Back

Source Available ≠ Open Source

These licenses are NOT approved by the Open Source Initiative (OSI)

Source-available licenses let people see your code, but they're not open source because they restrict how the code can be used (typically prohibiting cloud service providers from offering your software as a service).

These licenses are controversial and have led to community backlash. Use them only if you fully understand the implications and have a clear dual-licensing business strategy.

Server Side Public License (SSPL)

NOT OSI-Approved

Used by:

MongoDB (since 2018)

What it does:

Prevents cloud providers from offering your software as a service without contributing back. If someone offers your software as a service, they must open source their entire service stack.

The catch:

The requirement to open source the entire stack is so broad that it's nearly impossible to comply. This effectively prevents any SaaS use without a commercial license.

Controversy:

  • OSI rejected it as "not open source"
  • Debian and Fedora won't package SSPL software
  • Seen as anti-competitive by some
  • Created specifically to target AWS
Read the SSPL

Business Source License (BSL)

Time-Delayed Open Source

Used by:

MariaDB, CockroachDB, Sentry, HashiCorp (some products)

What it does:

Restricts commercial use for a specified period (typically 3-4 years), after which the code automatically converts to a true open source license (usually Apache 2.0 or GPL).

The appeal:

Gives you a competitive advantage window while guaranteeing the code will eventually be free. More fair than permanent restrictions.

Considerations:

  • Still not OSI-approved during restriction period
  • Requires careful version management
  • May confuse potential users
  • Need to specify change date and change license
Read the BSL

Elastic License 2.0

NOT OSI-Approved

Used by:

Elasticsearch, Kibana (since 2021)

What it does:

Allows most uses but explicitly prohibits offering the software as a managed service to third parties.

Restrictions:

  • Cannot provide the software to others as a managed service
  • Cannot circumvent license key functionality
  • Cannot remove/obscure features protected by license keys

Controversy:

Elastic's switch from Apache 2.0 to this license caused AWS to fork Elasticsearch as OpenSearch, leading to a major community split.

Read the Elastic License

Our Recommendation

Think very carefully before using these licenses.

  • They're not open source, which may alienate the community
  • They won't be included in Linux distributions (Debian, Fedora, etc.)
  • They require a dual-licensing business model to be profitable
  • They may not actually prevent cloud vendors (who might just fork or create alternatives)

Consider AGPL v3 first - it's true open source and still protects against SaaS exploitation.

If you choose source-available, consult a lawyer. These licenses are complex and business-critical.