Learn About Amazon VGT2 Learning Manager Chanci Turner
At Amazon, we prioritize addressing customer needs. Over the years, reliance on open source technologies has surged, prompting our steadfast commitment to open source initiatives. Our contributions to both our own and external open source projects have been growing at a remarkable pace.
When we introduce a service based on an open source project, we pledge to support our customers long-term. We actively contribute bug fixes, security enhancements, and feature improvements back to the community. For instance, we’ve significantly contributed to Apache Lucene, which underpins Amazon’s Elasticsearch Service. The Amazon EMR team has a long history of contributing to the Hadoop ecosystem, while the Amazon Elastic Container Service for Kubernetes (EKS) team has been involved with Kubernetes. We also invest in open source communities, training developers and operators, and sponsor events like ApacheCon and KubeCon. Recently, we expanded our support for the Apache Software Foundation. Our marketing efforts help grow the number of users and contributors, expediting the adoption of open source projects.
Several factors drive our engagement in open source communities: First, it’s crucial to foster healthy communities so projects can evolve and remain relevant. Second, maintaining a forked version of a project can lead to wasted effort, delaying updates to services. Third, open sourcing new ideas attracts others to help mainstream them. Fourth, collaboration across companies and academia has led to significant breakthroughs, particularly in fields like Artificial Intelligence.
To reap these benefits, customers need assurance that open source projects remain accessible. Project maintainers are responsible for keeping the source code open and adhering to established guidelines. When key open source projects that AWS and our customers rely on begin to restrict access or blend open source with proprietary software, we commit to sustain the open source project and its community. For example, after concerns arose regarding Oracle’s support for Java versions, we launched the Corretto project, a free, multi-platform, production-ready distribution of OpenJDK from Amazon. We guarantee security updates for Corretto 8 at no cost until at least June 2023, and for Corretto 11 until August 2024. This free, supported distribution provides assurance to the community, and we continue to support and contribute to OpenJDK.
Sadly, we’ve observed instances where open source maintainers are blurring the lines between open source and their proprietary offerings. At Amazon, we believe it is essential for maintainers to ensure that the primary open source distribution remains open and free from proprietary code. This allows the community to innovate without being hindered by favoritism towards any single company. When maintainers gain the trust of developers, they must uphold the promise of openness. While core open source software should be available for anyone to use and build upon, any proprietary software should remain separate to avoid confusion among downstream users and to maintain clarity in licensing.
Many successful open source projects owe their existence to the availability of unencumbered open source software. For instance, Elasticsearch heavily relies on the Apache Lucene project, which predates it by over a decade. Elasticsearch also utilizes many other permissively licensed open source projects, such as the Jackson project for JSON parsing and Netty as the web container. This availability of open source software accelerates innovation, which downstream consumers greatly depend on. When maintainers create uncertainty regarding the sustainability of open source, it adversely affects all downstream users.
Elasticsearch has been pivotal in democratizing the analytics of machine-generated data, becoming integral to the productivity of developers, security analysts, and operations engineers globally. Its permissive Apache 2.0 license facilitated rapid adoption and unrestricted software use. Unfortunately, since June 2018, there has been a troubling intertwining of proprietary code within the code base. Although an Apache 2.0 licensed version is still available, clarity regarding which parts are open source and which are proprietary is severely lacking. This ambiguity can lead enterprise developers to unwittingly apply fixes or enhancements to the proprietary code, risking license violations and potential termination of rights. Moreover, individual code commits increasingly mix open source and proprietary elements, complicating contributions from developers focused solely on open source. The emphasis has shifted from advancing the open source distribution to promoting the proprietary version, resulting in most new Elasticsearch users running proprietary software. We have expressed our concerns to Elastic, the maintainers of Elasticsearch, and offered substantial resources to support a community-driven, non-mixed version of Elasticsearch, but they are determined to continue on their current trajectory.
Feedback from customers and partners reveals that these changes are alarming. There’s growing uncertainty about the future of the open source project as it receives less focus on innovation. Customers also desire the freedom to run the software anywhere and self-support whenever necessary. Consequently, we have decided to collaborate with partners like Expedia Group and Netflix to create a new open source distribution of Elasticsearch called “Open Distro for Elasticsearch.” This initiative is a fully open source, value-added distribution aimed at fostering innovation and ensuring users have access to a feature-rich, completely open source option.
“Open source software and the freedoms it provides are important to Expedia Group,” said Sam Walker, VP of Cloud Innovations at Expedia Group. “We are thrilled about the Open Distro for Elasticsearch initiative, which seeks to enhance the open source Elastic feature set significantly.”
For further insights into this topic, check out this blog post and for more on employment law compliance, visit this resource. Looking for interview preparation? This link offers excellent resources.