Feeds

'Harmony' for open source contributors on horizon

Just don't mention the Canonical bit

Security and trust: The backbone of doing business over the internet

A controversial push to establish clear-cut rules for contributing to open source projects is nearing completion.

Project Harmony – no, not that Project Harmony – has spent a year collecting feedback on how to refine terms governing contributors to open source projects, and it's scheduled to wrap up this effort on June 23. Shortly thereafter, version 1.0 of the Project Harmony rules will be officially released. The idea, organizers say, is to make participation in open source projects easier.

The question is whether companies, projects, and individuals will actually use the new rules. Some have already taken exception to Harmony (here), principally because one of its primary backers is Ubuntu daddy Canonical.

Canonical general legal counsel Amanda Brock started Harmony in May 2010. Brock tells us that Harmony has received contributions from more than 100 people in over 60 organizations, including developers and lawyers.

Last year, Ubuntu introduced its own contributor agreement in a move that angered some. Developers complained that copyright for contributions is granted to Canonical, a commercial entity, and that Canonical reserves the right to change the license under which it releases contributions.

Canonical's Contributor Agreement (here) does not cover the Ubuntu crown jewels. It covers other projects, including Ubuntu One, Unity, and Update Manager.

Brock told The Reg that she started Harmony because she was frustrated by the number of different and confusing contribution agreements used by Canonical's projects.

While some suspect Canonical of trying to foist something unwanted on the community which benefits only Canonical's bottom line, one of Harmony's contributors told us the idea is to improve contributions to open source by removing some of the hurdles associated with contributor agreements.

Contributor agreements aren't essential to open source projects, but having one in place does help project owners and contributors know exactly where they stand as projects grow or change ownership, as was the case when Sun Microsystems was eaten by Oracle.

Creating your own contributor agreements can be costly and time-consuming. And as Canonical has discovered to its cost, doing so is not guaranteed to deliver satisfaction.

Allison Randal, former president of the Perl Foundation, tells The Reg that, working with others in the community, she spent a "good year" devising a contributor agreement for Perl 5 and 6. That license was the Artistic License, approved by the Open Source Initiative (OSI). "I've found lawyers tend to go for dense legalese and there's always a clearer way of saying it, so developers can understand what it is they are trying to say. We spent a good year on this, picking through the details to refine and refine and refine," she says.

Harmony does not prescribe a single contributor agreement. It quickly became apparent that wasn't possible, Randal says, because projects have different values, licenses, and procedures. Instead, the idea is to establish a common set of clear-to-understand options in a kind of modular framework. Deevelopers will be able pick and choose what they want – and in theory, companies will become familiar with the setup through repeated exposure.

Harmony uses simple language to separate individual from corporate contributions, covers copyright assignment, has an "outbound license" section that tackles what promises the project makes to the contributors on how it might plan to use their code contributions, and provides options to release code under different licenses in the future.

"I do hope it will increase the number of contributions back to OS, in that it can remove some of the roadblocks," Randall says. "A lot of the times companies don't contribute back, it's not because they don't want to - they get hung up on the legalities of 'How do I contribute back?'"

She recounts a particular problem from her past when trying to navigate open-source contributions. "I had a developer contribute to a project ... but I couldn't use what he'd done because it took six months for his company to sign off. Having something like Harmony that has six options and is widely used means lawyers can say: 'This is a Harmony agreement, I already know it, we can get some of the page'."

After the beta review of Harmony next week, the follow-on step is adoption.

Here Randall is pragmatic. It will be a grassroots thing, but will likely require the stature of an IBM to pick up the agreement for others to either accept Harmony – or realize it even exists.

But critics will likely still be skeptical of the project's true motives. At this point, it's not clear whether even Canonical will adopt Harmony. Brock told us the company would have to wait and see the final results of Harmony after next week.

"We have one contribution [agreement], and we continue to use this whilst we await the final Project Harmony output," she said. ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.