from Hacker News

The Terraform Registry Terms of Service have been updated

by yankcrime on 8/31/23, 9:19 AM with 132 comments

  • by cube2222 on 8/31/23, 11:42 AM

    Hey!

    Just wanted to say that this doesn't impact OpenTF too much. It's an extra step we need to take before a stable release, but long-term it'll make us more decoupled, which is great.

    As someone else commented, all providers and modules other than Hashicorp's are hosted on GitHub and the registry is just a "redirector". We'll do something similar, other than some special handling for Hashicorp's providers.

    Also, I know you want us to finally publish the repo - we're working very hard to make this happen and it should be a matter of days now.

    Disclaimer: Work at Spacelift, and currently temporary Technical Lead of the OpenTF Project, until it's committee-steered.

  • by martypitt on 8/31/23, 10:37 AM

    Not the OP, but I suspect HN has trimmed the anchor link.

    > https://github.com/opentffoundation/roadmap/issues/24#issuec...

    That's the comment that made the issue clear -- specifically TOS were amended for https://registry.terraform.io to state:

    > You may download providers, modules, policy libraries and/or other Services or Content from this website __solely for use with, or in support of, HashiCorp Terraform.__

    ie., it looks like the intent is "You can't use OpenTF with registry.terraform.io".

    IMO, that feels a little petty. But, I guess if OpenTF is taking a position of "Use us instead of Terraform", then they shouldn't expect to get the usage of Hashicorps infra.

  • by jacquesm on 8/31/23, 11:00 AM

    Companies want the benefits of open source (massive community contributions, lower development costs, better security, community exposure, marketshare) but don't like the downsides (from their perspective: forks, lack of control, freeloaders etc).

    TOS changes like this are fine, it's their garden, but ultimately all they'll do is put even more power behind forks and alternatives. Because the people that were motivated to use OpenTF are now also going to offer an alternative registry, which results in further loss of control and community contact and shifts attention away from HashiCorp's offering. It's very difficult to pull off this sort of dual stance without each move that you make impacting some aspect of your operation in a negative way. You need to think this through very well from day one because any change later on could easily be perceived as the beginnings of an attempt to squeeze the installed base and once that is the impression you will lose users rapidly.

  • by jrudolph on 8/31/23, 11:12 AM

    Getting a lot of docker hub vibes from this one. HashiCorp is course within their rights. Can't be cheap to run the registry given the obscene size of some terraform providers.

    $ ls -lah terraform/providers/registry.terraform.io/hashicorp/aws/5.14.0/darwin_amd64/ total 368M

    Anyone have an idea of the reasons terraform needs a 370 MiB binary just to call REST APIs?

  • by zaphar on 8/31/23, 2:05 PM

    If I am a cloud provider and maintain a Terraform binding I now have a strong reason to target OpenTF over HashiTF as they inevitably begin to diverge. It's hard to see how Hashicorp survives trying to compete over a consortiom of companies for whom TF is a complement and not the product and are incentivized to use it as a free value add. Especially when those same companies are the primary targets for Terraform usage.

  • by r053bud on 8/31/23, 4:30 PM

    To me, this entire story was about HashiCorp updating their TOS without changing the "updated date" - which to me is reason enough to drop use of all products from a company. That being said, it does look like the updated date has been modified to reflect the change. So maybe it's not so "silent" anymore, or maybe they changed it because of the backlash here.

  • by m-p-3 on 8/31/23, 1:19 PM

    I mean it's reasonable for HashiCorp to limit who uses their infrastructure since they foot the bill for it. Google did a similar thing for the Chrome Web Store to download extensions when Microsoft released Edge, pushing Microsoft to host its own distribution channel.

  • by milliams on 8/31/23, 10:44 AM

    Even though this will likely prevent OpenTF from connecting to registry.terraform.io to get plugins, the source code for most (all?) plugins is still open source and actually stored on GitHub (e.g. https://github.com/terraform-provider-openstack/terraform-pr...).

    More work for OpenTF to get up and running, but also feels reasonable that HashiCorp wouldn't allow connecting to their service.

  • by hk1337 on 8/31/23, 2:46 PM

    Silently infers they're trying to sneak something in without everyone knowing but the discussion has been going on for a few weeks now, iirc? They just finally made the change they said there going to make or is this something else?

  • by dreamcompiler on 8/31/23, 1:34 PM

    Just another facet of the lovely enshittification diamond. Fortunately in OSS land, there's a deshittification tool called the fork.

  • by rwmj on 8/31/23, 12:04 PM

    What's the legal theory that allows HashiCorp to control the use of data after downloading it? Is it like if I offered MP4 files on my website that can be downloaded by anyone but added the condition you must view them in VLC only? (which I'm fairly sure would be unenforcible even if the MP4 files were proprietary content)

  • by bloopernova on 8/31/23, 1:16 PM

    The leadership at Hashicorp doesn't seem to "get" open source development, or at least doesn't seem to value the community of their customers.

    The change of license could have been attributed to them trying to protect their SaaS business if you squinted. But now they're saying "this is ours and you can't play", even though that hurts tf in the long run due to alienation of the community. I get that they need to generate revenue, but I don't understand how alienating their customers makes money even in the long term?

    Did leadership or ownership change recently?

  • by lucasfcosta on 8/31/23, 2:19 PM

    This is such a terrible move for the ecosystem as a whole.

    So now it means individuals using tools like Layerform and Terragrunt cannot use the registry anymore even though the software hasn’t changed at all?

    How will they even enforce that?

  • by tehalex on 8/31/23, 4:43 PM

    I wonder if there are some module authors who would like to pull their modules from the terraform registry as a result of this...

  • by jk563 on 8/31/23, 3:23 PM

    I've seen a lot about OpenTF and I applaud the (very large) effort to get a viable alternative in place in short order. Is anyone aware of corresponding projects for other tools in the HashiCorp suite?

  • by Igalze on 8/31/23, 7:12 PM

    Changing ToS w/o even updating the "update date" - not to mention releasing some announcement...

    Who does that? No really?

    Feels like the show is being run by lawyers who don't know how Internet works.

  • by solomatov on 9/1/23, 12:10 AM

    I don't exactly understand how you could use it for commercial use in the original license quoted in the thread:

    >You may download or copy the Content (and other items displayed on the Services for download) for personal non-commercial use only, provided that you maintain all copyright and other notices contained in such Content. You shall not store any significant portion of any Content in any form.

    Does personal non-commercial use allow use for work purposes somehow?

    P.S. Just curious.

  • by newsclues on 8/31/23, 11:28 AM

    Corporations double down on stupid.

  • by Octabrain on 8/31/23, 11:00 AM

    I had Hashicorp in my mind as a cool and respectful company. These recent events have made to reconsider and throw them into the same bag as Oracle. I find this pretty sad.