Towards an Openness Rating System for Open Source Software
Total Page:16
File Type:pdf, Size:1020Kb
Towards an Openness Rating System for Open Source Software Wolfgang Bein Clinton Jeffery Center for the Advanced Study of Algorithms Department of Computer Science School of Computer Science University of Idaho University of Nevada Moscow, ID 83844-1010 Las Vegas, NV 89154 jeff[email protected] [email protected] Abstract the original Tur´an proof, as well as four alternative proofs. The theorem roughly says that if a graph has Many open source software projects are not very very many edges then there necessarily have to exist open to third party developers. The point of open large cliques in the graph. Knowing this is useful in source is to enable anyone to fix bugs or add desired the reliability analysis of communication networks, for capabilities without holding them hostage to the origi- example. nal developers. This principle is important because an If mathematics followed the practices of proprietary open source project’s developers may be unresponsive software then anyone interested in the aforementioned or unable to meet third party needs, even if funding theorem would be able to see the statement of the the- support for requested improvements is offered. orem only by paying a fee (say, by purchasing this This paper presents a simple rating system for eval- article from a publishing house), but the inner work- uating the openness of software distributions. The rat- ings of Tur´an’s proof would not be accessible for any ing system considers factors such as platform portabil- price. Worse, anyone publishing any of the alterna- ity, documentation, licensing, and contribution policy. tive proofs might have to fear being sued by Tur´an’s Several popular open source products are rated in order estate. Of course, this would be complete folly, and in- to illustrate the efficacy of the rating system. deed in the real world of mathematics anyone is free to prove Tur´an’s as they please. Yet, it is still possible to engage in profitable enterprise, as Springer Verlag did 1 Motivation, Background and Related with their best-selling volume (despite the fact that – Work in principle – Tur´an’s theorem can be found on the world wide web.) Imagine that a modern day Tur´an felt compelled to The spirit of open source software can perhaps be keep the proof of his theorem under wraps. As an up- illustrated by how mathematical knowledge is made standing mathematician, he really does not have the available to society. A recent volume by the combina- option to state his discovery (the theorem) on his web- torialists Aigner and Ziegler “Proofs from The Book” site, while at the same time completely withholding [1] gives a number of theorems, which are chosen be- the proof. A reason for this modern Tur´an to have his cause they have beautiful and ingenious proofs. In fact method not come out too soon could be a desire to in that volume, for most theorems a number of differ- secure government funding before anyone else. So in ent proofs are given, though many theorems carry the order to bask in the glory of his result without giving name of one famous mathematician. One such exam- away everything, he would publish a pretend-proof, a ple is Tur´an’s graph theorem, which states that when proof not altogether false but instead completely in- G V,E n p 1 a graph = ( ) on vertices has no -clique comprehensible. This way Tur´an can claim to follow (p 2) then for the number of edges E , the upper ≥ 2 | | the ways of the scientific community while still ob- bound E (1 1 ) n holds. The volume gives | | ≤ − p−1 2 structing true open access. 1 This is very similar to practices around many so- A subset of vertices of cardinality p is said to be a p-clique if for every two vertices in the subset, there exists an edge con- called open source projects. Recently, a colleague of necting the two. ours undertook to extend a popular piece of open source software, only to have her initial efforts stymied. of others to compile the code. The software was developed largely with public funds, but seemed to have adopted open source status as a political ploy. The source code was available, but with- 3 The Social Contract of Open Source out comments or build instructions. Naively handing it off to its compiler, one got various dependency errors In our own open source software efforts, we were and a failed build. The frustration was documented by aware of how much work it is to try and make a work- several persons on the project web forums, with the de- ing program buildable by others: it remains an ongo- velopers in complete denial that there was any problem ing challenge. However, from the example described with (almost) no one in the world able to build their earlier, no comments or build instructions in software “open source” software but them. developed by one of the leading software engineering institutions in the world? It seemed deliberate. 2 Cathedral and Bazaar We began to wonder how many other software projects were buildable only by the developers who In the preceding example, the software’s website wrote them. We have seen many open source projects stated that the code was available, but code submis- that did not compile readily for reasonably proficient sions were unwelcome. This is a separate issue; the technical persons. When this is due to a lack of budget superiority of the cathedral model of software devel- or developers’ technical abilities, it is understandable opment over the bazaar is a philosophical question and requires no further comment. However, among where different reasonable persons may disagree and larger projects that ought to be buildable, we quickly still produce excellent open source software [4]. Cor- concluded that openness was not a Boolean variable, porate labs and elite schools share a fondness of and but a complex and continuous space. Different open desire to control their open source projects. In modern source software projects range wildly in terms of how days when a corporation open sources a proprietary friendly or hostile they are to developers. commercial system, such as SGI’s open sourcing GL We view the violation of the social contract inher- or Sun’s OpenSolaris or OpenJDK, it is easy to argue ent in the “closed” open source project from the point that the cathedral-control is economically motivated of view of the scientific method. All open source soft- [2]. However, when Ralph Griswold went from AT&T ware projects are science experiments; they have to to a university and started giving his product away by be reproducible (in the case of software, buildable and literally placing it in the public domain, he still ad- runnable) by others in order for the results (say, the hered to a cathedral model as the only way to main- claim that the source code release was complete and tain quality in an otherwise anarchic academic sched- correct) to be confirmed. ule. The cathedral model did not preclude vigorous Daniel E. Markle’s blog (dated Thursday Decem- efforts to make the software as usable by others as pos- ber 8 2005) contains an article titled Community and sible. Many other major academic research projects “Fake” Open Source Projects [3] that lists four ways that manage to produce a software release are similar; to kill open source software: inadequate user documen- the projects’ university budgets do not include time tation, inadequate developer documentation, no open to support a bazaar. The cathedral does not always bug tracking system, and no access to the development mean user-written contributions are unwelcome, it just work in progress. We view the first two of these as defines the terms of engagement. essential elements and include them in our ratings sys- Beyond Raymond’s famous essay, Nathan Willis’ ar- tem in this paper, while the latter two are basic to a ticle on linux.com [6] describes explicitly closed devel- successful bazaar, and highly desirable, but not intrin- opment processes for open source software which con- sic to whether the end user is able to use the software tradict the nature of their licenses, with examples in- for their own purposes. cluding KDE’s Oxygen and the GIMP’s UI design. Most software ratings systems will evaluate quality, While these examples are ironic and cathedral-style performance, or suitability for a given constituency’s open source development may be frowned upon by needs. For example, the Business Readiness Ratings some, they do not violate the main founding principle (BRR) system (see www.openbrr.org) defines twelve of open source, which is that users are free to adapt, categories to evaluate open source software: usability, maintain, and fix the software as needed. It is one scalability, and so on. (See also [5].) These are largely thing to use the cathedral model and maintain control classic software engineering quality metrics. The rat- over one’s own development, and it is another to pose ings system presented in this paper is focused on the as an open source project while minimizing the ability single issue of openness. 4 The Openness Factor Rating Scheme required libraries not provided with the source dis- tribution. Apply penalties for libraries without bi- This section presents the categories and a rubric nary distributions, libraries available for only some used to assess openness of different open source soft- compilers, and libraries larger and more compli- ware. We expect the rubric deserves correction and ex- cated than the application that uses them (e.g.