Earlier this month, RHEL’s executive team decided to close public access to their indisputably GPL-licensed upstream contributions.
I guess it started in 2014 at the early stages of the corporate takeover of F/OSS I warned everyone about while they pretended not to see it happening and are only just starting to see a glimpse of the consequences for ignoring. Around this time RedHat acquired CentOS, which was a bug-for-bug clone of RHEL and matched its release cycle at the time, which was perfectly fine because RHEL is just a collection of packaging and patches they’ve created for GPL-licensed software (and other free licenses).
Then in about this time of year in 2019, a little over four years ago to the day, IBM purchased RedHat.
Then in 2020, RedHat announced it was going to nuke the release cycle CentOS had been using to introduce CentOS stream, so that it would have a rolling release cycle and would no longer be bug-for-bug compatible with RHEL. The last supported release of CentOS goes end of life in 2024. At the time they made some statements about the reason why being about shortening the development cycle for RHEL by using CentOS as its testing stage, which most people actually believed at the time (this was in response to community criticism about it appearing to be an anti-competitive measure and an attack on open source projects).
A few people were picking up on where this was headed, and decided to create CentOS clones to match RHEL’s release cycle and provide a community version that was bug-for-bug compatible. Two notable examples are AlmaLinux and Rocky Linux. Since IBM’s RedHat had claimed the CentOS change was about optimizing the development lifecycle for RHEL, this should seem to be irrelevant to them.
Except, it wasn’t about that at all once those projects got large. Four years later, almost to the day, IBM’s RedHat has announced that:
- it will no longer be making publicly accessible the source code for RHEL
- that source code will be distributed only to paying customers in a walled garden model
- the subscription agreement will forbid subscribers from building a RHEL clone or publishing the GPL-licensed software they were being given access to.
Which has these impacts on those RHEL bug-for-bug clones:
- they can no longer get access to the source code for RHEL to build the bug-for-bug clone
- this includes security patches
- developers who write security patches in these communities, should they choose to submit their patches upstream, will no longer be able to access their own patches for inclusion in their own distribution without violating the RHEL subscription terms
In brighter news, they seem to only operate on a four year cycle and I have identified a way around this hurdle they’ve put around all these downstream communities. I’ve heard some of the FAANG/GAFAM apologists spreading the sentiment that RHEL deserves to be compensated for the work they contribute — and they have been and will continue to be, but, this has nothing to do with the fact that they are strategically and systematically destroying, quite deliberately, the communities that created them, which while these projects are newer consist mostly of the people that built all of this.
The solution is easy.
- First, someone needs to create a repository and a platform dedicated for this purpose, like “rheldist.org” or similar.
- People who will make anonymous contributions (anonymous to the public and not to internal teams) to that platform would relay this GPL-licensed material accessed from their RHEL subscriptions.
- A validation team also with subscriptions would vet the material as it comes in.
- The group hosting it ensures there is an active supply of new subscriptions being created for the sole purpose of violating those subscription agreements, and people to use those subscriptions.
There is no legal recourse for this by RedHat beyond occassionally terminating subscriptions for people they think are involved in relaying the content.
The reason this is not actionable by RedHat is because while they can restrict who they provide the licensed material to they do not actually own any license at all on that material they’re providing. So, unless they drop the GPL license with a full rewrite of their entire software ecosystem, they cannot sue someone for re-releasing material that they have released as part of their own obligation to fulfill the GPL license, and, I would go on to say that using their terms of service or subscription agreement as an overlay to restrict people from re-releasing that material violates the GPL. I encourage anyone reading this to run this by an intellectual property attorney.
I personally will not be doing this, but, there are many communities that would benefit a great deal from this.
We have to stop pretending that the major corporate players in this space are not headed towards a proprietary landscape or are not intently hostile to the communities that created them. They’re just being nice about it (and lying, as demonstrated above) while they do it, using their army of developer advocates and paid “community leaders” that are essentially glorified propagandists and narrative forgers. It’s not unique to the RHEL ecosystem by any means, it’s just the latest example of why these huge sponsors have different intent than the paint on the wooden horse suggests.