What Red Hat's source code restrictions mean for businesses
Red Hat's source code restrictions for Enterprise Linux have caused a stir in the industry, with some users still investigating the degree to which they'll be affected
Red Hat's source code restrictions have been announced and will take the form of limiting public access to Red Hat Enterprise Linux (RHEL) source to CentOS Stream.
The change makes CentOS Stream the sole repository for future public RHEL-related source code releases, according to the company.
Paying customers will still have access to source code via the Red Hat Customer Portal.
Previously, public sources for RHEL were pushed to git.centos.org by Red Hat. This was maintained even after the focus of the CentOS project was shifted to CentOS Stream. This will now no longer be the case.
“The engagement around CentOS Stream,” said Red Hat, “the engineering levels of investment, and the new priorities we’re addressing for customers and partners now make maintaining separate, redundant, repositories inefficient”.
The gratitude gap
Introducing an effective tool to drive productivity as well as retention
The announcement is the latest in a succession regarded by many in the community as hostile. Two years ago, the decision was made to move from CentOS - which was effectively a free version of RHEL - to CentOS Stream, the development branch.
That change caused anguish for several in the user community who were accustomed to having access to a free version of RHEL and its source code, albeit without Red Hat support.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Before being axed, CentOS tracked RHEL closely. CentOS Stream, on the other hand, is development code and so not necessarily suited to production workloads.
The dropping of CentOS also spawned a number of distributions. For example, Alma Linux and Rocky Linux, both of which aimed for complete compatibility with RHEL thanks to the availability of the source code.
The removal of public access to the RHEL source as per Red Hat’s announcement will make maintaining these distributions challenging.
What is the reaction of the RHEL community?
The move to CentOS Stream and the axing of CentOS left some shaken. The latest move to restrict access to RHEL source has only intensified the anguish among some in the community.
Customers paying for RHEL are unaffected. The move has, however, triggered the creation of the Open Enterprise Linux Association (OpenELA) as competitors have united in the face of a perceived threat from Red Hat and its parent, IBM.
OpenELA is made up of Oracle, SUSE and CIQ - the company behind RHEL-compatible distribution Rocky Linux - and is planned to be a repository of source code compatible at an API and ABI layer with RHEL.
Not part of OpenELA is Alma Linux, another RHEL-compatible distribution, which intends to continue working on compatibility while not being held to bug-for-bug compatibility.
Acquiring a license to RHEL does give access to the source code, an essential for maintaining binary compatibility. However, as Alma Linux noted at the time, license restrictions prevent rebuilding using the source.
Rocky Linux had initially suggested a pay-per-use approach or making use of UBI container images to maintain compatibility before signing up to OpenELA.
SUSE's involvement is particularly interesting. The company initially planned a $10 million multi-year investment into a RHEL fork, but has since formalized things with OpenELA. It does, however, already have an enterprise Linux distribution in the form of SUSE Linux Enterprise Server - a platform to which the company insists it is committed. Some analysts have questioned how SUSE will maintain two enterprise distributions going forwards.
Why is Red Hat's stance a problem?
In a word, compatibility. Distributions that are binary compatible with RHEL must use of RHEL source.
While much of the content of CentOS Stream will, by design, make its way into future versions of RHEL, maintaining 1:1 binary compatibility with existing releases without access to the source used will present a challenge.
OpenELA's approach - shared by Oracle, SUSE and Rocky Linux - is to ensure the its source works with applications that target RHEL by maintaining ABI and API compatibility, although Oracle has acknowledged that "there may be a greater chance for a compatibility issue to arise".
What has Red Hat said about the change?
The company has since responded to criticism of its plans in a lengthy and somewhat defensive post.
Vice president of Core Platforms Engineering at Red Hat, Mike McGrath, insisted that the company would always use an open source development model.
“I feel that much of the anger from our recent decision around the downstream sources comes from either those who do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit,” said McGrath, in a statement.
“This demand for RHEL code is disingenuous.”
I’m an enterprise customer, should this worry me?
It all depends on if you are a paying RHEL customer or not. If you have opted to use one of the compatible distributions to replace CentOS then yes, things could change in the future as the RHEL-compatible distributions get to grips with the change.
However, even after all the furor over recent years, CentOS 7 - which is based on RHEL 7 - continues to be maintained and has over a year of support remaining.
But what about licensing?
RHEL is licensed under several open source licenses, including the GNU General Public License.
However, Red Hat’s change does not violate the GPL and the source code will remain available via the customer portal.
Where do we go from here?
It is difficult to see this change as anything other than an attempt by Red Hat to make life more difficult for the RHEL clones, although the company itself said “we want to sharpen our focus on CentOS Stream as the backbone of enterprise Linux innovation”.
“We are continuing our investment in and increasing our commitment to CentOS Stream.”
Richard Speed is an expert in databases, DevOps and IT regulations and governance. He was previously a Staff Writer for ITPro, CloudPro and ChannelPro, before going freelance. He first joined Future in 2023 having worked as a reporter for The Register. He has also attended numerous domestic and international events, including Microsoft's Build and Ignite conferences and both US and EU KubeCons.
Prior to joining The Register, he spent a number of years working in IT in the pharmaceutical and financial sectors.