Feeds

'Harmony' for open source contributors on horizon

Just don't mention the Canonical bit

Securing Web Applications Made Simple and Scalable

A controversial push to establish clear-cut rules for contributing to open source projects is nearing completion.

Project Harmony – no, not that Project Harmony – has spent a year collecting feedback on how to refine terms governing contributors to open source projects, and it's scheduled to wrap up this effort on June 23. Shortly thereafter, version 1.0 of the Project Harmony rules will be officially released. The idea, organizers say, is to make participation in open source projects easier.

The question is whether companies, projects, and individuals will actually use the new rules. Some have already taken exception to Harmony (here), principally because one of its primary backers is Ubuntu daddy Canonical.

Canonical general legal counsel Amanda Brock started Harmony in May 2010. Brock tells us that Harmony has received contributions from more than 100 people in over 60 organizations, including developers and lawyers.

Last year, Ubuntu introduced its own contributor agreement in a move that angered some. Developers complained that copyright for contributions is granted to Canonical, a commercial entity, and that Canonical reserves the right to change the license under which it releases contributions.

Canonical's Contributor Agreement (here) does not cover the Ubuntu crown jewels. It covers other projects, including Ubuntu One, Unity, and Update Manager.

Brock told The Reg that she started Harmony because she was frustrated by the number of different and confusing contribution agreements used by Canonical's projects.

While some suspect Canonical of trying to foist something unwanted on the community which benefits only Canonical's bottom line, one of Harmony's contributors told us the idea is to improve contributions to open source by removing some of the hurdles associated with contributor agreements.

Contributor agreements aren't essential to open source projects, but having one in place does help project owners and contributors know exactly where they stand as projects grow or change ownership, as was the case when Sun Microsystems was eaten by Oracle.

Creating your own contributor agreements can be costly and time-consuming. And as Canonical has discovered to its cost, doing so is not guaranteed to deliver satisfaction.

Allison Randal, former president of the Perl Foundation, tells The Reg that, working with others in the community, she spent a "good year" devising a contributor agreement for Perl 5 and 6. That license was the Artistic License, approved by the Open Source Initiative (OSI). "I've found lawyers tend to go for dense legalese and there's always a clearer way of saying it, so developers can understand what it is they are trying to say. We spent a good year on this, picking through the details to refine and refine and refine," she says.

Harmony does not prescribe a single contributor agreement. It quickly became apparent that wasn't possible, Randal says, because projects have different values, licenses, and procedures. Instead, the idea is to establish a common set of clear-to-understand options in a kind of modular framework. Deevelopers will be able pick and choose what they want – and in theory, companies will become familiar with the setup through repeated exposure.

Harmony uses simple language to separate individual from corporate contributions, covers copyright assignment, has an "outbound license" section that tackles what promises the project makes to the contributors on how it might plan to use their code contributions, and provides options to release code under different licenses in the future.

"I do hope it will increase the number of contributions back to OS, in that it can remove some of the roadblocks," Randall says. "A lot of the times companies don't contribute back, it's not because they don't want to - they get hung up on the legalities of 'How do I contribute back?'"

She recounts a particular problem from her past when trying to navigate open-source contributions. "I had a developer contribute to a project ... but I couldn't use what he'd done because it took six months for his company to sign off. Having something like Harmony that has six options and is widely used means lawyers can say: 'This is a Harmony agreement, I already know it, we can get some of the page'."

After the beta review of Harmony next week, the follow-on step is adoption.

Here Randall is pragmatic. It will be a grassroots thing, but will likely require the stature of an IBM to pick up the agreement for others to either accept Harmony – or realize it even exists.

But critics will likely still be skeptical of the project's true motives. At this point, it's not clear whether even Canonical will adopt Harmony. Brock told us the company would have to wait and see the final results of Harmony after next week.

"We have one contribution [agreement], and we continue to use this whilst we await the final Project Harmony output," she said. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.