Updated April 26, 11:10am BST with more comment from Synadia.

NATS, an open-source messaging service widely used as middleware for microservices architectures, was donated to the Cloud Native Computing Foundation (CNCF) by Synadia in 2018 and made available under a permissive Apache 2.0 open-source licence. Now in a highly unusual move the company wants it back – and via its lawyers is aggressively demanding “full control of the nats.io domain name and GitHub repository.”

NATS is used by the likes of AT&T, CapitalOne, Tinder, Walmart, and Volvo for microservices messaging, event streaming, and internet of things telemetry, among other use cases. The NATS server, its documentation puts it, is “a central nervous system for building distributed applications” – and the project, its GitHub repository shows, has been incorporated into over 9,000 other repositories and is relied on by 15,800+ projects. 

But Synadia, highly unusually, rather than choosing to fork the project or spin up an enterprise version under its own branding, wants to effectively undo its donation to the open-source community, according to a cease-and-desist that Synadia’s counsel filed on March 27 that has thus-far unsuccessfully demanded full handover of the domain and project repository and to which the CNCF has now publicly responded.

The foundation’s leaders are not happy. As they put it in a blog post this week: “CNCF has offered multiple paths that would allow Synadia to pursue its goals while respecting open source principles and community governance. Synadia is free… to fork NATS and build a proprietary offering under a new name. What they can’t do is unilaterally claw back a community project and its infrastructure, assets, and branding.”

Synadia: NATS has "failed to thrive" under CNCF

Synadia, founded by NATS creator Derek Collison, insists that it has retained ownership of the NATS trademark (which the CNCF disputes) and that CNCF stewardship of NATS has “failed to thrive” under CNCF stewardship and that it is responsible for 97% of the upstream work on the project. The CNCF, meanwhile, says over 700 other organisations have contributed to NATS, that it has funded two third-party security audits at a cost of over $90,000, helped to promote the project, and is “committed to ensuring that NATS [is…] protected from unilateral takeover.”

“Synadia, the original donor of the NATS project, has notified CNCF of its intention to “withdraw” the NATS project from the foundation and relicense the code under the Business Source License (BUSL)—a non-open source license that restricts user freedoms… Let’s be clear,” wrote the CNCF this week, “this is not a typical license change or fork. It’s an attempt to “take back” a mature, community-driven open source project and convert it into a proprietary product—after years of growth and collaboration under open governance and CNCF’s stewardship.”

The battle hinges around trademark ownership, the history of which is complex and detailed by both in their respective statements. To Synadia’s counsel, NATS’s agreement to the CNCF covenant on trademark handover is “not an actual assignment of any rights, and is too vague to be enforceable”; to the CNCF, Synadia is guilty of years of “broken promises” on handover of the actual trademark, even after the foundation “paid for legal counsel to work with Synadia’s trademark attorneys throughout 2018–2019” which resulted in the company agreeing to “transfer the marks to CNCF post-settlement”, which it never ultimately did. 

The CNCF is now, among other actions, “asking the USPTO [Patent and Trademark Office] to cancel the… Synadia trademark registrations.”

As Chainguard CEO Dan Lorenc commented: “... this isn't about protecting the integrity of OSS - it's about protecting the integrity of the CNCF itself. 

“The right answer here is to fork and rename and relicense and continue on, but prying the trademark out isn't going to work and the CNCF is rightly defending that. The Apache 2 license allows forks like that, and that path gives both projects a chance to continue on,” Lorenc added.

“Not many doors are truly one way, but contributing trademarks is one of them. I don't think every vendor that contributes code and trademarks grasps this at the time they do it, because the CNCF model clearly isn't right for everyone. But it does serve a critical purpose and allowing things to be taken back out kills that purpose.” 

If Synadia fails in its mission to pull the project back (it is still considered “incubating” by the CNCF, eight years after being donated) and chooses to stop maintaining it or fork and rebrand, it is very unclear if anyone else will step up to keep the NATS project up-to-date, fix bugs, etc. The CNCF says it is now “making a call for support and additional maintainers” and will continue to reject legal efforts by Synadia to get the repository back.

In blog post shared by Synadia after we published and after the CNCF shared its blog, the company insisted, however, that "we never considered blanket relicensing of the codebase... NATS is primarily funded, supported, and maintained by Synadia. This does not align neatly with the CNCF’s model.

"We must acknowledge the challenging incentive structures within the open source world. Paradoxically, improved stability, extensive documentation, and exemplary reference architectures have led some organizations to discontinue financial support, even when relying heavily on the software in mission-critical environments. As a passionate believer in the open source model, I nonetheless recognize that sustainable OSS requires users who derive substantial value and have the means to support it financially.

"For the NATS ecosystem to flourish, Synadia must also thrive."

Views on the imbroglio? Pop us a line.

The link has been copied!