207

Our Response to Hashicorp's Cease and Desist Letter | OpenTofu (opentofu.org)

submitted 3 months ago by freddo@feddit.nu to c/programming@programming.dev

22 comments fedilink hide all child comments

On April 3rd, we received a Cease and Desist letter from HashiCorp regarding our implementation of the "removed" block in OpenTofu, claiming copyright infringement on the part of one of our core developers. We were also made aware of an article posted that same day with the same accusations. We have investigated these claims and are publishing the C&D letter, our response and the source code origin document resulting from our investigation.

The OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorp’s BSL code. All such statements have zero basis in facts.

HashiCorp has made claims of copyright infringement in a cease & desist letter. These claims are completely unsubstantiated.

The code in question can be clearly shown to have been copied from older code under the MPL-2.0 license. HashiCorp seems to have copied the same code itself when they implemented their version of this feature. All of this is easily visible in our detailed SCO analysis, as well as their own comments which indicate this.

Documents

HashiCorp's C&D Letter

Our Response

Source Code Origin Document: [HTML, PDF] ⇐ For the detailed code analysis, see here.

To prevent further harassment of individual people, we have redacted any personal information from these documents.

Conclusion

Despite these events, we have managed to carry out significant development on OpenTofu 1.7, including state encryption, “for_each” implementation for “import” blocks, as well as the all-new provider-defined functions supported by the recently released provider plugin protocol.

On that note, we will be releasing a new pre-release version next week, and we are eager to gather feedback from the community.

— The OpenTofu Team

The image in this blog post contains code licensed under the BUSL-1.1 by HashiCorp. However, for the purposes of this post we are making non-commercial, transformative fair use under 17 U.S. Code § 107. You can read more about fair use on the website of the US Copyright Office.

you are viewing a single comment's thread
view the rest of the comments

[-] xantoxis@lemmy.world 15 points 3 months ago* (last edited 3 months ago)

Terraform and OpenTofu are great tools for building virtual infrastructure, e.g. using AWS API calls to spin up AWS virtual machines and provision them with networks and security relationships and stuff like that--in an automated, repeatable way. They are generalized tools for deploying and modifying infrastructure, even if it's not in the cloud (there are many tools in these frameworks that apply to self-hosted setups).

The rest of the words after "Terraform fork" are just the names of companies that decided to help OpenTofu, and are not especially helpful in understanding what it is or what it's used for.

this post was submitted on 25 Apr 2024

207 points (100.0% liked)

Programming

16752 readers

168 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 1 year ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

MaungaHikoi@lemmy.nz