There was quite a reaction to my article about how the experience at Koha informs us on the need for “foundations” yesterday. Some considered the details of Koha’s experience, quite reasonably asking if I was aware that after the LibLime take-over the community had indeed established some fiduciary controls, notably asking Horowhenua Library Trust to act as steward for various marks. Take a look at the comments on the ComputerWorld article for more details, and consider donating some money to them.
More surprising was the continuing backlash against the very idea of the “foundation”. Mikeal Rogers has written a follow-up piece, The Value Of Institutions, and I suspect he and I are not far apart in our outlooks even if we express them differently. While MJ Ray has questioned the use of the word “foundation” to describe ways to do it, I continue to believe that when groups of developers come together to collaborate they need to consider the exploitable legalities as soon as possible.
But that’s not out of a love of institutions. If it were possible to be safe from corporate exploitation without any kind of association/co-op/trust/foundation/whatever-you-want-to-call-your-entity, that would be the ideal. As I said in an earlier article, “ultimately it’s about the project, not about the incorporation that encapsulates it.” Bradley Kuhn of the Software Freedom Conservancy has some helpful thoughts on this – he says:
Conservancy handles all the aspects of running a non-profit software project that don’t involve actually developing software. Conservancy’s service plan includes many things, from handling donations, reimbursing developers for conference travel, to holding domain names, copyrights, and trademarks, to enforcing those copyrights and trademarks, to basic legal services.
Experience suggests that if your project is indeed awesome, people with less interest in code and fun and more interest in other people’s money will eventually come along and want to tell you what to do – I’ve seen quite a bit of that lately. That’s where another energetic contribution to the discussion from log4j founder Ceki Gülcü goes too far saying “if you are thinking of donating software to and joining a FOSS foundation but have not actually done so, don’t, joining is not worth the trouble.” There are definitely issues with the long-established entities that triage the engagement of corporations with communities, of which all the ones he mentions are examples.
But there is a severe risk that in throwing out this bathwater, several babies will also find themselves swimming helpless as well. The issues of provenance and the management of trademarks, copyrights and their licenses which he waves away so casually are serious pain points that have caused many projects heart ache. OK, keep the legal entity that’s protecting your collaboration away from the actual code (a very common policy for many open source entities), but don’t for a second think that trust alone is enough to weather the tides of greed that will drown the project in the future. You will get gamed or worse.
Mikeal is also right to say that starting your own non-profit is is less than trivial. Just ask the Document Foundation, whose founders have discovered that incorporating a non-profit in Germany has taken more than a year. But there are easier paths. Picking a jurisdiction where it’s easier is feasible. Deciding not to bother with non-profit status is another – your bylaws can still specify exactly the egalitarian basis you desire without it. Or consider a holding entity like Software in the Public Interest and ask them to handle your non-code assets in trust for you. There are certainly no easy answers, but then this is the real world.
My solution was to focus on individual leadership among people in the community but I think Simon believes there is a future institution that can help us. I don’t know who is right, only time will tell.
I think both are correct. Open source is ultimately about individuals choosing to synchronise overlapping elements of their self-interest and collaborate. Protecting their collaboration can take the form of an umbrella institution they form/join or a helper like SPI. Whichever they do, leaving them empowered to collaborate is the key. The dead hand of corporate-friendly bureaucracy helps no-one.
Ultimately I think this controversy is about the passing-into-middle-age of certain venerable open source institutions. I think that’s the point of Ben Collins-Sussman’s posting about Apache. Let’s hope they get their mid-life-crises sorted out soon rather than just attacking all the messengers. While they do, please let’s not throw the baby out with the bathwater and behave as if there’s no role for administrative entities supporting open source. There is, and the need – and demand – today is greater than ever.
Filed under: Governance