Potentially heralding a fundamental shift in definitions of open source, HashiCorp moved to more restrictive licensing for infrastructure-as-code (IaaS) tool Terraform in 2023. The Cloud Native Computing Foundation (CNCF) has since cited more risk and pressure to evaluate options, especially for single-supplier open source offerings.However, Amanda Brock, chief executive officer at open source-championing non-profit OpenUK, argues that datacentres should be using more open source-related tech, not least because it could slash carbon emissions.When youre able to use the specs openly and collaboratively to build something, you also can use the data that enables you to know when and how you can best use power, she says.Although big companies have been accused of strip-mining open source, not giving back enough of a share of the revenue, Brock says it seems unlikely that licensing requirements might change to deter datacentres from open source.Im not going to say theres no risk [of this], but weve also seen one of the first companies to move to Elastic come full circle. Having moved away from open source, then having been able to resolve things with AWS, who they were blaming, Brock says. So, I think its a smaller problem than the impression given.The critical shift in 2024 might be the counter-move to forking the result of the HashiCorp move was a fork to OpenTofu. That said, it has always been difficult for firms that have set up as open source to stay pure and true to that ideal, she adds.If youre using a project thats got a number of big corporates using it, were increasingly going to see anybody who risks shifting their licence hammered by forks. That can completely change the marketplace, she says.Forking was once considered the nuclear option for avoiding a specific leadership direction on software. Taking the same code, devs create a branch in the repository, and the organisation essentially goes in two directions at that point, with maintaining, updating and similar tasks done in the individual projects. Sometimes this does not work, and the projects re-emerge later on.It is a lot of work, and a big deal. In the 30 years or so...of open source, there have only been something like half a dozen successful forks, Brock says, citing Amazon Web Services (AWS) and Elasticsearch, Redis and Valkey. OpenUKs February event OpenCon may discuss related issues.Peter Zaitsev, founder of open source database supplier Percona, broadly agrees. Some folks may just have to pay up but that is often not how it happens for important open source projects. Alternatives are being created.Even if suppliers do pull a fast one on projects critical for the open source ecosystem, with strong communities the fork option will simply become more popular in the next couple of years, citing the Elastic drama which ended with re-releasing under a more restricted open source licence.In the case of Red Hat Enterprise, the move fed further development in enterprise Linux alternatives, he adds.The likes of PostGreSQL may not have all Oracles features but can still cover off most organisational needs. And for many users of WordPress or similar, whether its actually open source likely does not matter, Zaitsev points out.Colin Eberhardt, chief technology officer at software consultancy Scott Logic, is willing to bet that 70-95% of datacentre software is already open source related, given the prevalence in standard enterprise software.Even in investment banks, roughly 70% applies and theyre pretty careful about the code they run, Eberhardt says. You write a small amount of code that sits on top of a largely open source stack these days, regardless of industry.Cloud infrastructure, software and platform engagements may have a lot more code running, of course, but also a regular colocation-type datacentre is likely simpler. Any resulting problems from licensing challenges can be resolved in multiple ways not least because licence changes to free and permissive open source only roll forwards, he says.Yes, they can then change the licence and say, from this point onwards, youre not free to use it, you must meet these conditions or pay this money, Eberhardt says. But there are high-profile cases of forks occurring, including OpenTofu, because of arguments about licensing and who makes the money.If it really is open source, organisations remain free to look after it themselves if they have the capability. And, at the same time, there are bigger risks open source use can expose organisations to, because, as Eberhardt adds, with a lot of open source software, there are no future obligations.For instance, a poorly maintained open source project is an attack vector. At the same time, most of the supply chainattacks which have begun to multiply in recent years are not random, but targeted.If I wanted to do an interesting attack, Id look at something used in infrastructure projects that would get me into datacentres, banks and things like that and take everybody down, says Eberhardt. Concerns about licences are not wrong, but relatively minor.What should open source users be doing, then?Eberhardt says organisations need to better understand their open source usage, especially if they rely on it. Is it run in a sustainable way? Is there a single-person dependency somewhere? Licensing is the easy box to check.I have worked on projects where there was a framework that they picked that was a core component, and we looked at it and it was only maintained by one person. And I asked whether anyone knows who that person is, he says.Consider popular Linux Foundation projects and subgroups, for example, and work out any related risks and how to mitigate them. Could the organisation maintain the setup if it fell apart? Are sections of code interchangeable?For large organisations, requirements might be fairly rigid. Smaller firms might suffer more from developers making unilateral decisions on downloading things to patch something over or the like. Part of the answer there is to ensure everything is properly and fully documented.Im amazed that people dont actually know what code theyre using, where its come from. So, thats definitely the first step, or if youre releasing an enterprise application, understand what code youre actually using. Learn a bit more about that code, he says.If 90-odd percent of the code youre running was written by someone else and given to you for free, you need to invest some time into understanding the dynamics of that relationship.Jad Jebara, co-founder, president and CEO of cloud-based datacentre infrastructure management (DCIM) company Hyperview, underlines that open source and open source standards have been instrumental for innovation. So, its not about ditching anything open source to avoid related risk.For so much open source now, its supported commercially, and there are reasons why, including that not everybody has staff to do all the techie stuff, he says.Without open source, the internet as we know it, the infrastructure, the digital economy doesnt exist. So, now on the hardware level, with the Open Compute project, you need scale to manufacture the hardware standards, but it drives innovation, sustainability and the density in the datacentres and that will never change.Which is not to say the developer compensation model does not resent problems. Going from an open source towards for profit changes the use model and makes it harder to understand the intricacies of data security, data residency and financial remuneration, Jebara says.Initiatives such as the Apache and Linux foundations that drive cloud native do good work, but its not enough from a licensing perspective, or for cyber security and vulnerability management. User organisations must ensure they know whats inside the tech they use: Is anything end of life, or end of service or support, for example?Therefore, depending on the business model, more stringent licensing can be a net benefit to the user, especially when certain assurances are part of a more commercial package.Its really about the allocating of your resources. And not every datacentre is created equal, Jebara says. But most of it is not going anywhere, including from the datacentres.Read more about open sourceLinux Foundations decision to ban Russian maintainers has the potential to destroy open sources global collaboration model.As open source matures, the Cloud Native Computing Foundation is grappling with issues ranging from licence rug-pulling and the rise of artificial intelligence to the changing dynamics of open source contributions.