Seven months after forking its code from the HashiCorp Terraform IT deployment software, the Linux Foundation-backed OpenTofu has gotten legal pushback from HashiCorp.
On April 3, HashiCorp issued a strongly-worded Cease and Desist letter to OpenTofu, accusing that the project has “repeatedly taken code HashiCorp provided only under the Business Software License (BSL) and used it in a manner that violates those license terms and HashiCorp’s intellectual property rights.”
It goes on to note that “In at least some instances, OpenTofu has incorrectly re-labeled HashiCorp’s code to make it appear as if it was made available by HashiCorp originally under a different license.”
Last August, HashiCorp announced that it would be transitioning its software from the open source Mozilla Public License (MPL 2.0) to the Business Source License (BSL), a license that permits the source to be viewed, but not run in production environments without explicit approval by the license owner.
HashiCorp gave OpenTofu until April 10 to remove any allegedly copied code from the OpenTofu repository, threatening litigation if the project fails to do so.
OpenTofu’s Refutation
The OpenTofu project team, however, has not backed down. In all public communication, it denies that any code was taken from the BSL-licensed version of Terraform and that any code copied came from the MPL-licensed version of Terraform.
“The OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorp’s BSL code. All such statements have zero basis in facts,” the OpenTofu team responded on its website.
“The OpenTofu team never has and will not copy, and never has and will not knowingly accept copies of BUSL-1.1-licensed code into the OpenTofu repository.”– OpenTofu
Further refuting the allegations, they assert that the HashiCorp claims are completely unsubstantiated.
The code that HashiCorp charged was lifted from the BSL version of the code base and was actually in the MPL version of the code, but copied over into the BSL licensed version from an older version by a HashiCorp engineer, OpenTofu charged in a detailed analysis.
Anticipating third-party contributors might submit BSL terraform code (unwittingly or otherwise) OpenTofu instituted a “taint team” to compare the Terraform and OpenTofu pull requests.
“If the PR is found to be likely in breach of intellectual property rights, the pull request is closed and the contributor is barred from working on that area of the code in the future,” the OpenTofu document states.
At least one observer has found OpenTofu’s response to be satisfactory. InfoWorld commentator Matt Asay, after initially writing a post criticizing OpenTofu for code theft, recanted his opinion upon reviewing OpenTofu’s response.
“Based on these documents, it appears that the OpenTofu community did not misappropriate HashiCorp’s intellectual property,” he wrote.
Contacted for a statement, a HashiCorp spokesperson said the company is evaluating OpenTofu’s response, but has no further comments at this time.
The post OpenTofu Project Denies HashiCorp’s Allegations of Code Theft appeared first on The New Stack.
HashiCorp accused OpenTofu of relabeling Terraform code to make it appear as it were under a different license.