As someone who champions truth, yet knows truth is bent to espouse many ideas, I realize clever phrasing often turns irrational lies into strong beliefs—especially when passion takes over.
And we in the open source community are a passionate bunch.
But to clear the air a little bit—especially as I have seen some zingers going both directions (from Red Hat employees to the community, and vice-versa):
- Red Hat is not going closed source: But they are closing off public access to RHEL's complete source code, and using a restrictive
EULASubscription Agreement to try to stop customers from sharing the source code. It's within their rights, and many agree what they did is not in the spirit of the GPL license Linux uses, but it is allowed.
- CentOS Stream does not contain the complete CCS of RHEL: Some have claimed CentOS Stream contains everything you need to rebuild Red Hat Enterprise Linux, but this claim is not entirely true. The code—at least outside of short periods where features and CVEs are being worked downstream in RHEL then backported to Stream—is there (though this can only be independently audited if you agree to the
EULASubscription Agreement). But the Complete Corresponding Source is not. (The GPL License requires CCS be distributed to anyone who receives the binaries).
Red Hat did not refuse to merge the first Alma Linux contribution: This merge request may hold the record for the most activity (and emoji) for any ever added to CentOS Stream, but after a lot of community outcry, Red Hatters promised they would work towards better communications, including guidelines for CentOS Stream contributors. The author of the MR, an infrastructure lead for AlmaLinux, wrote this retrospective—it's well worth a read.
I'm monitoring this issue to follow their progress (these guidelines are not something the community can really contribute to, as they are directed by Red Hat internally, since CentOS Stream's main branch follows RHEL's internal development practices and priorities).
After the CVE was rated by the internal Red Hat Product Security team as 'Important', the MR was merged.
- IBM did not force Red Hat to paywall the RHEL sources: From numerous conversations with folks inside and outside the RHEL business unit, it is my belief IBM did not, in fact, have a role in this decision.
- Red Hat did change the terms of their source code agreement: Some Red Hat employees argue Red Hat's restrictive Subscription Agreement never changed, and this is true. However, because public sources were available (which the community used to build CentOS' successors), and there was no Subscription Agreement required to download. By removing those sources, the terms were changed. Before you did not need to agree to a Subscription Agreement to download the sources. Now you do.
- We do not know if it was CIQ, Oracle, or some other 'rebuilder' that sparked this change: It has been alluded to in this comment by Mike McGrath and signs point towards CIQ judging by how this post on LinkedIn—from very shortly after the news broke—ripped into both CIQ and Greg Kurtzner (seemingly out of nowhere; this was prior to Red Hat's second blog post on the matter).
- It is still hard to determine what determines value in the Red Hat ecosystem: And this is the crux of my continued interest in monitoring the fallout.
I am a downstream user of Ansible; Ansible is part of the Red Hat Ansible Automation Platform, a subscription product that features Ansible at its heart.
The downstream Ansible Community Distribution I use—and have written a bestselling book about—is completely free, and there are numerous massive corporations using Ansible freely downstream of the Ansible Automation Platform's core components.
From my conversations with folks in the Ansible business unit (an engineer and community team lead), it doesn't sound like I have much to worry about. For now.
The difficulty is the precedent.
Mike McGrath said in his blog post:
Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere.
Applied to the Ansible Community Distribution, which I rely on, it is simply a rebuild of the core
ansible product, plus a large number of community collections—of which many are rebuilds of the official 'supported' collections maintained in the Red Hat Ansible Automation Platform by Red Hat employees.
I profit off Ansible as a downstream user, and I have never funneled a penny of that profit back to Red Hat. There are many consultants and IT firms who do the same.
When profits are squeezed at some point in the future, could Ansible's downstream community be squeezed in an attempt to get more subscriptions to the RHAAP?
I don't think so.
But I also didn't think Red Hat was capable of further harming their relationship with their downstream 'free RHEL' users, from HPC to education, and homelabbers to indie web hosts. I thought we had an uneasy peace with CentOS Stream upstream, plus rebuilders like Rocky and AlmaLinux downstream.
I hope the Enterprise Linux ecosystem comes to another uneasy peace, but right now it feels a little shaky with Rocky Linux sneaking sources, Alma Linux rebuilding off Stream, Suse forking RHEL, Springdale getting lost in the noise, and Oracle, well... doing what they do.
As for me, I'm running Debian on all my servers now, and have donated to Debian's SPI. Support the open source communities and developers you rely on!