How would you like the feedback? Edit the word doc with 'track changes',
and upload to the google-group?
G
------------------------------------------------------------------------
Garrett Serack | Open Source Software Developer | Microsoft Corporation
I don't make the software you use; I make the software you use better on Windows.
I don't see any provisions for 'accepting' projects that are already
emplaced somewhere.
For example (my favourite, of course), the Apache Web server. Or SpamAssassin.
Or Eclipse. Or KDE. Et cetera. Perhaps I'm misunderstanding, but it
appears that
the Foundation will benefit only those projects living on the
Foundation's infrastructure.
I'm not saying that's a bad thing, but it _does_ seem a bit limiting.
With the 'facilitating
communication' meme stuck in my head, I could see CF providing bridges between
existing projects and commercial entities *in addition to* direct
sponsorship of project
infrastructure. Helping popular and useful, but commercially-unknown,
projects find
sponsors or gain commercial mindshare is something in which I'd expect CF to be
interested.
Am I 'way off base here?
--
Ken Coar
OSS developer, opinionist, author, and sanagendamgagwedweinini
Or is the infrastructure in question *not* a forge-like thing? I'll re-read
with that as an assumption instead and see what I get. :-)
I apologize for the length of this, it kinda got away from me.
+------------------+
+ General comments +
+------------------+
It feels as if there are three separate (perhaps four) separate concepts
being proposed here:
1. The vision/philosophy the Foundation is employing to drive the design
of the Foundation itself. I'm really glad that this document talks about
some of this, it really helps to distinguish the difference between the CPF
and other open source foundations like Apache, Eclipse or Mozilla. I'd
recommend that this be spun out into a more formal document that continues
to talk about the Foundation in broad terms, as the basis for further work.
2. The creation of a Gallery (process and requirements)
This should be spun out into a specification document that clearly outlines
the process, requirements and forms required to initiate a new Gallery. It
would also be valuable to clearly understand the Foundation's
responsibilities towards the Galleries, specifically the activities of
the Technical Program Manager and the Mentors.
Since all the fruit of the Foundation lies in the projects that Galleries
contain, this needs to be addressed in clear, unambiguous documentation as
soon as possible, so that we can spin up some galleries!
3. The creation or adoption of a project by a Gallery (process & req's)
This too should be spun out into a specification document that clearly
outlines the process, requirements and forms required to bootstrap a
project into a Gallery.
4. (The acceptance of a committer)
Spun out into its own doc too, or just a section in project
process/requirements doc?
I'm concerned in the purpose of Board of Directors' oversight deep into
Galleries and over individual projects. Should this not be left to the
responsibility of the Gallery sponsor? I guess I'm asking why there are
responsibilities being reserved for the BoD, as opposed to trusting the
Gallery sponsor, who has already had to demonstrate strong commitment
to get a Gallery created.
If the powers of the Foundation are concentrated at the top in the BoD, this
will increase the *desire* for a sponsoring company to have a representative
on the BoD, so as to have more 'influence' in the running of the
foundation (and its own sponsored Gallery or projects)
Conversely, if the Foundation would place more trust and responsibilities
with the Gallery Sponsors, there would likely be decreased reason for
companies to seek representation on the Board.
+-----------------+
+ Document Format +
+-----------------+
This document gives a great overview of the whole process of initiating
projects in the Foundation. In the spinning out of the documents into more
formalized specifications, perhaps the Foundation adopt a few 'best-
practices' from the industry around the creation of such specifications.
The IETF has published RFC1543 (http://tools.ietf.org/html/rfc1543)--
"Instructions to RFC Authors" which defines a clear and concise textual
format for RFCs. If the Foundation could adopt/adapt RFC1543 for creating
its own standards and specifications in order that the documents are clear,
consistent and accessible (hint: text files are universal ;D).
FYI: The IETF has a page which talks about their overall process
for creating RFCs at (http://www.ietf.org/about/process-docs.html).
The most significant document referenced there is RFC2026
(http://www.ietf.org/rfc/rfc2026.txt)-"The Internet Standards Process"
And another RFC worth looking at is RFC2119: "Key words for use in
RFCs to Indicate Requirement Levels"
(http://www.ietf.org/rfc/rfc2119.txt)
+-------------------+
+ Specific Comments +
+-------------------+
Page 5 under "Organization Structure"
------
"A Gallery can be run directly by the foundation or sponsored by a 3rd party,
typically a corporation."
Under what conditions would this *not* be a corporation (regardless of
profit/non-profit/charity status)? The only other choices are:
- an individual, and it seems unlikely that the criteria could be
successfully applied to an individual.
- A non-incorporated collection of individuals, (ie, a partnership).
Again, seems unlikely.
Page 5 under "Gallery Creation Checklist"
------
"Gallery Creation Application Form Submitted to Foundation"
Is there a form somewhere?
Page 5 under "Gallery Creation Checklist"
------
"Gallery Manager on board (appointed by sponsor)"
"on board" could be conflated with 'on board of directors' or 'on board
of advisors' Perhaps it should just say "Gallery Manager appointed
by Sponsor"
Page 6 under "Gallery Creation Checklist"
------
"Mentor Assigned from Board of Directors or Advisors" (gallery)
"Project Mentor selected or Technical Program Manager Assigned" (project)
It's unclear, is there a per-gallery mentor, or a per-project mentor?
(there is a similar requirement listed)
Page 6 under "Gallery Creation Checklist"
------
"After 3 years Gallery progress reviewed and board with vote to extend for
another 3 years or move projects "to storage" "
What are the criteria the board will use to guide their decision?
Page 6 under "Gallery Creation Checklist"
------
"A few Galleries will be operated directly by the Foundation Board of
Directors"
What is the process for getting the Foundation board to sponsor a
gallery?
Page 6 "How a Project Joins the Foundation"
------
"How a Project Joins the Foundation"
This whole section seems to skew towards *existing* projects joining a
Gallery in the Foundation. For brand new projects, these requirements
can be a catch-22, in that they need to be met before they can be
accepted, and being accepted may make it easier to meet the
requirements.
Page 7 under "Project Acceptance Checklist"
------
"3 Committers (Signed Contributor License Agreements)"
I can see the reasoning for this, but does this *really* guarantee
project viability? I can easily find an additional one or two people
who agree to become committers in order to round out a team in order
to literally meet the requirement, but they may never really commit
code.
As well, even if there are three active committers, social discord
could cause a one or two of them to leave the project-what happens
then?
Page 7 under "Project Acceptance Checklist"
------
"2-3 Major project releases"
Under what conditions would 2 not be ok, where three would be,
or would 4 major releases be too many?
Page 7 under "Project Acceptance Checklist"
------
"List of key adopters (e.g. if the Olympics are using version 1 they
would still qualify)"
This is an odd qualification-specifically, if there is only *one* key
adopter, what happens if they stop adopting it? If the other two
viability tests are not met, but this one is, is this really enough
to justify accepting a project?
Look at it this way: Every four years, the Olympics gets a
makeover-who says they won't change technologies drastically in
that time?
Page 7 under "Project Acceptance Checklist"
------
"3 Year Resource Commitment from a Commercial Sponsor"
When you say commitment, how *binding* is that commitment? The vast
majority of companies I've worked for tend to shy away from strong
binding commitments that span across fiscal years. For a brand new
project, this is the only viability criteria that *could* be
satisfied, and this would be a hard sell to management.
Page 8 under "Project Acceptance Checklist"
------
"Foundation board of directors votes (simple majority) to accept the Project"
I'm curious about this a bit. Why have the board micro-manage project
acceptance of the individual galleries? If the project criteria are met,
under what circumstances would the board not accept the project? If
the gallery sponsor has already pledged enough resources to maintain
the project, and it passes viability tests, this seems a bit excessively
bureaucratic in nature.
+----------------+
+ Other Thoughts +
+----------------+
One of the really cool things about the Apache Foundation is their "Incubator"
project that provides a place for brand-new tiny projects to live until they
become larger.
Perhaps the CPF could also provide an Incubator Gallery of some sort.
---
Garrett Serack | Open Source Software Developer | Microsoft Corporation
I don't make the software you use; I make the software you use better on Windows.
-----Original Message-----
From: codeplex-...@googlegroups.com [mailto:codeplex-...@googlegroups.com] On Behalf Of Mark
Sent: Thursday, October 22, 2009 11:11 AM
To: CodePlex Foundation
I'll go through the document in order, then collect my conclusions,
and finally try to make some constructive suggestions.
====================
Document Examination
====================
Under _Vision_:
o 'The Foundation will provide central services and governance'
Services for both galleries and projects I can see, but governance
for projects? What was the thought here? I don't think project
governance is really in the Foundation's mission. Exactly what
services are going to be provided needs to be determined.
o 'Individual contributors, corporate sponsors, and project adopters'
What about project communities? I think the omission of that is an
oversight.
o 'Individual contributors bringing projects to the Foundation'
I'm not sure how to interpret this, so I think 'individual
contributors' is the wrong word choice. Replace it with 'project
communities' and I think it works.
o Can a project be in more than one gallery?
Under _Principles_
_Community Viability_
_Smart People Need Flexibility_:
o 'providing key resources (marketing, security, best practice
repository, etc.)'
The security aspect I'll touch on a bit more later, but the
actual list of services eventually needs to be more explicit than
'etc.' :-)
Under _Principles_
_Community Viability_
_Users Deserve Choice_:
o Allowing competitive projects is cool, but what about the
unlikely event of a CPF project being forked and the fork wanting
to be under CPF as well? That's an edge-condition, I know.
Under _Principles_
_Community Viability_
_Continual Improvement Through Sharing of Best Practices_:
o 'post-mortems of all projects after major releases'
Whoa, that's a can of interesting worms! I assume it's the
release process that will be examined each time rather than the
project itself? Or both? Hearing 'We're going to do a
post-mortem on your project after your next release' sounds like
a bit of a demotivating chore -- and actually kind of scary! :-)
Under _Principles_
_Commercial Friendly_
_Commercial Sponsorship of Galleries_:
o The missing bit here is commercial sponsorship of individual
projects -- which is actually a requirement under the 'Project
Acceptance Checklist'.
o How much does it cost to sponsor a gallery? A project?
o What happens to the sponsorship money? Is any available to the
projects?
Under _Organisational Structure_
_Gallery Creation Checklist_:
o The actual P&P for this section will need to be fleshed out
considerably. (See my suggestions at the end.)
o Gallery review only every three years? I think annual, if not
quarterly, reports are a must, informing the board (among others)
on activity and status of the gallery. And what about project
review? Do galleries review the progress of individual projects?
It's implied in _Ongoing Gallery Activities_, but I think it
needs to be spelt out.
Under _Organisational Structure_
_How a Project Joins the Foundation_
_Why a Project would Decide to Join the Foundation_:
o 'The Foundation will provide administrative and infrastructure
support to projects and their communities.'
This is really vague, and sounds as though there's a forge-like
aspect involved. Since this is one of the key aspects of the
Foundation, I think it really needs detailed explanation. Of
course, maybe there isn't one yet. :-)
Under _Organisational Structure_
_How a Project Joins the Foundation_
_Project Acceptance Checklist_:
o '3 committers (signed CLAs)'
I think the CLA issue is potentially knotty. I'll defer that
until later, though.
o '2-3 major releases'
What constitutes a 'major release'? Is the definition at the
project's discretion? Many projects consider release version 0.2
to be a major event.
o 'List of key adopters'
Again, what's the definition of a 'key adopter' and who gets to
decide?
o '3-year Resource Commitment from a Commercial Sponsor'
I think this one is going to be a show-stopper. A project needs
to have a commercial entity already signed on for 3 years of
support before the project can join the CPF?
Under _Organisational Structure_
_How an Individual Becomes a Committer_:
o 'The Project Contact will make sure that all of the necessary
CLAs have been signed and returned to the Foundation prior to
granting access to the source code tree'
I found this language ambiguous, and I think it added to my
confusion about whether CPF was going to be a forge.
For projects that already have a CLA process in place, I think
this could be a source of muddle, with the two lists getting out
of sync easily.
============================
Observations and Conclusions
============================
o I think the 'infrastructure' language is potentially misleading.
Lots of people think of infrastructure as meaning code repositories,
hosting systems, mailing lists, et cetera. I suspect that CPF's
contributions to its internal ecosphere will be the form of
'services,' such as marketing, legal support, and possibly financing
to some degree.
o The interactions between the various roles need to be fleshed out.
Also, contingency plans for resignations, removals, renegements
(e.g., sponsor cannot meet support commitment), and other
exceptions.
o The whole CLA (contributor licence agreement) issue needs to be
sorted out. The potential for excess paperwork seems pretty high.
o Similarly, I don't quite see how the CPF can reasonably be involved
in the whole committer approval process. That's very
project-specific.
o What about projects that want to form their own corporations, à la
Apache and Python? Can they do that under CPF? With CPF's
assistance? I'd like to think so.
o Relatedly, what about projects that are already incorporated? Can
they join CPF? Under what scenario? I'd like to think so on this
one, too.
o The 10'000-metre view of the Security Office sounds promising, but
it needs a lot more detail.
o I think that having a code of conduct/ethics or something similar
would be useful. (Think Debian's social contract, or Google's
'Don't be evil', as starting points.)
o I really like the Best Practices repository concept. I think it has
a lot of potential. We should nurture it.
===========
Suggestions
===========
o Provided that CPF is well funded and sponsored, I think one of the
services it provides to projects should be legal advice. Things
like helping a project draw up bylaws and articles of incorporation,
or choosing the right licence or CLA, or making sure copyright
notices are correctly displayed, or mark registration, and so on.
Dealing with litigation may end up being an issue at some point.
These are not things which I think will be handled in a timely
fashion as _pro bono_, hence my suggestion that CPF retain the legal
services.
o Development of a graph of expectations/responsibility/authority
among the various roles (Foundation, board, advisors, mentors,
gallery managers, technical program managers, sponsors, etc.) should
be on the to-do list. Probably not down to the contract level
(except between the CPF and sponsors), but a clear definition of
what is expected of each role, and what authority it has, will be a
necessity.
o The requirement for a 3-year commitment by a sponsor before a
project can be accepted could possibly be extended to include
willingness by the gallery's sponsor(s) to include the project in
their support.
o If CPF is really going to be involved in security, I think each
project is going to need a specific, responsive, authoritative point
of contact for security issues. This may or may not be the same as
the general contact for the project.
o Automatic filters watching BUGTRAQ for mention of CPF projects would
be a useful function of the Security Office.
o The Best Practices (BP) office could maintain a portfolio of
recommended/preferred CLAs, alongside the licences already
mentioned in the project draft.
o The BP office could perhaps include suggested processes for creating
committers, project voting, et cetera. As far as I know, no-one
else has a 'best practices' effort going, so CPF could codify stuff
for general consumption, not just for use by CPF's own projects.
o Perhaps one of the services CPF could provide to projects in
general, as well as its own, is an electronic repository of CLA
records. Projects that already have CLA systems could perhaps use
some sort of glue to join theirs to the CPF's. *That* could be a
big boon to the industry.
o Regarding the committer approval process, I recommend that CPF's
involvement be backed off to just providing a set of Best Practices.
o Involvement works in more than one direction. There's not only
adoption, but also contribution. Galleries should highlight
organisations that are contributing (manhours, other resources) to
projects as well as those which are using/adopting the code in their
own commercial products.
o Garrett Serack had a good point when he mentioned the IETF documents
referring to standard RFC and I-D language. Using those in the
process and requirements documents might be an excellent idea.