开源软件 xz
被植入后门事件
引发了安全界的轩然大波
更早些Redis宣布修改开源模式
从 7.4 版本开始更改为双许可证模式
这样就不再满足OSI关于 “开源软件” 的定义
Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD). — Redis Labs CEO Rowan Trollope
整件事情的分析
已经在业界有颇多讨论
推荐 “非法加冯” 的一些看法
“我想直率地说:多年来,我们就像个傻子一样,他们拿着我们开发的东西大赚了一笔”。 — Redis Labs Co-Founder & Chairman Ofer Bengal
受到波及的不仅仅是公有云
要知道人见人爱的开源网络系统
SONiC 的数据库也同样采用了 Redis
所以社区有人
询问 Redis 后得到如下答复
虽然是打官腔但是答案不言而喻
Our shift to the dual-licensing model only affects versions of Redis starting with version 7.4. All prior versions of Redis will remain subject to the exact same license terms that they are currently subject to. However, if SONiC does intend to utilize versions of Redis from 7.4 on, it will have to comply with the requirements of either the RSALv2 or SSPLv1 license, as applicable per your choice.
好在
Linux基金会站了出来
携手公有云推出Valkey续命
后续SONiC社区又要更新架构图了