Puppet

Details

The source code of the project is provided under an Apache License, but this does not appear to be the current version of the project.

Following their guidance, including via their form-gated access (which itself has questionable privacy consideration) under the title of “Get Started with Open Source Puppet”, leads to documentation for “Puppet Core” which is shown using a different (later) version number relative to the FOSS project, and is only provided after purchase or the singing of a seemingly non-FOSS license agreement.

In November 2024, the project announced new plans for the FOSS project, stating that:

will begin to ship any new binaries and packages developed by our team to a private, hardened, and controlled location. Community contributors will have free access to this private repo under the terms of an End-User License Agreement (EULA) for development use.

Their reasoning for this is based upon questionable security concerns. In their post about the changes, they also advertise the security features of the non-FOSS “Puppet Core”:

Puppet Core includes security and stability features like hardened binaries and packages, guaranteed SLAs, and premium modules for vendor-backed support you can count on.

This appears to be common theme, with the project homepage advertising:

Puppet Core
Stable, hardened Puppet builds from a secure and private repository for experienced automation teams that need assurance beyond community-supported open source.

This can give the impression of delaying work in the FOSS offering, using it as advertising & historical value with security scaremongering, while providing their non-FOSS offering as a solution the security issues portrayed.

At the time of review, the FOSS project has not seen a release since before they announced their plans. It’s not clear if any further developments to the original FOSS project are intended. Some projects like OpenVox have started to continue development of the FOSS offering.

Puppet was acquired by the company Perforce in 2022. Before that it had apparently raised $190m in funding from investors such as Black Rock, Cisco, Google Ventures VMware, Kleiner Perkins Caufield & Byers, True Ventures, and Radar Partners. The project appears to gain revenue from selling “Puppet Core” in addition to providing other enterprise focused solutions/services around the software.

Perforce is a private company which appears to be owned by private equity firms Clearlake Capital and Francisco Partners.