ditto icon indicating copy to clipboard operation
ditto copied to clipboard
verified publisher icon eclipse-ditto

Ditto's use of Akka dependency after change to BSL license

Open jekkel opened this issue 3 years ago • 5 comments

I just got notified about akka changing the license to "Business Source License (BSL) v1.1" which is probably incompatible with Eclipse Public License 2.0 in general. The BSL license "automatically" reverts back to Apache 2 (individually for each released work) after 3 years.

To me it seems this blocks any updates to akka dependencies for 3 years because Ditto cannot be released under EPL while linking to BSL licensed binaries.

There's a paragraph about OSS projects using Akka:

If you are running an OSS project using Akka, please contact us at [[email protected]](mailto:[email protected]?subject=Akka License) and we will do our best to continue to support your project.

Reference: https://www.lightbend.com/blog/why-we-are-changing-the-license-for-akka Respective change in akka repository: https://github.com/akka/akka/pull/31561

jekkel avatar Sep 07 '22 13:09 jekkel

Hi @jekkel

Yes, we also read the "news" today .. very sad to see that decision, even if I can somehow understand it. Investing so many resources as Lightbend did over the years in Akka and (probably) getting very little "back" from most of the commercial users .. that's one of the fundamental things which are broken about FOSS .. :/

You are right, the Eclipse Ditto project will probably be stuck on Akka 2.6.20 for the time being. Maybe a community driven fork of Akka with Apache-2.0 license will be done, let's see. The good news is that Akka 2.6 is very mature and stable - in the past we almost never hat the "urge" to update to a newer Akka version.

However - there could some day of course be a security issue which would require a patch.

Do you mean that the Eclipse Ditto project should apply for such an "Additional Use Grant" for being allowed to use latest Akka artifacts with BSL 1.1? I currently can't imagine how this can work in practice, to be honest, as the new license is no OpenSource license.

Users of Ditto do not get in touch with Akka at all - and the Eclipse Ditto project "gave back" to the OSS community by making it available as OpenSource and not keeping it behind closed doors. However - Ditto is not a "hobby project" and mainly used in commercial setups, so I wonder if commercial Ditto users could use Akka underneath "for free".

thjaeckle avatar Sep 07 '22 13:09 thjaeckle

However - Ditto is not a "hobby project" and mainly used in commercial setups, so I wonder if commercial Ditto users could use Akka underneath "for free".

I agree. But the same is likely to be true for users of the Play Framework which is granted commercial use.

For the sake of completeness: There is this other FOSS project residing under the Eclipse umbrella called Vert.x which is somewhat similar to several aspects of Akka:

  • reactive multi-actor model
  • distributed actors with location transparency through an event bus
  • mature ecosystem of libraries integrating into the framework

AFAIK Eclipse Hono is already using it under the hood through Quarkus.

jekkel avatar Sep 07 '22 14:09 jekkel

There is this other FOSS project residing under the Eclipse umbrella called Vert.x which is somewhat similar to several aspects of Akka

I assume a rewrite would take dozens of person years of time. And I am quite sure that not everything which Akka (e.g. in clustering/sharding/ddata/persistence/streams) offers can be replaced with just Vert.x.

thjaeckle avatar Sep 07 '22 14:09 thjaeckle

I contacted the Lightbend team about the mentioned "Additional Use Grant". Will keep you posted about the response.

thjaeckle avatar Sep 07 '22 15:09 thjaeckle

We did not yet receive an answer from Lightbend regarding the "Additional Use Grant". I however fear that even with that grant it is very difficult to include BSL licensed artifacts in an OpenSource project.

For the time being we would like to state the following:

  • Eclipse Ditto will stay on Apache-2.0 licensed Akka 2.6
  • for the next year Akka 2.6 will receive security and critical bugfixes, see FAQ

    • Will critical vulnerabilities and bugs be patched in 2.6.x? Yes, critical security updates and critical bugs will be patched in Akka v2.6.x under the current Apache 2 license until September of 2023.

  • after that, Ditto will mitigate encountered critical security bugs in Ditto's codebase, as Ditto completely "hides" its Akka usage (e.g. in its Client APIs)
  • if a community driven fork of Akka is done, Ditto will move to using the fork

thjaeckle avatar Sep 22 '22 07:09 thjaeckle

In the meantime there is a proposal for a fork of the Akka project under the Apache Foundation: https://cwiki.apache.org/confluence/display/INCUBATOR/PekkoProposal

If this project is accepted and does its first release, I suggest to move the Ditto codebase from Akka to Pekko.

thjaeckle avatar Oct 14 '22 09:10 thjaeckle

Pekko codebase is incubated here: https://github.com/apache/incubator-pekko

thjaeckle avatar Nov 23 '22 07:11 thjaeckle

One dependency remains which is not yet covered by Apache Pekko: akka-persistence-mongo I opened an issue to ask whether migration or a fork to Pekko is planned there: https://github.com/scullxbones/akka-persistence-mongo/issues/557

thjaeckle avatar Jan 13 '23 10:01 thjaeckle