[Insight-users] Faking Open Source : How to differentiate Real Open Source software from fake one.

[Luis Ibanez]

*
"Faking Open Source"*

http://www.kitware.com/blog/home/post/23


The popularity of Free and Open Source Software (*FOSS*) has attracted a
collection of projects and organizations that are keen on benefiting from
the good reputation of Free and Open Source Software, but are not committed
to its principles or its practices.

For lack of a better name, lets call these projects

 "*NRFOSS*": *Not Really Free and Open Source Software*

*NRFOSS* is sometimes the result of lack of education on Open Source (the
"confused" projects), while sometimes it is the result of an intentional
misrepresentation guided by questionable goals (the "evil" projects). Both
of these categories are bad for FOSS, since they drain energy from the good
intentions of potential adopters and contributors, and also taint the
reputation of real *FOSS* projects.

Here is a recipe of five tests that will allow you to rapidly separate *
NRFOSS* from real *FOSS


Step 1: Run the "Google Test" of Open Source
*For project "ACME", do a Google search for "ACME Download". If in the first
five hits you get a link to the web page that instructs you on how to
download the source code, then the project has passed the "Google Test".  If
on the other hand, you find a lot of PowerPoint presentations talking about
how great the project is, then you can label the project as *NRFOSS*, and
put it in the subcategory of "vaporware", or maybe "powerpointware", which
is, by the way, excellent material to use if you need to mislead executives
who care about buzzwords but do not know what a compiler is.


*Step 2: The Download Test*
Once you identify the download page of the project, go ahead and try to
download the source code. This will typically be a  tar.gz or a .zip file,
or a direct access to a CVS / SVN or Git repository.  If after twenty
minutes of navigating the "download" page you still have not located the
files to download, then the project gets the *NRFOSS *label in the
subcategory "NTRHTS: Not trying really hard to share".  If at any point in
this process you have been required to provide a user name or password, then
the project also gets to be labeled as NRFOSS, in the subcategory of
"clubware", which means that you have to belong to a exclusive club in order
to get the privilege of looking at the source code. Time to start thinking :
"What are they trying to hide...?"


*Step 3: The Copyright and License Test*
Copyright infringement is a Federal Crime. You can get up to five years in a
Federal Prison and a fine of up to $250,000 dollars. You can thank the
active lobbyists from the movie and music industry for that.... but... I
digress. The point is, copyright is not something to take lightly. For your
own safety and security you must verify that the developers of the project
know what they are doing. In particular, you must expect to find: (a) a
clear statement indicating who holds the *copyright* of the project, and (b)
a very specific statement indicating the *license* under which the project
is distributed. If either one of those is missing, then... *run!*. Delete
those files from your hard drive and remove that web site from the cache of
your web browser. You may have been exposed to one of these two very grave
dangers:  "Copyright Irresponsibility" or "Proprietary Bait". The first case
usually involves people with good intentions but insufficient preparation
who didn't do their homework when learning about what Free and Open Source
really is. They rush to share without quite knowing how to share. They may
be nice, but they mean trouble in your future. Keep your distance, or if you
feel compassionate, let them know that they should learn about copyrights
and licensing,... then *Run!.*  The second case is a more dangerous type.
There are actively trying to lure you with a bait that looks like FOSS, but
hides a proprietary hook inside. They tend to use two common tricks: (a)
vague licensing statements, and (b) long-winded licensing terms. So, if you
don't find a clear statement indicating that the project is distributed
under one of the OSI approved
licenses<http://www.opensource.org/licenses/alphabetical>,....
well,... *Run!*.


*Step 4: The Build Test*
Open source is great! But Open Source that works is even greater! Once the
source code has made it to your hard drive it is time to verify whether the
developers really gave you everything you need, and to test whether they
know what they are doing. Locate the instructions for building the project.
You will typically find them in a README file, or an INSTALL file, or in the
Wiki or Web pages of the project. If by following the instructions you fail
to build the project, then you must check if this is the result of some of
the files being missing from the download. That is, are the developers
withholding part of the project and sharing other parts? Does the project
depend on some proprietary libraries? The build test is challenging, since
many projects can require a certain level of technical skills on the part of
the builder. If you fail to build the project, to be fair, you should give
them the benefit of the doubt, and cautiously proceed to apply the
"community test".


*Step 5: The Community Test*
FOSS is not only about software. Source code is just the visible
manifestation of a deeper socio-economical phenomenon: "*Peer Production*".
Real FOSS must have a community behind it. This is typically a group of
committed developers combined with a group of users (or adopters). As a busy
ant colony, this community actively improves the software and helps new
adopters and developers get on-board. New users must be welcomed without any
questions asked; embracing new developers is usually subject to certain
picky tests that ensure that the newcomer will be a positive contributor to
the project. As a potential new user of the project you have the right to
expect to receive answers to the typical "newcomer" questions regarding how
to download, build and use the software. Of course, you have to ask *nicely*...
if you want to get an answer. You must keep in mind that in many cases those
who answer your questions are volunteers and not your typical technical
support division that make you wait online while listening to "elevator
music". You should also be aware that every FOSS project has a particular
culture that has evolved as a niche ecosystem. It is usually a good idea to
take a look at the archives of their forums or mailing lists and get a
feeling for their culture before you start posting questions there,
particularly if you plan to stick around.


*Epilogue*
Paradoxically, the abundance of *NRFOSS*, should drive you to better
appreciate the many real *FOSS* projects and their communities, and
hopefully will motivate you to contribute to them as well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.itk.org/pipermail/insight-users/attachments/20100418/8bd33978/attachment-0001.htm>