Rug Pulls, Forks, and Open-Source Feudalism By Jonathan Corbet, September 5, 2025 Presented at the 2025 Open Source Summit Europe (OSS EU) --- Introduction Open-source software development features complex power dynamics involving companies, contributors, and users, all seeking to influence software direction and often profit from it. Dawn Foster explored these dynamics, focusing on two tactics used to shift power: rug pulls (relicensing that restricts usage) and forks (creating a new project branch). --- Power Dynamics in Open Source Historically, power leads to exploitation, reminiscent of feudalism’s land control. In open source: Large cloud providers hold significant power. Smaller companies contribute heavily but face pressure from cloud providers. Contributors and maintainers have limited power. Users have the least power. Cloud providers often use open-source software without contributing back. Smaller companies sometimes relicense software to restrict cloud providers but hurt contributors and users. Forking offers a way to counteract power shifts by creating alternative project versions. Key Points About Rug Pulls Common in single-company projects. Company reputation is critical but not foolproof due to changes like acquisitions. Investor pressure often drives relicensing for increased revenue. Examples of restrictive licenses: Server Side Public License (SSPL), Business Source License. Rug pulls can cause forks, but forks require significant resources to succeed. --- Case Studies: Rug Pulls and Forks Elasticsearch and OpenSearch Elasticsearch was relicensed under SSPL by Elastic in 2021. AWS forked it as OpenSearch. Elasticsearch contributors were mostly Elastic employees pre- and post-fork. OpenSearch’s community was initially weak, dominated by Amazon contributors. Moving an existing project under a foundation later does not significantly boost contributor diversity. Terraform and OpenTofu Hashicorp relicensed Terraform under the Business Source License in 2023. OpenTofu fork started one month later under the Linux Foundation. OpenTofu rapidly gained diverse contributors from multiple companies. This fork was user-driven and foundation-backed, resulting in more active community engagement. Redis and Valkey Redis relicensed under SSPL in 2024. Valkey fork immediately formed under the Linux Foundation by Redis contributors. Redis lost nearly all external contributors post-fork, who moved to Valkey. Valkey started strong with contributors from around a dozen companies. --- Effects and Metrics GitHub forks (repository copies) spike after relicensing events, indicating interest in forks. Forked projects usually have lower usage metrics compared to originals. Relicensing often leads to reduced overall usage, especially when forks under foundations arise. --- Recommendations and Warning Signs Contributor License Agreements (CLAs) are red flags, as they give companies power to relicense software. Prefer projects using Developer Certificate of Origin to maintain contributor power balance. Evaluate project governance: Foundation-backed projects reduce rug pull risk. Beware when one company dominates contributors—as with the Cortex project leading to Grafana’s fork Mimir. Look for neutral governance with leaders from multiple organizations. Healthy contributor diversity supports project sustainability. Companies should encourage employee contributions to strengthen projects they depend on. The CHAOSS project offers metrics and guides to assess project health and viability. --- Conclusion: Feudalism in Open Source Cloud providers act like feudal lords with vast power. Companies may use relicensing to reclaim power but do so at contributors’ cost. -