Producing Open Source Software

How to Run a Successful Free Software Project

Karl Fogel


This book is dedicated to two dear friends without whom it would not have been possible: Karen Underhill and Jim Blandy.

Table of Contents

Why Write This Book?
Who Should Read This Book?
1. Introduction
The Rise of Proprietary Software and Free Software
Conscious resistance
Accidental resistance
"Free" Versus "Open Source"
The Situation Today
2. Getting Started
Starting From What You Have
Choose a Good Name
Own the name in the important namespaces
Have a Clear Mission Statement
State That the Project is Free
Features and Requirements List
Development Status
Development status should always reflect reality.
Version Control and Bug Tracker Access
Communications Channels
Developer Guidelines
Availability of documentation
Developer documentation
Demos, Screenshots, Videos, and Example Output
Choosing a License and Applying It
The "Do Anything" Licenses
How to Apply a License to Your Software
Setting the Tone
Avoid Private Discussions
Nip Rudeness in the Bud
Practice Conspicuous Code Review
Case study
Be Open From Day One
Waiting Just Creates an Exposure Event
Opening a Formerly Closed Project
3. Technical Infrastructure
What a Project Needs
Web Site
Canned Hosting
Choosing a canned hosting site
Hosting on fully open source infrastructure
Anonymity and involvement
Mailing Lists / Message Forums
Choosing the Right Forum Management Software
Spam Prevention
Identification and Header Management
The Great Reply-to Debate
Mailing List / Message Forum Software
Version Control
Version Control Vocabulary
Choosing a Version Control System
Using the Version Control System
Version everything
Use branches to avoid bottlenecks
Singularity of information
Receiving and reviewing contributions
Pull requests
Commit notifications / commit emails
Bug Tracker
Interaction with Email
Pre-Filtering the Bug Tracker
IRC / Real-Time Chat Systems
IRC Bots
Commit Notifications in IRC
Archiving IRC
Wikis and Spam
Choosing a Wiki
Q&A Forums
Translation Infrastructure
Social Networking Services
4. Social and Political Infrastructure
Benevolent Dictators
Who Can Be a Good Benevolent Dictator?
Consensus-based Democracy
Version Control Means You Can Relax
When Consensus Cannot Be Reached, Vote
When To Vote
Who Votes?
Polls Versus Votes
Writing It All Down
Joining or Creating a Non-Profit Organization
5. Organizations, Money, and Business
The Economics of Open Source
Types of Corporate Involvement
Hire for the Long Term
Case study
Appear as Many, Not as One
Be Open About Your Motivations
Money Can't Buy You Love
Review and Acceptance of Changes
Case study: the CVS password-authentication protocol
Update Your RFI, RFP and Contract Language
Get Third-Party Review During Development
Don't Surprise Your Lawyers
Funding Non-Programming Activities
Quality Assurance (i.e., Professional Testing)
Legal Advice and Protection
Documentation and Usability
Funding User Experience (UX) Work
Providing Hosting/Bandwidth
Providing Build Farms and Development Servers
Sponsoring Conferences, Hackathons, and other Developer Meetings
Open Source and Freedom from Vendor Lock-In
Remember That You Are Being Watched
Case study: You can't fake activity, so don't try
Don't Bash Competing Open Source Products
Don't Bash Competing Vendors' Developers
"Commercial" vs "Proprietary"
Open Source and the Organization
Dispel Myths Within Your Organization
Foster Pools of Expertise in Multiple Places
Establish contact early with relevant communities
Don't Let Publicity Events Drive Project Schedule
Have a Plan to Handle Negative Reactions
The Key Role of Middle Management
Governments and Open Source
Being Open Source From Day One is Especially Important for Government Projects
Hiring Open Source Developers
Crowdfunding and Bounties
6. Communications
You Are What You Write
Structure and Formatting
Recognizing Rudeness
Avoiding Common Pitfalls
Don't Post Without a Purpose
Productive vs Unproductive Threads
The Softer the Topic, the Longer the Debate
Avoid Holy Wars
The "Noisy Minority" Effect
Difficult People
Handling Difficult People
Case study
Handling Growth
Conspicuous Use of Archives
Treat all resources like archives
Codifying Tradition
Choose the Right Forum
Cross-Link Between Forums
Announcing Releases and Other Major Events
Announcing Security Vulnerabilities
Receive the report
Develop the fix quietly
CVE numbers
Distribute the fix publicly
7. Packaging, Releasing, and Daily Development
Release Numbering
Release Number Components
The Simple Strategy
The Even/Odd Strategy
Release Branches
Mechanics of Release Branches
Stabilizing a Release
Dictatorship by Release Owner
Voting on Changes
Managing collaborative release stabilization
Release manager
Name and Layout
To capitalize or not to capitalize
Compilation and Installation
Binary Packages
Testing and Releasing
Candidate Releases
Announcing Releases
Maintaining Multiple Release Lines
Security Releases
Releases and Daily Development
Planning Releases
8. Managing Participants
Community and Motivation
Distinguish clearly between inquiry and assignment
Follow up after you delegate
Notice what people are interested in
Praise and Criticism
Prevent Territoriality
The Automation Ratio
Automated testing
Treat Every User as a Potential Participant
Meeting In Person (Conferences, Hackfests, Code-a-Thons, Code Sprints, Retreats)
Share Management Tasks as Well as Technical Tasks
"Manager" Does Not Mean "Owner"
Patch Manager
Translation Manager
Documentation Manager
Issue Manager
Choosing Committers
Revoking Commit Access
Partial Commit Access
Dormant Committers
Avoid Mystery
Handling a Fork
Initiating a Fork
9. Legal Matters: Licenses, Copyrights, Trademarks and Patents
Aspects of Licenses
The GPL and License Compatibility
Choosing a License
The GNU General Public License
The "or any later version" Option: Future-Proofing the GPL.
The GNU Affero GPL: A Version of the GNU GPL for Server-Side Code
The Copyright Holder Is Special, Even In Copyleft Licenses
Is the GPL free or not free?
Contributor Agreements
Doing Nothing
Contributor License Agreements
Developer Certificates of Origin (DCO): A Simpler Style of CLA
Proprietary Relicensing
Problems with Proprietary Relicensing
Case study: Mozilla Firefox, the Debian Project, and Iceweasel
Case study: The GNOME Logo and the Fish Pedicure Shop
Further Resources
A. Canned Hosting Sites
B. Obsolete Appendix (was: Free Version Control Systems)
C. Obsolete Appendix (was: Free Bug Trackers)
D. Obsolete Appendix: (was: Why Should I Care What Color the Bikeshed Is?)
E. Obsolete Appendix (was: Example Instructions for Reporting Bugs)
F. Copyright