In light of Terraform/HashiCorp's license change recently, how "open source" should we consider companies like this?
Currently their GitHub repo is licensed under an open-source Mozilla license [1]. But contributors also have to sign a CLA [2] which perhaps (?) allows the company to re-license the work like HashiCorp did? Should we now consider companies like this to be "open source for the moment"?
"outbound" is the usual term I think, the license terms under which users get the product. There is no requirement on the "inbound" terms, what you have to do to get the project to make or accept the changes your request.
E.g. "inbound=outbound" is a common model for contribution [1], a short way of saying that contributions are licensed by their author under the same conditions that the project is available to users. But that has nothing to do with whether a project is open source.
My original point wasn't really about the inbound/outbound distinction. It was that these companies can claim they're based on open source, but then N years down the line pull the rug out from underneath us all and re-license their code to be not open source, as HashiCorp recently did. I think this is qualitatively different from e.g. the Linux kernel where we are guaranteed it will be open source in perpetuity.
Currently their GitHub repo is licensed under an open-source Mozilla license [1]. But contributors also have to sign a CLA [2] which perhaps (?) allows the company to re-license the work like HashiCorp did? Should we now consider companies like this to be "open source for the moment"?
[1] https://github.com/frain-dev/convoy [2] https://cla-assistant.io/frain-dev/convoy?pullRequest=1362