Several dependencies of Open edX have been relicensed since they were originally chosen, which has made continuing use of them potentially problematic. The issue in all these cases is that the (previously) open source project was maintained by a corporation with a business model that was threatened by changes in the technology ecosystem. They In most cases, they attempted to address the problem with a license change that stifled competition while trying to avoid undue impact to their most valued users (companies paying for hosting and individual developers who want to tinker without paying license fees). The key problems for Open edX in these cases is as follows:
...
Old license: Apache 2.0
New license: Server Side Public License
Date changed: January 14th, 2021
First version impacted: 7.11
edx.org uses version: 7.10 (hosted on AWS, which is providing security patches indefinitely only for that hosted offering)
Tutor uses version: 7.17
Planned response: https://github.com/openedx/public-engineering/issues/16(largely stalled due to high difficulty and low incentive on 2U’s end to change the status quo).
Terraform
Old license: MPL 2.0
New license: Business Source License 1.1
Date changed: August 10, 2023
First version impacted: 1.5.6
edx.org uses version: 1.3.7
Tutor uses version: N/A (Harmony provides example Terraform code but recommends no particular version)
Planned response: None yet. Not truly an Open edX dependency, although many installations use it to manage their infrastructure. May not be an issue for current usage, but we need to be careful about recommending it for new use cases.
...