Home » Blogs » Andrew Aitken's blog

FOSSBazaar Launch and Moving Forward

FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

Andrew Aitken's picture
Posted February 1st, 2008 by Andrew Aitken

The launch of some new endeavors goes quite smoothly, the iPod for example, and some don’t, evidence the iPhone. The launch of FOSSBazaar and FOSSology might fall into the latter category.

With the best of intentions HP drove the launch of these two new industry initiatives, so it shouldn’t come as any surprise that the vast majority of press references characterize HP as the driving force and in some cases, the sole participant. Were they a little HP-centric in their approach? Maybe. Did the press do its usual search for sensationalism? Absolutely. I think Steven Grandchamp of Open Logic said it well in his blog; “Those details of HP’s open source services may have been better left for a different forum or separate press release.” But not all of this falls on HP’s shoulders; the other partners could have done a better job of managing their own press activities. I just think we looked a little too much to HP as the benevolent big brother, forgetting that we all naturally place our own interests first.

I had a good conversation with Christine Martino today, VP Open Source and Linux at HP, and I happen to believe her when she says that they know they can’t be successful on their own and that they are committed to making this work with the current and hopefully numerous group of future partners.

So, where do we go from here? Well, forward. The rocky start doesn’t change the fact that FOSSBazaar is a very worthy effort. There is no doubt that open source continues to gain in importance and complexity every day, and the need for a coordinated community response and resource grows along with it. And to refute Dana Blankehorn - HP tells enterprises fear the source, this is not about fear but about practicality.

Olliance is fully committed to FOSSBazaar and we are quite confident that the affiliation with all the partners will evolve into a close and effective working relationship.

Things we can focus on

Submitted by George Pace on Fri, 2008-02-01 14:49.
Andrew, Being involved with Open Source Compliance/Governance for several years (I am the IT side of the equation, not the legal), I can tell you that I was pleasantly surprised to see HP efforts in this space. Yes, the takeup appears a bit slow, but I would like to offer up some background as to why I think this is, and offer some tangible next steps For some background, Open Source Compliance has been on a per-company basis. As they became aware of the risks, they did various levels of due diligence, educated themselves as best they could as to mitigating those risks, established policies and/or implemented whatever "best practices" they came across. By and large, most companies have kept this info (and overall process) to themselves, for a variety of reasons. To help speed along the acceptance of FOSSology and FOSSBazaar, here is a starting list of ideas/suggestions/next steps that we can discuss to get this issue more widespread. 1. Education - This is something in the space that is sorely missing. While I can point to a number of Podcasts / Webcasts and some best practice material, there is really a need for some dedicated videos that walk thru the high level issues of both Compliance/Governance and Support. From my perspective, an educational strategy needs to be developed and implemented, which I think is the first best step. 2. Engage the commerical software vendors - I have to believe the issues of using Open Source in products you are selling are the same across these groups. I have to believe that they have various type of tools similar to FOSSology - which I don't think provides any competitive advantage - and the donation would not only benefit those companies, but the customers that use those products. 3. Consolidated Requirements - What the FOSS projects really require are requirement documents and/or roadmaps. Right now, my initial impression is that everything is "Free form" - The content and questions are good - but I see the need for a little more structure. For example a. Lets get a group started on developing future requirements for FOSSology. We can use a variety of resources to reach out to other companies (perhaps even using analyst companies as a conduit), but it will help spread the word b. Investigate Leveraging other "Open SOurce" tooling - We should be looking at attempts to leverage / resuse existing products. For example, is it possible for Krugle to provide a "Web Service" where FOSSology could send out chunks of code for analysis ? There are also existing open source efforts that scan code for security violations that could possibly be repurposed as well. c. The sum total of requirements/roadmaps would also be beneficial when discussing contributions with the IBM's, CA's, SUN's etc. Please feel free to comment away !