Beware these open source lock-in schemes

Some vendors want you to think you're benefiting from open source when you're not. Keep an eye out for potential traps

When the Open Source Initiative (OSI) was formed in 1998, one of the important objectives of those involved was to create a phrase that can be used to represent all the values of software freedom easily in everyday speech. The phrase "open source" was intended to become a strong, respected brand representing the values of software developers across the software freedom communities. The OSI website says:

Open source is a development method for software that harnesses the power of distributed peer review and transparency of process. The promise of open source is better quality, higher reliability, more flexibility, lower cost, and an end to predatory vendor lock-in.

[ Also on InfoWorld: Control vs. influence: Which way for open source? | Track the latest trends in open source with InfoWorld's Technology: Open Source newsletter. ]

In the 15 years since then, open source has become a widely used term and a strong, compelling brand, the default choice of an increasing number of governments and enterprises. Open source leaves its users in control of their IT budgets, free to choose the software that solves their problems without asking permission from a vendor first. Open source plays a vital role in the development of all kinds of infrastructure, with developers free to repurpose and redistribute components and even whole subsystems without restrictions.

As a result, there's a large and increasing market value in the term "open source" -- so it's no surprise many companies are trying to cash in. Along with vendors who actually deliver on those open source benefits, a subset use the brand to sell their products without actually making open source freedoms available to their customers. These companies usually benefit from open source themselves, but the product or service they deliver to their customers doesn't include the unrestricted freedom to use, study, improve, and share the software. Not every company using these approaches is behaving badly -- but you need to make sure you protect your flexibility and IT control.

Companies use several models to make you think you're getting open source when you're not. Here's a short history of three potentially "faux-pen source" models.

Dual license

This was one of the earliest monetization models for open source, famously pioneered by MySQL. Of the three, it's the least concerning because you can often avoid the lock-in. Dual licensing (also called "selling license exceptions") occurs when your vendor has aggregated copyright control of the whole open source codebase and is able to offer a choice of licensing terms. The vendor will usually select the likes of GPL as the open source license for the code, hoping you'll be so concerned by the compliance implications that you'll pay to be able to use the code under other terms.

Dual-license schemes have become much less popular as people have become less concerned about the GPL; as a result, few new businesses pick this model. All the same, the Affero GPL has proven to be a tempting license for those wanting to try dual-license models with Web-delivered software.

A pure dual-license scheme is not much of a threat to your software freedoms, as long as the proprietary license terms don't make you voluntarily surrender the right to switch back to open source terms. If you purchase services or a subscription under proprietary terms in a dual-license arrangement, check that you'll be able to find another supplier of services in the event you choose to switch back to open source. The tightly controlled nature of dual-licensed packages means other commercial vendors are often locked out of the market, diminishing customer choices.

1 2 Page 1
Page 1 of 2
How to choose a low-code development platform