DOCSLIB.ORG

A Descriptive Process Model for Open-Source Software Development

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

University of Calgary PRISM: University of Calgary's Digital Repository Graduate Studies Legacy Theses 2001 A descriptive process model for open-source software development Johnson, Kim Johnson, K. (2001). A descriptive process model for open-source software development (Unpublished master's thesis). University of Calgary, Calgary, AB. doi:10.11575/PRISM/22282 http://hdl.handle.net/1880/41007 master thesis University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. Downloaded from PRISM: https://prism.ucalgary.ca The author of this thesis has granted the University of Calgary a non-exclusive license to reproduce and distribute copies of this thesis to users of the University of Calgary Archives. Copyright remains with the author. Theses and dissertations available in the University of Calgary Institutional Repository are solely for the purpose of private study and research. They may not be copied or reproduced, except as permitted by copyright laws, without written authority of the copyright owner. Any commercial use or publication is strictly prohibited. The original Partial Copyright License attesting to these terms and signed by the author of this thesis may be found in the original print version of the thesis, held by the University of Calgary Archives. The thesis approval page signed by the examining committee may also be found in the original print version of the thesis held in the University of Calgary Archives. Please contact the University of Calgary Archives for further information, E-mail: [email protected] Telephone: (403) 220-7271 Website: http://www.ucalgary.ca/archives/ THE UNIVERSITY OF CALGARY A Descriptive Process Model for Open-Source Software Development by Kim Johnson A THESIS SUBMITTED TO THE FACULTY OF GRADUATE STUDIES IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE CALGARY, ALBERTA JUNE, 2001 ©Kim Johnson 2001 Abstract Open Source is a term used to describe a tradition of open standards, shared source code, and collaborative software development. However the methodology itself has yet to be captured definitively in writing. The single best description is Eric Raymond's (1998a) The Cathedral and the Bazaar, and while excellent, it is not an academic work but more a pseudo-evangelical report from the field. Consequently, the current perception of what constitutes open-source software development remains somewhat subjective. This thesis attempts to describe an introductory process model for open-source software development. Common characteristics are identified and discussed with specific examples from various open-source projects. The results lend support to suggestions that open-source software development follows an adaptive lifecycle, with a flexible management model emphasizing leadership, collaboration, and accountability. Moreover, open source would seem to represent an alternative approach to distributed software development, able to offer useful information about common problems as well as possible solutions. in Acknowledgements This work would not have been possible without the guidance and support of many people. I would first like to thank my supervisor, Dr. Rob Kremer, for giving me an opportunity to research a somewhat unconventional subject. Thanks especially for a flexible yet supportive advisory style. My appreciation and respect to those who have pioneered open-source software development. It is a truly unique approach and a fascinating area for research. In particular, thanks to the following people for taking time to review an early draft of this work: Alan Cox, Brian Behlendorf, Roy Fielding, Michael Johnson, David Lawrence, Jason Robbins, Guido van Rossum, Erik Troan, and Paul Vixie. I would also like to thank Mildred Shaw, Alfred Hussein, and the other early adopters at SERN for an excellent introduction to the complex subject of software engineering. It has provided me with a solid foundation for continued learning, and I hope it has made me a better practitioner. And last but certainly not least, most heartfelt thanks to Tera and Kylan for their motivation and continued tolerance of long hours at the keyboard. IV ... when men were men and wrote their own device driver ... Linus Torvalds v Table of Contents Abstract iii Acknowledgements iv Table of Contents vi List of Tables viii List of Figures ix List of Abbreviations and Nomenclature x Chapter 1 Introduction 1 1.1 Aim 1 1.2 Motivation 1 1.3 Open-Source Software 3 1.4 Software Process Models 4 1.5 Approach 6 1.6 Objectives ...8 1.7 Thesis Structure .9 1.8 Summary ..9 Chapter 2 Open-Source Software Development 10 2.1 History 10 2.2 Definition 13 2.3 The Cathedral and the Bazaar 19 2.4 Projects .23 2.5 Summary 29 Chapter 3 State View 30 3.1 Closed Prototyping ..31 3.2 Iterative and Incremental Enhancement 35 3.3 Concurrent Development ..41 3.4 Large-Scale Peer Review 45 3.5 U ser-Driven Requirements 5 0 3.6 Summary 54 Chapter 4 Organizational View 55 4.1 Decentralized Collaboration 56 4.2 Trusted Leadership 60 4.3 Internal Motivation 64 4.4 Asynchronous Communication 68 4.5 Summary -74 Chapter 5 Control View 76 5.1 Informal Planning 77 5.2 Tiered Participation 79 5.3 Modular Design ..86 vi 5.4 Ubiquitous Tool Support 91 5.5 Shared Information Space 96 5.6 Summary 99 Chapter 6 Evaluation 100 6.1 Key Strengths 100 6.2 Key Weaknesses 104 6.3 Summary 108 Chapter 7 Conclusions 109 7.1 Addressing the Objectives 109 7.2 Future Directions 110 7.3 Thesis Summary 112 Bibliography 117 Appendices 132 A.l Open Source Chronology (Selected Events) 132 A.2 Open Source Projects 136 A.3 Open Source Definition 148 A.4 GNU General Public License 149 vii List of Tables Table 1. Characteristics of selected open-source projects 6 Table 2. Distribution of sources by software engineering validation method 7 Table 3. Comparison of various free software licensing practices 15 Table 4. Typical change request 37 Table 5. Comparison of defect density measures between commercial projects and Apache 47 Table 6. Timeline of a bug fix 49 Table 7. Comparison of code productivity of the top Apache developers and the top developers in several commercial projects 79 Table 8. Levels of participation in open-source projects 80 Table 9. Top 5 languages and testing tools used in a small-scale survey on quality related activities in open-source development 92 Table 10. Apache shared information space 96 vin List of Figures Figure 1. Various categories of free software 14 Figure 2. Market share for top HTTP servers across all domains 23 Figure 3. Comparison of evolutionary development vs. waterfall life cycle 36 Figure 4. Growth of the compressed tar file for the full Linux kernel source release 40 Figure 5. Typical build cycle 42 Figure 6. Proportion of changes closed within a given number days for Apache 50 Figure 7. E-mail discourse 69 Figure 8. List server discourse 69 Figure 9. Activity for the Python mailing list 71 Figure 10. Mozilla milestone schedule for 2001 78 Figure 11. Cumulative distribution of contributions to the Apache code base 83 Figure 12. Histogram of LOC added per programmer for the GNOME project 84 Figure 13. Cumulative distribution of PR related changes to the Apache code base 85 Figure 14. Mozilla ownership architecture 89 Figure 15. Linux ownership architecture 89 ix List of Abbreviations and Nomenclature API (Application Programming Interface) - Prescribed by an operating system or application, defining the rules for interaction with other software, build A compiled program intended for distribution. Brooks's Law "Adding more manpower to a project makes it later." The perceived benefit of adding more programmers to a project is outweighed by the cost of coordinating and merging their work, bus syndrome Refers to a process that has become too dependent on the input of one individual. C2Net A software company whose flagship product is a commercial version of the Apache Web server. Acquired by Red Hat in 2000. CGI (Common Gateway Interface) - A standard for interfacing external applications with Web servers. Conway's Hypothesis States that the organization of a software system will be congruent to the organization of the group that designed the system. Copyleft A general method for making a program free software, and requiring all modified and extended versions to be free software as well, cost Effort cost, or the number of hours required to perform a task. CPAN (Comprehensive Perl Archive Network) - A large collection of Perl software and documentation. CVS (Concurrent Versions System) - The dominant version control system for open- source software development. Cyclic A software company that originally sold support for CVS. Acquired by SourceGear in 1999. Cygnus A software company credited with pioneering the commercialization of open- source software. Acquired by Red Hat in 2000. commit-then-review Changes are deemed inherently acceptable and are applied, with testing and review afterwards. GPL (General Public License) - A license typically used for free software. x GNU (GNU's Not Unix) - Used to reference the GNU Project, a development effort to produce a free Unix-like operating system. It is pronounced "guh-NEW." See also: FSF FAQ (Frequently Asked Questions) - Documents that list and answer the common questions on a particular subject, feature creep The tendency to continually add features at the expense of elegance and simplicity. Free Software Refers to the users' freedom to run, copy, distribute, study, change, and improve software. See also: GNU FSF (Free Software Foundation) - A non-profit organization that raises funds for work on the GNU Project.
Recommended publications
  • Swing: Components for Graphical User Interfaces

    Swing: Components for Graphical User Interfaces

    Swing: Components for Graphical User Interfaces Computer Science and Engineering College of Engineering The Ohio State University Lecture 22 GUI Computer Science and Engineering The Ohio State University GUI: A Hierarchy of Nested Widgets Computer Science and Engineering The Ohio State University Visual (Containment) Hierarchy Computer Science and Engineering The Ohio State University Top-level widgets: outermost window (a container) Frame, applet, dialog Intermediate widgets: allow nesting (a container) General purpose Panel, scroll pane, tabbed pane, tool bar Special purpose Layered pane Atomic widgets: nothing nested inside Basic controls Button, list, slider, text field Uneditable information displays Label, progress bar, tool tip Interactive displays of highly formatted information Color chooser, file chooser, tree For a visual (“look & feel”) of widgets see: http://java.sun.com/docs/books/tutorial/uiswing/components Vocabulary: Widgets usually referred to as “GUI components” or simply “components” History Computer Science and Engineering The Ohio State University Java 1.0: AWT (Abstract Window Toolkit) Platform-dependent implementations of widgets Java 1.2: Swing Most widgets written entirely in Java More portable Main Swing package: javax.swing Defines various GUI widgets Extensions of classes in AWT Many class names start with “J” Includes 16 nested subpackages javax.swing.event, javax.swing.table, javax.swing.text… Basic GUI widgets include JFrame, JDialog JPanel, JScrollPane, JTabbedPane,
  • DAY ONE: Vsrx on KVM Verma & Kat - and Saves Tme Saves and Juniper Techlibrary Juniper Writen Writen in Tandem with the Juniper

    DAY ONE: Vsrx on KVM Verma & Kat - and Saves Tme Saves and Juniper Techlibrary Juniper Writen Writen in Tandem with the Juniper

    DAY ONE: vSRX on KVM Day One: vSRX on KVM is for network administrators, network architects, or engineers in- terested in quickly startng to use the Juniper Networks vSRX Virtual Firewall. Any tme you ONE: DAY need to design and test diferent topology use cases, train yourself or others, or even practce DAY ONE: vSRX on KVM certfcaton exams, this book covers such usage with step-by-step instructons and practcal examples. vSRX ON KVM Day One: vSRX on KVM requires Basic networking knowledge and a general understanding of the TCP/IP protocol suite, Linux systems, and Ubuntu. Writen in tandem with the Juniper vSRX documentaton, it curates links and tutorials with the Juniper TechLiBrary and saves tme for vSRX users by coordinatng deployment steps with the TechLibrary’s archives. Learn how to deploy vSRX instances today! IT’S DAY ONE AND YOU HAVE A JOB TO DO, SO LEARN HOW TO: Confgure the vSRX in a KVM environment Install vSRX’s prerequisite packages and confgure and deploy an instance of vSRX on KVM. and build lab topologies on day one. Create a single instance topology and then a mult-device topology using two vSRX instances. Design topologies for diferent use cases. Complete the three challenge topologies. Troubleshoot vSRX operatons. Verma & Kat ISBN 978-1941441893 5 1 6 0 0 By Rahul Verma & Madhavi Kat Juniper Networks Books are focused on network reliaBility and efficiency. Peruse the complete liBrary at www.juniper.net/books. 9 781941 441893 DAY ONE: vSRX on KVM Day One: vSRX on KVM is for network administrators, network architects, or engineers in- terested in quickly startng to use the Juniper Networks vSRX Virtual Firewall.
  • Katalog Elektronskih Knjiga

    Katalog Elektronskih Knjiga

    KATALOG ELEKTRONSKIH KNJIGA Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 1 Peter Kent Pay Per Click Search 2006 0-471-74594-3 130 Kupovina Engine Marketing for Dummies 2 Terry Large Access 1 2007 Internet Freeware 3 Kevin Smith Excel Lassons & Tutorials 2004 Internet Freeware 4 Terry Michael Photografy Tutorials 2006 Internet Freeware Janine Peterson Phil Pivnick 5 Jake Ludington Converting Vinyl LPs 2003 Internet Freeware to CD 6 Allen Wyatt Cleaning Windows XP 2004 0-7645-7311-X Poklon for Dummies 7 Peter Kent Sarch Engine Optimization 2006 0-4717-5441-2 Kupovina for Dummies 8 Terry Large Access 2 2007 Internet Freeware 9 Dirk Dupon How to write, create, 2005 Internet Freeware promote and sell E-books on the Internet 10 Chayden Bates eBook Marketing 2000 Internet Freeware Explained 11 Kevin Sinclair How To Choose A 1999 Internet Freeware Homebased Bussines 12 Bob McElwain 101 Newbie-Frendly Tips 2001 Internet Freeware 13 Windows Basics 2004 Poklon 14 Michael Abrash Zen of Graphic 2005 Poklon Programming, 2. izdanje 15 13 Hot Internet 2000 Internet Freeware Moneymaking Methods 16 K. Williams The Complete HTML 1998 Poklon Teacher 17 C. Darwin On the Origin of Species Internet Freeware 2/175 Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 18 C. Darwin The Variation of Animals Internet Freeware 19 Bruce Eckel Thinking in C++, Vol 1 2000 Internet Freeware 20 Bruce Eckel Thinking in C++, Vol 2 2000 Internet Freeware 21 James Parton Captains of Industry 1890 399 Internet Freeware 22 Bruno R. Preiss Data Structures and 1998 Internet
  • UML Ou Merise)

    UML Ou Merise)

    Présenté par : M. Bouderbala Promotion : 3ème Année LMD Informatique / Semestre N°5 Etablissement : Centre Universitaire de Relizane Année Universitaire : 2020/2021 Elaboré par M.Bouderbala / CUR 1 Elaboré par M.Bouderbala / CUR 2 Croquis, maquette et prototype et après …? Elaboré par M.Bouderbala / CUR 3 système interactif vs. système algorithmique Système algorithmique (fermé) : lit des entrées, calcule, produit un résultat il y a un état final Système interactif (ouvert) : évènements provenant de l’extérieur boucle infinie, non déterministe Elaboré par M.Bouderbala / CUR 4 Problème Nous avons appris à programmer des algorithmes (la partie “calcul”) La plupart des langages de programmation (C, C++, Java, Lisp, Scheme, Ada, Pascal, Fortran, Cobol, ...) sont conçus pour écrire des algorithmes, pas des systèmes interactifs Elaboré par M.Bouderbala / CUR 5 Les Bibliothèques graphique Un widget toolkit ( Boite d'outil de composant d'interface graphique) est une bibliothèque logicielle destinée à concevoir des interfaces graphiques. Fonctionnalités pour faciliter la programmation d’applications graphiques interactives (et gérer les entrées) Windows : MFC (Microsoft Foundation Class), Windows Forms (NET Framework) Mac OS X : Cocoa Unix/Linux : Motif Multiplateforme : Java AWT/Swing, QT, GTK Elaboré par M.Bouderbala / CUR 6 Bibliothèque graphique Une Bibliothèque graphique est une bibliothèque logicielle spécialisée dans les fonctions graphiques. Elle permet d'ajouter des fonctions graphiques à un programme. Ces fonctions sont classables en trois types qui sont apparus dans cet ordre chronologique et de complexité croissante : 1. Les bibliothèques de tracé d'éléments 2D 2. Les bibliothèques d'interface utilisateur 3. Les bibliothèques 3D Elaboré par M.Bouderbala / CUR 7 Les bibliothèques de tracé d'éléments 2D Ces bibliothèques sont également dites bas niveau.
  • GNU Emacs Manual

    GNU Emacs Manual

    GNU Emacs Manual GNU Emacs Manual Sixteenth Edition, Updated for Emacs Version 22.1. Richard Stallman This is the Sixteenth edition of the GNU Emacs Manual, updated for Emacs version 22.1. Copyright c 1985, 1986, 1987, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being \The GNU Manifesto," \Distribution" and \GNU GENERAL PUBLIC LICENSE," with the Front-Cover texts being \A GNU Manual," and with the Back-Cover Texts as in (a) below. A copy of the license is included in the section entitled \GNU Free Documentation License." (a) The FSF's Back-Cover Text is: \You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development." Published by the Free Software Foundation 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA ISBN 1-882114-86-8 Cover art by Etienne Suvasa. i Short Contents Preface ::::::::::::::::::::::::::::::::::::::::::::::::: 1 Distribution ::::::::::::::::::::::::::::::::::::::::::::: 2 Introduction ::::::::::::::::::::::::::::::::::::::::::::: 5 1 The Organization of the Screen :::::::::::::::::::::::::: 6 2 Characters, Keys and Commands ::::::::::::::::::::::: 11 3 Entering and Exiting Emacs ::::::::::::::::::::::::::: 15 4 Basic Editing
  • Visualization Program Development Using Java

    Visualization Program Development Using Java

    JAERI-Data/Code 2002-003 Japan Atomic Energy Research Institute - (x 319-1195 ^J^*g|55lfi5*-/SWB*J|f^^W^3fFti)) T?1fi^C «k This report is issued irregularly. Inquiries about availability of the reports should be addressed to Research Information Division, Department of Intellectual Resources, Japan Atomic Energy Research Institute, Tokai-mura, Naka-gun, Ibaraki-ken T 319-1195, Japan. © Japan Atomic Energy Research Institute, 2002 JAERI- Data/Code 2002-003 Java \Z w-mm n ( 2002 %. 1 ^ 31 B Java *ffitt, -f >*- —tf—T -7x-x (GUI) •fi3.t>*> Java ff , Java #t : T619-0215 ^^^ 8-1 JAERI-Data/Code 2002-003 Visualization Program Development Using Java Akira SASAKI, Keiko SUTO and Hisashi YOKOTA* Advanced Photon Research Center Kansai Research Establishment Japan Atomic Energy Research Institute Kizu-cho, Souraku-gun, Kyoto-fu ( Received January 31, 2002 ) Method of visualization programs using Java for the PC with the graphical user interface (GUI) is discussed, and applied to the visualization and analysis of ID and 2D data from experiments and numerical simulations. Based on an investigation of programming techniques such as drawing graphics and event driven program, example codes are provided in which GUI is implemented using the Abstract Window Toolkit (AWT). The marked advantage of Java comes from the inclusion of library routines for graphics and networking as its language specification, which enables ordinary scientific programmers to make interactive visualization a part of their simulation codes. Moreover, the Java programs are machine independent at the source level. Object oriented programming (OOP) methods used in Java programming will be useful for developing large scientific codes which includes number of modules with better maintenance ability.
  • Analisi Del Progetto Mozilla

    Analisi Del Progetto Mozilla

    Università degli studi di Padova Facoltà di Scienze Matematiche, Fisiche e Naturali Corso di Laurea in Informatica Relazione per il corso di Tecnologie Open Source Analisi del progetto Mozilla Autore: Marco Teoli A.A 2008/09 Consegnato: 30/06/2009 “ Open source does work, but it is most definitely not a panacea. If there's a cautionary tale here, it is that you can't take a dying project, sprinkle it with the magic pixie dust of "open source", and have everything magically work out. Software is hard. The issues aren't that simple. ” Jamie Zawinski Indice Introduzione................................................................................................................................3 Vision .........................................................................................................................................4 Mozilla Labs...........................................................................................................................5 Storia...........................................................................................................................................6 Mozilla Labs e i progetti di R&D...........................................................................................8 Mercato.......................................................................................................................................9 Tipologia di mercato e di utenti..............................................................................................9 Quote di mercato (Firefox).....................................................................................................9
  • Peer Participation and Software

    Peer Participation and Software

    Peer Participation and Software This report was made possible by the grants from the John D. and Cath- erine T. MacArthur Foundation in connection with its grant-making initiative on Digital Media and Learning. For more information on the initiative visit www.macfound.org. The John D. and Catherine T. MacArthur Foundation Reports on Digital Media and Learning Peer Participation and Software: What Mozilla Has to Teach Government by David R. Booth The Future of Learning Institutions in a Digital Age by Cathy N. Davidson and David Theo Goldberg with the assistance of Zoë Marie Jones The Future of Thinking: Learning Institutions in a Digital Age by Cathy N. Davidson and David Theo Goldberg with the assistance of Zoë Marie Jones New Digital Media and Learning as an Emerging Area and “Worked Examples” as One Way Forward by James Paul Gee Living and Learning with New Media: Summary of Findings from the Digital Youth Project by Mizuko Ito, Heather Horst, Matteo Bittanti, danah boyd, Becky Herr-Stephenson, Patricia G. Lange, C. J. Pascoe, and Laura Robinson with Sonja Baumer, Rachel Cody, Dilan Mahendran, Katynka Z. Martínez, Dan Perkel, Christo Sims, and Lisa Tripp Young People, Ethics, and the New Digital Media: A Synthesis from the GoodPlay Project by Carrie James with Katie Davis, Andrea Flores, John M. Francis, Lindsay Pettingill, Margaret Rundle, and Howard Gardner Confronting the Challenges of Participatory Culture: Media Education for the 21st Century by Henry Jenkins (P.I.) with Ravi Purushotma, Margaret Weigel, Katie Clinton, and Alice J. Robison The Civic Potential of Video Games by Joseph Kahne, Ellen Middaugh, and Chris Evans Peer Production and Software What Mozilla Has to Teach Government David R.
  • QEMU Interface Introspection: from Hacks to Solutions

    QEMU Interface Introspection: from Hacks to Solutions

    QEMU interface introspection: From hacks to solutions Markus Armbruster <[email protected]> KVM Forum 2015 Part I What’s the problem? Interfacing with QEMU QEMU provides interfaces QMP Monitor Command line to management applications like libvirt QEMU evolves rapidly Many interface versions Our command line is big In v2.4: 139 total options -14 deprecated -2 internal use 123 supported options 0.57kg If I had a coin for each of them. It’s big: output of -help QEMU emulator version 2.3.93, Copyright (c) 2003-2008 Fabrice Bellard -alt-grab use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt) configure a network backend to connect to another network -incoming rdma:host:port[,ipv4][,ipv6] usage: upstream-qemu [options] [disk_image] -ctrl-grab use Right-Ctrl to grab mouse (instead of Ctrl-Alt) using an UDP tunnel -incoming unix:socketpath -no-quit disable SDL window close capability -netdev vhost-user,id=str,chardev=dev[,vhostforce=on|off] prepare for incoming migration, listen on ’disk_image’ is a raw hard disk image for IDE hard disk 0 -sdl enable SDL configure a vhost-user network, backed by a chardev ’dev’ specified protocol and socket address -spice [port=port][,tls-port=secured-port][,x509-dir=<dir>] -netdev hubport,id=str,hubid=n -incoming fd:fd Standard options: [,x509-key-file=<file>][,x509-key-password=<file>] configure a hub port on QEMU VLAN ’n’ -incoming exec:cmdline -h or -help display this help and exit [,x509-cert-file=<file>][,x509-cacert-file=<file>] -net nic[,vlan=n][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]
  • John F. Kennedy School of Government Harvard University Faculty Research Working Papers Series

    John F. Kennedy School of Government Harvard University Faculty Research Working Papers Series

    John F. Kennedy School of Government Harvard University Faculty Research Working Papers Series Code as Governance, The Governance of Code Serena Syme and L. Jean Camp April 2001 RWP01-014 The views expressed in the KSG Faculty Research Working Paper Series are those of the author(s) and do not necessarily reflect those of the John F. Kennedy School of Government or Harvard University. All works posted here are owned and copyrighted by the author(s). Papers may be downloaded for personal use only. THE GOVERNANCE OF CODE: CODE AS GOVERNANCE Page: 1 THE GOVERNANCE OF CODE: CODE AS GOVERNANCE Serena Syme1 L. Jean Camp2 Masters of Public Policy Assistant Professor Kennedy School of Government Kennedy School of Government Harvard University Harvard University Cambridge, MA 02138 Cambridge, MA 02138 [email protected] [email protected] 617-596-4738 617-496-6331 www.ljean.net The governance of a network society is tightly bound to the nature of property rights created for information. The establishment of a market involves the development of a bundle of rights that both create property and define the rules under which property-based transactions might occur. The fundamental thesis of this work is that the creation of property through licensing offers different views of the governance of the network society. Thus this article offers distinct views of the network society drawn from examinations of the various forms of governance currently applied to code, namely: open code licensing, public domain code, proprietary licenses, and the Uniform Computer Information Transactions Act (UCITA). The open code licenses addressed here are the GNU Public License, the BSD license, the artistic license, and the Mozilla license.
  • How Bad Can It Git? Characterizing Secret Leakage in Public Github Repositories

    How Bad Can It Git? Characterizing Secret Leakage in Public Github Repositories

    How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories Michael Meli Matthew R. McNiece Bradley Reaves North Carolina State University North Carolina State University North Carolina State University [email protected] Cisco Systems, Inc. [email protected] [email protected] Abstract—GitHub and similar platforms have made public leaked in this way have been exploited before [4], [8], [21], [25], collaborative development of software commonplace. However, a [41], [46]. While this problem is known, it remains unknown to problem arises when this public code must manage authentication what extent secrets are leaked and how attackers can efficiently secrets, such as API keys or cryptographic secrets. These secrets and effectively extract these secrets. must be kept private for security, yet common development practices like adding these secrets to code make accidental leakage In this paper, we present the first comprehensive, longi- frequent. In this paper, we present the first large-scale and tudinal analysis of secret leakage on GitHub. We build and longitudinal analysis of secret leakage on GitHub. We examine evaluate two different approaches for mining secrets: one is able billions of files collected using two complementary approaches: a to discover 99% of newly committed files containing secrets in nearly six-month scan of real-time public GitHub commits and a public snapshot covering 13% of open-source repositories. We real time, while the other leverages a large snapshot covering focus on private key files and 11 high-impact platforms with 13% of all public repositories, some dating to GitHub’s creation. distinctive API key formats. This focus allows us to develop We examine millions of repositories and billions of files to conservative detection techniques that we manually and automat- recover hundreds of thousands of secrets targeting 11 different ically evaluate to ensure accurate results.
  • Github Pull Request Review

    Github Pull Request Review

    Github Pull Request Review Archaic and delegable Pierre prenotifying her longboat reactivating while Hartley reflow some intercross fadelessly. Narratable and thickhydropathic when Pincus Francois emerged reintegrate his timing. her bedchambers filigree or deactivate tamely. Unlearned and chiromantic Bearnard never outmeasuring There is merged soon, optimize this can request review status becomes quite clear based on their code management repositories that we would react to uninstall the pros and By dzone contributors, required for projects have fixed by everyone who can. In this palace, the toolbar will show why green Checks donut, a grey Changes revision, and grey zero counters in the remaining boxes. For this page with each other process, critical security expert from empirical and. Do at production data obtained from visual studio code review so that you if you want you selected, you a pull request that bad practice. Github will see? In github pull request review your first was this. Program readability: procedures versus comments. If any change on changes in progress and effective code coverage changes in that all pull request? Stripe is not have made for other reviewers are. Haacked is a blog about Technology, Software, Management, and fast Source. Even if there is in github or bandwidth costs go read way you can be detected by submitting are changes into new posts in github pull request review time for agility, requiring signed out. Rbac rules and code and more hunting down a nice aspect of incoming pr will update it more merge methods to! Review apps will spend some changes might require a pull reminders for.