Sam Ramji Answers Your Questions 81
A couple weeks back you asked some questions of new CodePlex Foundation President Sam Ramji. He has responded and expressed interest in participating in the discussion at some point. If you have follow up questions feel free to drop them in the discussion so he can address them as he has time.
Conspiracy Theories and Where are you Guys Headed? bydedazo (737510)
Do you see Microsoft headed in the same general direction as Google and IBM where the core products and IP are held close to the chest while some of the more peripheral stuff (not key to revenue) is released under open licenses? Recent news like the open sourcing of one of the versions of the .NET framework make it seem that way. And what do you say to the inevitable flood of "advocates" who claim Microsoft is doing this sort of thing to subvert FOSS?
Sam: On the first part of the question: I think it’s not just IBM and Google that are executing within the model of “protect the core, open source the complements”, but SAP, HP, and other large corporations in the IT industry. Generally speaking you want to make your complements as inexpensive and adaptable as possible to drive the adoption and value of your core product. There are further motivations for opening complements, which include altruistic (“let’s share the cost of developing these components – it will be better for all of us and our customers”) to bare-knuckled (“let’s drive down the profitability of our competitor’s product”). While I was at Microsoft I focused on helping the company understand the range of options with open source strategies. I expect them to proceed in this direction and predict that there will be a lot more open source contribution from Microsoft with each passing quarter, much as IBM crossed the threshold early in this decade.
The challenge for all of them with that approach is not that it’s predictable, which it is, but that it tends to harden attitudes internally and externally on how to protect the core. One of the things that the Directors of the CodePlex Foundation believe is that we can provide a way to make the core/complement boundary more permeable. Corporations become increasingly concerned the closer that an open source contribution is to their core offering. We’re crafting a licensing and contribution process which should let them contribute to these areas, for their business benefit and everyone else’s, with less risk. It’s partly a function of how the contribution is managed, and partly a function of having the CodePlex Foundation become the owner of the code.
On the second part of the question: there will always be detractors who have knee-jerk reactions wherever Microsoft and open source are concerned. I have little to say about these claims. What I will say is that those of us involved in the Foundation see it as our personal calling to make a positive impact on the industry through the success of the foundation; that we are an open source and not a free software foundation; and that to any organization that shares our goals to expand the contribution from corporations to community open source projects, we are excited to collaborate. On a personal note, my new company's software (seen at http://www.apigee.com) is based on Fedora Linux and uses Xen, Eclipse and Apache software, so why would I be interested in weakening FOSS? I think the world would be better off if Microsoft and other large software companies contributed more to open source, and I think most people agree.
Why Start Codeplex?
What advantages do you see CodePlex offering that you couldn't accomplish by participating within (or contributing to) one of the many other open repositories already in play like SourceForge.net or Google Code?
Sam: This is an apples and oranges comparison. The CodePlex Foundation is not a repository/forge. It's a non-profit legal entity that works with corporate sponsors to help them adapt their processes to release software as open source; with corporations who want to contribute to projects but don't know how; and with community open source projects that need a contribution and governance model and seek corporate contribution. The aim is to increase responsible participation of corporations in community open source projects.
That's a completely different mission from forges like SourceForge.net, Google Code and Codeplex.com, which are providing very different services from what the Foundation offers.
I realize that we’ve successfully confused people (yes, this is a sardonic comment) by using the same name as Microsoft’s forge (codeplex.com). I regret the confusion because it has made it a bit harder to explain the Foundation to those who are already aware of the forge. We may revisit the name in future generations of the Board of Directors.
"IP Needs?"
bySanityInAnarchy (655584)
From your FAQ: "We wanted a foundation that addresses a full spectrum of software projects, and does so with the licensing and intellectual property needs of commercial software companies in mind." This seems to imply that there are existing foundations that do so without those licensing and IP needs. Regardless, what do you see as the role of a foundation like yours in addressing the needs of commercial software companies?
Sam: To answer the first part of the question - the implicit part - there are two aspects to the vacuum around contribution licensing. First, there are projects and communities which don't have any licenses at all. Second, as those who have started open source and open standards foundations are aware, the lack of an industry-wide standard set of agreements has meant that each foundation has had to build these from scratch. So existing foundations have typically worked out solutions that are effective for their community – good examples are the Eclipse Foundation and the Mozilla Foundation. But if you believe that open source will continue to grow, you have to also believe that there will be more foundations in the future that support those successful new open source technologies.
In our view, the agreements we've designed are generic and could be used by any other foundation just by changing the name of the contribution recipient. We are thinking about putting our contribution licenses under Creative Commons' "Attribution Share Alike" to reinforce this aspect of our mission. To answer the second part of the question, we have three things to offer software companies - a safe harbor for their code, mentoring on how to build a sustainable open source project, and a system of code provenance and security escalation that solves for the most common concerns they have when considering inbound or outbound open source usage.
How Will Projects be Organized?
byTravisHein (981987)
How will the Codeplex foundation organize and align its [future] projects ? For example, in other foundation sites, over time there are typically several projects created by different groups, and while each is different, there is a good bit of overlap in the features and the main goals of the purpose of the project, and this can lead to confusion for people that would want to use the project, not sure which one is the better one to use. Sam: We looked at the way other foundations organize projects and decided to use a different model, based on museums, to help us structure how we organize and align projects. Like a museum, we have galleries, which are related groups of projects, and projects, which to follow the analogy are like art on display in a gallery. Projects must be accepted into a gallery, which means a project will align well with the gallery’s technical focus. Each gallery has a manager who oversees which projects are in the gallery.
What I would like to see is that the Gallery Managers take a strong leadership position on the structure of projects in their gallery and manage new contributions in a way that limits the type of redundant efforts you described in the question. As a practical engineer, I realize that some amount of duplication is inevitable but where projects have strong overlaps I’d hope that they can be resolved through thoughtful architecture and teamwork.
Gallery vs. Repository?
Several readers have asked about the difference between a "gallery" and a "repository" with respect to CodePlex and why that distinction is necessary or helpful?
Sam: People usually equate "repository" with "forge", meaning a site that provides source code hosting, source version control, source downloading, and other related tools. That market is well covered by others, and so the CodePlex Foundation does not offer repository services. Foundation projects are free to use any repository they want. By contrast - and this is where the distinction is helpful - a gallery is both a showcase for, and a community of projects. The gallery shows related projects that are in the Foundation, and provides clear information on licensing, code provenance, project team members, and the security escalation path. It is a community in that project committers, the gallery manager, a Foundation appointed mentor, and the Foundation's technical director will all work together to help projects out, follow common best practices, and help educate sponsors about the place those projects play in the open source eco-system.
Move to Non-Profit?
What things would need to happen before CodePlex could evolve into a charitable non-profit?
Sam: Currently the Foundation is set up as a non-profit 501(c)(6) corporation, which is a governance structure, not a financial structure. To move to a charitable non-profit – a 501(c)(3) – we would have to agree on a way to accept tax-exempt contributions. Currently contributions are classed as “business expenses” to the donors. We can’t move in that direction until we finalize the permanent board of directors, which is one of our first-100-day tasks. So the first thing we need to do is select a permanent board, and then let that board decide if it wants to take on the work of evolving the foundation into a charitable non-profit.
This current structure is the same as the Eclipse Foundation uses (legally a “trade association”). It’s worked well for them and their corporate sponsors as well as their member projects. We’ll see what works best for our sponsors and member projects as the CodePlex Foundation evolves.
Microsoft?
What level of engagement do you see Microsoft having with the projects or participants using CodePlex? Can we expect to see development help? Sponsorship? Recruitment? Sam: I expect to see continued sponsorship; Microsoft has already sponsored the ASP.NET gallery and has proposed another. Where Microsoft is a gallery sponsor or a project contributor, it will need to have a high level of engagement with the gallery and projects it sponsors. This also will hold true for other sponsors who join the foundation. Each project accepted into the Foundation must have three committers; for the Microsoft-sponsored projects, some of these will be Microsoft developers. I don’t know if you would consider this development assistance or simply development. I can’t speak to recruitment as it’s not a topic we’ve discussed nor is it a goal of the CodePlex Foundation.
Why should I care?
Beyond the marketing speak and platitudes what specifics can you give me about why CodePlex is Interesting/Useful. You say things like: "Specifically we aim to work with particular projects that can serve as best practice exemplars of how commercial software companies and open source communities can effectively collaborate." What kinds of things do you foresee doing that will actually facilitate growth or change for the better in the open source community?
Sam: The three specific things that the CodePlex Foundation can do are:
1) Establish a standard process and set of licenses for contribution to open source projects. No such standard currently exists, which results in duplication of effort across projects and new foundations, and increases anxiety for corporate contributors.
2) Provide a legal entity for ownership of copyright for specific projects. Many projects have disorganized copyright ownership, which prevents them from relicensing and commercialization.
3) Popularize a set of best practices established in the industry for sustained corporate contribution to community open source projects. Many corporations are interested in contribution and in open source licensing but lack a codified approach to doing so.
I believe that the combination of these specifics will enable many corporations which are not yet contributing to open source projects to do so, and enable projects lacking a contribution licensing process to adopt one which will enable collaboration with corporations and their individual employees.
Re:Um (Score:5, Insightful)
to muddy the waters and play more havoc with open source.
I believe that's the whole point of the exercise... dilute the term and the real thing loses all power.
The three specific things that the CodePlex... (Score:1, Insightful)
The three specific things that the CodePlex Foundation can do are:
1) Undermine the FSF.
2) Encourage open source projects to shift from Linux to Microsoft, leaving the former out in the cold.
3) Keep on yapping on about 'open source' and hope that nobody notices that it does not include support for any form of license which does not facilitate the privatisation of all software contributed to the project.
Fact or fiction? (Score:4, Insightful)
The premise is put forth that the existing legal frameworks surrounding open source projects aren't unified and have been mashed together by individual foundations to serve the needs of their specific projects. The CodePlex claims to be offering a solid legal foundation that can be freely adapted to any open source product. The claimed benefit of that is it makes it easier for projects to attract corporate support, presumably because corporations will have a better understanding of what they are getting into.
My question is, is there really a problem with murky legalesse around open source projects that is scaring off corporations with the inclination to invest resources?
From reading the Q&A I get the sense that CodePlex is little more than a marketing machine for open source projects. They provide a legal framework and a showcase to bring open source developers together with corporations who could presumably fund them. That seems like a good thing.
What's the other side? They are only pushing open source code written in .Net that runs on the Microsoft platform?
Okay... (Score:3, Insightful)
This statement doesn't make understanding his organization's relationship to microsoft any less confusing. Can anyone fluent in corporate doublespeak translate?
Re:some history on Sam Ramji please (Score:4, Insightful)
you mean all people who've had serious controversial and ethical questioning for what they do? You just named off half the people that are considered to be deliberate and direct threats to open source software in it's true definition (not your definition).
CodePlex: how can we take you seriously? (Score:4, Insightful)
Ok, wait, this looks suspiciously like Microsoft coming in late to duplicate effort and have things done the One Microsoft Way.
Excuuuse me? Isn't this what the Open Source Initiative [opensource.org] does already? Of course, not all of the licenses and processes are standardized, because there will always be someone who doesn't agree and wants to do his/her own thing, but what makes Microsoft think they can come in here and be successful in standardizing everything?
Doesn't the EFF ask you to transfer ownership/copyrights to them so they can take care of copyright issues?
I shudder when Microsoft tries to: a) "standardize" something, and b) "popularize" it.
Incidentally, it's a pity how the CodePlex Foundation just happened to have the same name as Microsoft's forge. I mean, it's not like Microsoft has teams of lawyers just waiting to pounce on a remote name resemblance so they can sue for trademark issues. It's not like there are any corporate resources to do a name search just to see if, you know, "<your organization name>.com" has already been taken, where <your organization name> = "codeplex". I mean, being a small poor non-profit with no big corporate sponsorships from a software giant, they probably used up their meagre funds doing a domain name search for codeplex.org, codeplex.net, codeplex.tv, codeplex.mobi, codeplex.IGotMyOwnTLD, etc. Maybe they used Bing for the search.
So, I do get that CodePlex Foundation is more for corporate than homebrew projects. But I can't help but think that this is more of Microsoft throwing more money at a problem that they are culturally incapable of understanding, hoping that they can grasp and master that market.
Re:Okay... (Score:5, Insightful)
This statement doesn't make understanding his organization's relationship to microsoft any less confusing. Can anyone fluent in corporate doublespeak translate?
"Everyone is confused about who we are and what we're doing because we named ourselves after a Microsoft service that looks similar to this, but is different in subtle and important ways. The name is not going to be changed by this board of directors.
Or, if you prefer, the Evil Conspiracy version:
"We deliberately obfuscated our nature and purpose by choosing a name identical to an existing Microsoft service. It's kind of like when we supported the sock-puppet Open Document Alliance and used them to sow confusion during the run-up to the ISO vote on our so-called standard. Except in this case, we use (watch carefully, here) the CodePlex Foundation to build a reputation that rubs off on software stored in Microsoft's Codeplex repository. We build the credibility, and Microsoft publishes its own software through its service, utters the magic word 'Codeplex' and gets a pass. Given that causing confusion and dissension in the FOSS world is our goal, we don't see any particular reason to change the name to something distinctly different."
NOTE: I actually lean more toward the first translation, but the second was way more fun to write. 8^)
Re:Err, yeah... love that 'governance' part. (Score:3, Insightful)
...it has a different purpose.
To provide support for companies wishing to implement all kinds of (.NET/Windows) open source projects and push the Microsoft licensing model forward to these projects, companies, and individuals instead of going with the defacto standards for open source.
Right? He never touched that line of questioning.
To be fair... (Score:3, Insightful)
Isn't this what the Open Source Initiative [opensource.org] does already?
My understanding is that the OSI tries to declare whether a particular license counts as "open source" or not. They do track redundant licenses.
Doesn't the EFF ask you to transfer ownership/copyrights to them so they can take care of copyright issues?
Indeed, and many projects ask you to transfer copyrights to them to allow them to change license at will. This is a reasonably fair deal -- it means your code gets accepted, and if the license allows it, you can always create your own fork just before they change licenses. But it also means that the community can decide if/when to go GPL3, for example. Setting "any future version" is putting too much faith in the FSF, I think, but if you don't do that and do allow people to contribute while retaining copyright, you end up with a situation like the Linux kernel, which will likely be forever GPLv2.
I shudder when Microsoft tries to: a) "standardize" something, and b) "popularize" it.
This appears to at least be trying to be an independent organization. And you also didn't address that #3 is an important point, though one that I don't think you really need an organization to make:
There should be a standard set of best practices for how corporations should participate in open source. We've seen it done wrong so many times before.
For example -- remember when IBM ported Linux to their mainframe platform? They did so behind closed doors, only releasing the code to the community when it was done. Aside from potentially being a bitch to merge, this was really cruel to the community which had been trying to do the same thing independently. On the other hand, "release early, release often" doesn't really need an organization to tell you to do that.
The one way I can see this really working is if the organization were to provide corporate-y things, like training and seminars, for executives and developers at companies who want to participate in open source, and don't want to look like assholes doing it.
Now, the unfortunate thing is that Steve Ballmer continues to make truly retarded statements about open source (GPL = virus! Linux violates our patents!) on a fairly regular basis. Fortunately, Microsoft doesn't seem to be following his example. For all the paranoia about things like mono -- the fact that it might have submarine patents from Microsoft -- has any ever been justified? Since SCO died, has Microsoft actually done anything directly to undermine open source -- and, in particular, have they ever done so while appearing to support it?
What a crock (Score:3, Insightful)
Forget the double-talk and corporate happy speak. What Microsoft intends for Open Source is not something that will benefit anyone but Microsoft. Remember "embrace, extend, extinguish?" They're talking like they've embraced open source and now they're starting to "extend" it. They're fighting a different sort of enemy than they have before - but they can't do anything other than fight - it's their corporate culture.
Microsoft is a sworn enemy of open source software - and no matter what they or their sock puppets say, this is not going to change. Microsoft sees open source as being the biggest threat to their continued growth and they'll attack with everything they've got - that they can plausibly get away with.