Red Hat’s new source code policy and the intense pushback, explained

By | June 30, 2023
Man wearing fedora in red light
Enlarge / A be-hatted person, tipping his brim to the endless amount of text generated by the conflict of corporate versus enthusiast understandings of the GPL.
Getty Images

When CentOS announced in 2020 that it was shutting down its traditional “rebuild” of Red Hat Enterprise Linux (RHEL) to focus on its development build, Stream, CentOS suggested the strategy “removes confusion.” Red Hat, which largely controlled CentOS by then, considered it “a natural, inevitable next step.”

Last week, the IBM-owned Red Hat continued “furthering the evolution of CentOS Stream” by announcing that CentOS Stream would be “the sole repository for public RHEL-related source code releases,” with RHEL’s core code otherwise restricted to a customer portal. (RHEL access is free for individual developers and up to 16 servers, but that’s largely not the issue here).

Red Hat’s post was a rich example of burying the lede and a decisive moment for many who follow the tricky balance of Red Hat’s open source commitments and service contract business. Here’s what followed.

Code will still flow, if painfully

Rocky Linux, launched by CentOS co-founder Greg Kurtzer as a replacement RHEL-compatible distro, announced Thursday that it believes Red Hat’s moves “violate the spirit and purpose of open source.” Using a few different methods (Universal Base Image containers, pay-per-use public cloud instances), Rocky Linux intends to maintain what it considers legitimate access to RHEL code under the GNU General Public License (GPL) and make the code public as soon as it exists.

“[O]ur unwavering dedication and commitment to open source and the Enterprise Linux community remain steadfast,” the project wrote in its blog post.

AlmaLinux, a similarly RHEL-derived distribution, is also working to keep providing RHEL-compatible updates and downstream rebuilds. “The process is more labor intensive as we require gathering data and patches from several sources, comparing them, testing them, and then building them for release,” wrote Jack Aboutboul, community manager for AlmaLinux, in a blog post. “But rest assured, updates will continue flowing just as they have been.”

Letter vs. spirit

The Software Freedom Conservancy’s Bradley M. Kuhn weighed in last week with a comprehensive overview of RHEL’s business model and its tricky relationship with GPL compliance. Red Hat’s business model “skirts” GPL violation but had only twice previously violated the GPL in newsworthy ways, Kuhn wrote. Withholding Complete Corresponding Source (CCS) from the open web doesn’t violate the GPL itself, but by doing so, Red Hat makes it more difficult for anyone to verify the company’s GPL compliance.

Kuhn expressed sadness that “this long road has led the FOSS community to such a disappointing place.”

Shorter, pithier versions of the GPL-minded community’s reaction to Red Hat’s news are exemplified by Jeff Geerling’s blog post called “Dear Red Hat: Are you dumb?,” or his YouTube Video “Huge Open Source Drama.” Geerling, who says he’s dropping RHEL support from his Ansible and other software projects, says that Red Hat’s moves are intended to “destroy” Rocky, Alma, and other RHEL derivatives and that after the “knife in the back” of abandoning full CentOS Linux, the recent moves “took that knife and twisted it, hard.”

Jeff Geerling’s video, with a title that is somehow accurate, at scale.

“Simply rebuilding code”

Mike McGrath, vice president of core platforms engineering at Red Hat, wrote Monday that he “spent a lot of time walking” last weekend, thinking about the Linux community’s reaction to the initial announcement. Red Hat contributes code upstream, doesn’t “simply take upstream packages and rebuild them,” and maintains and supports operating systems for 10 years, McGrath wrote.

“I feel that much of the anger from our recent decision around the downstream sources comes from either those who do not want to pay for the time, effort, and resources going into RHEL or those who want to repackage it for their own profit,” he wrote. “This demand for RHEL code is disingenuous.”

While Red Hat previously “found value in the work done by rebuilders like CentOS,” the idea that they are “churning out RHEL experts and turning into sales just isn’t reality.” McGrath points to SUSE, Canonical (Ubuntu), AWS, and Microsoft as competitors using Linux code, but “none claim to be ‘fully compatible’ with the others.”

“Ultimately, we do not find value in a RHEL rebuild and we are not under any obligation to make things easier for rebuilders; this is our call to make,” he wrote. “Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity.”

Richi Jennings at DevOps has compiled many more community reactions to Red Hat’s most recent source moves. Unlike full RHEL source code, comment on this matter is likely to be consistently available for some time to come.

Source