I thought I’d illustrate how I’d solve the current licensing conundrum of single-vendor open source firms like MongoDB and Elastic using some graphics. In short: While open source application vendors can still dual-license, open source component vendors (like the companies just mentioned) need to triple-license to get the benefits of open source yet keep their competitors at bay.
To recap: In the single-vendor commercial open source model, open source application vendors like SugarCRM and Jaspersoft (back in the day) licensed out their software under (at least) two licenses, one commercial, one copyleft (e.g. AGPLv3). They don’t have to make compromises, because their customers only use the software, they don’t distribute it. The following figure illustrates this on the left.
In contrast to this, open source component vendors like MongoDB and Elastic used to also dual-license like the application vendors, however, the open source version had to water down the copyleft effect by way of permissively licensed shims, e.g. adapters or client libraries. This was necessary to drive adoption with application developers, who would not have touched the open source component otherwise (because the copyleft effect would have required their own application to be openly licensed). The above figure illustrates this to the right.
The permissive shims opened the door for cloud providers to use the same rights grant that application developers got to offer the open source component as a service. Many of the open source component vendors did not like this competition and tried to uninvite it by switching away from the open source license to an almost-like but-not-quite open source license. As anyone following the news knows, this lead to quite a backlash from the open source community.
I suggest that not all is lost and that open source component vendors should simply add back the AGPLv3 as a possible third license, but without the shims. This move is illustrated in the following figure.
By triple licensing like illustrated above, the component vendor gets the benefits of the open source community and its good will (by way of the AGPLv3 license) and also gets to drive adoption with application developers by way of the almost-but-not-quite open source license. Whether it is possible to recoup the lost goodwill I don’t know.
However, for new single-vendor open source firms, who approach this problem transparently, this should be a satisfactory solution.