Fork, migrate, or pay: the remediation decision.

When a project you rely on relicenses, the question fork, migrate, or pay is the one that decides how the exposure ends. Each path leads somewhere different, and the cheapest option on paper is not always the cheapest in total. The decision deserves a framework rather than a reflex, because the wrong choice can move the exposure elsewhere instead of containing it. This guide gives you that framework.

The three paths, plus one

Fork means adopting a community fork that carries the software forward under an open license. The relicensing wave produced several: OpenTofu from Terraform, Valkey from Redis, and OpenSearch from Elasticsearch. Migrate means replacing the component with a different product that meets the same need. Pay means taking a commercial license from the vendor to keep using the original software without restriction. There is also a quiet fourth path: stay put and accept the risk, which is the right answer when the license does not actually reach your use. That last option is only safe once you have mapped where the restriction intersects what you do, which is why every remediation decision starts with the exposure map rather than the menu of fixes.

Weigh each path on three axes

Every option should be scored on the same three axes. The first is engineering cost: how much work, risk, and disruption the path demands. The second is license posture: where you end up, whether on an open license, a source available license, or a paid commercial agreement. The third is timeline: how fast the path can close the exposure, which matters most when a renewal or an audit is approaching. A path that looks cheap on engineering but leaves you on shaky license footing has not actually solved the problem. Scoring all three paths on the same axes is what turns a debate into a decision.

When forking is the right call

Forking is usually the lowest cost path when a credible fork exists. A fork with strong compatibility and broad backing keeps the engineering change small and returns you to an open license, which removes the restriction outright rather than working around it. The caution is that not every fork is equal. A fork with weak momentum or poor compatibility can cost more than it saves and leave you maintaining an orphan. Test compatibility against your real workloads before assuming the fork is cheap, and weigh the long term health of the fork community. The fork stories behind OpenTofu and Valkey are instructive, and we cover them in the OpenTofu and Valkey fork story.

When migrating is worth the cost

Migration replaces the component entirely, and it costs more than forking because it touches client code, data, and operations. It is the right call when no credible fork fits, when the component was due for replacement anyway, or when a stronger alternative exists that improves the architecture as well as the license posture. A migration is a real project, so it should be sequenced by exposure, with the highest risk systems moving first behind a test suite. We walk through a concrete example in migrating from Elasticsearch to OpenSearch.

When paying is the pragmatic answer

Paying for a commercial license is the fastest path and the only recurring one. It makes sense when the software is deeply embedded, no credible fork or substitute exists, and the timeline does not allow a migration. When paying is the answer, the work shifts to right sizing the agreement to your actual usage rather than accepting the vendor list price, which is a negotiation in its own right. The goal is to pay for what you truly run in scope, on a term that protects you from future increases, with a usage baseline you keep for the next renewal.

Tie the decision to the cost to cure

The remediation decision is only as good as the exposure map behind it. Before choosing fork, migrate, or pay, you need the cost of the exposure if it lands and the cost to cure it on each path. Without those numbers the decision is a guess dressed up as a plan. With them, the choice is usually clear, because one path tends to contain the risk at the lowest total cost without moving it somewhere else. We cover the sizing discipline in the cost to cure open source license risk, and the full frame in our pillar on remediation and alternatives. Interpretation of whether a license restricts your specific use is a question for your own counsel.