-
Notifications
You must be signed in to change notification settings - Fork 0
ADR 0002 BSL License
Tiana_ edited this page May 30, 2026
·
1 revision
Status: Accepted Date: 2026-04-25 Decider: Maintainer
FinCore Engine is open source. Licensing it correctly determines:
- Who can use it, how, under what terms
- Whether it can be commercially resold against us
- Whether enterprise legal departments will permit adoption
- Whether community contributions are encouraged or chilled
The four common categories:
- Permissive (MIT, Apache 2.0, BSD): broadest adoption, allows commercial resale, allows hyperscaler "OpenSourceAsAService" forks
- Weak copyleft (LGPL, MPL): permissive for users, requires modifications to that file/library to be open
- Strong copyleft (GPL, AGPL): requires anything that integrates to be open
- Source-available (BSL 1.1, SSPL, Elastic License): not OSI-approved as "open source," restricts commercial competitive use
The hyperscaler problem (Elasticsearch → AWS OpenSearch, MongoDB → AWS DocumentDB, Redis → AWS MemoryDB) is real and recent. Apache 2.0 licensed projects have been forked into managed services that capture revenue without contributing back.
License FinCore Engine under Business Source License 1.1 (BUSL-1.1) with:
- Change Date: 4 years from each release date
- Change License: Apache License, Version 2.0
- Additional Use Grant: All non-production use, embedded use within the licensee's own products and services, evaluation, education, contributions back to the project
Concretely:
- Source is public on GitHub
- Anyone can read, fork, contribute, embed, run for non-commercial purposes
- Adopters can use it internally (as the financial backbone of their own product) - that's permitted as a "use grant"
- What's prohibited until the change date: offering FinCore Engine as a managed service that competes with the licensor (e.g., "FinCore-as-a-Service")
- Each release converts to Apache 2.0 four years after its release date - guaranteed in the LICENSE file
The license file (LICENSE) is a verbatim BUSL-1.1 template with our Licensor, Licensed Work, Additional Use Grant, and Change Date fields filled.
- Anti-fork protection: AWS / Google Cloud / etc. cannot legally offer "FinCore Cloud" without commercial licensing from us
- Trust-building: Apache 2.0 conversion baked in - community knows code becomes fully OSS in 4 years per release
- Mainstream choice: Used by Sentry, MariaDB MaxScale (now back to GPL but the precedent is clear), CockroachDB (until 2024), HashiCorp Terraform, Couchbase. Enterprise legal teams know how to evaluate it.
- Doesn't restrict normal use: Anyone building a fintech product on top of FinCore is permitted - that's the vast majority of usage
- Not OSI-approved as "open source" - some purists won't engage with the project. We accept this; the goal is to ship a real OSS-style project, not to win semantic battles
- Some Linux distros refuse to package non-OSI licenses - minor blocker for distro adoption, doesn't matter for our target audience (engineers running Docker/K8s)
- Some companies have blanket "no BSL" policies (less common, mainly AWS-aligned shops). They're not our adopters.
- Contribution friction: Some contributors prefer Apache. Mitigated by clearly explaining the 4-year auto-conversion and the rationale.
- BSL is legally tested (CockroachDB defended it in court). Not new ground.
- HashiCorp's BSL adoption in 2023 generated discourse but their adoption numbers continued to grow.
- Rejected: hyperscaler vulnerability. Three different precedents (Elasticsearch, MongoDB, Redis).
- Maximally permissive but doesn't protect commercial interest
- Rejected: same as Apache, additionally lacks patent grant - worse for fintech adopters
- Rejected: enterprise legal teams reject AGPL for SaaS use. Our target audience won't adopt.
- See ADR-0009 for full comparison
- Rejected: OSI-rejected as "not open source" anyway, and weaker than BSL legally
- Less mainstream
- Rejected: more restrictive than BSL, more controversial, less corporate adoption
- Doesn't auto-convert to permissive
- Rejected: even more restrictive, less precedent
- Niche, lacks community recognition
- Rejected: undercuts the goal of code being publicly readable
- LICENSE file is a verbatim BSL 1.1 template (validated against mariadb.com/bsl-faq)
- Every source file gets
// SPDX-License-Identifier: BUSL-1.1header - README explains the license in plain English
- Rationale documented in this ADR and ADR-0009
- ADR-0009 - detailed comparison with AGPL
- LICENSE file at repo root
- Overview
- Services
- Data Model
- Domain Model
- Event Flow
- Security
- Observability
- Resilience
- SLA / SLI / SLO