Don't Ask, Don't Tell - and OpenNTF
There's been a bit of a brouhaha (yeah, you got me, I've been looking for excuses to use that word...) about some of the changes to OpenNTF recently. I was about to link to them, but then I realized - you don't need links, just look for the heaviest traffic on PlanetLotus. :D
In case you've been living in a cave, IBM is officially involved in OpenNTF now, for the first time ever, and we're starting to see the impact of that. Among other things (like heavy, paid involvement from Messrs Castledine and Heidloff), there is a new "catalog" of officially sanctioned projects. In order to become approved, there are some new requirements. This is where the complaints start to show up, of course. We all know that nobody likes change, so a certain amount of grief is inevitable. The devil is in the details, though, as they say. So, the controversies are (drumroll, please):
1. For one thing, the only approved projects at this point come from IBM themselves. That makes sense, of course - they had to have some projects to use as guinea pigs and it makes sense to choose their own. The IBM projects are also the only ones that meet the criteria at this point, because - obviously - none of the major project owners knew the details about those requirements. That's unavoidable. As long as non-IBM projects start to be approved at some point, I don't see an issue here.
2. Another item, a bit more contentious, is the licensing requirements. The approved catalog requires the Apache license (at this point, though there is a board of reputable people involved [plus Nathan - :P] and things could change if the board decides they should). The Apache license basically says that anybody can take your code, or part of it, and sell it (or give it away) themselves. So, the code is truly OPEN at that point. Some current OpenNTF participants really prefer a GPL model, where use of their code in any other application requires THAT application to be released under the GPL. This is a tricky issue, because a lot of developers would be quite unhappy if somebody else took their code and made a fortune off it. On the other hand, many corporations will never implement a GPL'd application because of the possibility that they'd be required to give away all of the internal code. It's not a simple question, and it's been a big bone of contention ever since OpenNTF was launched. So while the apache license requirement raises some questions and will require some good communication and education within the community, it's a net positive to have this issue addressed. Finally.
2 (a). A corollary to this, though, is that only Apache licensed code (APL, from now on) will be listed in the new "catalog" - actually, only APL code that's been approved for quality AND has item #3 below under control - the existing projects won't be moved into the catalog until they meet the criteria. I don't agree with that. News flash: we're computer geeks. I'm pretty sure we can manage to come up with a way to have one catalog display both the fully IBM-ified, APLed, verified applications as well as the existing projects that drove the entire OpenNTF community and made it worthwhile for IBM to get involved. The way it's being handled now, there are two classes of apps, and as a certified flaming liberal (TM), I gotta tell ya - separate but equal isn't. Equal, that is. And for projects like BlogSphere or OpenLog to be considered second class citizens is more than a bit obnoxious.
Here's an idea. Use a freakin' flag field (or more than one) to indicate the various levels of approval a project has reached. Some may be APLed, but not pass muster because of a lack of documentation. Some might have truly outstanding documentation (OpenLog, I'm lookin' at you) but not be APLed. What's wrong with listing them all in the same place, sortable and searchable in multiple ways? From a UI perspective, that's not rocket science. And in terms of respect owed to the people who put so much time and effort into their projects, it should be a no-brainer.
3. One other requirement says that in order to submit code to an approved project, all developers have to send an official approval from their employer, stating that they are allowed to share this code. This one is very controversial, too. And this is something I will have trouble with, personally. See, Acme Inc, aka my employer, would never agree to that in a million years. There's no imaginable future in which the legal and security overlords will publicly assert anything on any subject at all that Acme Inc doesn't absolutely require in order to run its business. I don't know how typical that is, and certainly we are on the extreme end of a number of policies related to IT, legal, and security issues. But as currently written, that requirement bans me from contributing anything to any new (or approved, sanctioned, etc) OpenNTF projects. Now, since I've contributed to only one so far (and that, extremely minimally), that's not a huge loss. There are a couple of things I was hoping to contribute - new projects - but those will now obviously not happen. And there is certainly a very good reason for this requirement. Some companies have contracts with their developers that claim ownership of anything that developer creates, regardless of whether the work is done at work or during business hours. In other words, if you have signed that sort of contract, you are not allowed to run a consulting shop in your spare time and you're definitely not supposed to contribute to open source projects. So if you've signed said contract, you create an open source project, and Company X uses said project then Company X can be liable for a civil suit. Not cool.
So, while we're waiting here between paragraphs, why does the title of this post include the "Don't Ask, Don't Tell" phrase (aka DADT) most commonly associated with US military policy designed to allow homophobes to pretend they're ostriches ("nope, no gays here, I don't see 'em so they must not be here...")?
Funny thing. DADT is similar to the deal I have with Acme, Inc about my role outside of the company. I speak at conferences, write articles, and blog about all kinds of stuff. I don't say anything about Acme, and Acme doesn't ask me what I'm doing. That's the deal. I can't mention the company name in any way (not even on my Lotusphere badge). In exchange for that, they let me do what I enjoy doing. I did NOT sign a contract that says Acme owns my intellectual property (and I never would, though I'm assured by my brother the hotshot lawyer that they're unenforceable in the real world - but remember, IANAL nor do I play one on TV). But they won't attest to that publicly because there's no benefit to them in doing so - certainly not enough benefit to outweigh their legal/security concerns.
And in this one, rare case, I know I'm not unusual. A lot of IT geeks have second careers outside of the day job, many of them have not signed intellectual property clauses, and most of those people will not be able to get their companies to go public about that. There's a bit of a contradiction here, ironically. The companies most likely to require intellectual property clauses are IT services/consulting companies. These companies make their money on the intellectual property, while the rest of us make our money selling widgets. Those are also the companies most likely to be willing to allow their people to open source a project, because it's good PR for them to be recognized as authorities in the various technologies. So the OpenNTF folks have created a rule that allows those folks to participate, which is great. But in doing so, they're preventing another set of people from participating, and that's not great. It may be necessary, but it's not a good thing.
It may be worthwhile to explore opportunities to change that. I don't *personally* see why project owners and contributors can't simply be identified (by their profile) as either having official corporate approval or not. That information could then drive policies around who is allowed to work on what project. It might be that the DADT crowd could only work on projects with each other. But if those projects are of high quality, they should be in the catalog along with the others, flagged to indicate that they cannot be used by companies concerned about the legal ramifications. People could use them personally, people could learn from them, and some companies could use them as they are - which is exactly what happens now. It's not as good a result as the one obtained by projects that meet all of the new requirements - don't get me wrong, I'm under no false illusion - the apps that meet the new requirements could conceivably be much more widely adopted in the major Notes customer sites. And that would be a Very Good Thing. But in my never particularly humble opinion, banning a Pretty Good Thing shouldn't be a pre-req to achieving a Very Good Thing.
| Permalink | 
- 
Comments
one day, when I decide to code Notes stuff (im an admin) and if i get involved, it sure won't be under the name of the organization i work with, i just don't see it happening with the bigwigs. I'll do it under my name.
Posted by Patrick Picard At 07:51:43 PM On 05/13/2009 | - Website - |
As while your brother is right, that is really only in CA - they have been enforced in IL, NY, and MA. And by accepting a paycheck from your employeer, you might be under that umbrella even if you don't sign. Lots of things here that are blurry since its mostly theory law vs case law. And I am not an attorney. One of the things I want to do is get a third-party attorney involved in the discussions ASAP - its been IBM attorneys up to this point.
Anyways, good thoughts and pushing the discussion forward.
Posted by John Head At 08:29:21 PM On 05/13/2009 | - Website - |
Posted by Nathan T. Freeman At 09:46:56 PM On 05/13/2009 | - Website - |
If it is fuzzy with your company you are better off getting it in writing rather then getting hamstrung later if you use DADT.
Posted by Simon O'Doherty At 01:09:47 AM On 05/14/2009 | - Website - |
I'm not an expert in all types of licenses like GPL but from comment 24 in Steve's blog entry GPL does NOT solve the concern from various people that other people can make money with their IP.
We thought about having a flag for each entry in the catalog with the license. Technically this is of course trivial to implement. It is a conceptional question whether OpenNTF wants to promote primarily the reusable code or also other code. I stated my personal opinion in other blog entries but this is really a decision the steering committee will have to make.
We had the discussion about the employer's consent. I agree it is not perfect but I was told from legal people that it is unavoidable for due diligence and ALv2. That is the cost of the nice benefits of ALv2.
While IBM has an interest in ALv2 to potentially reuse code from OpenNTF, it is clearly not only IBM. This enables ISVs and customers and everyone to do the same thing which was really our main reason for doing this.
Also if we had more than one preferred license re-use of code between projects would be very hard legally. I want developers to be able to re-use code from one OpenNTF project and use it in new projects, components, controls, etc.
Posted by Niklas Heidloff At 02:01:44 AM On 05/14/2009 | - Website - |
To quote a friend of mine who cannot publicly put his name on this comment: "Employer consent? That's a non-starter for essentially everyone. Every large company I've ever worked in would say "No" before you even finished asking the question. Small companies [let's face it] don't use Lotus Notes in the first place. Consultancies are too paranoid about competitive advantage to put good code out there. And contractors are generally bound by the same "you write it, we own it" clauses in their contracts that BigCo FTE's are. So who's left to contribute code?"
And John, I know you hate anonymous comments. But that's KIND OF THE WHOLE POINT. Emphasis mine. As it happens, I agree with this person 100%, so you can consider the comment mine - I even got permission to reuse it under this license: { Link }
@2 - Thanks, but now I'm confused. I've already GOT the IBM templates. The code is all there (and some of it - not so good, as you undoubtedly know). As far as I know, there's nothing preventing anyone from reusing it now - and people do it, in commercial products. So where's the benefit in having those templates on OpenNTF? You want the community to improve them all and then donate the code? Doesn't that already happen with the mail template?
@3 - *chuckle* I ALMOST made it through a blog post without getting political, though, didn't I? Give me credit for trying, at least, man! And to answer your question, as you expect - no, I don't think it's a good solution at all. It's the only solution that allows me to do this, though, because my employer (like the US government) doesn't realize they're wrong. And I have no power to force them, so this is the best I can do at this point.
@4 - No can do, sir, unless I simply want to stop participating online at all. I'm not suggesting it's a good thing, but it is what it is. And I'm not the only one in this boat, either.
@5 - I think Kerr's point about the meaning of the GPL (for those who don't know, it's here - #24: { Link } ) is semantically true, but logically less important than he thinks. It's true that one can sell GPLed code, of course. It's also true that the people the GPL-boosters are worried about (unethical code stealers, fundamentally) will never release there products in the open. So that comment is accurate, but moot, in my opinion. I'm speaking not as a licensing expert or lawyer (neither of which I am), but as a pragmatist.
And while the Apache license definitely works for IBM, I can assure you that, in and of itself, it doesn't work at all for one large IBM customer, the legendary Acme, Inc. I've raised this point in other (private) venues, but if IBM truly wants participation from customers like us, they should offer the legal reasoning behind their own participation. Not that it's easy to get two lawyers to agree, but at least then those of us who also labor under their dominance would have a case to make, with powerful backing. Our lawyers might still disagree, but they'd have to admit that if IBM approves of it, there's been some non-trivial legal review of the issue and we should consider IBM's logic.
As I said in the post, I understand the logic behind the employer consent requirement, but it has significant negative consequences and the OpenNTF board should consider ways to ameliorate those consequences if possible.
I also understand your point about reusable components, and I agree that reusability is very desirable. I think it's a fairly trivial technical problem, though, to allow people to contribute code under more than one license. Creating a new project and want to reuse some code? Great, here's a listing of all the Apache licensed code at the side, choose your components and we'll build you a shell NTF behind the scenes to start from. Cool, very cool. But no less cool if there's some other, non-Apache projects on the site. It's unfortunately guaranteed that there will be some current OpenNTF projects that will not (can not) convert to Apache. Since they'll never be reusable in Apache projects anyway, where's the harm in allowing them to coexist? It's not a zero sum game, where you get more reusable code if you force everyone to either use Apache or leave OpenNTF.
In any event, you've clearly thought about these questions before, while the rest of us are just getting started. I'm not going to convince you to change your mind. I'm a bit concerned that all of the members of the board have already made up their minds, even though there have been no meetings, because we've already heard from several of them in this online discussion and they're all toeing the proverbial party line - so I don't hold out much hope for that promised first meeting.
You know what would be interesting? I'd like to see every board member contribute a new, significant project under precisely these terms. I'm aware, of course, that IBM will have no trouble there. What say the other board members? Money where their proverbial mouths are?
Posted by Rob McDonagh At 06:58:10 AM On 05/14/2009 | - Website - |
Still, I thought it worth pointing out that some of the concerns people have aren't solved by the GPL. Anywho..
One thing that I'm not clear on is the employer bit. The Apache Foundation have generally got their collective heads screwed on, so if they are happy with clause 4 in their Individual Contributor License Agreement { Link } why not OpenNTF.
"4. You represent that you are legally entitled to grant the above
license. If your employer(s) has rights to intellectual property
that you create that includes your Contributions, you represent
that you have received permission to make Contributions on behalf
of that employer, that your employer has waived such rights for
your Contributions to the Foundation, or that your employer has
executed a separate Corporate CLA with the Foundation."
Clearly that's also good enough for IBM, since they're quite happy to take code for Apache projects.
Of course that might be one of the reasons why Acme inc. wouldn't take anything from Apache. Not that I'm asking, but cough once then whistle the intro to Young Folk, if I'm right ;) Is the the licence they arn't happy with or the ability for the organization they get the code from to indemnify them?
Posted by Kerr At 12:27:31 PM On 05/14/2009 | - Website - |
I assure you that if we CAN streamline the contribution process, we will.
Posted by Nathan T. Freeman At 12:41:23 PM On 05/14/2009 | - Website - |
Posterious is cool, but I think it's "bigger than a tweet, smaller than a blog" footprint leads to a lack of in-depth and well thought out blog postings.
Glad you took the time to do a real post.
Posted by Devin Olson At 09:45:48 AM On 06/17/2009 | - Website - |
Posted by Speed Dating NJ At 01:33:53 PM On 08/14/2009 | - Website - |
Posted by tk9988 At 06:14:02 PM On 01/27/2010 | - Website - |
Symphony plug-ins work in Notes, has a good reputation, open, free, etc.
The committee feels this is a good idea.
Posted by web development At 10:09:27 PM On 03/07/2010 | - Website - |