Document change in licensing

[jobegrabber]

I have trouble following the change in licensing from benthos to redpanda connect and think there should be additional documentation on this topic.

With 3d0f78d the licensing changed from MIT to a mix of Apache 2.0 and a Redpanda Community License (which unintuitively contains in parts enterprise licensing).

Source files of some connectors are now under a restrictive enterprise license, with no change in features (EDIT: and significant amounts of code original licensed under MIT).
These changes in licensing are not clearly stated.
It's also not clear if the total removal of MIT licensing was agreed upon with every contributor, or if it is assumed all contributions can be redistributed/relicensed without including any notice about the original (MIT) license.
EDIT: Per my understanding, MIT does allow redistribution under a more restrictive license, provided that the "copyright notice and this permission notice shall be included in all copies or substantial portions of the Software".

It is also not clear in which way Redpanda would move other parts of the software under the enterprise license.

I know the core engine is now located at https://github.com/redpanda-data/benthos, but this repo here still contains a large portion of the "old" codebase.

[Jeffail]

Hey @jobegrabber, I'm not a lawyer so I can't really comment on the legality of anything here.

We're working on making the licensing clearer, starting with making things more explicit on the Go import side, where I've added two new packages for importing plugins: https://github.com/redpanda-data/connect/tree/main/public/bundle, one is explicitly free, where the entire suite of plugins are Apache 2.0 licensed. The other is enterprise and is a superset of the free and enterprise plugins.

You're correct about the need for the MIT copyright notice under the general terms of MIT, given the notice is in my own name and I'm making the changes myself I'm not 100% sure it's legally required, but like I said IANAL. I'm also not entirely sure where the copyright notice needs to go in order to be compliant, so I avoided simply dropping it into the licenses directly as I was worried about even further confusion. I'll try and find an appropriate place to drop it.

My longer term goal is to make licensing explicit down to every directory within the repo as it'd avoid having noisy headers in each individual source file. Hopefully that will make things even easier when cherry-picking individual plugin imports.

I've also updated the benthos-plugin-example, which shows exactly how to create a build of connect that is explicitly only FOSS licensed versus enterprise. Ideally we would have had this on day one but there were a vast swathe of chicken-egg puzzles with this move.

As for the fear of further license changes, I addressed this on the Q&A stream (https://youtube.com/live/X8nVdUuWZ80?feature=share), but it's extremely long so the abridged version is:

• Redpanda have no intention of making further license changes to existing plugins. The reason that the license changes have been made before we've even deviated from the old MIT implementations is specifically so that we can show the community what those changes are up front.
• You are never legally guaranteed that this codebase will continue to be maintained without further license changes. The maintainers could die, Redpanda could be acquired, Redpanda could simply change their minds. However, the purpose of source control and permissive licensing is specifically to allow you to walk away and take on the responsibility of maintaining the code yourself should that occur.
• The way that the projects are now structured, with the benthos core engine being a separate MIT licensed repository, is a clean technical solution for those who want to maintain their own suite of plugins without needing to maintain the engine. This includes the old MIT licensed plugins as they were.

I understand that the license and naming changes are sudden and it's going to be hard to digest for some. However, the technical separation of benthos and the plugin implementations themselves is a good thing for decentralisation of the project. Even if you are cynical about the acquisition I'm hoping you can at least be optimistic of that.

I'm doing another live stream this evening at 19:00 UTC: https://youtube.com/live/uiMN_TYzfHs?feature=share, so feel free to drop in and ask more questions. I'm also going to pin this issue and rename it as a general PSA.

[jobegrabber]

Thanks for your reply and clarifying some things!
(And your yearslong work on benthos, too!)

Having bundles available on the licensing looks good - building seems to work fine.
Coincidentally did what's now mentioned in the update to benthos-plugin-example, so that works for me.

I'm still not sure about relicensing the contributions of others, but as I'm also not a lawyer, I'm not sure it's worth to expand in this issue.
I'll see if I can make it to the Q&A, thanks for setting that up!