HashiCorp’s CEO predicted there would be “no more open source companies in Silicon Valley” unless the community rethinks how it protects innovation, as he defended the firm’s license switch at its user conference this month.
The IaaC pioneer unwrapped a slew of product updates and features at HashiConf in San Francisco, barely two months after it switched future versions of its entire product set from the Mozilla Public License to the Business Source License (BSL).
At the time, HashiCorp said, “All production uses are allowed other than hosting or embedding the software in an offering competitive with HashiCorp commercial products, hosted or self-managed.”
However, the move drew a furious reaction from the open source world. OpenTofu, a fork of Terraform, was launched in short order, under the aegis of the Linux Foundation.
CEO Dave McJannet said this week that the license switch had been necessary as HashiCorp’s technology was critical to the modern cloud, and would only become more so the world’s biggest companies complete their shift from on-prem technologies.
While open source advocates had slammed the license switch, McJannet described the reaction from its largest customers as “Great. Because you’re a critical partner to us and we need you to be a big, big company.”
Indeed, he claimed that “A lot of the feedback was, ‘we wished you had done that sooner’” – adding that the move had been discussed with the major cloud vendors ahead of the announcement.
“Every vendor over the last three or four years that has reached any modicum of scale has come to the same conclusion,” said McJannet.
“It’s just the realisation that the open source model has to evolve, given the incentives that are now in the market”
He claimed the historic model of foundations was broken, as they were dominated by legacy vendors. Citing the case of Hadoop, he said: “They’re a way for big companies to protect themselves from innovation, by making sure that if Hadoop becomes popular, IBM can take it and sell it for less because they are part of that foundation.”
The evolution to putting open source products on GitHub had worked “really, really well” but once a project became popular, there was an incentive for “clone vendors to start taking that stuff.”
He claimed that “My phone started ringing materially after we made our announcement from every open source startup in Silicon Valley going ‘I think this is the right model’.”
"Tragic..."
He said the Linux Foundation’s adoption of Open Tofu raised serious questions. “What does it say for the future of open source, if foundations will just take it and give it a home. That is tragic for open source innovation. I will tell you, if that were to happen, there'll be no more open source companies in Silicon Valley.”
More specifically, McJannet said the licensing change was part of its strategy to earn the confidence of enterprises.
“Having other vendors out there misrepresenting our stuff is dangerous, right? Not only is it not great for us long term is dangerous for our customers.”
That same need to earn the trust of such of large entities was one of the drivers for HashiCorp going public when it did. “We didn't need the money. We did it because we wanted to send the signal that we were funded to be a long term trusted partner.”
He added that it offered to carry on working with the four main companies affected by the switch, saying “You just have to bear some of the r&d costs. And they were like, ‘No, no, we're gonna do something else’. Which is fine.”
New Hashicorp products unveiled
McJannet’s comments came as HashiCorp unwrapped a slew of beta and GA products.
For its core Terraform IaaC tool, it announced a beta of test-integrated module publishing, and generated module tests.
The former aims to streamline the testing and publication of modules – the containers used to hold and reuse config files in the Terraform architecture - with a new branch-based publishing approach in the HashiCorp Cloud private registry. The firm said this means tests can be executed remotely in a secure environment, eliminating the need for developers to handle sensitive cloud credentials on their workstation.
The latter uses generative AI to produce new module tests. The company worked with a third party to train the underlying model on HCL and Terraform. Senior director of product marketing Chris Van Wesep said the model had been trained on HashiCorp’s own internal data, not customer data: “It's more a sophisticated prompt engineering that we did.”
It also unveiled a private preview of Stacks, which aims to simplify infrastructure provisioning and management at scale, reducing the complexity users face managing dependencies as they repeatedly deploy infrastructure. It allows users to group together different interdependent systems, which become “deployments in a stack” and can be repeatedly replicated even with differing input values.
On security, it announced an alpha program for HCP Vault Radar, which scans code for secrets, as well as other potential nasties including personally identifiable information, non-inclusive language, dependency vulnerabilities, and IAC risks. It is the first deliverable from HashiCorp’s acquisition of BlueBracket in June.
It also announced that Vault Enterprise Secrets sync is now in beta in Vault Enterprise 1.15. It was previously only available in HCP Vault Secrets.
HashiCorp unveiled a “new vision” for its HCP’s Waypoint platform, subtly changing its goal from “helping to standardize application delivery across platforms” to “empower[ing] platform teams to define golden patterns and workflows for developers to management applications at scale”.
The firm said the rework was the result of research with platform teams that showed it made sense to tackle challenges that arose before the deployment and management part of the lifecycle.
HashiCorp’s ultimate focus in on its HashiCorp Cloud Platform (HCP) managed services offering, and new technologies and features will initially be deployed to HCP. However, McJannet said that features will continue to be rolled out to its self-managed product, typically within a month. The exception, he said, was with Waypoint, which he said would be offered solely as a managed service.