Are the attacks on Red Hat valid?
Starting in 2020, Red Hat has been angering the open source community with increasingly controversial decisions, including closing access to its RHEL open source repositories. But as a victim of its own success and on a losing side of the growing IaaS market, Red Hat has few popular options left.
Start with CentOS: since at least 2014 Red Hat has been heavily investing in this Linux distribution, de-facto employing most of the developers and owning the brand.
CentOS was essentially a downstream distribution of Red Hat's commercial offering called Red Hat Enterprise Linux (RHEL). This means all new features and bug fixes developed in RHEL were automatically implemented in CentOS.
For enterprise users the benefits were clear: they were getting an enterprise-grade operating system with 1-to-1 compatibility with RHEL, for free. As RHEL is an established distribution preferred by many 3rd party software vendors, this means you could run most of the world's enterprise software with reasonable assurance of compatibility and stability - essentially a RHEL clone, but without paid support subscription.
This made CentOS an increasingly popular option for many SMB enterprises and IT system integrators.
In 2019, Red Hat was acquired by IBM which made it a cornerstone of its hybrid cloud strategy. Although Red Hat is still generating healthy revenues, apprehension about slower growth has been probably increasing within IBM management, with more and more CentOS deployments leeching value.
Other forces are also biting: cloud IaaS providers such as Azure, AWS and Google cloud made it increasingly easy to deploy Linux and so probably were accelerating the deployment of support-free distributions.
Operating systems are now increasingly run as a "bundle" of software, maintenance and IaaS managed service, where the IaaS cloud provider is capturing and monetizing most of the value. Red Hat probably figured they were on a losing side of this trend: generating a huge value for the users, but failing to properly monetize it.
And so by early 2020, seeing CentOS as a free lunch offer from its perspective, Red Hat decided to discontinue it. Instead, the company was to divert its effort on a new upstream distribution called CentOS Stream, focused on experimental or new features, breaking compatibility with RHEL in the process. As RHEL compatibility was no longer available for free with CentOS, that understandably angered many in the industry, mostly framing Red Hat as the enemy of open source.
The demise of CentOS soon prompted the appearance of a number of downstream rebuilders such as AlmaLinux and Rocky Linux. These were relying entirely on RHEL source code base to create a fully compatible downstream rebuild, essentially recreating the CentOS value proposition. In a sense, this was not something new: for ex. Oracle has been offering its own Oracle Linux distribution for many years, developing it precisely as a 1-to-1 downstream rebuild from RHEL.
What is new, is that downstream rebuilders now count the support of the big cloud providers: AlmaLinux is backed by Microsoft, among others, while Rocky Linux counts the support of sponsors such as Google Cloud and AWS. Oracle is also developing a healthy cloud business, and is continuing support for its Oracle Linux.
That is no coincidence: as explained earlier, the big cloud IaaS providers have a keen interest to foster RHEL compatible distributions, at the same time capturing most of the revenues via their as-a-service offerings.
Red Hat was probably observing this trend with increasing alarm. And so another bombshell came in June 2023: the company announced it was closing access to its RHEL open source repositories, restricting it to paying subscription customers. That effectively stops the downstream rebuilders to grab RHEL sources directly, severely limiting their options to keep the distributions RHEL compatible.
As expected, this prompted further outrage and disappointment within the open source community. Some are suggesting Red Hat is dangerously close to violating the fundamentals of open source, namely the GPL license agreement.
In its response to critics, Mike McGrath a VP at Red Hat says free rebuilds are not converting into sales and tellingly suggests the downstream community is being taken over by large corporations (we can be sure he means the above cloud providers): "we’ve found a group of users, many of whom belong to large or very large IT organizations, that want the stability, lifecycle and hardware ecosystem of RHEL without having to actually support the maintainers, engineers, writers, and many more roles that create it", says McGrath.
So there you have it: faced with threat to its business model, Red Hat is doing the natural thing to conserve revenues, and that means limiting free options. Red Hat is a victim of its own success, but now facing the threat from freeloaders, chiefly cloud IaaS providers who can monetize an operating system more easily, when offered as a workload in the cloud.
Red Hat's move is certainly risky, as the cloud providers have considerable clout and the outrage from the community and users is being centered on the company. It will be interesting how this plays out in the context of IBM: its cloud market share is still tiny, but with Red Hat it has a good chance of combining it with RHEL and Openshift, targeting especially the workloads used in the enterprise market.
In the meantime, the open source community is again finding out there is no free lunch and a company is not a charity operation - someone has to pay the bills.
![[Interview] Navigating Modern Cybersecurity with Trend Micro](https://static.wixstatic.com/media/6681e7_f39a8f0e05154fefaa6ed7525a1aa99a~mv2.png/v1/fill/w_1080,h_1080,fp_0.50_0.50,q_95,enc_auto/6681e7_f39a8f0e05154fefaa6ed7525a1aa99a~mv2.png)
![[Video] Human Centric Security](https://static.wixstatic.com/media/83b8eb_329c7e5066c94784a11ec5493952cd2e~mv2.png/v1/fill/w_497,h_496,fp_0.50_0.50,lg_1,q_95,enc_auto/83b8eb_329c7e5066c94784a11ec5493952cd2e~mv2.png)
