<b><br>"Faking Open Source"</b><br><br><a href="http://www.kitware.com/blog/home/post/23">http://www.kitware.com/blog/home/post/23</a><br><br><br>The popularity of Free and Open Source Software (<strong>FOSS</strong>)
has attracted a collection of projects and organizations that are keen
on benefiting from the good reputation of Free and Open Source
Software, but are not committed to its principles or its practices. <br><br>For lack of a better name, lets call these projects<br><br> "<strong>NRFOSS</strong>": <strong>Not Really Free and Open Source Software</strong><br>
<br><strong>NRFOSS</strong>
is sometimes the result of lack of education on Open Source (the
"confused" projects), while sometimes it is the result of an
intentional misrepresentation guided by questionable goals (the "evil"
projects). Both of these categories are bad for FOSS, since they drain
energy from the good intentions of potential adopters and contributors,
and also taint the reputation of real <strong>FOSS</strong> projects.<br><br>Here is a recipe of five tests that will allow you to rapidly separate <strong>NRFOSS</strong> from real <strong>FOSS<br><br><br>Step 1: Run the "Google Test" of Open Source<br>
</strong>For
project "ACME", do a Google search for "ACME Download". If in the first
five hits you get a link to the web page that instructs you on how to
download the source code, then the project has passed the "Google
Test". If on the other hand, you find a lot of PowerPoint
presentations talking about how great the project is, then you can
label the project as <strong>NRFOSS</strong>, and put it in the
subcategory of "vaporware", or maybe "powerpointware", which is, by the
way, excellent material to use if you need to mislead executives who
care about buzzwords but do not know what a compiler is.<br><br><br><strong>Step 2: The Download Test</strong><br>Once
you identify the download page of the project, go ahead and try to
download the source code. This will typically be a tar.gz or a .zip
file, or a direct access to a CVS / SVN or Git repository. If after
twenty minutes of navigating the "download" page you still have not
located the files to download, then the project gets the <strong>NRFOSS </strong>label
in the subcategory "NTRHTS: Not trying really hard to share". If at
any point in this process you have been required to provide a user name
or password, then the project also gets to be labeled as NRFOSS, in the
subcategory of "clubware", which means that you have to belong to a
exclusive club in order to get the privilege of looking at the source
code. Time to start thinking : "What are they trying to hide...?"<br><br><br><strong>Step 3: The Copyright and License Test</strong><br>Copyright
infringement is a Federal Crime. You can get up to five years in a
Federal Prison and a fine of up to $250,000 dollars. You can thank the
active lobbyists from the movie and music industry for that.... but...
I digress. The point is, copyright is not something to take lightly.
For your own safety and security you must verify that the developers of
the project know what they are doing. In particular, you must expect to
find: (a) a clear statement indicating who holds the <strong>copyright</strong> of the project, and (b) a very specific statement indicating the <strong>license</strong> under which the project is distributed. If either one of those is missing, then... <strong>run!</strong>.
Delete those files from your hard drive and remove that web site from
the cache of your web browser. You may have been exposed to one of
these two very grave dangers: "Copyright Irresponsibility" or
"Proprietary Bait". The first case usually involves people with good
intentions but insufficient preparation who didn't do their homework
when learning about what Free and Open Source really is. They rush to
share without quite knowing how to share. They may be nice, but they
mean trouble in your future. Keep your distance, or if you feel
compassionate, let them know that they should learn about copyrights
and licensing,... then <strong>Run!.</strong> The second case is a
more dangerous type. There are actively trying to lure you with a bait
that looks like FOSS, but hides a proprietary hook inside. They tend to
use two common tricks: (a) vague licensing statements, and (b)
long-winded licensing terms. So, if you don't find a clear statement
indicating that the project is distributed under one of the <a href="http://www.opensource.org/licenses/alphabetical">OSI approved licenses</a>,.... well,... <strong>Run!</strong>.<br><br><br><strong>Step 4: The Build Test</strong><br>
Open
source is great! But Open Source that works is even greater! Once the
source code has made it to your hard drive it is time to verify
whether the developers really gave you everything you need, and to
test whether they know what they are doing. Locate the instructions for
building the project. You will typically find them in a README file, or
an INSTALL file, or in the Wiki or Web pages of the project. If by
following the instructions you fail to build the project, then you must
check if this is the result of some of the files being missing from the
download. That is, are the developers withholding part of the project
and sharing other parts? Does the project depend on some proprietary
libraries? The build test is challenging, since many projects can
require a certain level of technical skills on the part of the
builder. If you fail to build the project, to be fair, you should give
them the benefit of the doubt, and cautiously proceed to apply the
"community test".<br><br><br><strong>Step 5: The Community Test</strong><br>FOSS is not only about software. Source code is just the visible manifestation of a deeper socio-economical phenomenon: "<strong>Peer Production</strong>".
Real FOSS must have a community behind it. This is typically a group of
committed developers combined with a group of users (or adopters). As a
busy ant colony, this community actively improves the software and
helps new adopters and developers get on-board. New users must be
welcomed without any questions asked; embracing new developers is
usually subject to certain picky tests that ensure that the newcomer
will be a positive contributor to the project. As a potential new user
of the project you have the right to expect to receive answers to the
typical "newcomer" questions regarding how to download, build and use
the software. Of course, you have to ask <strong>nicely</strong>... if
you want to get an answer. You must keep in mind that in many cases
those who answer your questions are volunteers and not your typical
technical support division that make you wait online while listening to
"elevator music". You should also be aware that every FOSS project has
a particular culture that has evolved as a niche ecosystem. It is
usually a good idea to take a look at the archives of their forums or
mailing lists and get a feeling for their culture before you start
posting questions there, particularly if you plan to stick around.<br><br><br><strong>Epilogue</strong><br>Paradoxically, the abundance of <strong>NRFOSS</strong>, should drive you to better appreciate the many real <strong>FOSS</strong> projects and their communities, and hopefully will motivate you to contribute to them as well.<br>
<br>