Do you see Microsoft headed in the same general direction as Google and IBM where the core products and IP are held close to the chest while some of the more peripheral stuff (not key to revenue) is released under open licenses? Recent news like the open sourcing of one of the versions of the .NET framework make it seem that way. And what do you say to the inevitable flood of "advocates" who claim Microsoft is doing this sort of thing to subvert FOSS?
Sam: On the first part of the question: I think it’s not just IBM and Google that are executing within the model of “protect the core, open source the complements”, but SAP, HP, and other large corporations in the IT industry. Generally speaking you want to make your complements as inexpensive and adaptable as possible to drive the adoption and value of your core product. There are further motivations for opening complements, which include altruistic (“let’s share the cost of developing these components – it will be better for all of us and our customers”) to bare-knuckled (“let’s drive down the profitability of our competitor’s product”). While I was at Microsoft I focused on helping the company understand the range of options with open source strategies. I expect them to proceed in this direction and predict that there will be a lot more open source contribution from Microsoft with each passing quarter, much as IBM crossed the threshold early in this decade.
The challenge for all of them with that approach is not that it’s predictable, which it is, but that it tends to harden attitudes internally and externally on how to protect the core. One of the things that the Directors of the CodePlex Foundation believe is that we can provide a way to make the core/complement boundary more permeable. Corporations become increasingly concerned the closer that an open source contribution is to their core offering. We’re crafting a licensing and contribution process which should let them contribute to these areas, for their business benefit and everyone else’s, with less risk. It’s partly a function of how the contribution is managed, and partly a function of having the CodePlex Foundation become the owner of the code.
On the second part of the question: there will always be detractors who have knee-jerk reactions wherever Microsoft and open source are concerned. I have little to say about these claims. What I will say is that those of us involved in the Foundation see it as our personal calling to make a positive impact on the industry through the success of the foundation; that we are an open source and not a free software foundation; and that to any organization that shares our goals to expand the contribution from corporations to community open source projects, we are excited to collaborate. On a personal note, my new company's software (seen at http://www.apigee.com) is based on Fedora Linux and uses Xen, Eclipse and Apache software, so why would I be interested in weakening FOSS? I think the world would be better off if Microsoft and other large software companies contributed more to open source, and I think most people agree.
Why Start Codeplex?
What advantages do you see CodePlex offering that you couldn't accomplish by participating within (or contributing to) one of the many other open repositories already in play like SourceForge.net or Google Code?
Sam: This is an apples and oranges comparison. The CodePlex Foundation is not a repository/forge. It's a non-profit legal entity that works with corporate sponsors to help them adapt their processes to release software as open source; with corporations who want to contribute to projects but don't know how; and with community open source projects that need a contribution and governance model and seek corporate contribution. The aim is to increase responsible participation of corporations in community open source projects.
That's a completely different mission from forges like SourceForge.net, Google Code and Codeplex.com, which are providing very different services from what the Foundation offers.
I realize that we’ve successfully confused people (yes, this is a sardonic comment) by using the same name as Microsoft’s forge (codeplex.com). I regret the confusion because it has made it a bit harder to explain the Foundation to those who are already aware of the forge. We may revisit the name in future generations of the Board of Directors.
From your FAQ: "We wanted a foundation that addresses a full spectrum of software projects, and does so with the licensing and intellectual property needs of commercial software companies in mind." This seems to imply that there are existing foundations that do so without those licensing and IP needs. Regardless, what do you see as the role of a foundation like yours in addressing the needs of commercial software companies?
Sam: To answer the first part of the question - the implicit part - there are two aspects to the vacuum around contribution licensing. First, there are projects and communities which don't have any licenses at all. Second, as those who have started open source and open standards foundations are aware, the lack of an industry-wide standard set of agreements has meant that each foundation has had to build these from scratch. So existing foundations have typically worked out solutions that are effective for their community – good examples are the Eclipse Foundation and the Mozilla Foundation. But if you believe that open source will continue to grow, you have to also believe that there will be more foundations in the future that support those successful new open source technologies.
In our view, the agreements we've designed are generic and could be used by any other foundation just by changing the name of the contribution recipient. We are thinking about putting our contribution licenses under Creative Commons' "Attribution Share Alike" to reinforce this aspect of our mission. To answer the second part of the question, we have three things to offer software companies - a safe harbor for their code, mentoring on how to build a sustainable open source project, and a system of code provenance and security escalation that solves for the most common concerns they have when considering inbound or outbound open source usage.
How Will Projects be Organized?
How will the Codeplex foundation organize and align its [future] projects ? For example, in other foundation sites, over time there are typically several projects created by different groups, and while each is different, there is a good bit of overlap in the features and the main goals of the purpose of the project, and this can lead to confusion for people that would want to use the project, not sure which one is the better one to use. Sam: We looked at the way other foundations organize projects and decided to use a different model, based on museums, to help us structure how we organize and align projects. Like a museum, we have galleries, which are related groups of projects, and projects, which to follow the analogy are like art on display in a gallery. Projects must be accepted into a gallery, which means a project will align well with the gallery’s technical focus. Each gallery has a manager who oversees which projects are in the gallery.
What I would like to see is that the Gallery Managers take a strong leadership position on the structure of projects in their gallery and manage new contributions in a way that limits the type of redundant efforts you described in the question. As a practical engineer, I realize that some amount of duplication is inevitable but where projects have strong overlaps I’d hope that they can be resolved through thoughtful architecture and teamwork.
Gallery vs. Repository?
Several readers have asked about the difference between a "gallery" and a "repository" with respect to CodePlex and why that distinction is necessary or helpful?
Sam: People usually equate "repository" with "forge", meaning a site that provides source code hosting, source version control, source downloading, and other related tools. That market is well covered by others, and so the CodePlex Foundation does not offer repository services. Foundation projects are free to use any repository they want. By contrast - and this is where the distinction is helpful - a gallery is both a showcase for, and a community of projects. The gallery shows related projects that are in the Foundation, and provides clear information on licensing, code provenance, project team members, and the security escalation path. It is a community in that project committers, the gallery manager, a Foundation appointed mentor, and the Foundation's technical director will all work together to help projects out, follow common best practices, and help educate sponsors about the place those projects play in the open source eco-system.
Move to Non-Profit?
What things would need to happen before CodePlex could evolve into a charitable non-profit?
Sam: Currently the Foundation is set up as a non-profit 501(c)(6) corporation, which is a governance structure, not a financial structure. To move to a charitable non-profit – a 501(c)(3) – we would have to agree on a way to accept tax-exempt contributions. Currently contributions are classed as “business expenses” to the donors. We can’t move in that direction until we finalize the permanent board of directors, which is one of our first-100-day tasks. So the first thing we need to do is select a permanent board, and then let that board decide if it wants to take on the work of evolving the foundation into a charitable non-profit.
This current structure is the same as the Eclipse Foundation uses (legally a “trade association”). It’s worked well for them and their corporate sponsors as well as their member projects. We’ll see what works best for our sponsors and member projects as the CodePlex Foundation evolves.
What level of engagement do you see Microsoft having with the projects or participants using CodePlex? Can we expect to see development help? Sponsorship? Recruitment? Sam: I expect to see continued sponsorship; Microsoft has already sponsored the ASP.NET gallery and has proposed another. Where Microsoft is a gallery sponsor or a project contributor, it will need to have a high level of engagement with the gallery and projects it sponsors. This also will hold true for other sponsors who join the foundation. Each project accepted into the Foundation must have three committers; for the Microsoft-sponsored projects, some of these will be Microsoft developers. I don’t know if you would consider this development assistance or simply development. I can’t speak to recruitment as it’s not a topic we’ve discussed nor is it a goal of the CodePlex Foundation.
Why should I care?
Beyond the marketing speak and platitudes what specifics can you give me about why CodePlex is Interesting/Useful. You say things like: "Specifically we aim to work with particular projects that can serve as best practice exemplars of how commercial software companies and open source communities can effectively collaborate." What kinds of things do you foresee doing that will actually facilitate growth or change for the better in the open source community?
Sam: The three specific things that the CodePlex Foundation can do are:
1) Establish a standard process and set of licenses for contribution to open source projects. No such standard currently exists, which results in duplication of effort across projects and new foundations, and increases anxiety for corporate contributors.
2) Provide a legal entity for ownership of copyright for specific projects. Many projects have disorganized copyright ownership, which prevents them from relicensing and commercialization.
3) Popularize a set of best practices established in the industry for sustained corporate contribution to community open source projects. Many corporations are interested in contribution and in open source licensing but lack a codified approach to doing so.
I believe that the combination of these specifics will enable many corporations which are not yet contributing to open source projects to do so, and enable projects lacking a contribution licensing process to adopt one which will enable collaboration with corporations and their individual employees.