Open charter companies and relicensing
A few weeks ago, HashiCorp switched its default license for future product releases to the BSL license. The BSL license was created by the people at MariaDB in 2017 to give companies a way to release software as open source but prohibit their competitors from re-hosting that software and competing with them. In HashiCorp’s case, the license also has a stipulation that their code becomes simply liberally open source under the MPL, four years after it’s published under the BSL.
This prompted the usual outcry from the open source community, and some intelligent analysis. For the legal license analysis, you can do no better than reading Kyle E. Mitchell’s article and his summary of the strategy and list of the implementations at duallicensing.com.
But what sparked this particular bit of thinking was Sid Sijbrandij’s response: “HashiCorp switching to BSL shows a need for open charter companies”. Now, Sijbrandij is the cofounder of GitLab, which is at the time of this writing a 7 billion dollar market cap public company which is built on MIT-licensed open source software. He knows what he’s talking about.
I, on the other hand, am not a lawyer like Kyle or a billionaire like Sij. But I’ve been interested in the business of open source since high school (fun fact, I wrote my International Baccalaureate thesis on the subject), and have seen the lifecycle of one of the open core companies, and I would like to roll the idea around for a little bit.
What’s an open charter company?
The idea of an open charter company is a pretty interesting one: how it seems to work is that
- The company is incorporated as a Public Benefit Corporation (PBC)
- Part of the company’s benefit, in its PBC charter, is related to open source and dictates rules about how much of its code must be open source, etc
I wanted to dig into this a little bit first. So, a Public Benefit Corporation is a state-by-state idea in the US - it’s a corporation with an extra statement in its charter to provide a public benefit, some extra requirements to publish reports about their progress in doing so, and the board’s responsibility to make sure that the benefit is being done.
Are there any open charter companies yet?
I looked up the companies that Open Core Ventures has funded or launched: Mermaid Charts, Flowforge, Koor Technologies, Authentik, Ramatak, and Arkavian. None of them appear to be Public Benefit Corporations - they’re all in Delaware, and the PBC law there states that they need to have PBC in their official names:
(c) The name of the public benefit corporation shall, without exception, contain the words “public benefit corporation”, or the abbreviation “P.B.C.”, or the designation “PBC”, which shall be deemed to satisfy the requirements of § 102(a)(l)(i) of this title.
OCV lives up to its credo of openness by having an open document on choosing company structure that also links to and earlier blog post that mentions that Authentik Security would be the first OPC company. The only record I can find for them lists them without the PBC suffix, so maybe they decided on a different structure.
This is a long way to say that I’m not sure if there are any open charter companies in the wild - maybe Authentik is switching to the PBC classification but the Delaware business records aren’t up to date.
First, I have to get something out of my system. The idea that companies are “legally obligated to maximize shareholder value” is, and always has been, a myth. Stop repeating it. It isn’t true, legally or practically. There are similar things that are true, but not this one, it isn’t true, and thinking it is true leads to all kinds of weird places. This idea that existing companies must maximize profit exclusively factors heavily into the writing about companies abandoning open source – I just don’t think it’s a productive framing. Anyway…
It’s years in the past now, but I worked at Mapbox, a company that did later something like what HashiCorp, Elastic, and Redis did: it relicensed a major project from a fully open source license to a merely source-available one with additional restrictions. Frankly, I thought this was a good idea and still do. Even though I believed so strongly in the values of open source for so long, had written about it, and indignantly pushed to open source more stuff, by the time that Mapbox changed the license that vision had been polluted by reality. Mapbox was pouring time and energy into hard technical problems in hopes that people would pay for its services, and instead, the technology was being constantly white-labeled and re-hosted by hyperscalers and larger competitors. It was disheartening, and unsustainable, to be the unpaid R&D department for other companies.
So that’s kind of where I stood, and still stand on the issue: the presence of hyperscalers and cloud providers who can host your application with systematically lower costs on their side changes the whole equation of SaaS-based open source software. It’s really hard to compete when your competitors can run your software, without paying for its development, and with vastly cheaper servers and bandwidth.
I think Open Core Ventures gets this. They know the industry and the history and aren’t pitching the charter as a one-size-fits-all solution. But it’s hard to see what they’re really proposing as a solution to the “freeriding problem” - is the idea that it’s overstated? Or that companies that suffer from freeriders should simply put up with it and accept lower margins because they must preserve the open source values? I’m not totally sure.
But, historical gripes aside, I think there are two frames that might help the thought process:
Open source as organic
It can be hard to define what that means, but it’s disruptive to withdraw code from a public repository and then change the license. The challenge is to ensure a commitment to the community as ownership interests change over time. You need protective provisions, so companies don’t abandon their open source roots. - Heather Meeker
If companies keep relicensing open source software as closed or dual-licensed, it’s bad for the brand. The open source brand will mean less. The ecosystem of startups and VCs want the brand to be meaningful and valuable as a signal to customers and contributors: it’ll stop being valuable if it’s unreliable.
The charter protects the open source ethos of open core and fosters trust with the open source community. - Sid Sijbrandij
Open source as ESG
The drawback is that an OPC may have a higher hurdle for VC investments. This may result in a potentially lower valuation compared to a traditional entity. However, I believe in a possible future where carrying the OBPC charter is beneficial. Maybe in the far future, this will become the norm, and it’s a benefit to have it, and people won’t trust open core companies without it. We believe the OPC entity structure is a way to give open source creators and contributors peace of mind that their project’s code will not be closed by the company.
There are some pretty fascinating dynamics at play here, and they remind me of BlackRock’s ESG efforts, which were eventually kind of comically unsuccessful: the left never shifted from their dislike of BlackRock as a huge capitalist financial actor, whereas the political & media right lost their minds about how BlackRock was politicizing… it’s too tedious to write.
Of course, there isn’t a big anti-open source movement right now: in 2001, Steve Ballmer was saying that “Linux is a cancer that attaches itself in an intellectual property sense to everything it touches” but that line of thought never really went anywhere.
But nevertheless, what Open Core Ventures plans to do is sort of like what BlackRock and other major indexers tried to do with ESG: have a real opinion on voting. Meaning, OCV would probably vote against companies that wanted to betray their open source communities. Hypothetically, they might reject acquisitions that would threaten open source values. From my understanding as a non-lawyer, the PBC charter is only as binding as the shareholders make it - it’s enforced by the shareholders.
This is kind of notable: Venture Capital firms tend to market themselves on how founder-friendly they are. Founders select firms that have good reputations, but also firms that will see their vision – which, in many cases, means voting their way. Things don’t always work out that way and there are lots of cases where board members will vote in the opposite direction, but this this is not something that founders select for. It’s unusual to court a funder whose pitch is to keep you honest by perhaps voting against you in the future.
Open source as an escape hatch
This is how I think it works. Open source is just a short-term guarantee.
The open source code from any open source company at any moment in time is open. You can use it, and you can count on updates and fixes as long as the company wants to keep it open. If they change their mind or can’t find a way to both pay their employees and give away code, then you have to maintain the code yourself.
License changes generally aren’t retroactive. Old versions of HashiCorp products are still under MPL. The same goes for most relicensed projects, including Mapbox’s. These versions are both usable on their own, and useful as the basis for open source forks.
And really, in the cases in which hyperscalers were relying on open source software produced by smaller companies, forking is just what they do. Amazon maintains OpenSearch, an Apache-licensed fork of ElasticSearch.
Mapbox GL JS 1.0 was forked into Maplibre, which quickly raised over $400,000 from sponsors, principally AWS and Meta. This makes sense: companies that relied on the software for their products in a way that didn’t fit with Mapbox’s business model and therefore didn’t involve supporting financially Mapbox’s software developers can now just pay developers to work on the open source version and still benefit from the first seven years of Mapbox GL’s development. It isn’t as good as having all of Mapbox’s new changes for free, but is a lot better than starting for scratch - which is what would be necessary if open source licenses weren’t involved. The open source version can be cross-funded from AWS’s services revenue and Meta’s advertising revenue. Interests are kind of aligned, albeit in a surprising configuration: you can have open source values but only through the largess of a near-monopoly.
It turns out that it’s hard to put values into action. The business side is always connected to the technology side, which is connected to the legal realities. In practice, you have to work in markets with imperfect competition, limited capital, and no guarantee of good intentions.
It’s hard not to be disappointed by how hard it is to “do well by doing good.” A decade ago I would probably have faulted HashiCorp, but now I know that I don’t know how I’d do it differently. It’s a work in progress.
I applaud Open Core Ventures for starting the experiment around the open charter. They’re obviously putting their capital, time, and reputation into it, and taking the promise of open source seriously. I hope they get some big successes out of it.
In the meantime, I can’t really muster any ill feelings toward companies that do dual-licensing. I think that companies are rightly afraid of getting outrun by a competitor that can use the open source code and run it for cheaper at higher scale. Besides dual-licensing, there don’t seem to be many countermeasures to that.