Liquibase continues to advertise itself as "open source" despite license switch
134 comments
·October 16, 2025sarchertech
ants_everywhere
Liquibase is also not free software. Most of these non-open-source licenses aren't free software. I'm not aware of any exceptions, but I'd be happy to see some examples if there are any.
The rest of your comment mainly seems to be a mixed bag of rhetoric. It obscures the reality that Liquibase is, to modify your words, "co-opting the" open source movement to make it "more business friendly."
gdwatson
“They convinced a bunch of developers that their definition of Open Source that was specifically crafted to protect business interests is canon.”
They adopted the existing Debian Free Software Guidelines as the Open Source Definition. The DFSG are good, actually, and represent an important community consensus outside the FSF.
sarchertech
They looked around and found the guidelines that most closely matched their goals. Specifically DFSG already included a clause about not restricting commercial use.
Also if you read the original DFSG the clause about field of endeavor has been interpreted by OSI differently from the intent.
It was about saying your license can’t prevent an end user of your software from using it for a specific purpose. It really says nothing about restrictions on how you can sell the software.
The problem is OSI is now the sole interpreter of the definition.
jraph
The DFSG and the OSD are the same text, but the OSI and the Debian project interpret it differently, and this difference is important.
Debian (and most other distributions, btw), for the most part (or entirely, I suppose), agrees with the FSF / the GNU project when deciding which license is free or non free. The OSI has a more permissive interpretation.
RMS speaks about that in a recent interview in French [1], English translation below:
> La FSF a financé Debian à son commencement. Mais rapidement, le projet, qui comptait plus de contributeurs, a voulu formuler une définition de la liberté différente, avec l’intention d’être équivalente.
> À l’époque, j’ai commis une erreur : j’aurais dû vérifier plus attentivement s’il pouvait y avoir des divergences d’interprétation entre le projet GNU et Debian. La définition me paraissait équivalente, même si elle était formulée autrement. J’ai dit : “C’est bon.” Mais en réalité, il y avait des problèmes potentiels.
> Plus tard, quand l’open source a émergé, ils ont repris la définition de Debian, je ne sais plus s'il ont changé quelques mots mais ils ont surtout changé l’interprétation. Dès lors, elle n’était plus équivalente à celle du logiciel libre. Il existe aujourd’hui des programmes considérés comme “open source” mais pas comme logiciels libres, et inversement.
> J’ai d’ailleurs expliqué ces différences dans mon essai Open Source Misses the Point.
English translation (not a native English speaker, I hope the translation is ok, especially considering that RMS is close to his words and it's probably easy to misrepresent him without noticing):
> The FSF funded Debian at its beginnings. But rapidly, the project, gaining more contributors, wanted a different phrasing for the definition of freedom, which the intent of being equivalent.
> Back then, I made a mistake: I should have checked more carefully if there could be different ways to interpret it between the GNU and the Debian projects. The definition seemed equivalent to me, even if it was phrased differently. I said: "OK". But in reality, there were potential issues.
> Later, when Open Source surfaced, they took Debian's definition, I don't know if they changed a few words but they above all changed the interpretation. Since then, it was not equivalent to the free software definition anymore. There exist open source software that's not free software, and conversely.
> By the way, I explain all this in my Open Source Misses the Point essay.
[1] https://linuxfr.org/news/40-ans-pour-l-informatique-libre-en...
redwood
Spot on. Thank you for saying this. It boggles my mind with a bunch of former Red Hat types now work for companies like Microsoft and perpetuate a zealot mindset that might have made sense in the 90s but now it's completely divorced from what the next generation of software companies need.
All you have to do is look at the name of the company on the building ...it still says Microsoft folks
oytis
The original open source was a programmer to programmer relationship, not company to company. Open source as a business model was inveted later, and it turns out compatibility with original open source licenses only goes that far.
matheusmoreira
Truly one of the biggest wealth transfers in history. From well meaning developers straight into the pockets of corporations.
https://web.archive.org/web/20120620103603/http://zedshaw.co...
> Why I (A/L)GPL
> Open source to open source, corporation to corporation.
> If you do open source, you’re my hero and I support you.
> If you’re a corporation, let’s talk business.
> I want people to appreciate the work I’ve done and the value of what I’ve made.
> Not pass on by waving “sucker” as they drive their fancy cars.
https://zedshaw.com/blog/2022-02-05-the-beggar-barons/
> To the Beggar Baron, open source's value is its free donation.
> You would never stand on the street and offer to buy the wallets off people who are about to donate a few dollars to you. That'd be stupid.
> They're giving you their money for free. Take it and run.
Always slap AGPLv3 onto everything you make. Always choose the most copyleft license imaginable. Permissive licenses yield zero leverage. It's either AGPLv3 or all rights reserved. Nothing else makes sense.
hylaride
If AGPLv3 was slapped onto everything back then, the likelihood of linux/open source being where it is today would be an order of magnitude less. A good chunk of the original windows TCP/IP stack was ripped from BSD licensed code. Had that not have been "easy" for Microsoft to take, the internet may not have developed the way it did and we'd all maybe be on proprietary networks like AOL/MSN/etc.
The solution isn't always swinging super-far in the other direction.
That being said, commercially supported OS software has essentially become shareware - just enough to get you hooked, and then the price jump is enormous.
GuB-42
You seem to imply it is a negative, I don't think it is.
1. They certainly came from the free software movement, but they don't call it "free software", they call it "open source". It is a detail but the name acknowledge the distinction, "open source" is a more practical term while "free software" is more idealistic. And I think it is a good thing we have both a business friendly OSI for getting stuff done and a more militant FSF to keep businesses in check.
2. I never needed this convincing so I may be biased, but open source is I believe superior to proprietary. Think of the source code as documentation, the best kind because it tells the truth. Think of the ability to change and rebuild the software as unlimited extra settings you get for free.
3. Their definition of open source is as much canon as the definition of free software by the FSF is canon.
4. Most developers aren't lawyers, we can't really trust them to pick licenses, or worse, write licences that will do what they think will do. So having an approved list of well tested license is a good thing.
That big tech and big money is behind it is not a bad thing. Developers want to get paid after all. Big tech have the best lawyers too, so by picking a licence they acknowledge, you know what you are up to.
And note that some of the OSI approved licenses, like AGPL are particularly hated by big tech.
jraph
The open source initiative was initially about hiding the political and philosophical aspects behind the free software movement (that's the second part of your (1)). (hence the "Why Open Source Misses the Point of Free Software" essay [1]). With some benefit of the doubt, one could imagine that it was a well-meaning move to make companies do free software so we could all enjoy the freedom it gives, without them feeling they are doing dirty politics. This hasn't worked out: programs targeting end users are still proprietary for the most part.
I'm not sure what's bad about 2. What's quite bad however IMHO is the push to use permissive licenses and the anti (A)GPL FUD that these big tech companies spread. Of course it is very convenient to them that every library under the sun is under MIT or BSD, so they can built proprietary software more efficiently.
Note: the OSI recognizes the AGPL as an open source license so at least the set of "big tech approved licenses" is not the same set as the OSI approved licenses.
[1] https://www.gnu.org/philosophy/open-source-misses-the-point....
sarchertech
Many “big” companies would rather not bother with GPL, but the biggest tech companies don’t care when it comes to repackaging and reselling it as a service.
AGPL hasn’t been thoroughly tested in the courts, so it’s unclear how much protection it offers. It’s not beyond someone like Amazon to setup a new company just firewall off AGPL software.
jraph
> but the biggest tech companies don’t care when it comes to repackaging and reselling it as a service.
If I'm not mistaken, Apple would rather avoid touching anything GPLv3 with a ten foot pole. They are among the biggest tech companies in my mind.
Anybody seems fine with GPLv2 though. But GPL is less convenient than permissive licenses.
Of course, you can still indeed build services with GPL software without redistributing the modifications, which is the point of the AGPL.
> It’s not beyond someone like Amazon to setup a new company just firewall off AGPL software.
I suppose so. However, this would work as intended: the Amazon firewall company would need to redistribute the improvements.
Also, do you have examples of this happening? (not arguing, actually genuinely curious)
thedevilslawyer
Or you know, like, the 4 freedoms matter?
sarchertech
This was the original 1986 definition of “free software”.
‘The word "free" in our name does not refer to price; it refers to freedom. First, the freedom to copy a program and redistribute it to your neighbors, so that they can use it as well as you. Second, the freedom to change a program, so that you can control it instead of it controlling you; for this, the source code must be made available to you.’
Giant trillion dollar conglomerates repackaging and selling a product backed by free labor without contributing back wasn’t something they were contemplating back then.
jrochkind1
I don't know, they were focused on freedom for users not for vendors/programmers.
I think it's very intentional that a restriction on what you can do with software -- including reselling it -- is a violation of the "four freedoms" -- freedoms for what someone can do with software, including redistribute it or use it for any purpose they want (including reselling it).
These licenses meant to prohibit users from using the software in ways that harm the business interests of the programmers -- I am confident the original creators of free software four freedoms would agree they are not free software. It is very intentional that they were saying the freedom of users to do what they want with software should not be limited for the convenience of the business interests of those who wrote the software.
cube00
The conglomerates can also host it on their extensive cloud infra at a price small competitors will never be able to match because they own the cloud infrastructure too.
Somehow the service+infra is the same cost or cheaper then buying the infra alone and trying to deploy the open source version to it.
blibble
> Giant trillion dollar conglomerates repackaging and selling a product backed by free labor without contributing back wasn’t something they were contemplating back then.
this is absolutely right, and the OSI has been successfully captured by these companies
would RedHat be able survive to IPO these days? I very much doubt it (see: Oracle Linux)
a new term is needed, "Open Source" is no longer fit for purpose in a world where the hyperscalers exist
"Fair Source"?
bayindirh
I try to remember this and remind to others while chatting:
- Open Source software is about developer freedom.
- Free Software is about user freedom.
Qwuke
"First, the freedom to copy a program and redistribute it to your neighbors, so that they can use it as well as you" I can't do this with FSL unless it's a permitted purpose. So, even under this definition it is not free or open source.
The GNU Project and Richard Stallman, who made this statement, would agree that it's not free under even this earliest definition. They in-fact made it even clearer when they defined freedom of "use" as the distinct 0th freedom eventually to make it even clearer that being able to use the software freely is fundamental to their idea of freedom. Again, freedom isn't about price, it's about usage, availability, redistribution and lack of restrictions on this. I cannot freely redistribute FSL licensed code under the original definition of free software.
"Giant trillion dollar conglomerates repackaging and selling a product backed by free labor without contributing back wasn’t something they were contemplating back then."
Yes, the GNU project were acutely aware of this and designed the GPL licenses around such scenarios - they just didn't design it for SaaS businesses, where if you redistribute the built program externally after modifying it but only distributed its responses over a network, you technically weren't obligated to open source that modification. AGPL resolved this issue, and has more case law behind it than this 2 year old license, and has certainly less daunting implications than a not legally well defined 'competing purpose'.
Wrt to the legal concerns with AGPL, they're not actually that it wouldn't provide any protection, but rather that it might offer the originally distributing entity too much power: legal power to declare all software used in the stack to produce a network request MUST be made source available. I have not seen any lawyer concerned with whether or not Amazon would be able to bypass its protections, and the license was made by lawyers to clearly provide protection. Did you create this legal theory yourself? Because I've not seen any writing from a lawyer on the internet that suggests that Amazon could firewall themselves off in a friendly jurisdiction under any reading of the license, and I read a lot of AGPL lawyerblogging.
Sentry, the company who created FSL, even states that this license restricts user freedom explicitly - for the sake of the business interests of the original developer.
So summing up.. Richard Stallman, the FSF, the GNU Project, the OSI, the creators of the FSL, the company now currently using FSL, all agree that this source available license does not meet the definition of "free software". So, whose definition are we using out of thin air?
einrealist
I have just created a task to find an alternative in case 4.x cannot be used anymore.
I have nothing against someone trying to monetise useful software. However, switching from an open-source software (OSS) licence is essentially a bait-and-switch tactic. This immediately destroys trust. It also destroys the part of the user base that is difficult to monetise but still has the potential to be monetised. I was hoping that the Elastic and TerraForm debacles had taught people a lesson.
Flyway is also questionable at this point. If Liquibase is switching, what's to stop Flyway?
Unless a fork is happening, I'm considering creating my own migration library tailored to our actual needs and usage. It should not be so hard. Liquibase was more of a convenience.
Arcuru
What is their new license blocking you from doing?
rester324
I would add EventstoreDB (now KurrentDB) and NATS to the list of questionable service providers. The former has already relicensed it's service, and the latter had also intended to do so, they just chickened out after seeing the reactions and resistence from their user base. It's really become a business strategy at this point to pull the rug below the users.
asdfaoeu
The beauty of open source is you can always fork the previous version. I don't see how it's anymore of a bait and switch than a vendor raising the price of a product.
einrealist
The ability to fork something doesn't mean its viable or reasonable for everyone. That's a risk to users in case of both extremes: bait-and-switch tactics (mostly due to commercial motivations) or abandoned projects (see ASF Attic).
miniwark
Apart from Flyway (Apache), Atlas (Apache) and Sqitch (MIT) still use "Open Source" licenses.
einrealist
Don't confuse the license with project ownership. Flyway is owned by Red Gate Software and the community edition of Flyway is licensed under Apache 2.0. Apache Atlas is owned by the Apache Software Foundation AND licensed under Apache 2.0.
real_joschi
I'm pretty sure they mean https://atlasgo.io/ and not https://atlas.apache.org/.
ahoka
It takes some thinking, but you can just use plain SQL to do the migrations.
real_joschi
It takes some thinking, but you can just use rsync to build your own version of Dropbox.
watwut
That amounts to creating own db migration tool.
rcakebread
For those arguing it is still open source, Liquibase says it is not.
"Is FSL an open source license?
No."
https://www.liquibase.com/blog/liquibase-community-for-the-f...
DetroitThrow
This was less than a month ago, so the README may not simply have been updated yet then, rather than the frustratingly large number of projects that are source available but want to brand themselves as something they are not.
donohoe
Fair point, but it takes less than 10 minutes imho to update a README. Perhaps less than 1. And they took the time elsewhere to update other docs. So it’s fair criticism when a month later it’s still saying things that are no longer true.
Meneth
So Liquibase made an open-source project, used Apache instead of strong copyleft (e.g GNU AGPL), and then expected others to not do the thing Liquibase chose to allow them: make closed-source derivatives.
Liquibase has only itself to blame.
firesteelrain
It looks like they auto switch to Apache after some time. I am not sure if that makes it better or worse
DetroitThrow
Organizations can still achieve their goals with the AGPL instead of a source available license. Redis switched, and their own organization was pleased, as well as their community. I don't think any Liquibase user would be unhappy with Liquibase being dual licensed with AGPL.
dig1
AFAIK, AGPL is no-go for EPL/Apache-licensed projects, unless the whole project is under (A)GPL, or use some "exceptions" wording. Wrt Redis community, it's the shadow of the former itself, everyone who plans to invest in Redis long-term, moved to Valkey.
lifty
Regarding Redis, you mean that AGPL was not a good choice for them?
jraph
Should probably be called "open source with a two year delay", or "open source in two years".
Or "open source when obsolete" because that's what it is, fundamentally. Of course, it sells less and makes it way more obvious what these delayed open source licenses are at their core: "we'd like to make people believe we respect their freedom, but are not actually convinced with giving them that".
Dylan16807
Very little is obsolete that fast. I don't think it shows a lack of respect for my freedom. The goal is to place some (rather minor) restrictions on businesses, and businesses are not people.
rester324
That statement is not so true as you think it is though. Legal entities as companies for example are juridical persons in most countries. This principle is called company personhood.
Dylan16807
That was already incorporated into what I said. I phrased it the way I did on purpose.
jraph
> Very little is obsolete that fast
Isn't two years of security patch lag a big deal?
Dylan16807
It's a dev tool that isn't taking untrusted input, right? Then no, I don't think security patches are a big deal.
Also I feel like "obsolete" is the wrong word for that.
unsungNovelty
#source-washing
aDyslecticCrow
open source for enterprise is often more about trust and transparency than "freedom". Source avaliable has most advantages of FOSS without the legal and monetization issues.
There is this blind trust in open source model taken to a unhealthy or misguided extreme in a lot of online discussion.
A two year delay is pretty reasonable and liberal. It allow costumers that dont want to accept the new licence able to continue as-is by simply following an older version.
jraph
> There is this blind trust in open source model
In my case, it's not about any open source model, it's about software freedom.
What's unhealthy is non-free software, and there's nothing extreme in having this opinion.
Dylan16807
It's free for humans and 99.999% of businesses.
If you base your opinions on pure black and white tests without considering the actual tradeoffs of the license then that's blindness.
SCdF
For those who were not familiar with the licence they have switched to: https://www.tldrlegal.com/license/functional-source-license-...
benterris
For more context, the FSL was created by Sentry, who explain why it's been created and what problems it was trying to solve here: https://blog.sentry.io/introducing-the-functional-source-lic...
aitchnyu
Is 2 years too little? The deep pocketed companies I know dont mind 5 year old software and I'll be okay with 2012 Redis or 2020 Postgres.
12345ieee
Not to mention their pro features keep breaking syntax of the community version, obviously with 0 transparency.
Now, of course they should get paid for the work they do, but these sort of "we were FOSS and surprise we're not anymore" are becoming commonplace and are always done hoping no one notices.
saddist0
Honestly, FSL doesn't break any flow for day to day developers. What's the harm? I am curious to know. On the contrary I like competitive vs non-competitive distinction.
sarchertech
It’s because big tech companies have spent millions to foster goodwill towards the OSI Open Source definition. And there’s a general feeling that software that fits that definition is pure and any that doesn’t is unclean.
DetroitThrow
Most of us don't want to let a court decide if we compete with a very general distinction you describe, and can't afford lawyers to evaluate a 2 year old license without much case law.
Most of us prefer not to bring on a dependency in our project that is primarily designed to extract commercial value from users and is less friendly to contributors than similar open source projects.
amaccuish
What's up with the comments here?
Either just reading the "base" part and plugging some unrelated service, or claiming source available is the same as open source
pards
This is a shame. We use Liquibase on my project and I have a few bugfixes / functional gaps that I was planning to contribute back but I doubt my large enterprise client would sanction contributions to a commercial codebase.
jsiepkes
Apparently this also poses a problem for OSS projects such as Keycloak since they can't use non-OSS licenses according to the CNCF [1].
I wonder if a project which uses Liquibase can be included in Debian, Fedora, etc.? Since these projects also have requirements on OSS licenses for the software they distribute.
mhitza
> I wonder if a project which uses Liquibase can be included in Debian, Fedora, etc.?
Cannot be included in the main repositories, but nothing stops them from being part of other repositories (custom, or if something like rpm fusion non-free exists for Debian based distros as well).
Macha
Huh, did not realise Liquibase changed their license. Seems a bit weird when basically every web framework has an alternative in house, and there's Alembic and Flyway as framework-generic alternatives.
nashashmi
If the previous code is on GitHub, then the previous code is open source. All future development will be under fsl. And released two years later.
Big tech companies (the money behind the Open Source Initiative) have done a few things.
1. They co-opted the free software movement and made it more business friendly.
2. They convinced people that Open Source is pure and software that isn’t Open Source is unclean.
3. They convinced a bunch of developers that their definition of Open Source that was specifically crafted to protect business interests is canon.
4. They convinced a well meaning subset of those developers to police the other devs and pressure them to release their software under big tech approved licenses.