Increasingly, as open source technology becomes more pervasive, tech and DevOps workers are choosing to or being asked to build out and oversee their own open source projects. From Google, to Netflix to Facebook, companies are also releasing their open source creations to the community.
Have you considered launching an open source project or are you in the process of doing so? Doing it successfully and rallying community support can be more complicated than you think, but a little up-front footwork and homework can help things go smoothly. Beyond that, some planning can also keep you and your organization out of legal trouble. Issues pertaining to licensing, distribution, support options and even branding require thinking ahead if you want your project to flourish. Here are some of the very best free resources to pay attention to if you’re launching or overseeing an open source project.
Standards and Licensing
The Open Source Definition is where every project leader should start when it comes to how open source projects should be distributed, and what actually qualifies as open source. It’s also good to review Open Standards requirements.
Another top decision to weigh is what kind of license your project should have. The Software Freedom Law Center (SFLC) has a set of very good online resources on how open source licenses and copyrights work, and much more. And, don’t miss the good advice at Choosealicense.com. Legal issues are smart to anticipate up front. The SFLC authors are attorneys who were part of creating popular open source licenses. It’s also an excellent idea to keep up with current and archived editions of the International Free and Open Source Software Law Review.
For another simple discussion of license types for open source projects, and which license will work best for your project, try FOSS License Wars. The discussion is broken up into chapters that you can skim as you see fit, and the information is solid. The Free Software Foundation has a good primer. And of course, you can visit GitHub to review the many projects housed there, which types of licenses they have, how their communities work, and more. Should your project reside there?
One more note on licenses: If you’re leveraging existing open source code or components, Hewlett-Packard’s free application Fossology is designed to analyze the source code for any project and report accurately on which licenses are being used.
How can you showcase the fact that your open source project follows best practices and is secure? The Core Infrastructure Initiative (CII) Badge Program is a free program that is good to know about on this front. Its Best Practices Badge is a symbol of open source secure development maturity. Projects having a CII badge showcase the project’s commitment to security, and The Linux Foundation is the steward of this program.
Note that The Linux Foundation also has a collection of very useful free resources pertaining to open source compliance topics. For example, Publishing Source Code for FOSS Compliance: Lightweight Process and Checklists and Generic FOSS Policy can align your project’s development with best practices and policies.
Do you anticipate that your open source project may benefit from some funding, perhaps to build out community resources? If so, take note of the Mozilla Open Source Support Program (MOSS) – a funding awards program specifically focused on supporting open source and free software. Especially if your project upholds Mozilla’s values regarding openness, you can have a good shot at becoming a Mozilla “Mission Partner.”
Red Hat has an internally developed tool that could make a difference for your project. The company has announced the release of a community version of the Open Decision Framework, which consists of the company’s collection of its own best practices for making decisions and leading projects. Red Hat, of course, has a time-tested track record at advancing open source projects, so this framework is worth consideration. According to the company, the new community edition framework is directly related to how the company has advanced its open source projects. By making its Open Decision Framework freely available, Red Hat wants to enable project leaders to learn from the experiences of Red Hatters and contribute their own findings back to the community.
Are you interested in looking into open source projects similar to yours or perhaps projects that share libraries and components with yours? If so, Google and GitHub have produced a new open dataset on Google BigQuery, a low cost analytics data warehouse service in the cloud, so that anyone can get data-driven insights based on more than 2.8 million open source GitHub repositories. For example, if you are using an open source library, you can quickly find every open source project on GitHub that’s using it. You can also evaluate whether you might improve your APIs based on what other users are doing with similar tools.
Finally, note that a startup company called Snyk, has a very unique focus on helping developers keep open source code secure. It has recently come out of beta with tools that help developers monitor and secure vulnerabilities and dependencies in open source code in real time. You can find out more about Snyk’s offerings here.
These resources should help you and those you work with advance your open source project successfully, legally and securely.