Terraform is Infrastructure-as-Code (IaC) software developed by cloud infrastructure software vendor HashiCorp and originally open-sourced under the Mozilla Public License (v2.0) in 2014.
But last August, HashiCorp abruptly announced that it would change the open source license of its core product to BSL (Business Source License), which includes Terraform, a move that sparked a backlash from the open source community.
Against this backdrop, the Linux Foundation announced the launch of OpenTofu, an open-source fork of Terraform, under the MPL-2.0 license.
Recently, however, OpenTofu was accused by HashiCorp of infringing the use of new feature code in Terraform that uses BSL.
HashiCorp claims that the code for one of OpenTofu's features is very similar to its proprietary Terraform code, and therefore believes that it was copied without permission.
In an article, InfoWorld contributors noted that HashiCorp introduced an important new feature in Terraform V1.7: removed block automation, which was launched in November 2023, meaning that the feature is not available under the MPL open source license.
But at the end of February, OpenTofu released something similar to HashiCorp's feature, and the similarity was "not only in terms of functionality, but also in the code written to implement it."
On the same day, HashiCorp's attorneys sent a strongly worded cease and desist letter (cease and desis) to the OpenTofu project, outlining the company's claims of copyright infringement.
"In light of the infringing copying and distribution of these HashiCorp copyrighted codes, we are also sending a DMCA takedown notice to Github [sic] to ensure that the offending material is removed and that any repeat infringers whose 'accounts have been disabled'. ”
In response to this serious allegation by HashiCorp, OpenTofu said, "The OpenTofu team strongly rejects any allegation that it has misappropriated, misused, or otherwise misused HashiCorp's BSL code. All such statements are unsubstantiated. HashiCorp's claims of copyright infringement in a cease and desist letter are completely unfounded. ”
OpenTofu explains that there are many similarities because the new code is based on the same common ground (i.e., switching to a version of Terraform prior to BSL).
"It can be clearly seen that the code in question was copied from the old code under the MPL-2.0 license.
HashiCorp seems to have copied the same code when implementing the version of this feature. All of this can be easily seen in our detailed SCO analysis, as well as in their own reviews. ”
OpenTofu says that they have successfully completed significant development work on OpenTofu 1.7 and will soon launch a new pre-release version.
References
https://opentofu.github.io/legal-documents/2024-04-03%20HashiCorp%20C%26D/OpenTofu%20C&D%20-%20Redacted.pdf
https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/
https://o.infoworld.com/article/3714980/opentofu-may-be-showing-us-thi-rang-way-to-fork.html