Feeds

'Harmony' for open source contributors on horizon

Just don't mention the Canonical bit

Providing a secure and efficient Helpdesk

A controversial push to establish clear-cut rules for contributing to open source projects is nearing completion.

Project Harmony – no, not that Project Harmony – has spent a year collecting feedback on how to refine terms governing contributors to open source projects, and it's scheduled to wrap up this effort on June 23. Shortly thereafter, version 1.0 of the Project Harmony rules will be officially released. The idea, organizers say, is to make participation in open source projects easier.

The question is whether companies, projects, and individuals will actually use the new rules. Some have already taken exception to Harmony (here), principally because one of its primary backers is Ubuntu daddy Canonical.

Canonical general legal counsel Amanda Brock started Harmony in May 2010. Brock tells us that Harmony has received contributions from more than 100 people in over 60 organizations, including developers and lawyers.

Last year, Ubuntu introduced its own contributor agreement in a move that angered some. Developers complained that copyright for contributions is granted to Canonical, a commercial entity, and that Canonical reserves the right to change the license under which it releases contributions.

Canonical's Contributor Agreement (here) does not cover the Ubuntu crown jewels. It covers other projects, including Ubuntu One, Unity, and Update Manager.

Brock told The Reg that she started Harmony because she was frustrated by the number of different and confusing contribution agreements used by Canonical's projects.

While some suspect Canonical of trying to foist something unwanted on the community which benefits only Canonical's bottom line, one of Harmony's contributors told us the idea is to improve contributions to open source by removing some of the hurdles associated with contributor agreements.

Contributor agreements aren't essential to open source projects, but having one in place does help project owners and contributors know exactly where they stand as projects grow or change ownership, as was the case when Sun Microsystems was eaten by Oracle.

Creating your own contributor agreements can be costly and time-consuming. And as Canonical has discovered to its cost, doing so is not guaranteed to deliver satisfaction.

Allison Randal, former president of the Perl Foundation, tells The Reg that, working with others in the community, she spent a "good year" devising a contributor agreement for Perl 5 and 6. That license was the Artistic License, approved by the Open Source Initiative (OSI). "I've found lawyers tend to go for dense legalese and there's always a clearer way of saying it, so developers can understand what it is they are trying to say. We spent a good year on this, picking through the details to refine and refine and refine," she says.

Harmony does not prescribe a single contributor agreement. It quickly became apparent that wasn't possible, Randal says, because projects have different values, licenses, and procedures. Instead, the idea is to establish a common set of clear-to-understand options in a kind of modular framework. Deevelopers will be able pick and choose what they want – and in theory, companies will become familiar with the setup through repeated exposure.

Harmony uses simple language to separate individual from corporate contributions, covers copyright assignment, has an "outbound license" section that tackles what promises the project makes to the contributors on how it might plan to use their code contributions, and provides options to release code under different licenses in the future.

"I do hope it will increase the number of contributions back to OS, in that it can remove some of the roadblocks," Randall says. "A lot of the times companies don't contribute back, it's not because they don't want to - they get hung up on the legalities of 'How do I contribute back?'"

She recounts a particular problem from her past when trying to navigate open-source contributions. "I had a developer contribute to a project ... but I couldn't use what he'd done because it took six months for his company to sign off. Having something like Harmony that has six options and is widely used means lawyers can say: 'This is a Harmony agreement, I already know it, we can get some of the page'."

After the beta review of Harmony next week, the follow-on step is adoption.

Here Randall is pragmatic. It will be a grassroots thing, but will likely require the stature of an IBM to pick up the agreement for others to either accept Harmony – or realize it even exists.

But critics will likely still be skeptical of the project's true motives. At this point, it's not clear whether even Canonical will adopt Harmony. Brock told us the company would have to wait and see the final results of Harmony after next week.

"We have one contribution [agreement], and we continue to use this whilst we await the final Project Harmony output," she said. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.