Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Open Source Governance v2.5

HP present its vision and methods for Open Soruce Governance

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Open Source Governance v2.5

  1. 1. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. OpenSourceGovernance Bruno Cornec, HP EMEA Open Source and Linux Profession Lead September 2013
  2. 2. 2 05/09/13 2 Agenda ● Introduction ● Open Source & Licenses ● What is Open Source Governance ? – Concepts – Best practices ● Which Open Source Governance at HP ?
  3. 3. 3 Introducing Myself ● Software engineering and Unices since 1988 – Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems – Discover Open Source & Linux (OSL) & first contributions in 1993 – Full time on OSL since 1995, first as HP reseller then @HP ● Currently: – Master Technology Architect on OSL for the HP/Intel Solution Center, Grenoble – OSL HP Advocate – EMEA OSL HP Profession Lead – Solutions Linux Conference and OWF board member. Conferences at WW level in LinuxCon, – MondoRescue,, Project Lead – LinuxCOE, mrepo, tellico, rinse, fossology, collectl contributor – FOSSBazaar and OSL Governance enthusiast – Mandriva, Mageia, Fedora packager
  4. 4. 4 05/09/13 4 “Open Source” is three things LicensesLicenses CommunityCommunity MethodologyMethodology •You can use all three as a competitive advantageYou can use all three as a competitive advantage •The business model shifts to subscriptions and supportThe business model shifts to subscriptions and support •The more you get involved, the more you can influence/controlThe more you get involved, the more you can influence/control Almost 60 licenses today Some require that code changes be returned to the community at large These are called copyleft or reciprocal They are not viral This requirement is what makes the methodology work Other licenses are similar to the public domain and have few requirements Copyrights are still a core foundational element of all open source licenses Any collection of developers with a common interest Historically made up of free agents Increasingly funded by large companies sharing development costs Governments and academia also contributing at an increasing pace Communal, shared development Various projects each with their own subculture Governance models vary widely, some autocratic, others consensus based Very few roadmaps, but some projects are starting to publish them Influence and control is achieved by being integrated & involved Individuals are largely in control, not companies
  5. 5. 5 05/09/13 5 Free & Open Source Software (FOSS) Licenses freeware Sun SCSL Microsoft shared source source code available binary-only source with limitations many java libraries no-charge software shareware Adobe Reader GNU LGPL MIT IBM Mozilla W3C Apache no impact on other code copyleft GNU GPL FOSS BSD Reference URL:
  6. 6. 6 05/09/13 6  Redistribution is permitted without a need to pay fees for distributed copies.  Source code is available and may be modified.  Modified versions may be distributed with permission for others to do all the above. FOSS goals are: Knowledge sharing Modification to adapt Learn by looking inside A FOSS is like a car whose hood is open Free & Open Source Licenses Key Points
  7. 7. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Open Source Governance Concepts
  8. 8. 8 05/09/13 8 HP Proprietary 8 What is IT Governance? Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT. (Weill & Ross, “IT Governance”) IT Governance is the effective management of all IT assets, functions & processes in support of the enterprise’s business objectives. IT Governance is the organizational capacity exercised by the board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT. (Van Grembergen, 2002)
  9. 9. 9 05/09/13 9 Scope of IT Governance • IT operating principles − Changes brought by extensive FOSS usage on operational principles (buy, build, reuse, ...) • IT project portfolio • Enterprise Architecture • IT application portfolio − Impact of mixing stacks using FOSS, evaluation of the technical fit first. • IT finance • IT infrastructure / operations − FOSS deployment and management impacts • Project/Program methodology − FOSS program office addition impact, FOSS review in the development process • Human capital − Employee participation, performance plan impact, employment contract impact • Software Development Life Cycle − Interaction with FOSS communities, its viability • IT procurement • IT sourcing − Impact of FOSS on In/Out sourcing • CRM / SRM Open Source will effect many areas within an organization’s IT governance structure depending upon the organization’s business model
  10. 10. 10 05/09/13 10 Open Source Governance: Why now? ● Compelling FOSS value proposition leading to increased pervasiveness. ● FOSS usage & contributions often unclear, under the radar. 80% of IT environments WW (Gartner) include or will include open source SW, but less than 10% are conscious of the risks incurred. ● Increasing worldwide requirements for compliance – Distribution & acquisitions issues. ● Current IT policies and processes not always designed for open source: – Usage must be reviewed in context. – Legal exposure from ~60 OSI “approved” licenses (HP tracks 400+). – License violations can have different consequences than traditional software. Best practices and streamlined processes required to reap benefits and mitigate risks => Eliminate (perceived) risk of using Open Source.
  11. 11. 11 05/09/13 11 Why FOSS is any different than Commercial Software? To use commercial software in your development process, you must go through…. Procurement!
  12. 12. 12 05/09/13 12 Accepting and Managing Open Source ● The question is not if an enterprise should use FOSS, but rather when, how, where, and with whom. ● FOSS is unavoidable, it's even already there. ● Questions that need to be answered: – How is FOSS chosen and acquired? – Where does it come from? – How and where is it used? – How is it supported? – What version should I be running? – Is it LSB compliant? – What are the license obligations? – How is it deployed, managed, updated and secured? – How is it tracked (how is the project tracked)?
  13. 13. 13 05/09/13 13 What is Open Source Governance? Image source: Open source governance is a framework of policies, processes and tools that helps an organization effectively manage all of its interactions with open source software resulting in optimal use and reduced risk.
  14. 14. 14 05/09/13 14 Depends on who you ask ... • What OSS is contained in this product I just purchased from my ISV partner? (Procurement) • What are the license obligations for using this OSS in our company's products? (Legal) • Which of these open source LDAP servers will best suit my IT infrastructure? (IT Department) • Is this open source xml parser really going to save me 20% of my engineer's time? (Engineering manager) • So, you work on our flagship management software product, but you also want to contribute to nagios? (IP Department) • Will statically linking this OSS library to my application cause me any problems? (S/W developer)
  15. 15. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Open Source Governance Best practices
  16. 16. 16 05/09/13 16 HP’s interaction with FOSS ● Internal Usage – OpenLDAP, Jabber (XMPP), bind (DNS), postfix (SMTP), sympa, mediawiki, etc… ● Incorporated in our Software Products – OpenView, Insight Manager, SSSTK, PSP, WebOS, CloudOS… many software products including kernel modules ● Ship Open Source Distributions – Red Hat, Suse, Debian, Ubuntu etc… ● Embedded in our hardware products – Printers, televisions, storage devices, etc… ● Active participants in the communities – Contributors in dozens of projects (including Linux, OpenLDAP, Samba, bind, sympa, ...) – Maintainers in several projects (including Debian, OpenStack, LinuxCOE, MondoRescue, cciss, ...)
  17. 17. 17 05/09/13 17 Training and awareness Policy and processes Automated tools and workflow “Golden” repository of software and metadata Open source librarian and quality assurance Open Source Governance Maturity Model Most customers HP todayLevel 5 4 3 2 1
  18. 18. 18 05/09/13 18 HP Open Source Governance IP Tools  Fossology  PTS  Internal mailing list Best Practices (HP internally-developed): • Defined and communicated corporate-wide policies, with upper management support • Open Source Program Office Central place where all open source activities are understood for consistent communication inside/outside the company. Reponsible of and HP's promotion. • Open Source Review Board Core Governance process evolving throughout years, controlled by a virtual team of Open Source experts. Control FOSS used, delivered, shipped, new FOSS products, employee contributions, ... • Legal and IP FOSS expertise Docs  Open Source Policy Manual  Training material / Webinars  Knowledge base / Web portal
  19. 19. 19 05/09/13 19 HP Open Source Program Office Proposals: (New & Resubmit) OSRB Pre- Review Attorney Review Feedback: Go/No Go, Add’l Info Go OSRB IP Review OSRB check for Add’l info Submitter Go OSRB Final Review Go Approved. Reject On-hold Request for Add’l info OSRB Automated Communications Manual Activities Fast track
  20. 20. 20 05/09/13 20 PTS: Proposal Tracking System - Internal tool (2nd generation) to help manage Open Source usage in HP - HP contributions requests - Personal contributions requests - Software components reuse - Interface with library DB to ease declaration - Workflow to support previous OSRB review - Online help - Champions community per BU - Fast track possibility for obvious case - Support up to the most complex cases (GPLv3 proposals, license modification, mixed contributions) - History of modifications to proposals
  21. 21. 21 05/09/13 21 HP FOSS Governance Initiative 21 7 mars 2008 Major HP's intellectual property contribution: • An international open source community program launched focussed on FOSS governance including − FOSSBazaar: a Web based community to develop, share and provide information and industry best practices to take advantage of FOSS benefits, Founded by HP along with partners: Coverity, Google, Linux Foundation, Novell, Olliance Group, OpenLogic and SourceForge − FOSSology: a Web based community to develop an architectural framework and tools to analyze FOSS, founded by HP. − SPDX: a Linux Foundation standard for license identification in upstream software SIs/VARs Academia Gov/Pub Sector Corp Developers ISVs & IHVs Service Providers IT Mgmt Developing and supporting the utilization of open standards −An ecosystem • Centered on FOSSBazaar • Partners/Corp and academia developers, best practices and tools • HP C&I and Partners Services −Bridging • The FOSS and the Business Communities
  22. 22. 22 05/09/13 22 License Discovery and Analysis (1) License claims cannot be trusted • Example open source project - OpenOffice − Claimed license is LGPL ( • Is this for the entire package? • Has this been verified? • Does it include other components that are under a different license? − Discovered license(s) • From openoffice.org2_1.9.129-0.1ubuntu4.dsc (breezy) • 2706 LGPL • 421 OpenGroup-style • 327 BSD-style • 103 MIT-style • 48 GPL
  23. 23. 23 05/09/13 23 Licenses change, all the time • Example open source project - elfutils − Core component of RedHat Linux distributions − elfutils-0.89-1 in RHEL-3 was licensed under the OSL (v1.0) − elfutils-0.91-3 in RHEL-3.1 was licensed under GPL (v2.0) • HP did not ship RHEL-3 to customers due to elfutils' license • With HP's help, license was changed to GPL for next revision of package • Typical Linux distributions contain 1000's of packages License Discovery and Analysis (2)
  24. 24. 24 05/09/13 24 Key Paradigm • Enablement (manual process not viable) • Efficiencies (improved TCO) • Agility (improved time-to-market) • Reliability (license detection) • Scalability (single package as well as complete distribution) • Traceability (record proposals and history) Tools are NOT a replacement for Open Source governance processes but will improve the processes by providing:
  25. 25. 25 05/09/13 25 Open Source Governance Workshop • Open Source Baseline − Business Drivers − Various open source touch points in your company − Awareness, responsibilities , risks, processes • Legal Aspects of Open Source Governance − Assessment of Free and Open source software phenomenon − Detailed discussion of Open Source Licenses − Bridging the legal and technical communities − Other considerations: WEB-based services, mergers and acquisitions, other • Automating Open Source Compliance − Open Source discovery − License detection and analysis • Open Source Policy Best Practices  Use of open source – when appropriate, when not appropriate for your business  Review of licenses, product distribution considerations  Considerations for employee contribution to open source community  Company relationship with community • Open Source Governance Processes  Best practices for open source tracking, review and management  Open Source Compliance Lifecycle, workflow  Building Internal Open Source Communities Workshop designed to guide through the top issues around management of Open Source in the enterprise. Targeted at a cross-organizational audience, including auditing, legal, procurement, operational risk management, technology strategy, and line-of-business departments
  26. 26. 26 05/09/13 26 Company FOSS Policies and Guidelines Considerations Recommend joint development by all involved company departments: Legal (requires FOSS legal expertise, local or outsourced), IP (patents portfolio management), IT (in charge of tooling), Development (developers trained), Business management (Risk management) Grouped in an Open Source Review Board to define the FOSS Governance: • Company use of Open Source: Define Policies & Processes •Business Drivers •Infrastructure, required tools to perform mandatory analyzes •Development Projects responsabilities •FOSS Usage models •Technical contributions, FOSS usage, shipments/distribution, ... • Employee Open Source Contributions • Relationships with Open Source Community • Awareness, Docs, Communication and Compliance • Licensing, Copyrights and Patent Guidelines • Employee and Manager Responsibilities
  27. 27. 27 05/09/13 27
  28. 28. 28 « Changes are never easy to make. There is comfort and safety in tradition, but change must come, no matter how painful or expensive it may be. » Bill Hewlett (Open Source and Linux Technology Architect at the HP/Intel Solution Center) Thanks goes to: Linus Torvalds, Richard Stallman, Eric Raymond, Nat Makarevitch, René Cougnenc, Eric Dumas, Rémy Card, Bdale Garbee, Bryan Gartner, Craig Lamparter, Lee Mayes, Gallig Renaud, Andree Leidenfrost, Phil Robb, Bob Gobeille, Martin Michlmayr among others, for their work and devotion to the Open Source Software cause... and my family for their patience :-) Contact - Thanks