Red Hat has told vendors of distros that it expects its enterprise agreements to be honored after development teams announced workarounds to new source code restrictions.
Some distro development teams have questioned whether they can continue to provide source code to recipients, a requirement under the GNU General Public License (GPL).
Red Hat has said that its enterprise agreement and new restrictions ‘do not supersede the GPL and instead act in parallel with it’.
Following Red Hat’s announcement of source code restrictions around RHEL last week, vendors of binary-compatible distros have been investigating alternative means of ensuring that updates and fixes continue to flow.
Rocky Linux has announced plans to use Universal Base Images (UBI) and pay-per-use cloud instances to deal with Red Hat’s restrictive new source code policy.
Alma Linux, which was also affected by Red Hat’s policy change, has so far taken a more cautious approach.
The team said that re-distributing Red Hat software would be a violation of the Red Hat subscription agreement, and that it would be taking a more labor-intensive approach in the short term.
“From a security and update perspective, this makes our job more difficult, but by no means impossible,” it added.
What has Red Hat said?
Red Hat has responded to Rocky Linux’s plans and its preference for pay-per-use cloud instances.
“This is the easiest for us to scale as we can do all of this through CI pipelines, spinning up cloud images to obtain the sources via DNF, and post to our Git repositories automatically,” the Rocky Linux team said.
Rocky Linux has also received reassurance from its legal advisors that it has “the right to obtain the source to any binaries [it] receives”.
Analyzing the economic benefits of Dell Technologies with VMware Tanzu & Intel
Enabling businesses to achieve their goals with Kubernetes
Gunnar Hellekson, vice president and general manager, RHEL at Red Hat, said to ITPro: “Red Hat remains fully committed to honoring our open source license obligations and delivering, openly and transparently, the source code that we use to build all of our products”.
Hellekson added that the code was available in multiple places, including CentOS Stream.
However, CentOS Stream is not a simple substitute for the RHEL sources for both Rocky Linux and Alma Linux due to its developmental nature.
“We also deliver many RHEL sources through Red Hat Universal Base Image, which includes the dependencies and packages needed to build a containerized application that will run on RHEL but can also be distributed however and wherever the developer wants,” said Hellekson.
Red Hat furor explained
The current issues can be traced back to Red Hat’s decision to end CentOS, effectively a free version of Red Hat Enterprise Linux, in favor of CentOS Stream in 2020.
The decision spawned Rocky Linux, the CEO of which - Gregory Kurtzer - was a founder of CentOS, and Alma Linux, both of which made use of repositories published to git.centos.org in order to track RHEL updates.
In June 2023, Red Hat announced it would stop publishing source code for RHEL to this location.
The move has meant that Rocky Linux and Alma Linux have had to look for alternative methods in order to maintain compatibility with RHEL.
The legal question
GPL is a popular open-source licensing system. In this context, distributors must provide the source code for software licensed under GPL to recipients of that software.
Red Hat’s decision therefore does not violate the GPL. It is required to provide the source code to whoever it has provided the software to, and will continue to do so.
However, the company is not obliged to continue providing software and source to customers that break its subscription agreement. It is also not obliged to provide the source to anyone other than the entity to whom it has provided the software.
“Red Hat's change does not violate the GPL, and the source code will remain [available] via the customer portal,“ said Matt Yonkovit, head of open source strategy at Scarf, to ITPro.
“The shift here to hide RHEL source is not surprising, but it is sad. I think this is yet another example of an increasing trend of choosing exclusion and protectionism over more open access in the community.”
Rocky Linux firmly believes that Red Hat’s decision violates “the spirit and purpose of open source”.
It, therefore, intends to obtain what it needs “through channels that adhere to [its] principles and uphold [its] rights”.
The end result is continued uncertainty for former CentOS customers left concerned by Red Hat’s decision and the response it has generated. Rocky Linux appears to have decided on a way forward, after taking legal advice.
Of the Rocky Linux approach, Yonkovit said "I think Red Hat will try and close that loop hole honestly".
Author, software developer, and one-time technical consultant for Ansible by Red Hat, Jeff Geerling, said “that in this entire debacle, there are no winners”.
Except “somehow, lawyers, they always come out ahead”.
