[Xtern Software] What Redis and XZ Utils Can Teach Us about Open Source Software Licensing & Security, Part 1

← Back

Over a period of just a few weeks, two popular open source software products experienced disruptions and controversies that affected millions of users. 

What is Redis?

Redis is a tool for storing data in-memory vs. in a database. Redis had previously been open source licensed (for free) and it announced a switch to a more restrictive license. The software company supporting the product made it clear that cloud service providers, including giants like Amazon Web Services, who include this package in products, could no longer profit on the backs of developers who had been doing the work for free. This forced a reckoning within an industry that is worth $90 billion dollars. 

Confusion ensued as incorrect information circulated around how this licensing would affect users. The upshot is that for the bulk of users, they can continue to use Redis exactly as they had before. The notable exception is if a user tried to resell Redis and run it on their cloud without a paid license (which was exactly what AWS and other large cloud providers had been doing). 

Open source software is ubiquitous and nearly all technology is built with or derived from open source components. And on the flip side, downstream users can take free code, modify it, and use it so long as they keep it free as well. This raises really interesting questions about ownership, licensing, evolution of products, and monetary support of development.

The culture surrounding open source software has historically been one of trust and collaboration. But unfortunately, this has resulted in instances where trust has been exploited, which leads into the story with XZ Utils. Stay tuned for part 2 to learn more!