The Server Side Public License (SSPL) is a source-available copyleft software license introduced by MongoDB Inc. in 2018.[2][3]
Author | MongoDB Inc. |
---|---|
Published | 16 October 2018 |
SPDX identifier | SSPL-1.0 |
Debian FSG compatible | No |
FSF approved | No |
OSI approved | No |
GPL compatible | No[1] |
Copyleft | Yes |
Website | www |
It includes most of the text and provisions of the GNU Affero General Public License version 3 (AGPL v3),[4] but modifies its provisions for software that is conveyed over a network—requiring that anyone who offers the functionality of SSPL-licensed software to third-parties as a service must release the entirety of their source code, including all software, APIs, and other software that would be required for a user to run an instance of the service themselves, under the SSPL. In contrast, the AGPL v3's equivalent provision covers only the licensed work itself.
The SSPL is not recognized as free software by the Open Source Initiative (OSI), Red Hat,[5] and Debian[6] as the aforementioned provision is discriminatory towards specific fields of use.[3][7] Specifically, this is discriminatory against users of the software that use proprietary software within their stack, as the license requires the open-sourcing of every part interacting with the service, which under these circumstances might not be possible. This is in violation of Points 6[8] and 9[9] of the Open Source Definition as used by the Open Source Initiative.
License terms
editThe SSPL is based on the GNU Affero General Public License (AGPL), with a modified Section 13 that requires that those making SSPL-licensed software available to third-parties (modified or not) as part of a "service" must release the source code for the entirety of the service, including without limitation all "management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available", under the SSPL.[4] The chapter structure of the Server Side Public License is identical to that to the AGPL, except that the GPL preamble and application instructions are stripped from the license text.[4]
MongoDB Inc. stated that Section 13 in the AGPL (which requires that those using the AGPL-licensed software over a network have the ability to obtain the source code for the software, as used) had an unclear scope, and that the SSPL's version "clearly and explicitly sets forth the conditions to offering the licensed program as a third-party service".[3][10][11]
Licensed software
editIn October 2018, the MongoDB database was relicensed under the SSPL. Debian, Red Hat Enterprise Linux, and Fedora subsequently dropped MongoDB, citing concerns about the SSPL. Amazon released a partially compatible but proprietary service named DocumentDB.[12][13]
In November 2020, Graylog announced that version 4.0 of its source-available release will be licensed under the SSPL.[14]
In January 2021, Elastic NV announced that future versions of their code in Elasticsearch and Kibana, licensed until then under the open-source Apache License 2.0, would be dual-licensed instead under SSPL and their own Elastic license.[15] Critics of the re-licensing decision predicted that it would harm Elastic's ecosystem, and Amazon responded with plans to fork the projects for continued development of versions licensed under the Apache License.[16] Other users of the Elasticsearch ecosystem, led by Amazon Web Services, and including Logz.io, CrateDB, Red Hat and Aiven, also collaborated on the open source fork, leading to the creation of the OpenSearch software.[17][18][19][20]
Redis moved away from the three-clause BSD license on March 20th, 2024.[21] Users now have a choice between the SSPLv1 license and their own Redis Source Available License (RSALv2). This change in licensing upset many users, prompting The Linux Foundation to create a fork called Valkey, using Redis' final BSD-licensed iteration as a base.[22]
Certification with OSI
editIn 2018, MongoDB submitted the license to the Open Source Initiative (OSI) for approval. The company withdrew its submission in 2019.[23][24] In January 2021, following the re-licensing move by Elastic, OSI released a statement declaring that the SSPL does not comply with its Open Source Definition because it discriminates against specific fields of endeavor,[8] describing it as a "fauxpen" source license.[7]
References
edit- ^ Section 13 of the licence: "If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Program or modified version."
- ^ "Server Side Public License (SSPL)". MongoDB. Retrieved January 14, 2021.
- ^ a b c "Server Side Public License FAQ". MongoDB. Retrieved April 27, 2021.
- ^ a b c Ward, Sarah. "SSPL compare to AGPL" (PDF).
- ^ "MongoDB's licensing changes led Red Hat to drop the database from the latest version of its server OS". GeekWire. January 16, 2019. Archived from the original on October 23, 2021. Retrieved February 26, 2024.
- ^ Lamb, Chris (December 5, 2018). "MongoDB SSPL v1 license and the DFSG". Debian Bug report logs (Mailing list). Debian. Archived from the original on February 26, 2024. Retrieved February 26, 2024.
However, the SSPL is clearly not in the sprit of the DFSG, yet alone complimentary to the Debian's goals of promoting software or user freedom. In light of this, the Project does not consider that software licensed under the SSPL to be suitable for inclusion in the Debian archive.
- ^ a b OSI Board of Directors (January 19, 2021). "The SSPL is Not an Open Source License". Open Source Initiative. Archived from the original on December 4, 2022. Retrieved February 19, 2023.
- ^ a b Perens, Bruce (February 17, 2019). "[License-review] Approval: Server Side Public License, Version 2 (SSPL v2)". License Review Mailing List of the Open Source Initiative (Mailing list). Open Source Initiative. Archived from the original on April 11, 2023. Retrieved March 29, 2024.
Section 13 is very obviously intended to be a restriction against the field of endeavor of offering the software as a service, and thus not in compliance with OSD #6.
- ^ Perens, Bruce (February 17, 2019). "[License-review] Approval: Server Side Public License, Version 2 (SSPL v2)". License Review Mailing List of the Open Source Initiative (Mailing list). Open Source Initiative. Archived from the original on April 11, 2023. Retrieved March 29, 2024.
it doesn't appear that you've addressed the main problem with the license, which is that it attempts to encumber entirely separate programs which are simply used together with the licensed program.
- ^ Baer, Tony. "It's MongoDB's turn to change its open source license". ZDNet. Archived from the original on October 31, 2018. Retrieved October 16, 2018.
- ^ "MongoDB switches up its open source license". TechCrunch. Archived from the original on October 16, 2018. Retrieved October 16, 2018.
- ^ Vaughan-Nichols, Steven J. "MongoDB "open-source" Server Side Public License rejected". ZDNet. Retrieved January 14, 2021.
- ^ "#915537 - MongoDB SSPL v1 license and the DFSG - Debian Bug report logs". bugs.debian.org. Retrieved January 14, 2021.
- ^ "Graylog v4.0 Licensing SSPL | Graylog". www.graylog.org. Retrieved January 14, 2021.
- ^ "Doubling down on open, Part II". Elastic Blog. January 14, 2021. Retrieved January 15, 2021.
- ^ "'It's not OK': Elastic takes aim at AWS, at the risk of major collateral damage". Protocol — The people, power and politics of tech. January 21, 2021. Retrieved January 22, 2021.
- ^ Vaughan-Nichols, Steven J. "AWS, as predicted, is forking Elasticsearch". ZDNet. Retrieved January 28, 2021.
- ^ "CrateDB Doubling Down on Permissive Licensing and the Elasticsearch Lockdown". CrateDB. January 27, 2021. Retrieved January 28, 2021.
- ^ "Momentum Builds to Break Elasticsearch Licensing Deadlock". Datanami. January 25, 2021. Retrieved January 31, 2021.
- ^ Vaughan-Nichols, Steven (April 13, 2021). "OpenSearch: AWS rolls out its open source Elasticsearch fork". TechRepublic. Retrieved September 3, 2021.
- ^ Trollope, Rowan (March 20, 2024). "Redis Adopts Dual Source-Available Licensing". Redis. Retrieved March 29, 2024.
- ^ "Linux Foundation Launches Open Source Valkey Community". www.linuxfoundation.org. Retrieved March 29, 2024.
- ^ Horowitz, Eliot. "[Email thread reply] Approval: Server Side Public License, Version 2 (SSPL v2)". Retrieved January 23, 2021.
- ^ Gall, Richard (March 12, 2019). "MongoDB withdraws controversial Server Side Public License from the Open Source Initiative's approval process". Packt Hub. Retrieved January 14, 2021.