Steve Walli of the Outercurve Foundation has published a very perceptive discussion of why the phenomenon of the open source software foundation (neutral non-profit) has become so important in the free and open source software (FOSS) community.
Open source is the best software re-use strategy
Steve's fundamental premise is that liberally-licensed collaboratively developed software is the best re-use strategy. There are a number of different ways to look at this, but the one that has stuck in my mind was the result of attending a military open source conference in Washington, DC some years ago. The U.S. military, which is perhaps the biggest user of open source software in the world, uses FOSS because they judge it to be more secure and to have fewer bugs than proprietary software all other things being equal. The reason most often given for this is Eric Raymond's "many eyeballs" thesis that more people seeing code reduces bugs and security problems.
As I remember from the history of the development of the Apache foundation, there is often a very strong economic motivation for FOSS. In the early days of the web, there was the opportunity for every major vendor, IBM, HP, Microsoft, Sun, Oracle, and others to develop their own http web server. Instead IBM helped form the Apache Founation and then encouraged other major vendors to join which just about everyone did (with one important exception). The major vendors jointly contributed to developing one web server based on the NCSA http server and found it much less expensive than if each vendor had developed its own web server.
Intellectual property rights management is what FOSS foundations do
Steve makes the case that the core capability of FOSS foundations is to manage IP - he refers to them as IP Management Machines. He says that this was the primary motivation for the Free Software Foundation (FSF), Apache Software Foundation (AS F), OSDL/Linux, and the Eclipse Foundation. Corporations have more stringent software intellectual property (IP) needs and. neutral non-profit FOSS foundations have proved to be a solution to this problem, providing for the IP management needs of corporations. FOSS foundations remove the barriers to corporate engagement for FOSS projects.
For example, for all contrbutions to Eclipse projects, the contributor has to agree to a standard IP statement for every submission. It also must be contributed through standard channels, either Bugzilla or Gerrit, either of which which provide a complete audit trail for any contribution.
For large contributions (over 250 lines) or code from external projects, then a complete IP review is required. This can take a long time because the provenance of all the code is checked, the licences are checked, and the code is scanned for IP problems. Th reason Eclipse insists that this soemwhat involved process be followed for all contributions is that it guarantees that all Eclipse code can be used legally for commercial purposes under the EPL.
Steve refers to Henrik Ingo's research which I blogged about recently. Henrik found that the largest software projects are governed by FOSS foundations. He concluded that there appears to be a glass ceiling for single vendor projects prohibiting their growth from the Large category upwards. Based on his research findings he recommends that companies who want their projects to become mega project should contribute these projects to a FOSS foundation.
What is a FOSS foundation ?
A FOSS foundation is a neutral (not dominated by one vendor) non-profit (but run as a business) organization that provides legal structures, business operations, and technical services to its members, most of whom are firms or individuals involved in some aspect of software development or as software users. FOSS foundations are different from corporate open source projects like OpenSUSE, Fedora, JBoss, or MySQL in several important ways.
- FOSS foundations are neutral which encourages participation.
- FOSS foundations put a lot of effort into managing IP openly and cleanly because clean IP encourages adoption among the user community.
- FOSS foundations encourage broad participation, something that it is hard for a corporate project to do.
FOSS foundations have many projects they are responsible for. The Eclipse Foundation for example has 270 active projects. FOSS foundations also provide technical services and infrastructure such as source code repositories, build tools, test harnesses, code signing, bug tracking, and so on.
For example, the Eclipse foundation has implemented a very efficient process for contributors that minimizes for the contributor and the committer the time it take to submit the code, verify that it compiles and links correctly, conduct code reviews, run standard tests, and if all that succeeds actually submit the code to the main tree on Github.
One of the most important services that a FOSS foundation provides is legal liability and risk management. This includes providing and managing licenses for contributors and users, provenance tracking, and indemnification.
In my view one of the most important things that FOSS foundations provide is a governance structure that creates an architecture of participation. The objective is inclusion not exclusion. The governance structure makes it easy to join conversations and to participate in various ways based on merit. It also encourages and grows committers (developers who can commit code changes).
At the Eclipse Foundation there are something like 6 million users, some of whom contribute to the Eclipse ecosystem in various ways,by configuring the IDE, extending in in various ways, developing and publishing plugins, integrating Eclipse in products, and at the highest level fixing problems and developing new modules for Eclipse project code itself. There is a fascinating video of a presentation on what it means to be a committer by a couple of Eclipse committers at a recent EclipseCON conference in Europe.
This development process is used by all Eclipse projects. The key objectives of the Eclipse development process are transparency (all decisions, code, and discussions can be seen by everyone), openness (encouraging participation by making it easy to join discussions), and diversity (encouraging broad participation, encouraging as many firms and individuals as possible to particpate).