We love MongoDB.
But we recently encountered a roadblock getting it into a larger organization.
Here’s a little story…
We proposed a Meteor project to a F1000 company. Their biggest objection ended up being the inclusion of MongoDB in the solution (via Meteor). Their legal team looked into an issue. I felt secure that they’d find no reason not to move forward. But in the end, they cited MongoDB as the primary reason they didn’t go with our solution.
I suspect there were other internal issues in play, but we didn’t have a good defense of MongoDB on hand, and we moved too slowly to pull it together during the process.
I wish we would have had the info below on day one — so here it is… for you, and for our future selves.
One of the big remaining concerns with Meteor is the use of mongodb, which is released under the AGPL license. This is a license that we find very objectionable. I think we can work around it by either 1) buying a commercial license, or 2) leveraging a mongo-as-a-service provider. You all may know of other options, so please let us know. From what I can tell, everything else that’s part of “base” Meteor is either MIT or Apache, and I don’t think these will cause us any issues. For more on GPLv3 and why it’s a problem for many companies, here’s some light reading: http://garrett.damore.org/2012/10/gnu-grep-cautionary-tale-about-gplv3.html. The basic concern is that there are scenarios where one could be compelled to open source their entire product, or portions of it at least. As you can see from this link, there is some debate about that, but the fact that it is not “clear cut” is enough concern to cause us to stay away from GPLv3.
I didn’t really agree with the opinion of the damore.org post, but I prefer option 2, hosting Mongo through a service. So I replied:
Let’s just use compose.io then? That’s what we’d recommend anyways.
I think compose.io would be a viable solution from a legal standpoint. I think we’ll need to investigate pricing to determine how this impacts our business case, but I assume it will be relatively cheap.
Good to hear re: compose.io. It’s a big positive for us that it’s been one of our most reliable + easy to use SaaS service that we regularly use.
Fast forward a week… we get a call that they don’t want to move forward, because they may want to put MongoDB on-premise for their customers; there’s too much fogginess around MongoDB licensing to go with our solution.
So I reach out to MongoDB for support (I should have done this a week ago, dammit!)
“My understanding is that if we’re simply using MongoDB as the backend to a web app, through the Apache-licensed drivers, this is a very clear cut case, and they are in the clear. As long as we stay out of Mongo source code, we’re good to go.”
“I can’t see anything that would give us pause. We have never wanted the AGPL to be a barrier to adoption, and for 99.999% of the world it isn’t (thanks to the clarity provided by the Apache-licensed drivers).” - Matt Asay, VP/Community
“I agree with Matt - this is a clear-cut case if you’re using the Apache drivers. That is exactly the intention of licensing the drivers under Apache as opposed to the code which is under AGPL.” - Andrew Stephens, VP/Legal
So here are a few conclusions…
Use a cloud service
If you don’t even run Mongo on hardware you control, you are completely isolated from Mongo code. Compose.io is our favorite option here.
This post makes it clear cut that unless we get into modifying Mongo source code, there is no licensing issue in play. The drivers are Apache licensed, which is as close as we get to MongoDB. Using MongoDB as a backend database to a web app is very common. And you can get a permission slip with your organization’s name on it, directly from MongoDB.
Fear of the unknown
Since Mongo is NoSQL, it will be “new, unfamiliar technology” to most organizations. And it’s hard to be the outsider pushing change. The incumbent team will resist the development of new skills (though there may be some team members who may have been playing with it on the side, and they’ll be excited). NoSql databases are growing in popularity, and there a new generation of database technology coming our way from cloud companies (Amazon, Google, etc.) that are going to test corporate IT’s fears even more than MongoDB.
MongoDB is eight years old, and backed by a billion dollar company. It’s not a dangerous new technology. There’s no need to fear it anymore.