How does the X-Pack license work?


(Kaj Magnus Lindberg) #1

Can I ask how does the X-Pack license work? Is there perhaps an asymmetric encryption public key bundled with ElasticSearch? And if one buys an enterprise plan subscription, then Elastic-the-company creates a license, and signs with a private key? And the ElasticSearch software uses the built-in public key to verify that the license is valid? (i.e. signed by Elastic-the-Company's private key)

Or does the license and signature work, in some other way?

Theoretically, people could fork the ElasticSearch repo, edit the public key (assuming there is one?) so they can sign licenses with their own private key? Or they could edit the source code and remove various checks that tests if there's a licence or not? ... And companies don't do that, for many reasons, like 1) it's illegal. 2) It's maybe not well-spent-time: the company's engineers can create more value for the company, by spending time on other things than hacking each new releases of X-Pack. And 3) it'd lower morale inside the company, if the employees notice that their employer does things like that? (Or what are your thoughts? If it's ok that I ask things like these)


(Steve Kearns) #2

Hi Kaj,

This sounds like a legal licensing question, rather than a technical question. The Elastic License pretty clearly states "do not hack the licensing mechanism." If you have any questions about what that means or there is anything we can do to clarify the intent and meaning for your use-case specifically, please reach out to us at elastic_license@elastic.co

Thanks,
Steve


(Kaj Magnus Lindberg) #3

Hi Steve, thanks for the reply. Actually, the reason I'm asking is primarily technical. Maybe I should have explained why I asked:

I'm thinking about doing the same thing, as Elastic is doing with ElasticSearch + x-pack, with my software project. It's open source (linked via my profile), and I'm thinking about adding an "enterprise-addons" directory, like you have added the "x-pack" directory. ...

... So that large companies and enterprises, could pay a license fee, to use the enterprise-addons. Whilst small business and hobbyists, have all they need already, without any enterprise-addons.

Not sure if it makes sense for you to spend time answering this; maybe my question / thoughts are a bit off-topic.

(I otherwise use ES in fairly basic ways. The open-source parts are more than what I need already; there's just a single node.)


(Steve Kearns) #4

Ah, I see what you're after now. I'd be happy to chat about your planned approach - while there are very important technical aspects to how to implement things like license key enforcement, I expect the majority of the conversation would be around your business goals, and how to structure things to best align your goals with those of your users and your customers.

Feel free to send me a DM - happy to help if I can.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.