This article is the first of a set supporting the conclusion that the GPL family of copy left licences are the best ones for maintaining a healthy development pace while providing a framework for corporations and users to influence the code base. It is based on an expansion of the thoughts behind the presentation GPL: The Best Business Licence for Corporate Code at the Compliance Summit 2017 in Yokohama.
A Community of Developers
The standard definition of any group of people building some form of open source software is usually that they’re developers (people with the necessary technical skills to create or contribute to the project). In pretty much every developer driven community, they’re doing it because they get something out of the project itself (this is the scratch your own itch idea in the Cathedral and the Bazaar): usually because they use the project in some form, but sometimes because they’re fascinated by the ideas it embodies (this latter is really how the Linux Kernel got started because ordinarily a kernel on its own isn’t particularly useful but, for a lot of the developers, the ideas that went into creating unix were enormously fascinating and implementations were completely inaccessible in Europe thanks to the USL vs BSDi lawsuit).
The reason for discussing developer driven communities is very simple: they’re the predominant type of community in open source (Think Linux Kernel, Gnome, KDE etc) which implies that they’re the natural type of community that forms around shared code collaboration. In this model of interaction, community and code are interlinked: Caring for the code means you also care for the community. The health of this type of developer community is very easily checked: ask how many contributors would still contribute to the project if they weren’t paid to do it (reduction in patch volume doesn’t matter, just the desire to continue sending patches). If fewer than 50% of the core contributors would cease contributing if they weren’t paid then the community is unhealthy.
Developer driven communities suffer from three specific drawbacks:
- They’re fractious: people who care about stuff tend to spend a lot of time arguing about it. Usually some form of self organising leadership fixes a significant part of this, but it’s not guaranteed.
- Since the code is built by developers for developers (which is why they care about it) there’s no room for users who aren’t also developers in this model.
- The community is informal so there’s no organisation for corporations to have a peer relationship with, plus developers don’t tend to trust corporate motives anyway making it very difficult for corporations to join the community.
Trusting Corporations and Involving Users
Developer communities often distrust the motives of corporations because they think corporations don’t care about the code in the same way as developers do. This is actually completely true: developers care about code for its own sake but corporations care about code only as far as it furthers their business interests. However, this business interest motivation does provide the basis for trust within the community: as long as the developer community can see and understand the business motivation, they can trust the Corporation to do the right thing; within limits, of course, for instance code quality requirements of developers often conflict with time to release requirements for market opportunity. This shared interest in the code base becomes the framework for limited trust.
Enter the community manager: A community manager’s job, when executed properly, is twofold: one is to take corporate business plans and realign them so that some of the corporate goals align with those of useful open source communities and the second is to explain this goal alignment to the relevant communities. This means that a good community manager never touts corporate “community credentials” but instead explains in terms developers can understand the business reasons why the community and the corporation should work together. Once the goals are visible and aligned, the developer community will usually welcome the addition of paid corporate developers to work on the code. Paying for contributions is the most effective path for Corporations to exert significant influence on the community and assurance of goal alignment is how the community understands how this influence benefits the community.
Involving users is another benefit corporations can add to the developer ecosystem. Users who aren’t developers don’t have the technical skills necessary to make their voices and opinions heard within the developer driven community but corporations, which usually have paying users in some form consuming the packaged code, can respond to user input and could act as a proxy between the user base and the developer community. For some corporations responding to user feedback which enhances uptake of the product is a natural business goal. For others, it could be a goal the community manager pushes for within the corporation as a useful goal that would help business and which could be aligned with the developer community. In either case, as long as the motives and goals are clearly understood, the corporation can exert influence in the community directly on behalf of users.
Corporate Fear around Community Code
All corporations have a significant worry about investing in something which they don’t control. However, these worries become definite fears around community code because not only might it take a significant investment to exert the needed influence, there’s also the possibility that the investment might enable a competitor to secure market advantage.
Another big potential fear is loss of intellectual property in the form of patent grants. Specifically, permissive licences with patent grants allow any other entity to take the code on which the patent reads, incorporate it into a proprietary code base and then claim the benefit of the patent grant under the licence. This problem, essentially, means that, unless it doesn’t care about IP leakage (or the benefit gained outweighs the problem caused), no corporation should contribute code to which they own patents under a permissive licence with a patent grant.
Both of these fears are significant drivers of “privatisation”, the behaviour whereby a corporation takes community code but does all of its enhancements and modifications in secret and never contributes them back to the community, under the assumption that bearing the forking cost of doing this as less onerous than the problems above.
GPL is the Key to Allaying these Fears
The IP leak fear is easily allayed: whether the version of GPL that includes an explicit or implicit patent licence, the IP can only leak as far as the code can go and the code cannot be included in a proprietary product because of the reciprocal code release requirements, thus the Corporation always has visibility into how far the IP rights might leak by following licence mandated code releases.
GPL cannot entirely allay the fear of being out competed with your own code but it can, at least, ensure that if a competitor is using a modification of your code, you know about it (as do your competition), so everyone has a level playing field. Most customers tend to prefer active participants in open code bases, so to be competitive in the market places, corporations using the same code base tend to be trying to contribute actively. The reciprocal requirements of GPL provide assurance that no-one can go to market with a secret modification of the code base that they haven’t shared with others. Therefore, although corporations would prefer dominance and control, they’re prepared to settle for a fully level playing field, which the GPL provides.
Finally, from the community’s point of view, reciprocal licences prevent code privatisation (you can still work from a fork, but you must publish it) and thus encourage code sharing which tends to be a key community requirement.
In this first part, I conclude that the GPL, by ensuring fairness between mutually distrustful contributors and stemming IP leaks, can act as a guarantor of a workable code ecosystem for both developers and corporations and, by using the natural desire of corporations to appeal to customers, can use corporations to bridge the gap between user requirements and the developer community.
In the second part of this series, I’ll look at philosophy and governance and why GPL creates self regulating ecosystems which give corporations and users a useful function while not constraining the natural desire of developers to contribute and contrast this with other possible ecosystem models.
Thanks you for your post.
Can you explain a little bit more why “If fewer than 50% of the core contributors would cease contributing if they weren’t paid then the community is unhealthy,” is true?
What happens to the level playing field in the age of software as a service, when software is not distributed to users, and competitors are free to keep private modifications? Is that when AGPL is useful?
Essentially, I’m trying to provide a measure of engineer “enthusiasm”, which is the motive power for developer driven communities. In the old days it was measured by the accretion of pure volunteer (i.e. unpaid) contributors. However, in the modern world there are a lot of paid contributions to various projects, so I was looking for a test that could tell the difference between “hey I love working on this” and “well, I’m only working on this because someone pays me”. The former being equivalent to the old pure volunteer. “Would you work on this if you weren’t paid?” is the best test I could think of to distinguish between these two. I picked 50% because it’s half way between everyone would work on the project if unpaid and no-one would (we can both agree that these extremes definitely represent healthy and unhealthy ecosystems).
Lars asked for an AGPL discussion as well; I may do it but it’s not really the licence with which I have the most experience.
Pingback: Die KW 01/2018 im Link-Rückblick | artodeto's blog about coding, politics and the world