Red Hat dropped a bombshell yesterday. They announced that CentOS Stream will be the sole repository for public RHEL-related source code going forward. The complete RHEL source, previously available through their Git infrastructure, will now only be accessible to paying customers and partners through the customer portal.
Let me be direct: this is a seismic shift for the enterprise Linux ecosystem, and the implications run far deeper than the immediate headlines suggest.
What Actually Changed#
To understand why this matters, you need to understand the ecosystem Red Hat built — and that others built around it. For over two decades, RHEL source code has been publicly available. This wasn’t charity; it was a legal obligation under the GPL. Red Hat’s business model was built on selling support, not software. The code was free; the expertise to run it in production was what you paid for.
This public availability spawned an entire ecosystem of downstream distributions. CentOS was the most prominent — a free, community-maintained rebuild of RHEL, bug-for-bug compatible. When Red Hat acquired CentOS in 2014 and then converted it to CentOS Stream (a rolling preview of RHEL rather than a rebuild) in late 2020, alternatives like Rocky Linux and AlmaLinux emerged to fill the gap.
Now Red Hat is going further. While they claim they’re still GPL-compliant — the source is available to customers, who can redistribute it — they’ve effectively cut off the downstream rebuilders at the knees. Rocky Linux, AlmaLinux, and Oracle Linux all depended on that public source access to create their RHEL-compatible distributions.
The GPL Compliance Question#
Red Hat’s position is legally defensible but ethically murky. The GPL requires that source code be made available to those who receive the binary. RHEL customers get the source. What Red Hat appears to be doing is using their customer agreements to discourage redistribution — not technically violating the GPL, but certainly violating its spirit.
Their blog post accompanying the announcement characterized the downstream rebuilders as companies that add “value” by stripping out Red Hat trademarks and rebuilding the code. The tone was dismissive, framing these projects as freeloaders rather than ecosystem participants.
This framing conveniently ignores that CentOS and its successors served as a massive on-ramp to RHEL. Countless organizations started on CentOS, grew their operations, and eventually became paying RHEL customers. The free ecosystem was Red Hat’s best sales funnel.
Impact on the Enterprise Stack#
If you’re running infrastructure, this matters to you directly. Millions of servers worldwide run CentOS, Rocky Linux, or AlmaLinux. These distributions are embedded in CI/CD pipelines, container base images, development environments, and production workloads.
Docker Hub is full of images based on CentOS and its derivatives. Cloud providers offer these distributions as first-class options. The ripple effects of the rebuilders losing access to timely source code will be felt across the entire cloud-native ecosystem.
For my own infrastructure work, I’ve used CentOS and later Rocky Linux extensively in development environments that mirror RHEL production deployments. The value proposition was simple: identical behavior without the licensing cost for non-production workloads. That model is now under threat.
The downstream projects are already exploring alternatives. Rocky Linux has mentioned working with sources obtained through legitimate customer access, and AlmaLinux is evaluating whether to continue tracking RHEL precisely or diverge slightly. But none of these paths are as clean as the previous arrangement.
The Bigger Picture: Open Source Sustainability#
This move by Red Hat is part of a broader pattern in the open-source world. Companies that built empires on open-source software are increasingly looking for ways to capture more value. MongoDB’s switch to SSPL, Elastic’s license change, HashiCorp’s recent moves with Terraform — the trend is clear.
The fundamental tension hasn’t changed in 30 years: open source creates enormous value, but capturing that value as a business is genuinely hard. Cloud providers can offer managed versions of open-source databases without contributing back. Competitors can rebuild your distribution without paying for the R&D.
I sympathize with the business challenge. What I don’t sympathize with is the narrative that frames this as anything other than what it is: a company changing the terms of an ecosystem it nurtured, because the original terms became inconvenient. Red Hat built its reputation on open source. IBM acquired Red Hat for $34 billion largely because of that reputation. Now IBM’s influence is visible in the prioritization of revenue extraction over community trust.
My Take#
I’ve been using and contributing to Linux distributions since the mid-’90s. The strength of the Linux ecosystem has always been its openness — not just legally, but culturally. Red Hat was a cornerstone of that culture.
This decision won’t kill enterprise Linux. It won’t even kill the RHEL-compatible rebuilds; they’ll find workarounds. But it damages something harder to quantify: trust. The open-source community operates on a social contract that goes beyond licenses. When a company that owes its existence to that contract starts looking for loopholes, it poisons the well for everyone.
If you’re making infrastructure decisions right now, it’s worth considering what this means for your long-term strategy. Debian and Ubuntu-based stacks look increasingly attractive for workloads where RHEL compatibility isn’t strictly required. Diversifying your base OS strategy has never been more prudent.
The enterprise Linux landscape is shifting. How it settles will tell us a lot about the future of open source in the corporate era.
This post is part of my Developer Landscape series, covering the trends shaping how we build and deploy software.