Blogs

OpenTofu Denies Hashicorp’s Code-Stealing Accusations

It’s been ages since copyright conflicts have been an issue in open source circles, but they emerged when HashiCorp accused OpenTofu of “not respecting the terms of its BSL license governing its Terraform codebase.” OpenTofu denied Hashicorp’s accusation that it had stolen any of the Terraform Business Source License (BSL) code. Now, OpenTofu‘s law firm, Gesmer Updegrove, has formally denied Hashicorp‘s accusation.

Hashicorp did more than claim OpenTofu had misappropriated some of its code. Its law firm, Wilson Sonsini, issued a cease-and-desist order against OpenTofu. This read in part, “This is a cease and desist demand to the supporters of the OpenTofu project. Specifically, OpenTofu has repeatedly taken code HashiCorp provided only under the Business Software License (BSL) and used it in a manner that violates those license terms and HashiCorp’s intellectual property rights. In at least some instances, OpenTofu has incorrectly re-labeled HashiCorp’s code to make it appear as if it was made available by HashiCorp originally under a different license.”

The order continued, “Therefore, we demand that OpenTofu … cease and desist from further violations of HashiCorp’s BSL license and infringement of HashiCorp’s copyrights. If OpenTofu does not comply, we reserve all rights, including the right to send DMCA takedown notices to Github or any other third-party hosting or source code repository provider, and the right to initiate litigation to stop further violations.”

OpenTofu replied, “The OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorp’s BSL code. All such statements have zero basis in facts.” In addition, it said, HashiCorp’s claims of copyright infringement are completely unsubstantiated.

Where’d the Code Come From?

As for the code in question, OpenTofu claims it can clearly be shown to have been copied from older code under the Mozilla Public License (MPL) 2.0. “HashiCorp seems to have copied the same code itself when they implemented their version of this feature. All of this is easily visible in our detailed SCO analysis, as well as their own comments.”

In a detailed source code origination (SCO) examination of the problematic source code, OpenTofu stated that HashiCorp was mistaken. “We believe that this is just a case of a misunderstanding where the code came from.” OpenTofu maintains the code was originally licensed under the MPL, not the BSL. If so, then OpenTofu was perfectly within its right to use the code in its codebase.

OpenTofu’s attorney said, “Both the OpenTofu files to which you refer and HashiCorp’s Terraform files to which you compare them are both derived (at least to some degree) from the pre-fork MPL-2.0 files – code that was made publicly available under the MPL.” Therefore, “To my client’s knowledge, none of the Terraform code subject to the BUSL has been improperly copied, incorrectly sourced, or used for any purpose.”

The attorney went on to say that HashiCorp should have known this. “[W]hile you complain that a comparison of HashiCorp Terraform code to OpenTofu files show ‘substantial similarity’ between the two, the diff files you attach to your Letter actually show the compared files to be quite dissimilar.”

The OpenTofu lawyer continued, “Going forward, we would be open to establishing developer liaison contacts between OpenTofu and Terraform, who would be available to review and address any intellectual property concerns with submitted contributions to OpenTofu or Terraform.”

Laferra concluded, “In the future, if you should have any concerns or questions about how source code in OpenTofu is developed, we would ask that you contact us first. Immediately issuing DMCA takedown notices and igniting salacious negative press articles is not the most helpful path to resolving concerns like this.”

So, what’s next? Having covered more than my fair share of intellectual property legal conflicts, I don’t expect HashiCorp to back down. I fear that this issue will be resolved in the courts, not in Git repositories.

Photo credit: Maarten van den Heuvel on Unsplash

Steven J. Vaughan-Nichols

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast Internet connection, and WordStar was the state-of-the-art word processor. And we liked it!

Recent Posts

Logz’s AI Chatbot Makes Your Observability Tools Smart(er)

Everyone is adding AI to their applications. Sometimes that's overkill. But Logz.io's IQ Assistant, which purports to make the most…

2 days ago

AlmaLinux Introduces Engineering Steering Committee to Enhance Community Collaboration

AlmaLinux is keeping its Linux community in the technology loop.

3 days ago

Optimizing Microsoft Windows on AWS

To download, please fill out the form below:

4 days ago

Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration

Torrance, United States / California, 22nd May 2024, CyberNewsWire

4 days ago

Words and Meaning

When words lose their meaning in order to attract popular attention, all that's left are slogans intended to shape the…

4 days ago

Microsoft Infuses AI into DevOps Workflows

Microsoft this week added a bevy of tools to its portfolio that infuses generative artificial intelligence (AI) into DevOps workflows.

4 days ago