RedHat Limits Access to RHEL Source Code, Sparks Controversy in Linux Community

posted by Arindam Giri on Jun 22, 2023,
updated Jun 30, 2023

RedHat has made a significant announcement today that is set to shake up the Linux community. In a move that may not sit well with some users and developers, Red Hat has decided to limit access to Red Hat Enterprise Linux (RHEL) source code. Going forward, CentOS Stream will become the exclusive repository for public RHEL-related source code releases.

Read on

Update (by Roy)

Some follow-ups on this:

• AlmaLinux's response to Red Hat's policy change [Ed: See the comments]

  The AlmaLinux organization has posted a message describing the impact of Red Hat's decision to stop releasing the source to the RHEL distribution and how AlmaLinux will respond.

• Red Hat Takes Aim at Rocky Linux & AlmaLinux, Restricts RHEL Code Access

  CentOS started out as a downstream, RHEL-compatible community enterprise distro. The project eventually joined Red Hat but remained independent. In 2020, however, Red Hat killed CentOS and announced CentOS Stream, a replacement option that is upstream of RHEL instead of downstream as the original CentOS was.

  CentOS creator Gregory Kurtzer created Rocky Linux in response, and CloudLinux created AlmaLinux, both of which are RHEL-compatible downstream distros that fill the same role as the original CentOS.

  Since Red Hat has no control over Rocky Linux or AlmaLinux, it appears the company is taking aim at them by restricting RHEL source code access to CentOS Stream. This will make it more difficult for Rocky and Alma to maintain the 1:1 compatibility they currently have with RHEL.

3 more:

• Dear Red Hat: Are you dumb?

  So at this point, I have to say: fool me once, Red Hat—shame on you. Fool me twice?

  At this point I'm determining whether I want to continue supporting just Fedora, or just dropping all support for RHEL and RHEL-like distributions on my open source projects. It's not worth the hassle if I'm not even sure projects like Rocky or Alma Linux can fill in the gap left by CentOS's demise for users like me.

• Impact of RHEL changes to AlmaLinux

  This change means that we, as builders of a RHEL clone, will now be responsible for following the licensing and agreements that are in place around Red Hat’s interfaces, in addition to following the licenses included in the software sources. Unfortunately the way we understand it today, Red Hat’s user interface agreements indicate that re-publishing sources acquired through the customer portal would be a violation of those agreements.

• Rocky Linux Expresses Confidence Despite Red Hat's Announcement

  Rocky Linux, a prominent community-driven open-source distribution of Enterprise Linux (EL), remains confident in its ability to continue as a bug-for-bug compatible and freely available alternative to Red Hat Enterprise Linux (RHEL), despite changes in accessibility. Red Hat’s announcement yesterday states that the sources for RHEL will no longer be accessible from git.centos.org. While this decision does change the automation we use for building Rocky Linux, we have already created a short term mitigation and are developing the longer term strategy. There will be no disruption or change for any Rocky Linux users, collaborators, or partners.

From Red Hat staff:

• Adam Young: RHEL, Rocky, and CentOS

  When talking about Rocky Linux or other distros based on RHEL,
  I don’t think that it is a good idea to paint any one person as the bad guy or that they are the bad guy or operating in bad faith. I do not think this is the case with any of the people behind Rocky.

  I was in sales at Red Hat during this time, and I winced when I heard the announcement. While Stream was and is a great step forward, closing off the Open But unsupported CentOS option was bad for Red Hat’s business. Instead of walking into an organization built around Yum and RPM, and the tools that managed them, we’d end up waling into organizations built around apt and .deb.
  
  As A Linux guy, I don’t care. As Red Hat employee, I did.

Also RedHat.com/Fedora 'community':

• Fedora Magazine: How to use Testing Farm outside of RHEL

  Continuous integration in public projects is widely used. But it has limitations such as the size of the resources and the execution time. For instance, when you use GitHub actions free tier, you are limited to agents with 2cpu and 7GiB of memory and a total execution time of 2000 minutes per month. Similar limitations are used by other CI providers like Azure Pipelines or Travis CI. The mentioned CI systems are popular. But for some use cases, free tier is not enough. Fortunately, for community projects which are maintained or co-maintained by Red Hat or Fedora/CentOS projects, there is Testing Farm.

FOSSPost:

• Red Hat is Shooting Itself in the Foot, Again

  3 long years have passed since the CentOS project - directed by Red Hat after being acquired by IBM - announced the shift towards CentOS Stream and ending support for its regular CentOS releases. A lot has happened since. Derivative communities emerged like Rocky Linux, Alma Linux and others.

It's FOSS:

• Red Hat's Source Code Lockout Spells Disaster for CentOS Alternatives: Rocky Linux and AlmaLinux in Trouble?

  Red Hat is known for its offerings, such as Red Hat Enterprise Linux (RHEL), CentOS, OpenShift, and more.

  While they are still a good part of the open-source and Linux, they do not have a clean reputation with decisions affecting the rest of the community. For instance, the decision to introduce CentOS Stream as an upstream to RHEL and kill off Cent OS.

  Also, the Red Hat layoffs were pretty recent.

  What's Happening: In a recent announcement, Red Hat announced that CentOS Streamwill now be the only repository for RHEL-related source code releases 😲

DevNews (Web Pro News):

• Rocky Linux Promises No Disruptions From Red Hat Restricting Source Access

  Gregory Kurtzer, Rocky Linux founder and chair of the board of the Rocky Enterprise Software Foundation, slammed Red Hat’s decision to restrict RHEL’s source code behind a paywall.

  “I believe that open source should always be freely available and completely stable. It should never be hidden behind a paywall, nor should it be controlled by a single company,” said Kurtzer, founder of the Rocky Linux project and chair of the board of the Rocky Enterprise Software Foundation, which hosts the project. “Red Hat’s decision to limit the distribution of their sources has created a minor inconvenience for the Rocky Linux team, but due to fast development and an amazing group, there is no disruption to Rocky Linux users. Moving forward we are becoming even more stable, supported, and secure.”

SFC's response:

• Kuhn: A Comprehensive Analysis of the GPL Issues With the Red Hat Enterprise Linux (RHEL) Business Model

  Over on the Software Freedom Conservancy blog, Policy Fellow and Hacker-in-Residence Bradley M. Kuhn analyzes the recent changes to Red Hat Enterprise Linux (RHEL) source availability in light of the GPL. It contains some interesting information about two alleged GPL violations that came about because the company's business model is structured in a way that brings it too close to non-compliance with the license, he said:

• A Comprehensive Analysis of the GPL Issues With the Red Hat Enterprise Linux (RHEL) Business Model

  For approximately twenty years, Red Hat (now a fully owned subsidiary of IBM) has experimented with building a business model for operating system deployment and distribution that looks, feels, and acts like a proprietary one, but nonetheless complies with the GPL and other standard copyleft terms. Software rights activists, including SFC, have spent decades talking to Red Hat and its attorneys about how the Red Hat Enterprise Linux (RHEL) business model courts disaster and is actively unfriendly to community-oriented Free and Open Source Software (FOSS). These pleadings, discussions, and encouragements have, as far as we can tell, been heard and seriously listened to by key members of Red Hat's legal and OSPO departments, and even by key C-level executives, but they have ultimately been rejected and ignored — sometimes even with a “fine, then sue us for GPL violations” attitude. Activists have found this discussion frustrating, but kept the nature and tenure of these discussions as an “open secret” until now because we all had hoped that Red Hat's behavior would improve. Recent events show that the behavior has simply gotten worse, and is likely to get even worse.

2 more stories:

• Removing official support for Red Hat Enterprise Linux

  For all of my open source projects, effective immediately, I am no longer going to maintain 'official' support for Red Hat Enterprise Linux.

  I will still support users of CentOS Stream, Rocky Linux, and Alma Linux, as I am able to test against those targets.

  Support will be 'best effort', and if you mention you are using my work on Red Hat Enterprise Linux, I will close your bug/feature/support request as 'not reproducible', since doing so would require I jump through artificial barriers Red Hat has erected to prevent the use of their Linux distribution by the wider community.

• Red Hat strikes a crushing blow against RHEL downstreams

  A superficially modest blog post from a senior Hatter announces that going forward, the company will only publish the source code of its CentOS Stream product to the world. In other words, only paying customers will be able to obtain the source code to Red Hat Enterprise Linux… And under the terms of their contracts with the Hat, that means that they can't publish it.

  In the opinion of the Reg FOSS Desk, the blog post itself is so full of corporate language that it borders on obfuscatory. However, we've contacted the Red Hat press office, and the company confirmed that the release does say what we got out from reading between the lines. This is very bad news for downstream projects which rebuild the RHEL source code to produce compatible distributions, such as AlmaLinux, Rocky Linux, EuroLinux, and Oracle Unbreakable Linux.

GPL questions:

• Red Hat in violation of the GPL? Discuss!

  Red Hat in violation of the GPL? Discuss!

STH:

• IBM Red Hat Puts RHEL Source Behind Paywall

  This week, IBM Red Hat made a big move. This is one of those moves, that, at the same time, our readers should have been prepared for. Red Hat moved RHEL source code behind its paywall for subscribers. This has huge implications for Alma Linux, Rocky Linux, and others seeming to leave only CentOS Stream, a testing release, as an avenue for IBM Red Hat’s source code. One thing is clear, IBM Red Hat does not want folks running anything in its ecosystem unless they are paying customers.

Hackaday:

• Et Tu, Red Hat? | Hackaday

  Sounds innocuous, but what’s really going on here? Let’s have a look at the Red Hat family: RHEL, CentOS, and Fedora.

  RHEL is the enterprise Linux distribution that is Red Hat’s bread and butter. Fedora is RHEL’s upstream distribution, where changes happen fast and things occasionally break. CentOS started off as a community repackaging of RHEL, as allowed under the GPL and other Open Source licenses, for people who liked the stability but didn’t need the software support that you’re paying for when you buy RHEL.

  Red Hat took over the reigns of CentOS back in 2014, and then imposed the transition to CentOS Stream in 2020, to some consternation. This placed CentOS Stream between the upstream Fedora, and the downstream RHEL. Some people missed the stability of the old CentOS, and in response a handful of efforts spun up to fill the gap, like Alma Linux and Rocky Linux. These projects took the source from git.centos.org, and rebuilt them into usable community operating systems, staying closer to RHEL in the process.

ITWire:

• IBM-owned Red Hat cracks down on access to RHEL source code

  McGrath offered the following explanation for the announcement: "Before CentOS Stream, Red Hat pushed public sources for RHEL to git.centos.org. When the CentOS Project shifted to centre on CentOS Stream, we maintained these repositories even though CentOS Linux was no longer being built downstream of RHEL.

  "The engagement around CentOS Stream, the engineering levels of investment, and the new priorities we’re addressing for customers and partners now make maintaining separate, redundant, repositories inefficient. The latest source code will still be available via CentOS Stream."

  Given that CentOS Stream is upstream of RHEL, they will be exactly the same only for a brief period after a release of RHEL leads to synchronisation of their code.

  Red Hat's community distribution, Fedora, is upstream of CentOS Stream which means that it will be even less likely to have the latest packages and bug fixes.

Former Red Hat, Zonker:

• [Former Red Hatter] Joe Brockmeier: Red Hat and the Clone Wars

  It’s been an exciting week for people who care about Linux distributions, FOSS licensing, FOSS distribution, FOSS business models, and the future of open source in general. Red Hat’s announcement that CentOS Stream will be the sole repo for public RHEL-related source code releases has generated a lot of chatter and exposed a lot of misconceptions about what the GPL requires and doesn’t.

  Sadly for you, dear reader, I have a lot of thoughts on this topic and plan to tackle them in stages here on the blog. Going to start with some really common misconceptions / questions and answers as I understand them. Note that I am not a lawyer, and I no longer work at Red Hat. If you see something inaccurate, please feel free to comment and I’ll make any warranted corrections.

  Doesn’t Red Hat have to release RHEL source code publicly?

  No. The GPL requires distributors to provide source code to those entities it has provided the GPL’ed software to, but no one else is entitled to those changes, not even the original authors.

Red Hat responds:

• Red Hat’s commitment to open source: A response to the git.centos.org changes

  I spent a lot of time walking this weekend thinking about the reaction from our industry to my last blog post. We’ve been called evil; I was called an IBM exec who was installed to turn Red Hat closed source — and that’s only the “nice” stuff. So let’s clear things up.

Slashdot discussion:

• Red Hat Enterprise Linux Sources Will Now Be Available To Paying Customers Only - Slashdot

  "CentOS Stream will now be the sole repository for public RHEL-related source code releases..." Red Hat posted this week on its blog, arguing that "The engagement around CentOS Stream, the engineering levels of investment, and the new priorities we're addressing for customers and partners now make maintaining separate, redundant, repositories inefficient."

  Long-time Slashdot reader slack_justyb notes this means patches and changes will now hit CentOS Stream before actually hitting RHEL, which "will make it difficult for other distributions such as Alma Linux, Rocky Linux, and Oracle Linux to provide assured binary compatibility as their only source now will be ahead of what RHEL is actually using."

"Red Hat Going Closed-Source":

• AlmaLinux Responds to Red Hat Going Closed-Source

  AlmaLinux has weighed in on Red Hat’s controversial decision to restrict access to its source code, saying the community distro will need to come up with “a new solution.”

  Red Hat riled the Linux community with news that it would restrict access to Red Hat Enterprise Linux (RHEL) source code to paying customers. The news immediately cast doubt on Rocky Linux and AlmaLinux, two community enterprise distros that offer 1:1 compatibility with RHEL.

  Rocky Linux quickly posted a message reassuring users that everything would continue on and that customers would not be impacted by Red Hat’s change. AlmaLinux has similarly weighed in, although the organization is taking a measured approach. Writing for the AlmaLinux OS Foundation, Board Chair benny Vasquez highlighted what many others have noted, namely that the RHEL license appears to prohibit “re-publishing sources acquired through the customer portal,” likely eliminating the possibility of simply acquiring an RHEL license and using it to maintain AlmaLinux.

Damaging control, face-saving moves:

• Red Hat Boosts Free Developers Subscription to 240 Systems

  Red Hat has quietly expanded the number of entitlements in the Developer Subscription for Individuals program from 16 to 240.

  Red Hat Enterprise Linux Individual Developer Subscription is an initiative launched by Red Hat in February 2021, two months after the company discontinued the existence of CentOS. The goal is clear – to give CentOS users a free alternative to migrate their systems to RHEL.

  After signing up in the Red Hat Customer Portal, the program allows you to freely download, install, and register Red Hat Enterprise Linux. Then you can freely use it and receive updates for it.

LWN discussions:

• McGrath: Red Hat’s commitment to open source

  Red Hat's Mike McGrath responds to the many criticisms aimed at the company since it changed its policy regarding RHEL source code.

This does not go well for Red Hat:

• I'm done with Red Hat (Enterprise Linux)

  The community of CentOS users—myself included—were labeled as 'freeloaders', using the work of the almighty Red Hat corporation, without contributing anything back. Don't mind all the open source developers, Linux kernel contributors, and software devs who used CentOS for testing and building their software. Also ignore the fact that Red Hat builds their product on top of Linux, which they didn't build and don't own.

  I almost wrote off Red Hat back then. It felt like someone stuck a knife in my back.

  This past week, Red Hat took that knife and twisted it hard, when they published this blog post. Let there be no mistake: this was meant to destroy the distributions the community built to replace what Red Hat took away.

By former Red Hat staff (Zonker):

• Joe Brockmeier: Red Hat and the Clone Wars II: A history of the early 2000s Linux landscape

  After Saturday’s post I wanted to take a step back and talk about some history that many have either forgotten or weren’t familiar with in the first place. Some may remember it quite well, but haven’t quite gotten the lessons right the first time around. Let’s talk about Red Hat Linux and the early days of Red Hat Enterprise Linux before it was even called that.

  Red Hat sets the standard

  My Linux journey started with Slackware Linux in 1996, completely by accident. By that I mean that I had never heard of Linux or sought it out, until I stumbled on a 4-CD set and decided I wanted to learn more. I was studying English lit and Communications/Journalism at a state school in the northeast corner of Missouri. Nobody I knew cared much about computers beyond games or running Word to write their papers. It was literally years before I met someone else who was an avid Linux user.

  It was a surprise to learn, a bit later, that Slackware was a Linux and that many distributions existed. As I learned more and more about Linux, though, something became clear: Red Hat was the popular choice. Red Hat was the Coca-Cola of Linux, even before its IPO in mid-1999.

Another take, this one from Sam Varghese:

• Red Hat 'clarifies' bid to restrict RHEL source code access

  Russell, who has contributed code to the NSA's SE Linux project in the past, added: "I also don't believe this is a good business decision for IBM. Having people like me use the same code as RHEL and provide quality bug reports would be in IBM's best interests."

  McGrath appears to waffle over the differences between the CentOS Stream — which is the stream that will now allow access to outsiders — and RHEL. The fact is that CentOS Stream will never be the same as RHEL; only for a brief while will the source be the same and that will be after an RHEL release.

  "Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere," McGrath writes. "This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity."

  This is laughable; it is the so-called hackers — those who get their hands dirty with code — who built open source into what is today. Not the suits who parade around at conferences in shiny suits with Tux lapel pins.

  It is notable that McGrath makes no mention of Fedora, the community Linux distribution that Red Hat supports. This is used by many former Red Hat users, but from now on will be upstream of CentOS Stream. This means it will be even less likely to have the latest packages and bug fixes. But then who cares for ordinary users anymore?

  Linux, no matter the distribution, has come to be what it is because of users. I can speak with confidence, having been a user for nearly 23 years – though my distribution of choice has always been, and will continue to be, Debian.

  Anyone and everyone is welcome to use open-source software to make money. Companies and individuals can say so openly and nobody will disagree. Subterfuge, however, only invites scorn.

May Asay and more:

• Red Hat ends the RHEL clones’ free lunch

  For decades Red Hat has led the enterprise Linux market, but as popular as its eponymous Linux distribution might be, CentOS 7 is orders of magnitude more widely used—20 times as popular, by my back-of-the-envelope estimate. And while CentOS once masqueraded as a Red Hat Enterprise Linux (RHEL) clone, the company changed all that in late 2020 with the introduction of CentOS Stream. So far, so good, so what, right?

  Wrong. Red Hat announced that CentOS 7 will be end-of-lifed in June 2024 (goodbye security patches and software updates). More recently, Red Hat announced that CentOS Stream will now be the sole repository for public RHEL-related source code releases. For enterprises doing long-term IT planning, which is almost any enterprise of reasonable size, now is the time to consider what to do post-CentOS 7.

• EOL For Red Hat 7 and CentOS 7 In 1 Year and a Week

More consequences:

• Wouter Verhelst: The future of the eID on RHEL

  Since before I got involved in the eID back in 2014, we have provided official packages of the eID for Red Hat Enterprise Linux.

More from Jeff:

• GPLv2, Red Hat, and You

  The corporate license experts I talked to said the threat of termination of a subscription would not trigger the 'no restrictions' clause of the GPLv2, which deals with a copyright, not a contract.

Slashdot:

• Red Hat Tries To Address Criticism Over Their Source Repository Changes

  Upsetting many in the open-source community was Red Hat's announcement last week that they would begin limiting access to the Red Hat Enterprise Linux sources by putting them behind the Red Hat Customer Portal and publicly would be limited to the CentOS Stream sources. In turn this causes problems for free-of-cost derivatives like AlmaLinux moving forward. Red Hat this week issued another blog post trying to address some of the criticism.

FUDZilla:

• Red Hat in full spin mode after restrictions on Enterprise Linux sources

  Red Hat is finding itself with a rebellion on its hands after it announced it would limit access to the Red Hat Enterprise Linux sources by putting them behind the Red Hat Customer Portal and limited to the CentOS Stream sources.

  This move causes problems for free-of-cost derivatives like AlmaLinux and has been greeted with the same unbridled joy from open sourcers as Tsar Putin had when he heard his former cook was marching on Moscow.

  Red Hat this week issued another blog post by Mike McGrath, the VP of Core Platforms Engineering at Red Hat. In the post, he talks up "Red Hat's commitment to open source" in which he said that the outfit did make its hard work readily accessible to non-customers.

More on Rocky:

• Rocky Linux claims to have found 'path forward' from CentOS source purge

  The backlash against Red Hat's decision to stop distributing the source code of RHEL for free to non-customers continues to widen.

  Last week, we reported that Red Hat would pull the sources of its enterprise distribution from its public Git servers. To quote Douglas Adams once again: "This has made a lot of people very angry and been widely regarded as a bad move." So much so, in fact, that Mike McGrath, the Hatter who announced the change, has felt compelled to publish a response defending it.

• Keeping Open Source Open

  Every user of Rocky Linux is valued and their contributions matter. From software engineers to IT professionals and hobbyists, together, we are all part of the Linux and open source community. The Rocky Enterprise Software Foundation was established based on our shared vision that open source software should remain stable, accessible to all, and managed by the community.

  This commitment is ingrained in everything we do. Since the inception of the Rocky project, we have prioritized reproducibility, transparency in decision-making, and that no single vendor or company can ever hold the project hostage. When we first started, we discussed our model and mission, and we decided not to bisect the Enterprise Linux community. Instead, in the spirit of open source principles and standards, we created something compatible with Red Hat Enterprise Linux (RHEL). By adhering to this approach, we adhere to a single standard for Enterprise Linux and align ourselves with the original goals of CentOS.