Another month, another project quietly changing the terms under which you're allowed to use the thing you built half your stack on. I won't pretend to know every detail of the latest round of licence wrangling, the specifics shift week to week and I'd rather be vague than wrong, but the shape of it is familiar enough by now to write about without checking the exact clause. A widely-used piece of open infrastructure moves from a permissive or copyleft licence to something with "source available" in the name, the announcement is full of words like sustainability and stewardship, and a community spends the following fortnight working out how badly it's been had.
I've lived through enough of these now to have a settled opinion, and it's not the absolutist one. I don't think companies owe me free software in perpetuity. Maintaining infrastructure is expensive, the people doing it deserve to eat, and the old bargain where a cloud provider takes your open-source project, wraps it in a managed service, and sends you nothing but a feature request, that bargain was always unfair. I have genuine sympathy for the maintainers caught in the middle of it.
What I've lost patience with is the dishonesty in how these changes are dressed up.
"still open" is doing a lot of work
The recurring move is to relicence under something that is not an OSI-approved open-source licence, and then keep using the word "open" in every sentence around it. Source-available is a perfectly defensible business model. It is not open source, and the people choosing those licences know it is not, which is why the announcements are so carefully worded. You read three paragraphs of warmth about community before you notice that the thing you depended on yesterday now comes with a clause about competing with the vendor.
The damage isn't really to the big cloud providers the licence is aimed at. They have lawyers and they have forks. The damage is to everyone downstream who now has to read a licence to find out whether they're allowed to keep doing what they were doing. That's the trust that breaks. Not "this company changed its mind", companies are allowed to change their minds, but "I can no longer assume the licence on my dependencies is stable, so I now have to audit them".
what it actually costs me
Concretely, here's what one of these announcements triggers in my world. I go through my homelab and my work projects and I find every place the affected thing is a dependency. For each one I ask three questions. Am I using it in a way the new licence forbids? Is there a community fork that's already formed, and is it credible? And if I have to migrate, how much of my time does that cost, and who's paying for it? The answer to the last one is always me, in evenings, for nothing.
That last point is the bit that rankles. The relicensing is framed as protecting the project from freeloaders, but the bill lands on individual users and small teams who were never the freeloaders. The hyperscaler the clause is aimed at absorbs the change in an afternoon. I'm the one re-reading SPDX identifiers at 11pm.
forks are the real signal
The one genuinely healthy thing these episodes produce is a fork, and the speed and seriousness of the fork tells you everything about whether the project was ever really a community or just a company with users. When a credible foundation-backed fork appears within days, with named maintainers and a clear governance model, that's the community voting with its feet, and it usually thrives. When nothing forms, or three half-hearted forks splinter and stall, that tells you the "community" was always marketing.
I've started treating the licence as a first-class property of any dependency I adopt, the same way I'd look at maintenance activity or release cadence. Not "is it open source" as a tick-box, but "who controls this licence, what's their incentive, and what happens to me if they change it". It's more work up front. It's a lot less work than being surprised.
the boring conclusion
I don't have a clever answer. Permissive licences get exploited by people who give nothing back, and the response to that exploitation keeps being to punish the wrong people. The honest version of these announcements would say "we're moving to a source-available licence to protect our commercial position, here's exactly what you can and can't do now", in plain words, on day one. Some companies do roughly that, and I respect them more for it even when I dislike the outcome.
The ones that wrap it in the language of community and openness while quietly removing both, those are the ones that break trust, and trust doesn't relicence back. You can always change the LICENSE file back to what it was. You can't change back the fact that everyone now reads it before they depend on you.