Is HyperVM and Kloxo Going Open Source or Not?

After the FsckVPS fiasco and tragic involving KT Ligesh two months ago, I blogged about the potential future of products of LxLabs. More specifically — whether HyperVM and Kloxo are going to be open sourced. A lot of development has been happening over the last two months. A “consortium” has been created, and a new website LxCenter has been set up (and currently hosted at DMEHosting) to further the discussion. Although most of the talks are still happening at the forums.

The consortium at the moment consists of:

  • Brijesh, cousin of KT Ligesh.
  • Bhargava, an ex-employee of LxLabs
  • Arthur, developer at Zantagonox a web development company.
  • Danny, owner of Nettuning a hosting company in Netherland.

From the consortium thread in the forums, it seems not everyone is happy about the choice. Moreover, there might be conflicts of interest within the team.

A few days ago Arthur posted at LowEndBox.com:

They (HyperVM and Kloxo) will be open sourced when we (LxCenter) release the vulnerability fix versions of both panels and we will continue to support them from then on.

Another note is that they will be free to use completely. But the most important part is that they will live on, most likely in an AGPL license (off the record), rather than dying with Ligesh.

Later on commented:

We will be working on them for the next month at least fixing bugs and vulnerabilities. The first release we make as LxCenter will make them open source.

I have also read in the LxLabs that the model might be AGPLv3 for everyone, but potentially BSD license to be purchased for those companies who wish to modify the source for their needs without the obligation to contribute back (AGPL requires the source to be opened even if the software is only provided as a service over the net).

I can understand why they would want to open the source code to only a limited number of developers first to do audit + patching up the exploit, as there are still many HyperVM/Kloxo installation in the wild. It’s all good… Until two days ago, Brijesh commented on my previous blog post:

In all honesty, nothing has been done with the source code yet. As it stands, we will continue to develop the software once we have an admirable development staff. After that, development will resume, as will the invoices for paying customers.

Once development has resumed, new customers will need to pay an additional surcharge for setting up the client area, as well as maintaining the license servers. This is a one time fee, after which, the recurring rate will remain the same.

… all developments made to already open-source packages we maintain, will continue to be open-source, all specific development with the core application(s) will continue on a pay-per-seat type of license.

In summary:

  • Source code has not been touched yet.
  • Only some packages (likely to be libraries) will be open sourced. The rest stays proprietary.
  • Customers will continue to be invoiced.

Back to square one basically, if what Brijesh said was indeed true.

Updated 8 August 2009 — LxLabs has updated their website with the following information:

The source code, it will be PUBLIC and OpenSourced with a proper License after the first new release of HyperVM and Kloxo. When those are released, the sourcecode and structure will be hosted on a public repo website like many other OpenSource projects. We have choosen a temporary License for developers that are going to work on the source until the first releases. In that time the final OpenSource License will be choosed. So yes, the source is until the first new HyperVM and Kloxo release not public. We need first to examine the code, and changing code if it not fits a OpenSource standard. There is a lot work to do on the code because a new install system has to be created, new update system and for example the removal of the License server code. The Consortium does have the Sourcecode. It will be uploaded into a private SVN system today or tomorrow. Then it will be prepared by one person so it gets a SVN structure and branches. After that all Developers are going to see the soureccode and developing is going to be started.

Release date? that is unknown yet. Can be in a week, can be in some months. The Consortium does have a 12 months timeframe to release it to the Public. We have 11 months left (but we want it asap).

Signed off by Danny of Netunning. 12 months can be a long wait, but still good if it eventually happens.