☆ The Open Source Procurement Challenge

Posted on February 25, 2011 by Simon Phipps

I am speaking at the ODF Plugfest here in the UK this morning, on the subject of the challenges facing the procurement of open source software by traditional enterprises (including the public sector). Based on a selection of experiences from ForgeRock’s first year, my talk considers procurement challenges that legacy procurement rules raise for introducing true open source solutions. My slides are available online. I consider two different needs:

  • The need for legacy procurement barriers to be removed. Examples:
    • requirements for indemnity that are only truly proportionate for proprietary software
    • requirements for copyright assignment and license negotiation
    • comparison of open source subscriptions with only the service portion of proprietary bids
    • a preference to sustain the lock-in caused by previous procurement
  • The need to recognise new value available from open source. Examples:
    • Removal of the need to administer end-user licenses
    • Long-term continuity – “community escrow
    • The ability to create ecosystems without vendor mandates
    • Enablement of adoption-led deployment

If we’re to see open source solutions bringing budget and change flexibility to government IT as the Prime Minister wants, both kinds of change – addressing legacy processes and lock-in (so that SIs are out of excuses) and seeking new kinds of value – are essential.

Filed under: Events, Open Source, Procurement | Tagged: | 1 Comment »

☆ OBR Progress Report

Posted on February 24, 2011 by Simon Phipps

The Open-By-Rule Benchmark I talked about recently has now had several workouts, and there are a number more under review ready for future posting. So far, it seems to be working out well, with projects receiving scores that (to my eyes at least) are an accurate reflection of the openness. It’s been clear that every project has it’s strengths and weaknesses and that there’s no perfect model. I like the way the benchmark allows for this; as the dial I’m displaying suggests, I think an overall score below -2 suggests a closed project, a score over +2 suggests an open project and in between is a twilight zone.

While this is very satisfying, there’s certainly a need to do more work. I think I should revise the Benchmark in the light of experience (for example to make it clearer how scores work), but before doing that I’d like to rank a few more projects with it – preferably smaller than the ones ranked so far. I’d welcome your submission – just follow the instructions.

If you’ve not been following the process so far, take a look at the project scorecards to date:

Filed under: Governance | Comments Off on ☆ OBR Progress Report

☆ Is GNOME Open-By-Rule?

Posted on February 21, 2011 by Simon Phipps
+8

The GNOME Project

Dave Neary has kindly agreed to supply data for an Open-By-Rule evaluation of the GNOME Project, which develops and maintains one of the two open source graphic desktop environments most widely used on UNIX and Linux systems as well as a diverse and growing range of other software including notably mobile software. The scores are mine, although they are largely based on Dave’s assessment.

GNOME easily scores +8 and is obviously open-by-rule.

Rule Data Evaluation Score
Open, Meritocratic Oligarchy The GNOME project is ostensibly led by the Release Team, an open body to which the remaining team members invite someone on merit when a seat opens. Each module in GNOME also has its own maintainer team which decides on the direction of the modules they maintain. The GNOME Foundation is governed by an elected board, elected for a term of 1 year. Newcomers to GNOME often have trouble figuring out who’s in charge. The Release Team is responsible primarily for the release process and has not traditionally set any strategic direction for GNOME, and individual module governance rules are varied. The foundation board is responsible primarily for maintaining the infrastructure of the foundation, and dealing with sponsors and benefactors, and does not set any technical direction.
Score: Governance is open, membership of the release team oligarchy is meritocratic – scoring zero for oligarchy because much of the governance is devolved to maintainers, making it hard to figure out how to accomplish project-wide change.		 +2
Modern license Applications are released under GPL v2+, development platform libraries are LGPL v2.1+ GPLv2 is widely regarded as providing contributor patent protection through implied licensing. Changing the licensing of GNOME to anything other than (L)GPL v3+ (which would not require the permission of all contributors) would be very difficult. +1
Copyright accumulation GNOME does not accumulate copyrights. Authors keep their own copyrights. Clearly scores +1. +1
Trademark policy Licensing Policy The GNOME Foundation has registered a small number of trademarks. The foundation has drafted “fair use” trademark guidelines, and a click-through trademark licence for a number of standard community activities – setting up a fan website or usergroup, printing GNOME merchandising, etc. All of GNOME’s trademarked artwork is available under a copyleft licence to anyone using the project. GNOME has entered into a number of legal agreements in a transparent manner (including publishing the trademark licenses afterwards) to allow companies to sell GNOME branded t-shirts & goodies. 

Score: Community-equal policy scores a clear +1.

 +1
Roadmap The marketing & release teams have worked for several release cycles to develop a community roadmap. The roadmap includes the plans of individual modules, and gives developers the opportunity to identify themes. However, the lack of a medium to long term vision of the project has often been cited as a failing. The move to GNOME Shell has given the project some forward-looking momentum. 

Score: Good start, will score +1 one day…

 0
Multiple co-developers The GNOME project has seen commits by over 3000 developers in its history. The project has vibrant co-operation among competitors, and a healthy mix of 30% paid developers and 70% unpaid contributors. Obviously excellent, +1. +1
Forking feasible GNOME is made up of hundreds of modules with a diverse developer community. The GNOME platform and applications have been used as the basis for projects including Maemo, Sugar, Moblin/MeeGo Netbook, and Ubuntu Netbook Remix. Forking GNOME completely would be a mammoth task. However, by taking a common set of core modules and differentiating only in the UI, a number of companies have created GNOME-based derivatives. Arguably, Canonical is doing this with Unity/Compiz being included in Ubuntu 11.04. So probably +1 score. +1
Transparency GNOME work is done on mailing lists, on IRC, in Bugzilla and in a public git repository While there have been some issues with discussions happening on IRC, or with colleagues working on features together before pushing them to public git, in general, the entire operation of the GNOME project happens in publicly archived mailing lists or in Bugzilla comments. 

Score: Given the controversy that has arisen in the past from the easy access to GNOME community’s dialogues on, for example, FSF affiliation, it clearly has to score +1.

 +1
Summary (scale -10 to +10) +8

Filed under: Governance | Tagged: , | 3 Comments »

☆ Is Eclipse Open-By-Rule?

Posted on February 16, 2011 by Simon Phipps

+8

The Eclipse Foundation is home to a family of projects related to enterprise software development. Its Executive Director Mike Milinkovic has very kindly supplied the data for an Open-By-Rule evaluation. In his submission Mike actually scored the first point higher and I reduced his +1 for “open” down to zero because the Board is controlled by paid seats, but otherwise I agree with his evaluation, giving an overall score of +8 on the -10 to +10 scale. Eclipse definitely qualifies as “open-by-rule” according to the benchmark.

Rule Data Evaluation Score
Open, Meritocratic Oligarchy Directors 

Architecture Council

Planning Council

 The Board of Directors is a mix of “Strategic Members” and elected members representing the community. There are a total of six elected representatives on a board of eighteen. There are no seats reserved for any company. Each Strategic Member company must re-commit both its dollar and headcount (8 FTE) commitments to Eclipse on an annual basis. Score 0 for pay-to-play-controlled Board that does no harm to the overall community. 

(Mike notes: “Although some may question the notion that there is a meritocracy involved where there Board has many corporate members who are there by virtue of their financial and resource commitment to the community, in practice this works extremely well. What we have ended up with is a mix of large and small companies who are strategically committed to the success of the community. This commitment is tangible and re-evaluated annually.” )

The Architecture and Planning Councils share a similar mix, but the vast majority of members are there by virtue of their activity or leadership of a Project Management Committee. In the case of the Architecture Council, the vast majority of members have been elected by the existing members based on clearly meritocratic basis. Score +1 for meritocratic, +1 for oligarchy,  in the technical leadership.

 +2
Modern license Eclipse Public License v1.0 The EPL is an OSI-approved license with a well-written patent license clause very similar to that of the ASL 2.0.  The EPL is a “weak copyleft” license and is particularly well suited as a license for a shared platform for an ecosystem that includes both open source and commercial adopters. +1
Copyright accumulation There are no copyright assignments at Eclipse at all. There are no copyright assignments at Eclipse at all. Every single contributor, no matter how large or small, makes their contributions under the EPL. We have complete symmetry between inbound and outbound licensing. +1
Trademark policy Please see the logo guidelines The trademarks policy keeps the Eclipse name, and the name of all of its projects and their namespaces in trust for the entire Eclipse community. No trademark using entity has any more rights than another. The Eclipse Foundation is a not-for-profit entity which has no commercial motive for the control or exploitation of any of its trademarks.  

(Mike adds: “Caveat: Prior to the creation of the Eclipse Foundation as an independent entity, IBM followed a laissez faire policy towards the Eclipse trademarks and the marks of the various projects inside the Eclipse community. As a result, there are uses of “Eclipse” and other marks which have been grandfathered which would otherwise be in violation of our trademark.”)

 +1
Roadmap Roadmap 

Indigo Plan

Helios Plan

 The Eclipse Foundation publishes an annual roadmap each year which pulls in the release plans of the vast majority of its projects.Each year the Eclipse community releases an annual release train combining the work of a significant subset of the Eclipse community’s projects. All of the requirements, planning and execution of the release train is done is done in an open and transparent manner. +1
Multiple co-developers Commits 

Active committers

Total committers

 Across the Eclipse community there is a very diverse collection of companies and individuals involved in projects.They also transparently publish all sorts of metrics regarding diversity and activity. +1
Forking feasible There are no licensing or copyright assignment barriers to forking. However, the continuing predominance of IBM committers on the Eclipse platform itself means that forking that particular piece of the Eclipse community would be difficult. 0
Transparency Minutes site (includes minutes for Board, Council and Membership meetings) Eclipse publishes minutes of all of its meetings.The Board operates under a mix of Chatham House rules and a requirement that not detailed personnel or financial information be published. All other minutes are made available. +1
Summary (scale -10 to +10) +8

I’m grateful to Mike for the work he’s contributed here – thanks! If you’d like to submit the data to help me test the benchmark on your community, please do.

Filed under: Governance, Links, Open Source | Tagged: , | 14 Comments »

☆ Is LibreOffice Open-By-Rule?

Posted on February 11, 2011 by Simon Phipps

+5Charles-H Schulz from The Document Foundation submitted the data for a benchmark evaluation of LibreOffice. I have read his evaluations and added scores, giving a current evaluation of +5 for LibreOffice (on a scale of -10 to +10). This would firmly identify LibreOffice as open-by-rule.

There is still some room for improvement, but that’s to be expected from a young organisation with ambitious goals. I look forward to being able to re-evaluate in a few months.

Rule Data Evaluation Score
Open, Meritocratic Oligarchy Community postings and
Bylaws		 While the LibreOffice project is only 4 months old both its development track and its community governance show a fast pace of developers’ growth and an open and meritocratic oligarchy. This last point is particularly reflected in its bylaws that emphasize the notion of openness, freedom and meritocracy. 

Score: +1 for open to all contributors, 0 for unproven meritocracy, +1 for structured leadership

 +2
Modern Licence Licensing Explanation LibreOffice inherits from the licensing of OpenOffice.org and the copyright assignment schemes from both Oracle and Sun Microsystems. This means that the bulk of the code, that stems today from OpenOffice.org shares the same license of its older brother (LGPL v3). Yet newly developed code done inside the LibreOffice project has a triple license: (L)GPL v3 + and MPL.  It is thus a situation where LibreOffice has no other choice than to deal with previous licensing choices, not to make new ones. 

Score: 0 for OSI-approved licensing not under the control of the community

 0
Copyright Accumulation Policy statement LibreOffice got rid of any copyright accumulation in the sense of copyright assignments to The Document Foundation and does not require a contributor agreement. +1
Trademark policy Draft trademark policy The trademark policy is almost finished at this point. It attempts to define specific allowed uses for logos, etc. without stumbling too much in certain GNU/Linux distributions’ own policies. While this is a big plus (these distributions’ developers are often part of the LibreOffice core team) it has been noted that the Trademark policy itself is sometimes complex to understand, especially for business uses. 

Score: 0 for trademark policy under community control (+1 once completed)

 0
Roadmap Release plan Efforts are made to make LibreOffice releases predictable and the plan looks good. However it does not mean we know what feature would be included for each release. 

Score: 0 for intent to have a schedule and roadmap, +1 once established

 0
Multiple co-developers List of contributors Contrary to OpenOffice.org, LibreOffice has always wanted to be a diverse community. At this stage the main contributors are Novell and Red Hat, followed by an impressive numbers of independent developers (patches between the “independent” and the corporate are about 50/50). Expect Canonical to ramp up its contributions with its new hire(s). +1
Forking feasible Developer how-to One can fork LibreOffice very easily. The problem is that it’s a very heavy application that has its own technologies and idiosyncrasies that most of developers would need to get really familiar with before trying to fork it. LibreOffice has already invested a lot of effort improving this situation and it will continue to be a priority, so this rule should eventually score +1. 0
Transparency Steering Committee While the Document Foundation is being set up not everything in its governance is fully enabled: for instance the Document Foundation still has to elect a full-fledged board, as the present Steering Committee is only an interim one. However significant efforts have been made to make the governance transparent. +1
Total +5

Many thanks to Charles for the submission. More submissions most welcome.

Filed under: Governance, Open Source | Tagged: , | 7 Comments »

☆ More Ratings Please

Posted on February 7, 2011 by Simon Phipps

Given the interest in my earlier article about a scorecard for open source and my own rough-and-ready benchmark proposal, I’d be interested in seeing how well the benchmark works at rating a variety of open source projects. If you’re familiar enough with a project to be willing to have your name associated with rating it, please complete the table below in the same style as my own evaluation of OpenJDK. Cut & paste into an e-mail and send the completed table to me.

I will review the information you’ve provided, possibly adjust your proposed scores a little to match the scoring style used for other evaluations and then I’ll publish all valid good-faith submissions on my blog.

Rule Data Evaluation Score
Instructions Provide sample extracts from public sources supporting your evaluation, together with links Read the Benchmark. Evaluate as objectively as possible, and conclude with a rationale for the score you are giving. Score -1 for a rule where the governance implementation detracts from open-by-rule; score 0 for implementations that have an overall neutral effect; score +1 for implementations that contribute positively to an open-by-rule community. “Open/Meritocratic/Oligarchy” scores between -3 and +3, evaluating for each word. I’ll review your submission before publication, so don’t worry too much 🙂
Open, Meritocratic Oligarchy +/-3
Modern license +/-1
Copyright accumulation +/-1
Trademark policy +/-1
Roadmap +/-1
Multiple co-developers +/-1
Forking feasible +/-1
Transparency +/-1
Summary (scale -10 to +10) +/-10
Project name
Project URL
Your name

Filed under: Governance | Tagged: | 2 Comments »

☂ Governance Benchmark Available

Posted on February 7, 2011 by Simon Phipps

My article establishing an open-by-rule benchmark for checking the governance of open source communities is now available in the Essays section.

Filed under: Governance, Webmink | Comments Off on ☂ Governance Benchmark Available

☆ Rating OpenJDK Governance

Posted on February 4, 2011 by Simon Phipps

I used to be a member of the Interim Governance Board for the OpenJDK project I helped Sun start to host an open source implementation of the Java platform under the GPL. For various reasons, the governance was never fully defined and the entire subject has been silent for over a year. There’s other context I assume most readers understand listed on CWUK. This week, news emerged that I am no longer a Board member (neither a surprise nor an issue for me), and that a governance proposal has been published.

How does the proposed OpenJDK governance fare when ranked against the open-by-rule benchmark I outlined earlier in the week? Scoring below involves +1 for each positive implementation of a rule, zero for each non-detrimental implementation or omission and -1 for each implementation that detracts from an open-by-rule governance.

Rule Data Evaluation Score
Open, Meritocratic Oligarchy “The Governing Board consists of five individuals:

  • The Chair, appointed by Oracle;
  • The Vice-Chair, appointed by IBM;
  • The OpenJDK Lead, appointed by Oracle; and
  • Two At-Large Members, nominated and elected as described below.”
 This is initially a closed plutocracy comprising mostly people who have never been involved in OpenJDK, as long-term Free Java leader Mark Wielaard has pointed out. The initial Board is all appointed by Oracle and IBM and they have picked only people they can trust to represent them and taken few risks (only Doug Lea has spoken out in the past, when he resigned from the JCP) and omitted key OpenJDK contributors Red Hat and Google (and recent joiner Apple). Future Boards will always comprise at least two Oracle staff and one IBM member. Interestingly, this is not conformant with the original OpenJDK Charter, which gave a majority of seats to elected representatives.

There is scope for the Board to be grown in the future and it’s theoretically possible eventually for the Board to have community-appointed members outnumbering the Oracle-IBM axis, but the rules are poorly defined and there’s undoubtedly scope for them to be gamed in order to maintain control.

Scoring 0 for closed/open given the benefit of doubt for the possible expansion process; -1 for non-meritocratic majority; -1 for non-representative oligarchy.

 -2
Modern license (not mentioned in governance) OpenJDK uses a complex licensing arrangement based on GPLv2 plus a variety of exceptions. GPLv2 has decent implied patent protection according to most legal sources I have consulted. It’s actually a good combination of licensing both for software freedom and as the basis for Oracle to build a business around the code, but it’s not mentioned anywhere in the governance so could presumably change at any time based solely on Oracle’s choices.

If the governance committed to maintaining GPL as the license I’d score this as +1 but the lack of mention makes it 0.

 0
Copyright aggregation “A Contributor is a Participant who has signed the Oracle Contributor Agreement or who works for an organization that has signed that agreement or its equivalent. Only a Contributor may submit anything larger than a simple patch.” Copyright is explicitly aggregated solely in Oracle’s hands. There are actually good historic reasons for this and without it I doubt that either IBM or Apple would be involved in OpenJDK since it would be impossible for Oracle to privately license the resulting Java implementation to them under terms they would accept (neither of them like GPL). Furthermore it allows the existing Java licensing arrangements to be sustained, meaning OpenJDK can be the locus of development for Java SE.

While I would rather see the overall copyright vested in a non-profit foundation, the pragmatic balance of factors means I score this as 0.

 0
Trademark policy (not mentioned in governance) The OpenJDK trademarks are all dealt with outside the scope of the governance and are the exclusive property of Oracle who even claim control of their use within the source, a context I’m surprised to see alleged trademark law is applicable. This clearly scores -1. -1
Roadmap “If a Governing Board member objects in good faith to a technical or release decision made by the OpenJDK Lead then that decision may be appealed via the following process.”

JDK Release Projects may only be proposed by the OpenJDK Lead and may only be Sponsored by the Governing Board.”

“Every OpenJDK Member will have the opportunity to propose features for inclusion in JDK Release Projects, and decisions about which features to include will be made in a transparent manner.”

 Despite being intended to ensure “that sufficient infrastructure is available to Community members” there’s no mention of how releases will be conducted – there should at least be baseline principles. There’s an appeals process, but it is only open to Board members and there’s a clear intent that the roadmap is at Oracle’s sole discretion. This especially applies to JDK releases. The nod towards transparency is a positive sign but contradicted by the appeals process.
 

While this is all nothing new, it’s hardly “open-by-rule” so a clear -1.

 -1
Multiple co-developers There’s a cross-section at FOSDEM. OpenJDK is blessed with enthusiastic co-development from both independent community participants and from corporations like Red Hat, Google and now Apple. It’s a shame verging on an insult that they weren’t involved in creating or starting the governance, but overall this is OpenJDK’s biggest strength and a clear +1 score. +1
Forking feasible IcedTea, multiple co-developers, Classpath history The code is under the GPL, but the copyright is aggregated by Oracle and the trademarks all belong to them. There are enough co-developers outside Oracle to sustain a fork (after all, Classpath was a viable Java implementation before and IcedTea is still running). Chances are that IBM is subject to a no-forking agreement in return for lending its credibility to the governance. The documentation is subject to rules intentionally designed to prevent them being used on a fork.

Overall, this is a tough rule to score but on balance I think forking would be tough but possible. Given all the factors making it tough, I score this as 0.

 0
Transparency “I’m happy to report that, since last November, I’ve been doing just
that: Drafting a set of Community Bylaws in collaboration with John
Duimovich and Jason Gartner of IBM, Mike Milinkovich of Eclipse,
Prof. Doug Lea of SUNY Oswego, and Adam Messinger of Oracle.”		 Despite having roots in the work of the previous governance board (which also inherited ideas from OpenSolaris), the governance itself has come from nowhere and that bodes ill for future transparency, no matter how often the word is used in the document. The track record for OpenJDK has shown a mixed history for transparency. The corporate pressures are likely to mean lots of back-room dealings and the governance does little to prevent them.

Again, tough to score. I’m tempted to score this as -1 but the fact there’s  a public governance at all and that Mark promises there will be a ratification step (albeit undefined) makes me give the benefit of the doubt and thus a score of 0.

 0
Summary (scale -10 to +10) -3

-3That score isn’t as bad as it could be, but given that

“The goal of these Bylaws is to foster the long-term health and growth of the Community by enabling and encouraging its members to act in an open, transparent, and meritocratic manner.”

I think there’s still plenty of work required to make them fit for purpose. I’m offering these comments in the spirit of contribution and dialogue. I’d be pleased to help the OpenJDK project in any way I can if they wish during the drafting and ratification process. I’ll be at FOSDEM this weekend speaking on this subject in the Free Java DevRoom, so meet me there if you’d like to discuss anything.

I have hoped from the beginning that OpenJDK would be an open-by-rule community in which everyone with a commitment to Java can participate as equals. Let’s hope this new development can deliver on that vision.

Filed under: Governance, Java | Tagged: , , | 8 Comments »

☝ The Open-By-Rule Governance Benchmark

Posted on February 1, 2011 by Simon Phipps

With Oracle’s OpenJDK Project about to announce new community governance, many people have asked what I look for in good open source project and community governance. My personal benchmark is over on ComputerWorldUK today – take a look. I will probably be speaking about this in the Java DevRoom at FOSDEM on Saturday afternoon.

Filed under: ComputerWorldUK, Governance | Comments Off on ☝ The Open-By-Rule Governance Benchmark

☂ Indemnity Article Available/Disponível em Português

Posted on January 26, 2011 by Simon Phipps

My article on the problem of indemnity requirements for open source procurement is now available in the Essays section, in English and Portuguese.

O artigo “Aquisição de Software Livre: Indenizações” está agora disponível traduzido para o Português na seção Essays. Muito obrigado a Bruno Souza e Ana Prado.

Filed under: Em Português, Open Source | Comments Off on ☂ Indemnity Article Available/Disponível em Português

« Previous PageNext Page »

  • Sponsor

    Meshed Insights - Open Source Management Consulting

  • TwitterMink

  • FlickrMink

    Valbonne Winter SunsetPXL_20251116_111501279PXL_20251116_111408325
    More Photos

  • Top Mink

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 283 other subscribers
  • Document Foundation Member

  • Legalese

    All views expressed on this blog are those of Simon Phipps and do not necessarily reflect the views of any other entity, including current and former employers and clients. See my full disclosure of interests.

    © 2010-23, Simon Phipps. All rights reserved, all wrongs righted. Unless otherwise credited all photographs, videos and other media are included in this statement. Some photographs are available for licensing via iStockPhoto. To contact the author, please use the e-mail form.