Why no attribution to Searchguard?

I’ve been looking through the code you have in your packages, and I see that most of what you have for authc/authz is based on Searchguard, however there’s no attribution to Searchguard. This is in contrast to what you have done here: GitHub - opendistro-for-elasticsearch/sql: 🔍 Open Distro SQL Plugin

You can even find the enterprise modules config flag still in the code, which you’ve put to true for now instead of removing it - which to me seems rather tacky.

1 Like

Hi Mikael. The security features include contributions by floragunn (the makers of Search Guard) and you will see their copyrights on the source files. We have collaborated with them on bringing security features to Open Distro.

I saw taht you are using Search Guard Enterprise modules code without attribution in your security-advanced-modules repo.
Does this means that this code is now AWS code and under Apache licence or I still have to buy licence from floragunn?

1 Like

Hi @potrosni, all of the plugins included in Open Distro for Elasticsearch are licensed under the Apache License, Version 2.0.

We have helped AWS to bring security features to Open Distro for Elasticsearch. From our perspective Open Distro for Elasticsearch is a legitimate product.

Claudia Kressin
CEO, floragunn GmbH


I noticed that there is Lawsuits against Floragunn by Elasticsearch.

What is the impact on Opendistro security plugin also developed by Floragunn?

1 Like

I am also curious if there are any ramifications