CockroachDB License Change

I understand the goal, and the perceived abuse of the Core edition. But the problem with the Enterprise edition is that it's quite expensive, "contact us" salesy, and it feels like taking a bite of this edition is possibly getting into bed with a future Oracle/landlord type of relationship where you end up squeezed by your database vendor.

The Core offering made this palatable, one could fallback to Core features if the relationship with Cockroach Labs degraded, which made it possible to entertain the Enterprise license since there's was a way to walk back from it. But now there's no such mitigation available. By using non-PG native features, users of the Enterprise edition are accepting to get in bed with Cockroach Labs for effectively forever (databases), a single provider that has no competition.

I think this may backfire, as it now seems imprudent to go all in on Cockroach Labs. They may be nice folks today, but who knows who will run the place in 5y when the next round of squeeze comes?

I wish them the best, they're a great team and I always liked the project and toyed with it for years, and currently am involved with a paid Enterprise license. But this change in the dynamics is really giving me pause.

Getting in bed with a single vendor for an incredibly sticky tool comes with a _lot_ of risk. It took at least 17y for Amazon to get rid of its last Oracle database: https://aws.amazon.com/blogs/aws/migration-complete-amazons-...

That's another company that feels like they don't want to be an OSS company after all. After Elastic, I pay more attention to contributor agreements. Basically I consider any project that requires transfer of copyright for OSS contributions as likely to change their license at some point. It's fine; I'm not against that sort of thing and I sometimes pay for software. But I like to know what I'm getting into before and I don't appreciate the bait and switch. It also guides decisions as to what I contribute to actively.

I do a simple sanity check with any OSS software before using it:

- Make sure there is no contributor agreement requirements. This is a gigantic red flag that the license can and probably will be changed at some point.

- Make sure the license is not overly restrictive (like AGPL). I appreciate people have good reasons for picking this license; but it comes with some serious restrictions in a commercial environment. And like it or not, a lot of companies have active policies against this. Either way, I avoid anything with this license.

- Make sure the project is actively maintained. You don't want to get stuck with unmaintained software. Replacing dependencies is a PITA.

- Make sure the project is not overly dependent on VC funding. Startups fail all the time at which point anything they worked on turns into abandon ware.

- Ideally, make sure the project has a healthy diverse group of committers. Healthy here means more than one company is involved. Most projects that fail one or more of the above tests usually aren't very healthy in this sense.

> Does this mean that CockroachDB is no longer open source?

> CockroachDB will remain source available under a new license. While the new license is a proprietary enterprise license, the source code will still be available for viewing and contributions.

The word you're looking for is "yes".

We will probably end up removing CockroachDB from our infra due to this change. It also makes me a bit worried about their long term viability. How much ARR does CockroachDB have and what was their last round valuation...?

Probably a good move. I'd looked at Cockroach before for a project - they basically disqualified themselves from the start by nerfing the "core" version so bad it was useless, while Enterprise was some absolutely insane figure for a cash-strapped startup. While it was possible to hotfix the code to get around their restrictions - we eventually just used something else.

This at least gets the full-fledged product in the door at startups. Say what you want about the timing or the BSL but I think this makes sense business-wise.

Overall I feel like this is a step in the right direction.

I do love Cockroach, but the old licensing model was pretty brutal if you required any enterprise features (ex: incremental backup).

For reference, some other data stores doing "horizontal scale of writes" ..any others I'm missing ?

* MySQL: Vitess, Planetscale, TiDB, MariaDB Spider

* Postgres: Citus, YugabyteDB, YDB, Neon

* SQLite: mvsqlite, marmot

* Document: ScyllaDB, Cassandra, DynamoDB

> On November 18, 2024, we will eliminate our Core offering and consolidate on a single, robust CockroachDB Enterprise license

That is incredibly short notice.

I posted it on Twitter, but I feel like revenue-based licensing models unnecessarily push the compliance burden onto the user. It's an honor system, and even they admit it [0]; even Unity, who also uses a revenue-based model, admits it [1]. I'd prefer licensing models that are able to automatically segment users into customers at the software-level, such as a feature-based or usage-based model. For example, they could segment on CPU count or disk size, requiring an Enterprise offering for databases or clusters over a certain threshold.

But completely doing away with Core and requiring license keys even for free users [2] (which I assume is for revenue auditing purposes) ... I feel like that's a big step backwards. All of this because their Enterprise offering seemingly wasn't valuable enough (or from the comments -- it was too expensive).

I'd of focused there, on making Enterprise more valuable or more accessible, instead of doing something this drastic.

AFAICT, they're also doing away with BUSL and DOSP [3], which is a big bummer.

[0]: https://techcrunch.com/2024/08/15/cockroach-labs-shakes-up-i...

[1]: https://www.reddit.com/r/Unity3D/comments/82mfwh/how_could_u...

[2]: https://www.cockroachlabs.com/blog/enterprise-license-announ...

[3]: https://opensource.org/dosp

VictoriaMetrics CTO here.

I don't understand why pure open-source license such as Apache2, MIT or BSD should be replaced with some source available license in order to increase profits from enterprise support contracts:

- The license change won't force cloud companies signing the enterprise agreement with you in most cases. If they didn't want paying you before the license change, why they will change their mind after the licence change? It is better from costs and freedom perspective forking open-source version of your product and using it for free like Amazon did with Elasticsearch.

- The license change leads to user base fragmentation - some of your users switch to forks run by cloud companies. Others start searching for alternative open-source products. So, you start losing users and market share after the license change.

- The license change doesn't bring you new beefy enterprise contracts, since it doesn't include any incentives for your users to sign such contracts.

That's why we at VictoriaMetrics aren't going to change the Apache2 license for our products. Our main goal is to provide good products to users, and to help users use these products in the most efficient way. https://docs.victoriametrics.com/goals/

I'm really not a big fan of holding backups and DR behind licensing. That's base level functionality. That and row level security, but at least with row level, I get that there has been a lot of time and energy expended on that feature.

Cluster optimization, and enhanced security sure. And responsive support, absolutely.

So the obvious question is, which big shops were using the Core version that ended up prompting this change? I know of one or two but I'm curious if there are some obvious big fish.

Finally all Open Source pretense is dropped. CockroachDB becomes Enterprise+Cloud database company with a free tier, not dissimilar from Oracle.

The revenue driver as a driver for freemium tier is interesting as it seems like it would require company to regularly disclose their revenue to CockroachDB which looks intrusive.

Enforced telemetry for free users? That's gross.

As much as this has the vibes of a classic OSS rug pull, as a Cockroach user, I don’t really take it that way. First of all, it was already not open source and secondly, the free to use version was missing key features like follower reads and incremental backups.

Free license:

> Telemetry Required (excluding ephemeral clusters of 7 days or less)

So not free, then.

Is there already a popular fork?

Yup - another "Contact Us" for pricing. God forbid if your business grows more than 10 Million ARR and now you owe them undisclosed amount of money.

I think the reality is, only exceeding common codebases (Linux and Postgres for example), can survive with an open source model. If the value created by the product is 1M times greater than the costs, fine, a way to support it will materialize. Otherwise, economics take over and people need to get paid. The fact that source is publicly available is largely irrelevant.

You need an enterprise that's already decided to use CockroachDB if your trial offer is only 30 days long. We've barely walked around the car & kicked the tires before that trial runs out; it's not respectful of the time it takes enterprises to move at all.

I guess I don't get it. CockroachDB is decidedly an enterprise product. There's no need for even a medium sized company to require distributed database the likes of CockroachDB. If you're a small company using it, you're just using it for fun, and you're probably not paying.

If you're using it and paying for it, then this doesn't seem like a problem. If you're not using it, then it shouldn't matter. If you're using it but not paying for it, then maybe it's okay that you have to start paying for it.

It seems a shame that to grow, companies are backing away from the vector that got them there: open source.

I agree that current cloud providers are gaining more benefit from open source than they're putting in. So, it seems logical that the main developers want to recapture some of that.

On the other hand, open source is supposed to help build a bigger pie. If the pie gets bigger faster (i.e. more people using CockroachDB) then is the recapture worth it?

It seems the smaller companies think so. But, I don't know of a solid analysis that shows this to be true.

Wow, what a rug-pull! Good luck to Cockroach Labs, but I doubt their product is entrenched-enough to make this strategy sustainable - it's going to _kill_ growth.

It's a surprising and very welcome change. Most will benefit.

If you have more than $10M revenue, why on earth would you run the limited open core version of CochroachDB just to save some $1K-$10K (which is about the enterprise license cost). The open core version has limitations you don't want to miss esp. reg. backup and restore, encryption, follower reads. Now all those features are available for free if you're small.

Anyone here migrated to TiDB from cockroach and can share experience? Asking for a friend…

I'm guessing the Required Telemetry thing is gonna cause a technical/security problem too. Most production databases would be running in private isolated networks with no inbound or outbound internet access on the VMs, and because of this requirement, they'll have to open outbound access to at least Cockroach's IPs.

I worked with the cockroachdb founders at a previous company.

They’re clowns.

I am a great fan of scaling vertically as far sa possible on DB servers. These days that is pretty damn high. It avoids a lot of prickly edge cases.

It is definitively not one solution for all. There are many cases where it just won't work.

I would like to see more IBM Z servers being used. $$$$$$$$ though

If you prefer mysql sql flavour, pingcap has titanium db(tidb) alternative.

I'm trying to figure out how this is better than Postgress ?

Does it perform significantly better to justify the cost? Back in the day I worked heavily with databases and we always tilted towards open source.

> Even by conservative estimates, the vast majority of the world’s businesses will meet the eligibility requirements for the Enterprise Free Tier license

This feels dishonest. What percentage of the world’s business need a system like CockroachDB? Of those, what percentage are under 10 million in revenue?

Amidst the frequent noise - its hard to notice that even the most stringent of OSS licenses like AGPL was written way back in 2002! Cloud was not even in the picture. Since then, ever growing cloud players have been playing the 'state' role and misusing OSS as 'religion' heavily affecting infra OSS products or companies.

I spotted this company in their seed stage and wanted to invest. The founders asked us to provide names for reference checks, etc - a bit unusual, but we were almost done with the commitment, so why not?

After quite a lot of work, introductions, and back and forth, they told us: sorry, Google Ventures is investing and we're kicking everyone else out, despite we expected an allocation at that point (50k, not very large). Not nice by them, and not nice by GV, but... Just another lesson learned in the epicenter of startup investing which is San Francisco. This was Feb 2015. Wow, almost 10 years ago. Time flies.

I am still happy to see they've been successful at building the company. I loved the product from the very beginning.

The FAQ that asks "What telemetry data will be collected, and how will it be used?" never answers the first half of the question in its marketese blurb. You failed the "ask yourself a question and answer it" part of the exam.

Dancing around the "so it's not open source" by not clearly saying "correct, it's no longer open source".

"CockroachDB will remain source available under a new license" sounds correct but it's still sidestepping the question. And "the source code will still be available for viewing and contributions" is completely shit. Why would anyone contribute to a commercial product unless they're getting paid to do so.

Also, the use of this kind of "evolving our" and "advancing our" phrasing is so incredibly gross. No one speaks like this except in corporate announcements.

I like the technology here, but at the same time I feel like they've been on this trajectory since the beginning. It's just another VC-backed company using open source for marketing, without any legitimate desire to actually be open source. At least now they've pulled the wool off of it.

This made me wonder about postgres. Is Postgres at risk of being taken over by some corporate? What can we learn from all these free open-source databases that has gone enterprise commercial.

I just don't understand why they didn't go with a copyleft license like SSPL; is it because they're worried too many people will self-manage in the Enterprise and not pay them?

Ensure your data is secure with our mandatory telemetry. No deal.

WRT CockroachDB Enterprise Free's telemetry requirement:

> Required (excluding ephemeral clusters of 7 days or less)

Does that mean the cluster will stop working when it can no longer report?

I get wanting large companies and cloud providers to pay, but mandatory telemetry collection in the self-hosted version of the product is an absolute non starter.

How to comply with telemetry in air-gapped environments?

What are the remaining use cases for CockroachDB where there isn't a better/open-source alternative?

Are any of the databases certain (as certain as one can be) to stay open?

I've never seen this database used by anyone in real life.

predictable and pretty good business move.

these things are easy to evaluate - 1. what's your appetite in running infra ? low - then use the SAAS offering 2. doable - then use a db that has good scalable solutions in this case mysql -> vitess since those products don't come from a database vendor. mongo might qualify too

It seems cockroach was aptly named

It's honestly getting tiresome reading about yet another company that rides on the wave of open source for popularity and growth, but only for as long as it suits their own bottom line. Just like every other example, the page is filled to the brim with borderline unparsable marketing speak and, excuse my french, pure bullshit. Here's an example:

> we are updating our licensing model to better serve our diverse community of users

One could hope that whoever wrote this at least had the decency to blush while doing so. So here's what's actually happening, as I understand it at least:

CockroachDB used to be split into "Core" and "Enterprise". Core was Apache 2.0 licensed (open source), Enterprise was BSL (fake open source, "source available", bullshit). After three years, BSL code becomes real open source. This setup that they are sunsetting is already pretty restrictive, and is by no means uncontroversially "open source".

The New And Improved(tm) idea they have to "better serve" their "diverse community of users" is even worse: it's free as in beer to use, but other than that it's completely proprietary, and it also includes *mandatory telemetry* for non-paying users. Any reference to "open" in regards to this product is a complete lie, because being able to read the source code does not make a product open source -- Microsoft allows you to read their code too, if you sign a piece of paper with them.

I've never used CockroachDB, but I'm glad I saw this, because now I know there's a 0% chance I will ever consider using it.

I like this part:

"4. Does this mean CockroachDB is no longer open source?

CockroachDB will remain source available under a new license. While the new license is a proprietary enterprise license, the source code will still be available for viewing and contributions."

I mean... "The answer is kinda sorta 'No', but we really would prefer not to phrase it like that."

Mandatory telemetry?

Friendly reminder that if you contributed code but signed a contribution agreement (which assigns copyright on the code contribution to cockroachlabs) you’ve got nothing to complain about.

Never sign contributions agreement: it will be used against you when the license inevitably get changed.

at least should still cover a lot of businesses under the free tier

> Individuals and businesses, under $10M in annual revenue, can use CockroachDB Enterprise for free

They're following the Mongo playbook

Yeah no thanks, I'll stick with Postgres

Thank God I stuck with Postgres lol

another open source project has died. At least we will always have Postgres.

I'm not even going to read this, we all know what it is and we all know it's just the first step in a long series of very shitty changes, expect all new development to be in the "contact us" tier.

Ignorance was maybe excusable the first 15 times, but if you keep falling for corporate owned rug-pull OSS packages in 2024, you deserve what's coming for you.

Weird databases are NFTs for startup founders. You're not too cool for Postgres. Use it.

Another database fails to be better and ends up worse. This is why we use DAL agnosticism.

I always use good ol’ MySQL. If anything happens can hop to Maria

"Open-source" in 2024 is a synonym for "ransomware."

It's still nice that I can audit the code and contribute (unpaid) changes, but I no longer assume anyone is acting in good faith.