It's been more than a month since I last wrote about the CodePlex Foundation, the new open source initiative announced by Microsoft in early September. While things were pretty quiet at the Foundation site for some time, that changed on October 21, when the Foundation posted its new Project Acceptance and Operation Guidelines, a key deliverable that gives insight into a variety of aspects of the Foundation's developing purpose and philosophy.  A "house" interview of Sam Ramji (pictured at left) by Paul Gillin was posted a week later.

Surprisingly, though, there was very little pickup on any of this new information until yesterday (perhaps with a little nudging from the PR side of the house), when several stories popped up on line, including this one, at InternetNews.com, and another at ZDNet.com.  Each is based on a conversation between Sam Ramji and the reporter (Sean Michael Kerner, at InternetNews, and Dana Blankenhorn, at ZDNet.com). 

In this blog entry, I'll give my impressions of how the CodePlex Foundation is developing, and (as before) my opinions on how effective the decisions being made are likely to be in achieving the Foundation's goals.

The Gallery Concept:  The first thing I should say is that I’m impressed with the creativity that the Interim Board has shown in some of the structural decisions that they have made.  Principally, they come together in a "Gallery" concept, modeled on museums, as explained in this exchange between Paul Gillin and Sam Ramji:

I think that’s a nice metaphor on all counts, and one that does a nice job of highlighting what corporations and individual developers can each bring to the table.

So how is this supposed to work in fact?

According to the Guidelines, except in the case where the Board of Directors is willing to fund an essential project out of general Foundation resources, each Gallery will require the economic sponsorship of a corporate supporter (interestingly enough, joint sponsorship is not mentioned, on which more below).  Gallery sponsors can propose projects for hosting in their Galleries (subject to the approval of a majority of the Board of Directors), and others can apply for hosting within an appropriate Gallery as well. 

The Guidelines include other sensible requirements for both Galleries and individual projects alike.  For Sponsors, the requirements include a three-year funding commitment, providing a dedicated Gallery Manager, and at least one "ready to go" project.  In return, the Foundation will provide hosting resources that include a Technical Program Manager, a "Mentor" drawn from the Board of Directors or Board of Advisors, security support, and more.

Besides the appealing visual metaphor, the Gallery model provides a number of things that I think are smart.  First and foremost, by allowing a corporation to propose and fund a specific gallery, rather than take out a high priced membership in the Foundation itself, it will be much easier for CodePlex to fund its activities. One of the strange paradoxes in standards and other project-oriented non-profits is that the more programs an organization hosts and the more influential it becomes, the harder it sometimes is for it to raise significant funding.  This is because as the work program broadens, less and less of an individual member’s dollars go to fund the much smaller number of projects in which it has particular interest.  Eventually, they simply start a new organization rather than start a new initiative within an existing one.

By allowing more targeting of funding, I expect that CodePlex should therefore be able to maintain more robust and ongoing activities.  Although the Guidelines do not go into detail on this point, presumably the funding either goes into the unallocated funding of the Foundation, or there is some split between funds that underwrite general activities, and those that may be dedicated to Gallery-specific activities.  The former would be better for the Foundation, but the latter may chafe a bit, since sponsors may wish to underwrite (for example) promotional, training or other programs to help leverage their investment in software development. I expect that we will see further developments on this front.

While the Guidelines provide reasonable detail on some aspects of the Gallery model, they do not provide information on what (if anything) Gallery sponsors will get out of the relationship other than assurance that sponsored projects will be managed within an environment that they approve of.  Typically, in a stand-alone, corporate-funded open source foundation, there is a division of influence between a corporate management body (sometimes called a Steering Committee), that exercises control over some aspects of the project (e.g., budget, overall direction, choice of license, etc.), and a technical board, which has very substantial, or complete, control over the development activities. 

The Gillin-Ramji interview provides some thematic guidance on the subject that I would support, although it doesn’t provide detail on what would happen in the breach if a sponsor tried to go overboard:

Paul Gillin: I want to ask about this role of the corporate sponsor. What is your thinking on how much control the corporate sponsor has over that gallery they are underwriting?

Sam Ramji: You can’t expect an Open Source project to thrive or to have your contributions accepted or endorsed by that community if they come with a lot of conditions. Part of what we will be able to do for corporations that sponsor galleries is to help them understand the nature of influence rather than control and how to support projects that may, at some points in time, compete with some of that company’s interests – to help corporate sponsors understand that their broader interests may be well served by that same project, even if it doesn’t feel immediately natural at the very beginning. That certainly is the journey that I had the privilege to see Microsoft go through over the last few years as the company began to understand how to work with, rather than through, Open Source projects. Sponsorship will have to be along the lines of encouragement than seen as a direct approach.

Net net, my reaction is that the Gallery sponsorship concept is a good one, but that the thinking will doubtless further evolve, and that there may be further refinements once sponsors with money start making proposals to the Board of Directors.  It will be interesting to see what changes these dialogues may produce.

It will also be interesting to see how the "as few restrictions as possible" model evolves, since with few restrictions Sponsors also will be unrestrained.  It may be that additional mechanisms will need to be put in place to manage this, rather than leave things to individual sponsors to structure projects entirely as they please.  That, of course, raises other issues.  If sponsors are kept on too tight a rein, they may not participate.  On the other hand, if they are given free rein and overplay their control, then a project may not flourish – and the Foundation’s reputation will be tarnished as well. 

It may be that if CodePlex is successful, then some sort of an intermediate body (perhaps a Gallery Advisory Board) might make good sense, as it would encourage co-sponsorship of Galleries rather than proliferation of needlessly, rather than productively, overlapping Galleries, and wasteful replication of administrative burdens as well.  Co-sponsorship would also lessen concerns over whether one company had too much influence over a given project, or program area.

But that’s for the future, for the time being, I like the concept of educating companies that may have had no previous in-depth experience with open source on how the balance between commercial and community interests needs to be balanced.

Balance:  One of the central concerns I raised in my prior blog entries had to do with whether the Foundation would be able to articulate a clear value proposition for community, as well as corporate, interests.  Has there been much progress made on this point?

Yes and no.  Yes, in that the Guidelines make the right noises, but not so much, from the governance perspective, because no additional structures (beyond the previous promise of balanced Boards of Directors and Advisors) have been put in place to give a warm feeling to projects or individual developers.  Instead, there is an emphasis on assuring participants that there will be no more restrictions placed on individuals or projects beyond those deemed to be essential for best practices purposes, at least by the Foundation.

Here’s how the Vision statement in the Guidelines addresses the issue:

We envision a safe and vibrant community of individual contributors, corporate sponsors and project adopters. The Foundation will reach out to these different constituents to meet their needs and build bridges of communication between the different groups. We picture individual contributors bringing projects to the foundation, and joining existing projects because they feel confident that Foundation will support their efforts without imposing unnecessary restrictions on their work.

The Guidelines do a better job in providing a value proposition from the support point of view.  A section called "Community Visibility" stresses flexibility, strong support, mentoring, a "big tent" attitude for even over-lapping initiatives, and evolving best practices resources. 

The "Commercial Friendly" section that follows stresses three factors: a list of recommended OSS licenses with annotations and guidance on how different licenses can (and don’t) work together; security monitoring and response mechanisms; and sponsorship activities, all of which should indeed be appealing to software vendors.

Whether or not this general vision of providing a well-hosted environment that pays particular attention to best practices of importance to corporate developers and enterprise end users will be sufficiently appealing to community members remains to be seen. 

I suspect that the answer to this question will be that most individual developers and existing projects will adopt a "wait and see" attitude.  A key challenge for the Foundation will therefore  be whether Microsoft and its partners will decide to move existing work over which they have control within the Foundation.  If popular projects do move, then individual developers will be able to get immediate, first hand experience with the Foundation as a host.  If existing projects with high visibility don’t decide to move, then it will be some time before new projects can be formed, structured, attract participation, gain a reputation for their code – and also help CodePlex gain a reputation as a "go to" development destination as well.  

Board composition:  Given the relative lack of specifics about management of projects, the question of the permanent board composition remains of great interest.  On this topic, Sam’s comment in an October 16, 2009 interview at LWN.net may be most informative.  In that interview, Sam responded to a question from Jake Edge as in part as follows:

I understand that the initial makeup of the boards would lead observers to the conclusion that the Foundation is dominated by Microsoft, but the 100-day target we set for revamping the boards should reassure observers that there is plenty of room for other points of view. The more companies that participate, and the more points of view represented, the better.

Microsoft’s founding donation gave us the ability to operate independently. That might not seem obvious, but with the sponsorship, Microsoft gave the Foundation the ability to open a bank account, hire employees, revisit the mission, reconsider governance and formulate a work plan to move forward. It set the ball rolling, and now the Foundation is on a distinct – and separate – path.

In order to bring in more sponsors, we’re clear that there will need to be balance and independence not just in our actions but in our governance, and therefore in the makeup of the board of directors….

Specific programs:  The Guidelines and recent reviews with Sam also provide more detail on what types of work the Foundation hopes to undertake.  I think that two of the projects that are described in the Guidelines can be particularly useful.  The first (mentioned earlier) is intended to provide a resource to help developers understand not only what individual OSS licenses say, but how they fit together.  Given that open source is usually a mosaic of existing and new code, all of which is then further evolved, it’s essential that the licensing rules that apply to composite code are compatible, rather than at internal war with each other. If this resource is well done, it will indeed be useful for hosted and outside projects alike. 

The second program I like addresses security matters.  Given that one of the strengths of open source is the ability to discover and respond in real time to security issues, it’s smart to institionalize this capability, and to evolve best practices to capitalize on this competence.  If this is done successfully, it should provide real value to hosted projects, as well as comfort to both commercial developers and end users.

The overall emphasis on best practices also appeals to me.  The development of open source software is still an evolving discipline, and there are multiple areas where good practice and legal hygiene are very important.  Not only is it important for code to be integrated with due care being given to license terms, and for contributors to be  documented and their contributions tracked, but the internal management of projects, with an eye to documentation of code, succession of leadership, and awareness of security issues are all important matters that require real work and attention to detail to manage.  The more useful tools and guidance in areas such as these, the better, so that new projects can get off on the best and most efficient foot.

In summary:  Overall, I’m encouraged by what I’ve seen so far.  As the 100 day interim management period counts down, the question will be how the actual pieces of the puzzle that are contemplated in the Guidelines and interviews match up to their advance billing.  Here are the things that I’ll be watching out for:

• Will the list of open source licenses and related analyses be neutral and comprehensive? 
• Will CodePlex be successful in attracting Gallery Sponsors, and if so, who will they be? 
• Will the project rules Sponsors put in place be community-friendly? 
• Will any existing projects elect to move to the Foundation, and if so, which ones?
• Will best practices documents be neutral, or slanted to corporate interests?
• Will the Foundation be successful in finding someone as respected and skilled as Sam Ramji to take the position of permanent CEO?
• Most importantly, what will the new Board of Directors look like?

If the answers to all of these questions are favorable, then the CodePlex Foundation could indeed play a useful role in helping more corporate developers and end users participate more fully in both the development and uptake of open source software.  I’ll certainly be watching with great interest to find out.
 

For further blog entries on Open Standards and Open Source click here

sign up for a free subscription to Standards Today today!