades ago.
It's a classic IBM strategy that goes all the way back to the old-school days of mainframes and timesharing. And they would love to bring those days back. But they can't because AWS beat them to it and now they have to live in that world.
re:3, In a previous thread about this, someone said that RHEL only would make deals with cloud providers to run RHEL licenses prepackaged if the whole stack was RHEL, and obviously, if the cloud provider is not already running RHEL everywhere, that doesn't work out so well.
(I have no personal experience trying to run anything like this, this is purely citing a previous comment made.)
I'll (mostly) copy my reply from there: RHEL guests are supported on RHEL host but also on Windows, ESX, Amazon and Google clouds, and a few more.
Non-RHEL hosts are only supported is Red Hat has someone to talk to at the vendor or cloud provider, so that they can debug stuff that breaks only in their environment and can't be reproduced. This is done to cannot guarantee the level of support that customers expect but very few cloud provider can provide that. I am not even sure that IBM's cloud made the short list.
On other unsupported hosts we will ask the customer to reproduce on a supported host if we think the host is the culprit.
IBM make a sheadload of money, redhat also was doing absolutely fine on support sales (up 17% in 2022, according to 'el'google) -- if they are suddenly unable to pay their developers then, sure.
I don't think anyone is particularly surprised, or will miss them much. It's just kinda sad to see what was a reasonably happy opensource success story end with a giant corporation shutting down some of their releases out of protectionism.
People were expecting IBM to swallow Red Hat in 3 years. After 4 years some parts of RHEL have been opened (Fedora ELN, CentOS Stream) and some have been closed, overall I would call that a success even if IBM was behind this decision...
It's interesting because if RHEL had no value add nobody would pay for it and nobody would be angry about this change. All of these angry posts are proof in a way that they are putting in valuable work.
RHEL was only used & adopted because everyday people could use it. Then when they had jobs at their enterprise, they could bring what they knew with them.
If RHEL is only for paying people, as McGrath from the pulpit so expounds, most people are gonna leave. The value was having a community, a good path, that extended from open source to paid support. If McGrath blows up one end of the continuum, the other end will certainly wither collapse & die. This is a deathmark. People are upset to see a vibrant world shut off and thus shut down, whatever the value/greed/whatever of the situation. A pillar of Linux has left the chat.
If you've read the article, its clearly stated that many more people were just using CentOS as free RHEL, never needing to pay anything because it gives them everything they need for free.
It wasn't worth putting up with so many free users for a paid product, just to have a small minority actually pay anything.
Have you considered the developer team license, the UBI, CentOS Stream? If none of them work for you, either there is a hole that Red Hat would like to be closed or you were already violating the support agreement.
Last time I tried Fedora was FC35. I came back a few months later and tried to build a kernel module, I couldn't get the RPM's for kernel-devel and kernel-headers to line up correctly.
It's exactly these kinds of fiddly details that get weaponized when you want to derail a distro. It's not easy or frictionless anymore.
Valid notion. I don't really know the impact to top of funnel, but it seems like such a gamble to me to tighten the pipeline so much, exclude so many from starting.
It's starting to change, but for years people would look at me like I was crazy for running Debian/unstable aka Debian/sid on my machines/personal servers. Being willing to have volatile systems is a big barrier. Only having "dogfood this wip" or "pay us" as the two options is a radical ask, one that doesn't really seem survivable to me (rh/centos won't go away, but their mindshare seems likely to implode to me).
Speaking for myself, I have a home server. I bought it almost 9 years ago, and the server (haswell-grade xeon) is still perfectly ok for home-server stuff, like a NAS and plex. When I set up the server, I picked CentOS 7 because I wanted a simple, boring OS that got updates for a long time. Sure, I could have used Debian or Ubuntu, and done an OS upgrade every 3-5 years, but I just wanted to avoid it.
Last year, with RH cancelling CentOS, I switched to Rocky expecting another 8+ years of updates. We'll see how that pans out.
It's the other way around - if Red Hat wants to contribute to GPL software, they have to reconcile the legal realities of the situation with their business model. If it's not viable for them to contribute like this, then they shouldn't. They're binding themselves to the conditions of the GPL by contributing to it though, and shouldn't be granted exemption for being a business. If sharing their changes out of goodwill isn't their prerogative, maybe they should offer enterprise support to redistribution-optional systems like Minix instead.
Sounds like they think of Rocky as the enemy, 'under no obligation' to make it easier, 'rebuilding code' is a 'threat'... I have a project in RHEL that they 'rebuild' but I don't see that as a 'threat'.
They want to be a little bit more careful with dogma that makes sense to their management, will get them patted on the head there, but is just nonsense seen from other perspectives - like my perspective contributing to their project for free.
> I have a project in RHEL that they 'rebuild' but I don't see that as a 'threat'.
that's only a relevant statement IF you are trying to make your living off of it and they're rebuilding it without compensating you.
they're not saying rebuilding their opensource packages is a threat to the creators. They're saying people freely distributing the things they pay people to make is a threat to their ability to continue to pay people to make it.
I don't care if people repackage my open source code because I'm not trying to pay for food and shelter with it. If i was, I'd be screwed because every repackaging would be just giving away my work without compensating me.
I genuinely don't understand why anyone is using rhel or rhel-derived distros anymore.
'we' (and by 'we' -- I can only speak for the small slice of uk/eu companies I've worked at for the last ~18 or so years) were /forced/ to use redhat when running stuff like SAP, IBM WebSphere, Oracle, various terrible BI systems, ERP stuff, and so on for 'support'.
Then the cloud happened, and rhel/centos came along initally as we knew the tools, and we were running mostly the same stuff but on other peoples gear.
Slowly the application estate exploded and now I think it's fair to say we target k8s instead of 'rhel' as the place where our software is running, and rhel and it's brothers go absolutely nowhere near my k8s estate or any I've worked on (typically, ubuntu server nodes if I have to build my own, and alpine for contiainers).
So; people who are upset by the recent developments (and lets be honest, did you expect a thriving community around an IBM product?) -- why? What's rhel got that debian doesn't? Or ubuntu?
I'm not even a user of rhel but the difference is: security patches. Enterprise uses rhel because they fix or triage nearly every vuln, every time. If you work for a company with extremely stringent security requirements, or sell to government entities, rhel and its derivatives (CentOS/Amazon Linux 2, etc) are basically the only way you can clear their requirements.
Debian (and by extension, Ubuntu) chooses to not fix a significant amount of security issues. This makes sense given their business models, but is an unworkable position for a huge number of enterprises that depend on Linux. Example: https://ubuntu.com/security/CVE-2021-45464
That, and if you need to run some COTS (commercial off-the-shelf) software package chances are the vendor will only support it on RHEL (or CentOS). However, many of these vendors also support Ubuntu LTS or Suse Enterprise now so there are (usually) a couple of Linux-based alternatives.
Stupid auditors/pentesters really. Explained a bit in another comment, but essentially we had to explain the concept of backporting cve fixes to the same 'version' of random libs to the auditors and to get certified we would have to demonstrate, with actual source, that each of ~200 or so cve's were fixed in various system parts (individually).
In the end, we just went with ubuntu for those nodes, and they all passed the certification. Shrug.
Since then, we don't even need the OS to be certified, since we are using confidential computing, and we stuck with ubuntu for our k8s nodes etc -- but we are forbidden from using rhel anywhere by our legal / compliance people now.
The issue here is with your auditors. I mean if RH tells you a CVE has been fixed with a backport, sure you can challenge that fact but at the same time and with the same standards, it'd mean your auditor would also have to check the actual source of your patched Ubuntu packages to make sure the new versions fixed the security bugs.
The bottom line really is plenty of auditors I've seen don't know how to check for vulnerabilities other than by checking a version... That's it.. Their tools or reporting only know package must have a version greater than x.y.z.
The Linux kernel is not the point. The point is that RHEL has what you need to make sure that the P440ar Smart Array Controller in your HPE DL360 G9 still works properly and that the package from HPE that supplies the runtime tools for it works, along with the utilities that allow you to upgrade your iLO firmware etc. and will qualify that configuration across OS versions and releases.
Ah fair point, random(ish) vendor crapware utilities like that surely work better on rhel. Client libs for HSMs spring to mind too. Fortunately, not many of us are running bare metal anymore. Do you think it make any sense to use in 'the cloud' though?
I know why they use RHEL - support is apparently good and not every corpo wants to keep some linux experts on payroll to fix the rare issues that need a bit more expertise. And they keep old versiond of Red Hat updated for longer so you old crusty enterprise garbage can stay garbage few years longer and claim "but OS is updated" in audit.
I have no idea who in their right mind would use derivative, it has zero benefits and is just build worse than vanilla Debian.
Funny; our RHEL systems were a nightmare for compliance actually. Most of the tools the auditor/pentester type people use only search for, (completely fake example) libfoo 1.x.2 having a security hole, and redhat's libfoo 1.x.2-wibble13 even though it has a backported fix, is flagged as vulnerable.
For each one of these packages, it's a crazy process to prove that the CVE they reported isn't actually there, and it delays our accreditation to the point where it was easier for us to change distro than go thorough hundreds of these..
In the web hosting world, RHEL and its downstreams like CentOS (7 is still in use... just had to spin up a server for a customer with it a few days ago) Alma, Rocky, etc. are still king. Especially with software like cPanel, which exclusively works with Alma (previously, exclusively CentOS). Getting people to even upgrade to Alma 8 is enough of a pain, I don't see why any of these folks would move away from cPanel/Alma now.
>Red Hat uses and will always use an open source development model
Yes, I do not mean to sound harsh but I do not know how say this in a nice way. To me, this means we will still happily take work from our volunteers, but we will restrict other people from using this work so we can get more $. But thank you volunteers for keeping our payroll low and helping out our stockholders.
I really think this is another small step to what I believe is the corporate take over of Linux.
What takeover? While I agree with you that Red hat are being scummy here there are plenty of non-corporate distros like Debian and Arch which are very healthy. I do not see any takeover, just the usual greedy corporations which have always existed.
I am pointing out what I see as a trend. Linux hardware seems to be on the way to a lockdown by companies. How many proprietary bolbs are now needed to run Linux on many Laptops.
This is a failure of the Linux Foundation to push back on proprietary hardware vendors, one blaring example is Nvidia. Even Linus has commened on Nvidia.
The Foundation should stop allowing proprietary hardware in Linux, instead these vendors donate $ to the Foundation and we are stuck using this hardware.
Another example is Secure Boot, some laptop manufactures are no longer allowing Legacy Boot. Were is the Foundation on this issue. Instead Microsoft donates large amounts and nothing is said about who signs the keys. It is just about impossible for many people to install Linux (or a BSD) on some new hardware without jumping through Secure Boot Loops.
And we have Intel ME, totally closed, the Foundation did nothing to complain and open that up either.
I could go on all day, and I am sure others can bring up many of these issues I know little about.
> Another example is Secure Boot, some laptop manufactures are no longer allowing Legacy Boot. Were is the Foundation on this issue. Instead Microsoft donates large amounts and nothing is said about who signs the keys. It is just about impossible for many people to install Linux (or a BSD) on some new hardware without jumping through Secure Boot Loops.
I think you're wrong on this one. You seem to be mixing up UEFI vs Secure Boot. The elimination of legacy boot in favor of UEFI has nothing to do with Secure Boot being enabled. Secure Boot is a good thing. In this case Microsoft is just acting as a Certificate Authority. Mainstream distros like RHEL, Ubuntu, and Debian have signed bootloaders. They pay MS a modest fee for what is essentially CA services. If a hobbyist distro doesn't want to pay then they don't get the benefits. A lot of OSS developers don't even sign their code because they object to paying for a code signing cert. If you want to play in the walled garden you have to pay the toll. Despite this I've yet to come across a device that prohibits disabling Secure Boot.
I have a laptop from 2k15 with Arch and secure boot. Since Arch doesn't have anything signed you can't even load the LiveISO without disabling secure boot, but what I was able to do was to sign everything myself + have the MS secure boot keys (or whatever they are called). This would allow me to dual boot with Win + Linux both using secure boot, which is nice to know for a certain game that insist on an overly restrictive anti-cheat.
I know if I need to get a new Laptop, I will need to either pay twice the average for an open system that meets my needs, or spend months looking for compatible hardware.
So far the ~8 years old Laptop I have is working fine with Linux.
The one people have been predicting for decades because they refuse to understand how Linux works and/or they want attention.
None of this is new. None of this is even hugely interesting. Red Hat is one distromaker out of many, and nothing makes anyone use them or their products. Trying to conflate one distro with Linux as a whole is common among people who are either ignorant or attempting to troll.
Arch is probably the most bazaar operating system in existence. AFAIK all of its developers are volunteers, and thousands of users take an active part in creating and maintaining ~75k of (non-orphan) packages for it. AUR has a very low barrier of entry — you just need an account — and still all packages I use are of good quality (the most popular are usually excellent, and with much less bureaucracy than other distros).
I just can't see it being taken over by anyone, Valve or anybody else.
Many components inside a modern linux distros are actually developed by people employed by big corporation. Take systemd for example, where a huge portion of its core developers are employed by red hat, microsoft and facebook. The distro itself may be run entirely by volunteers, but the softwares they packaged might not be developed entirely by volunteers.
Many of the leading Linux users are never going to pay for RHEL.
That includes expert users who don't need enterprise support. If you make them use something else, then that will become the most battle-tested enterprise distribution.
It also includes developers. If they run on your platform, then it will get native support. If you make it easy for them to test on your platform, then it will get first-class support. If you make it difficult and they feel like second-class citizens, you will get no support.
Open source is about community, and RedHat has made it clear that the only community they care about is companies willing to pay for expensive per-server licenses.
With the rise of the cloud and containerized workloads, the business model of providing long-term support for on-prem servers is declining, and they are just milking the customers who remain.
> Open source is about community, and RedHat has made it clear that the only community they care about is companies willing to pay for expensive per-server licenses.
This is exactly what they seem to think. In this blog post, they mention that the open source community will simply revert back to being hobbyists and hackers if they don't make this change. This is because Red Hat's management right now thinks the open source community is entirely comprised of Red Hat, Red Hat customers, and random hobbyists and hackers. Other business models, and even SUSE/Ubuntu, are seemingly invisible to them.
Who is going to pay for something to "become the most battle-tested enterprise distribution"? I get what you say, but this is a lot of (paid) effort many experts need to make together.
Regardless of your or my opinion, the Vice President of Core Platforms Engineering at Red Hat seems to think that this is a fantastic idea. They read the negative coverage and thought the best move was to educate people on _why_ they are so convinced this is a fantastic idea.
I can't help but wonder what this person is thinking. I get that they look at Oracle Linux (or maybe even Rocky Linux) and think, "there's money we're losing". Is that really the whole story?
I don't see how, at the end of the day, this is going to help Red Hat. There's no way Oracle is going to start shelling out dollars to IBM for licenses. Maybe Rocky Linux will lose some customers, I doubt it's going to be enough to make it worth the time, effort and negative press that RedHat is suffering.
It's funny. We have something like 10^5 machines all on CentOS and a decent chunk where support is important and we pay for RHEL as well. I've been through a few firms like this all operating this way since 2007 or so...
We were looking at Rocky Linux, but that no longer makes sense in light of recent news. So along with moving all of that CentOS infrastructure to something else, it no longer makes sense to stick with RHEL either and they are now going to lose our money.
Similar boat here, and know of many other companies in the same situation (although we chose Alma).
We thought we were on a good proven path of paying for support where we need it, and using the downstream alternatives when we didn't. Turns out we should have more seriously considered a move to Debian...
I'm not really shocked Red Hat are trying to squeeze more money out of their existing audience, everything they offer is eye-wateringly expensive nowadays. I almost choked when I got a quote back for the Ansible automation platform, before installing AWX for free.
I think getting away from RH is probably the safest plan.
AAP is crazy expensive, just like RHEL. I think they are going to lose a lot of customers and dollars due to this, both immediately and even more so later.
From Red hats point of view, RHEL shouldn't be an option without paying for it, it's why they stopped CentOS and now git.centos.org.
And as mentioned in the article, people just using clones as free RHEL were way too many for the user/sales flow to be worth it.
It's basically if a car company had a free car on every road, hoping it would drive people to buy a car for themselves, but people are just using it as their car, avoiding buying one because the free one exists.
But as he says, that's not actually how it works. Lots of companies have RH on critical systems, and Cent/Rocky/Alma on less critical, because they can't afford to have RH everywhere.
So why would you think they would now go RH everywhere, especially after losing Cent and having to switch to Rocky/Alma, instead of going to Debian/Ubuntu or SUSE and not having to worry about it?
Not to mention that new admins and even current admins using Cent/Rocky/Alma at home to learn and play - now they can't.
There definitely was a platform effect, and now they have killed it.
You must be paying support for 1000 machines, say $1M in total. Redhat wants at least $20M for 10^5 machines. Maybe, they don't want you as a customer.
I'm not surprised this would be most people's decision. Why trust RedHat any more, when they've been shown to keep making things more expensive and harder for users? If you have to switch, just get away from them entirely.
Whats said in this blogpost may be 100% true, and of course red hat does do a lot for the community, but unfortunately the damage is done. Its always going to feel like:
* Red Hat was a bastion of open source
* Red Hat sold out to IBM
* Red Hat stopped being Red Hat, and started being IBM by focusing on $$ over open source
* Red Hat reputation degrades as $$ are put first, killing off centos, now this, just downhill from here. >
Is it true though? - he says "when we develop fixes for issues in RHEL, we don't just apply them to RHEL - they are applied upstream first, to projects like Fedora, CentOS Stream or the kernel project itself, and we then backport them".
"Additionally, CentOS Stream updates often lag behind RHEL updates. This is because Red Hat won't commit an embargoed security update to CentOS Stream until after it ships in RHEL, so the developers responsible for the update will sometimes forget to commit it to CentOS Stream until a week or two after it's shipped. You end up in a weird position where you get most updates faster than RHEL users, but you often have to wait to get critical security updates. "
It's true that important or critical fixes (embargoed or not) are applied to RHEL before CentOS Stream. Forgetting to apply it seems unlikely because it would be marked as a regression in the next minor release of RHEL. Usually all the red tape is ready and you only need to "git push" as soon as the RHEL packages are shipped.
If not embargoed, however, they are still applied to Fedora first. But most fixes of that severity are embargoed anyway and therefore the patches simply cannot be applied to public source trees without breaking the embargo rules.
Before the "killing of CentOS": CentOS is based off of RHEL (basically being identical with packages, just not "officially professionally supported", I think)
After the "killing of CentOS": RHEL is based off of CentOS (with CentOS-Stream being "the staging" for RHEL packages)
But I actually have no actual clue what haseen going on there and have just been somewhat following this entire "drama" with bbit of interest, so I might be completely wrong in how it actually work
> Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity
Doesn't Red Hat do the same thing for many packages? Do they substantially contribute to every single project they distribute?
I wonder if this will lead to the creation and mass adoption of GPL v4 explicitly forbidding this loophole(and others which have popped up over the years).
It came as slightly bitter pill to swallow when I realised that one of the most important freedoms granted by open source licenses is the freedom to do something you might not like.
If you really don't like it, to the point where it's an actual problem, then it's probably a hint that you picked the wrong license.
A GPLv4 forbidding that wouldn't be matching the Open source definition.
What is the condition going to be called? You have to make your source open for everyone, even if they don't use your products?
Also, RHELs main point is giving a much longer support life cycle than the original dev, so they are contributing for sure.
Heck Python 2 is still supported on RHEL 8, even though It's now EOL.
Even if they don’t make any changes, or upstream contributions, the integration of individual packages into a full OS distribution is certainly valuable. If you disagree, try Linux From Scratch sometime.
We don’t simply take upstream packages and rebuild them
Are they seriously claiming they contribute to every one of the tens of thousands of packages they include in their repo? I'd like to see some proof of that.
If they're taking any open source app, and just including it in their repo without at least 1 RH patch.. then they are "simply tak[ing] upstream packages and rebuild[ing] them".
RedHat absolutely makes money from upstream OSS contributors, and not all of those projects get money or patches from RedHat.
In general I think, if there is a package which is part of RHEL, there is an engineer working on it and contributes patches and is well versed in the code of it. Otherwise if there is a bug reported by paying customer, they won't be able to fix it. Opening a bug against any of supported Red Hat products by paying customers have consequences and it isn't like a bug on gnome or kde that goes unanswered/unresolved for years.
But RHEL by default doesn't have as many packages as Debian or even Fedora. See recent announcement about LibreOffice. Red hat can't by default ship a package that it can't fix and support.
But then aren't they themselves contributing to projects like Fedora and adding value to it in return ?
I don't know anything but it seems that they are also contributing to the ecosystem.
Plus it's not like we lacked free quality linux distros, do we ?
If you feel like you are being taken adavantage of, what prevents you to contribute to say Debian instead ?
I am learning programming and most students like me runnning linux don't run RHEL or CentOs and and frankly barely even know acknowledge their existence.
RHEL is only a couple of thousand packages, and yes Red Hat absolutely does contribute to many, many packages that we use. Probably not every single one, but most of them and most definitely every one that needs fixes. The principle is called "upstream first".
Canonical is a very idiosyncratic company. They mostly tend to do their own stuff their own way (like snaps), sometimes they make something incredible (such as Launchpad), and then mismanage it into irrelevance.
> Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity.
I am not a Red Hat user or customer (I've been living on Debian and using it at work for nearly 15 years now), but I can perfectly understand their decision to not play along so nicely with EL rebuilders any more.
Look at Amazon, who, until very recently at least, simply took what RHEL provided, used that to lure customers into their "RHEL-compatible" cloud platform, far away from any need to compensate Red Hat in any way, and contributed back into RHEL and its upstreams... what exactly?
I can see this only become worse with other cloud heavyweights throwing their 800+ pounds behind other EL downstreams (such as Microsoft with Alma Linux) to continue this play, which will bleed most of Red Hat's established revenue streams - and with it, RHEL itself, and all the projects Red Hat is funding development of today - dry in the long run. They are trying to stop the bleeding, and I sure hope they will succeed. There is a LOT of Red Hat-funded software in Debian that I actually depend on, and if Red Hat withers away, chances are those projects will not survive either.
Their true targets are Amazon and Oracle (you forgot the latter).
That said, I think this is still insufficient to thwart them.
I predict RedHat will wither away and get shut down in 10 years. Neither Amazon nor Oracle will pick up the slack. I would not bet on any projects that they sponsor.
> Look at Amazon, who, until very recently at least, simply took what RHEL provided, used that to lure customers into their "RHEL-compatible" cloud platform, far away from any need to compensate Red Hat in any way, and contributed back into RHEL and its upstreams... what exactly?
Yes, let's do look at Amazon! Because if RH is targeting Amazon Linux, they kind of missed the mark; Amazon, like Red Hat, now simply draws from Fedora as their upstream. All this does hurts is the old versions that were already on their way out.
The dev stats for Linux 6.4 put Oracle at 10th position by changesets and 14th by changed lines, the numbers are approximately half what RedHat does. So not as good as other companies, but not nothing either. No idea what other things they contribute to.
They gotta eat, how do you propose to feed them? I'm pretty sure if all paid Redhat developers stopped contributing it would be a massive blow to the Linux ecosystem that would not readily be replaced by volunteers. They employ people who work on every fundamental pillar of kernel space and userspace. Even if the fired devs wanted to continue contributing, it would probably be reduced hours compared to what they contributed before, because they will be simultaneously doing a different job in order to eat.
We have been told that RH's business model is selling support for a complex and constantly improving platform which is given away for free. Redhat is supposed to represent having someone to call when you don't want to bring in a consultant or hire a Debian expert, not a "seat license for Linux." Part of the difficulty that RH is facing is in trying to undo the expectations set by years and years of marketing - we were all told their business model was really in support.
> There is CentOS Stream the binary deliverable, and CentOS Stream the source repository. The CentOS Stream gitlab source is where we build RHEL releases, in the open for all to see. To call RHEL “closed source” is categorically untrue and inaccurate.
All very logical sounding arguments, but remember that RedHat has been extremely successful for like 30 years with that open source model. These changes came after the acquisition by IBM, meaning that it's likely some clueless MBAs trying to make the line go up in the short term so they can get their promotion, rather than any kind of wise leadership decision. The only reason Rocky and Alma (the evil villains stealing RH's hard work) exist is because IBM killed CentOS, effectively pulling a bait-and-switch on a huge community.
What makes this extra worrying is the important role RH plays in the linux ecosystem. When they get fully IBM'd, what will happen to Gnome, Systemd, Flatpak, etc?
No, it isn't. Selling support is actually profitable. Red Hat is an example of that, in 2018 they had a very healthy 13% profit margin, and they are still profitable to this day. Red Hat wasn't in debt either, it had net assets. I don't see how the end of ZIRP had a disproportionate negative impact on Red Hat's financial, they were and are doing just fine.
> They gotta eat, how do you propose to feed them?
A better pricing model. Nobody is opposed to paying them. Most people used Cent because of the cost. Instead of trying to capture that value they intentionally refused to capture it.
It's not a GPL violation, but it's definitely a willful misinterpretation of it's goals. They're using a lot of mental gymnastics to try and make themselves out as the good guys here:
> I feel that much of the anger from our recent decision around the downstream sources comes from either those who do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit. This demand for RHEL code is disingenuous.
The demand for RHEL code is genuine. The expectation of a return on investment is the disingenuous part. GPL does not give you the right to deny others a genuine copy of your code. If someone pays for a RHEL license and then mirrors all the GPL packages, they would feasibly be complying with all the licenses in play. Putting up all these roadblocks and assuming self-righteousness is how the community loses trust in a platform like this.
So they take stuff other people wrote... and they take it for free... and it's ok... then they might do a patch here or there... and if someone takes that, it's somehow bad, because they don't get the money for that?
What if they don't patch anything, aren't they just "rebuilders" too?
I have to give credit for RedHat it's an honest post. You may not like the overall underlying message and implications for open source, but its simple and honest addressing the why.
I'd love to see the actual metrics behind this decision making, but it seems like confirmation of my suspicion that most RHEL customers think they are paying for the software rather than the support, and many would prefer not to pay for the support or get it cheaper elsewhere. When you go to redhat.com and start getting funneled towards buying a license, the average user would not be able to tell. Also the number of users that care about 10+ year old backports may be shrinking in the era of VMs/Containers with hermetic build systems and elastic compute.
> There was a time, not too long ago, that Red Hat found value in the work done by rebuilders like CentOS. We pushed our SRPMs out to git.centos.org in a neat package that made them easy to rebuild; we even de-branded it for them. More recently, we have determined that there isn’t value in having a downstream rebuilder.
> The generally accepted position that these free rebuilds are just funnels churning out RHEL experts and turning into sales just isn’t reality. I wish we lived in that world, but it’s not how it actually plays out. Instead, we’ve found a group of users, many of whom belong to large or very large IT organizations, that want the stability, lifecycle and hardware ecosystem of RHEL without having to actually support the maintainers, engineers, writers, and many more roles that create it. These users also have decided not to use one of the many other Linux distributions.
This is a very important section a lot of the comments aren't mentioning.
It seems the potential loss of new user flow for them is worth it, as the majority are just using it as a way to avoid paying for RHEL, which was never a free product.
> The CentOS Stream gitlab source is where we build RHEL releases, in the open for all to see.
So there shouldn't be *any difference* between this repo and the final RHEL binaries right?, at least on tags/releases.
But what about unplanned security patches, are these also built in the CentOS stream repos?
This sounds like the argument video game companies like to use to justify DRM to reduce piracy. The question is, as they push for more intrusive DRM, how many of those people pirating their games actually converts into paying customers? How many existing customers they piss off who swore they'll never buy their games again?
In red hat case, how many of those freeloading users using alma and rocky linux will actually convert into red hat customer? How many red hat customers they piss off because they also use those distros and decided to transition away from red hat in the future?
I believe what they don't realize is that many places use RHEL on critical systems, but Cent/Rocky/Alma on non critical systems, because they don't need support and can't afford it even if they did.
Instead of that model, they'll just use Debian/Ubuntu or SUSE, and then RH gets nothing.
While the post is mostly correct and one can agree with most of it, it’s very hard to believe that, unless more people pay for RHEL, it would cease to exist. What’s more believable, is that this is a matter of wanting more money for sales targets. Very legitimate and all, but don’t cry over the long hours and don’t try to sound like misunderstood heroes. RHEL is valuable, it contributes to the ecosystem well, and execs want it to churn out more cash.
What is the evidence that the proceeds from contracts gained from this change will actually go towards the people doing the work? That's what I always wonder. After all, Red Hat also recently cut hundreds of jobs, similar to other tech companies. Those other tech companies also have their own just-so stories to try to explain why they're making certain decisions. Certainly most of those other companies don't have a large open source business in the same way as Red Hat. That they're all cutting (in one way or another) but all have different excuses is interesting. I do find it pretty hard to believe that the morality and ethics of properly paying engineers for their work has much, if anything, to do with it though.
> I feel that much of the anger from our recent decision around the downstream sources comes from either those who do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit.
I'd go a step further and say a lot of the anger is general angst at the _everything_ of the world, but RHEL's changes provided a focusing point in the nerd world. Or at least that's how I've come to terms with my weird interest in this story (and Reddit nonsense and the submersible story).
When everything sucks, it seems very easy to misdirect that angst at whatever is pitchfork-trendy.
So, do I understand it correctly that if Redhat packages a piece of software written and maintained by someone else for their RHEL, they would share their RHEL revenues with them and pay for their work?
Let's say the folks at AMD work so hard to provide a tool to make linux run better on AMD CPUs, now Redhat will not profit off of it by selling to their enterprise customers using AMD systems?
The author of this memo just drank a lot of Kool-aid to believe in what he is writing. But, that doesn't make it right.
If this were taken at face value, then they should have ended CentOS instead of trying to preserve a trademark with a drastically different product.
They built their world on the work of others shared in kind under the GPL, what are they thinking at this new IBM wearing RedHat's face?
To Quote:
The modern definition defines free software by whether or not the recipient has the following four freedoms:[8]
The freedom to run the program as you wish, for any purpose (freedom 0).
The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help your neighbor (freedom 2).
The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
> If you pay them for it, you can't redistribute it.
Citation please? I've sat in enough conference rooms full of lawyers to know the GPL explicitly forbids this, so it would be bordering on insane if this is what they're proposing.
You are allowed (per the GPL) to redistribute the sources that they give you on request with the binaries. But as soon as you do that, they will cancel your support contract so you can no longer get any updates (source or binary) as well as support.
Is it legal? I've read informed opinions both ways
RH doesn't prevent you from redistributing the sources of a GPL'ed RHEL binary. That is indeed explicitly allowed by the GPL, nothing they can do about it. What they can do, however, is cancel your RHEL subscription if they catch you doing it.
IANAL so I can't say whether this constitutes a "further restriction on redistribution" per the GPL, but evidently RH lawyers don't think so.
If you take advantage of the GPL clause that allows you to redistribute the code that built the binaries that Red Hat provided you (which, according to the GPL, you're allowed to do), Red Hat is under no obligation to provide you with new binaries - and therefore no requirement to provide you updates to that code.
IANAL, but that doesn't break the GPL as far as I can tell.
Unauthorized Use of Subscription Services. Any unauthorized use of the Subscription
Services is a material breach of the Agreement. Unauthorized use of the Subscription Services includes: (a) only purchasing or renewing Subscription Services based on some of the total number of Units, (b) splitting or applying one Software Subscription to two or more Units, (c) providing Subscription Services (in whole or in part) to third parties, (d) using Subscription Services in connection with any redistribution of Software or (e) using Subscription Services to support or maintain any non-Red Hat Software products without purchasing Subscription Services for each such instance (collectively, “Unauthorized Subscription Services Uses”).
> I feel that much of the anger from our recent decision around the downstream sources comes from either those who do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit. This demand for RHEL code is disingenuous.
> ....
> There was a time, not too long ago, that Red Hat found value in the work done by rebuilders like CentOS. We pushed our SRPMs out to git.centos.org in a neat package that made them easy to rebuild; we even de-branded it for them. More recently, we have determined that there isn’t value in having a downstream rebuilder.
All in all, this line of commentary really shows to me that FLOSS software and community is at diametric odds with commercialism and capitalism.
One side (FLOSS) is about building and working together, even if there's bumps and bruises. In the end, everyone benefits because everyone is helping each other. FLOSS is obvious area, but so is the fediverse like Mastodon, Matrix, Lemmy, and others.
The commercial/capitalist way is to erect walls and gates, initially set them low/no barriers, and then over time extract money for access to the arbitrarily gated areas. We see this in reddit, discord, github, gitlab, redhat, etc. And then those companies will start out open, and slowly close each avenue until people are either forced to pay up, or leave. Cory Doctorow talks about this with "enshittification". "Internet of Shit", for IoT goods, is a similar anti-feature-fest where you pay more and get less over time.
the argument seems to be that redhat is/was playing fairly and then Oracle/AWS/Google/etc (which for legal reasons obviously cannot be named explicitly) came and started freeloading on redhat's work instead of "working together". bit of a tragedy of the commons/adverse selection issue within "capitalism" than a "capitalism vs community" thing.
maybe they should just grandfather RHEL (only support current releases for the 10 year period, no new LTS) and if clients want a security patched newer version of Linux, offer consultancy to help them switch to Oracle Linux. and then Larry will have to actually do the work lol.
maybe at a later point they can offer support for a bug-for-bug compatible rebuild of Oracle Linux :-)
Seems like RedHat really does not understand that open source means surrendering your monopoly over commercial exploitation of a software project, including to those who will strip your trademarks, redistribute and provide services on top of the result.
Rebuild code without changing also means learning.
It doesn't end there, i also valid it's reproducible, which is good for the sake of software freedom and also security.
"Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity."
"This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity."
What I'm getting from this is that Red Hat has a mythos that they are saving the Linux ecosystem from the days when Linux was just a hacker's OS. But this mythology is used to galvanize the rank and file Red Hatter into doing what management decides is the best direction for the Linux ecosystem.
The claim here that their sources are available seems like it probably has a lot of asterisks to it? Or is this kerfuffle really over nothing?
McGrath seems to be fessing up to removing access to binaries, and has his hard-truth he wants to try to deal, but but it seems like the story goes significantly deeper or the anger/frustration wouldn't be anywhere near as high. It's not clear to me from a quick browse of the repo what backports/security fixes are/aren't available.
Binaries weren't removed, RHEL binaries were never available on git.centos.org. The source for RHEL is available via CentOS Stream. The only thing missing is the checkpoints in CentOS Stream where they decide it's suitable to send to RHEL, which makes it harder for the rebuilders to build the exact same thing.
I have already seen some projects dropping support for RHEL, I wonder if there will be any projects rejecting upstream contributions from RHEL folks because of this.
There is an opportunity here for Amazon to take some of this goodwill IBM/Red Hat is losing. Make Amazon Linux run nicely outside of AWS with (free) LTS. Charge for support for those who need it.
When Oracle messed with Java LTS AWS did Corretto LTS. When Elastic did Elasticsearch license change, Amazon/AWS did Opensearch.
They don't need to support esoteric hardware (at least other than their own).
If you accept that it takes a lot of effort to produce what Red Hat produces and you accept that you cannot buy food with a list of your open source contributions, then the people who work for Red Hat need to be compensated in some way.
If your answer to this is that there is a big, distributed pool of people willing to do this work instead of Red Hat then you don’t believe that Red Hat adds value. But the question remains: who compensates those people?
And this big distributed pool of people ready to do free work definitely doesn’t exist already. Well, it does, but it’s just Redhat. And they are rightfully changing that.
It could be the companies they work for (like is done with the Linux Kernel), but that doesn’t exist and starting it is a pretty big undertaking.
At the end of the day the comment in the post about the anger coming from people who “do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit” rings pretty true.