Producing Open Source Software

How to Run a Successful Free Software Project

2nd Edition

Karl Fogel

Version: 2.3312  (26 Sep 2024)


Dedication

This book is dedicated to two dear friends without whom it would not have been possible: Karen Underhill and Jim Blandy.

Table of Contents

Preface
Why Write This Book?
Who Should Read This Book?
Sources
Acknowledgements
For the first edition (2005)
For the second edition (2023)
Disclaimer
1. Introduction
History
The Rise of Proprietary Software and Free Software
Conscious Resistance
Accidental Resistance
"Free" Versus "Open Source"
The Situation Today
2. Getting Started
Starting From What You Have
Choose a Good Name
Own the Name in the Important Namespaces
Have a Clear Mission Statement
State That the Project is Free
Features and Requirements List
Development Status
Development Status Should Always Reflect Reality
Downloads
Version Control and Bug Tracker Access
Communications Channels
Developer Guidelines
Documentation
Availability of Documentation
Developer Documentation
Demos, Screenshots, Videos, and Example Output
Hosting
Choosing a License and Applying It
The "Do Anything" Licenses
The GPL
How to Apply a License to Your Software
Setting the Tone
Avoid Private Discussions
Nip Rudeness in the Bud
Practice Conspicuous Code Review
Case study
Be Open From Day One
Waiting Just Creates an Exposure Event
Opening a Formerly Closed Project
Announcing
3. Technical Infrastructure
What a Project Needs
Web Site
Canned Hosting
Choosing a Canned Hosting Site
Hosting on Fully Open Source Infrastructure
Anonymity and Involvement
Message Forums / Mailing Lists
Choosing the Right Forum Management Software
Spam Prevention
Identification and Header Management
The Great Reply-to Debate
Archiving
Mailing List / Message Forum Software
Version Control
Version Control Vocabulary
Choosing a Version Control System
Using the Version Control System
Version Everything
Browsability
Use Branches to Avoid Bottlenecks
Singularity of Information
Authorization
Receiving and Reviewing Contributions
Pull Requests / Merge Requests
Commit Notifications / Commit Emails
Bug Tracker
Interaction with Email
Pre-Filtering the Bug Tracker
Real-Time Chat Systems
Chat Rooms and Growth
Nick-Flagging and Notifications
Chat Bots
Commit Notifications in Chat
Wikis
Wikis and Spam
Choosing a Wiki
Translation Infrastructure
Social Networking Services
4. Social and Political Infrastructure
Forkability
Benevolent Dictators
Who Can Be a Good Benevolent Dictator?
Consensus-based Democracy
Version Control Means You Can Relax
When Consensus Cannot Be Reached, Vote
When To Vote
Who Votes?
Not All Maintainers Are Coders
Adding New Maintainers
Polls Versus Votes
Vetoes
Writing It All Down
Joining or Creating a Non-Profit Organization
5. Organizations and Money: Businesses, Non-Profits, and Governments
The Economics of Open Source
Goals of Corporate Involvement
Governments and Open Source
Being Open Source From Day One is Especially Important for Government Projects
Hire for the Long Term
Case study
Appear as Many, Not as One
Be Open About Your Motivations
Money Can't Buy You Love
Contracting
Hiring From Within the Community
Hiring From Outside The Community
Contracting and Transparency
Review and Acceptance of Changes
Case Study: the CVS Password-Authentication Protocol
Update Your RFI, RFP and Contract Language
Open Source Quality Assurance (OSQA)
Don't Surprise Your Lawyers
Funding Non-Programming Activities
Technical Quality Assurance (i.e., Professional Testing)
Legal Advice and Protection
Documentation and Usability
Funding User Experience (UX) Work
Providing Build Farms and Development Servers
Running Security Audits
Sponsoring Conferences, Hackathons, and other Developer Meetings
Marketing
Open Source and Freedom from Vendor Lock-In
Remember That You Are Being Watched
Case Study: You Can't Fake It, So Don't Try
Don't Bash Competing Vendors' Efforts
"Commercial" vs "Proprietary"
Open Source and the Organization
Dispel Myths Within Your Organization
Foster Pools of Expertise in Multiple Places
Establish Contact Early With Relevant Communities
Don't Let Publicity Events Drive Project Schedule
The Key Role of Middle Management
InnerSourcing
Hiring Open Source Developers
Hiring for Influence
Evaluating Open Source Projects
Crowdfunding and Bounties
6. Communications
Written Culture
You Are What You Write
Structure and Formatting
Content
Tone
Recognizing Rudeness
Face
Avoiding Common Pitfalls
Don't Post Without a Purpose
Productive vs Unproductive Threads
The Smaller the Topic, the Longer the Debate
Avoid Holy Wars
The "Noisy Minority" Effect
Don't Bash Competing Open Source Products
Difficult People
Handling Difficult People
Case study
Handling Growth
Conspicuous Use of Archives
Treat All Resources Like Archives
Codifying Tradition
Choose the Right Forum
Cross-Link Between Forums
Publicity
Announcing Releases and Other Major Events
Announcing Security Vulnerabilities
Receive the Report
Develop the Fix Quietly
CVE Numbers
Common Vulnerability Scoring System (CVSS) Scores
Pre-Notification
Distribute the Fix Publicly
Further Reading on Handling Security Vulnerabilities
7. Packaging, Releasing, and Daily Development
Release Numbering
Release Number Components
Semantic Versioning
The Even/Odd Strategy
Release Branches
Mechanics of Release Branches
Stabilizing a Release
Dictatorship by Release Owner
Voting on Changes
Managing Collaborative Release Stabilization
Release Manager
Packaging
Format
Name and Layout
To Capitalize or Not to Capitalize
Pre-Releases
Compilation and Installation
Binary Packages
Testing and Releasing
Candidate Releases
Announcing Releases
Maintaining Multiple Release Lines
Security Releases
Releases and Daily Development
Planning Releases
8. Managing Participants
Community and Motivation
Delegation
Distinguish Clearly Between Inquiry and Assignment
Follow Up After You Delegate
Notice What People Are Interested In
Praise and Criticism
Prevent Territoriality
The Automation Ratio
Automated testing
Treat Every User as a Potential Participant
Meeting In Person: Conferences, Hackfests, Code-a-Thons, Code Sprints, Retreats
Share Management Tasks as Well as Technical Tasks
"Manager" Does Not Mean "Owner"
Patch Manager (or Pull Request Manager)
Translation Manager
Documentation Manager
Issue Manager
Transitions
Committers
Committers vs Maintainers
Choosing Committers
Revoking Commit Access
Partial Commit Access
Dormant Committers
Avoid Mystery
Credit
Forks
"Development Forks" versus "Hard Forks"
Figuring Out Whether You're the Fork
Handling a Fork
Initiating a Fork
9. Legal Matters: Licenses, Copyrights, Trademarks and Patents
Terminology
Aspects of Licenses
The GPL and License Compatibility
Choosing a License
The GNU General Public License
The "or any later version" Option: Future-Proofing the GPL
The GNU Affero GPL: A Version of the GNU GPL for Server-Side Code
The Copyright Holder Is Special, Even In Copyleft Licenses
Is the GPL Free or Not Free?
Contributor Agreements
Doing Nothing
Contributor License Agreements
Developer Certificate of Origin (DCO): An Easier Style of CLA
Proprietary Relicensing
Problems with Proprietary Relicensing
Trademarks
Case study: Mozilla Firefox, the Debian Project, and Iceweasel
Case study: The GNOME Logo and the Fish Pedicure Shop
Patents
Further Resources
A. Copyright
Attribution-ShareAlike 4.0 International
Using Creative Commons Public Licenses
Creative Commons Attribution-ShareAlike 4.0 International Public License
Section 1 -- Definitions.
Section 2 -- Scope.
Section 3 -- License Conditions.
Section 4 -- Sui Generis Database Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
Section 6 -- Term and Termination.
Section 7 -- Other Terms and Conditions.
Section 8 -- Interpretation.