June 2023 was marked by big news in enterprise software development: the source code of Red Hat Enterprise Linux (RHEL) ceased to be freely available. Red Hat announced that
“CentOS Stream will now be the sole repository for public RHEL-related source code releases. For Red Hat customers and partners, source code will remain available via the Red Hat Customer Portal.”
This move will have a far-reaching impact on numerous enterprises and individual developers who use free RHEL-based distributions or Red Hat base images.
A shot out of the blue? Indeed, the Big Blue
The decision to put RHEL source code behind a paywall was ruthless but not entirely unexpected.
From the beginning, RHEL has been a Linux distribution aimed at enterprises, but the solution has always been open source. The source code was freely available to everyone, customers and non-customers alike. In 2003, Red Hat decided to chip a community version off its enterprise solution, and that’s how Fedora Linux came to be – an upstream version of RHEL. Fedora constantly pulls new features and fixes from upstream Linux projects and rolls out a new version every six months. Red Hat periodically takes a Fedora release and builds a stable production-ready RHEL version on top of that.
But at the same time, several other free projects bloomed on RHEL source code that provided full compatibility with the official distribution. Red Hat was obviously dissatisfied that some developers preferred using a free version of their Linux. So in 2014, Red Hat acquired CentOS, a community project that became the most popular free RHEL-based distro, and efficiently killed it in 2020 with the pretext of focusing on CentOS Stream, a development branch of RHEL. Curiously, IBM completed the acquisition of Red Hat a year before, in 2019.
Although CentOS was discontinued, other projects such as AlmaLinux, Rocky Linux, Oracle Enterprise Linux (OEL) continued building free binaries based on RHEL source code. This certainly set Big Blue’s teeth on edge. Judging by how IBM is used to doing its business, a blow to these projects was only a matter of time. The motivation behind closing the source code of RHEL is
“The engineering levels of investment and the new priorities we’re addressing for customers and partners now make maintaining separate, redundant repositories inefficient.”
The wording doesn’t sound credible because keeping public repositories and offering optional commercial services is the common practice in the OSS world, and Red Hat had managed to keep up with it before IBM came into play. In reality, IBM could be looking for ways to increase revenue by leaving developers with no alternative but to pay for RHEL subscription. After all, finding a suitable substitution may take time, and meanwhile, the OS version in use rots away, eaten by vulnerabilities.
RHEL’s source code is still available to IBM Red Hat customers, but the license prohibits its redistribution. As CentOS Stream is an unstable development/preview version of RHEL, it is impossible for developers using this distribution to reach bug-to-bug compatibility with RHEL, which makes it as good as useless for enterprise use.
What do you do now?
If you are a Red Hat customer, nothing changes for you, at least for now. Keep in mind, though: today, the company cuts the developers off their product’s source code, and tomorrow, it changes licensing conditions drastically. Unfortunately, such incidents are not unique or limited to Linux.
Developers who used the AlmaLinux, Rocky Linux, or OEL distribution should be concerned because it is currently unclear how these distributions will continue to evolve. But the most alarming question is: do UBI images used for building small containers become closed-source, too? If not, how long will it take IBM to bottle them up? After all, UBI images are utilized across the board (even despite the fact that developers can’t simply add necessary OS packages to UBI because of discrepancies with the RHEL license), presenting a lucrative field for the ever-hungry Big Blue.
Broken trust of the community is the worst aftermath
For IBM, taking such a course is business as usual. But the community around the corporation, individual developers and ISVs alike, got a clear signal that they shouldn’t rely on assumptions: everything that wasn’t legally guaranteed can be taken away any time even if a prominent organization is involved.
BellSoft has been committed to freedom since the beginning. The source code of our products is available to everyone, and companies who chose our support services have never experienced sudden changes to the licensing agreement. We offer Alpaquita Containers based on open-source Alpaquita Linux and Liberica JDK. Use them to build secure and performant microcontainers free of charge, or take advantage of our support services — it’s your call!