New DoD OSS guidance memo (2022)

56 views
Skip to first unread message

Dan Risacher

unread,
Jan 26, 2022, 2:56:03 PMJan 26
to mil...@googlegroups.com

John Scott

unread,
Jan 26, 2022, 3:08:54 PMJan 26
to Dan Risacher, mil...@googlegroups.com
Awesome !

-------------------------------------------
John Scott

On January 26, 2022 at 2:56:03 PM, Dan Risacher (d...@risacher.org) wrote:

--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
 
www.mil-oss.org

---
You received this message because you are subscribed to the Google Groups "Military Open Source Software (Mil-OSS)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mil-oss/CAAD1OeK0izdxUUALv111YMbd-Mr7r0QSCuRhU0Xka2%2Bn77tukw%40mail.gmail.com.

John Scott

unread,
Jan 26, 2022, 3:23:53 PMJan 26
to Dan Risacher, mil...@googlegroups.com
Now does it pass "Hellekson's Law” ?

Mark Bohannon

unread,
Jan 26, 2022, 3:28:54 PMJan 26
to mil-oss, jms...@gmail.com, Dan Risacher
That really dates you, sir

John Scott

unread,
Jan 26, 2022, 3:41:25 PMJan 26
to mil-oss, Mark Bohannon, Dan Risacher
At least someone is keeping track ;-p 

-------------------------------------------
John Scott

Dan Risacher

unread,
Jan 26, 2022, 3:47:30 PMJan 26
to mil...@googlegroups.com

I invoked Hellekson's law many times in coordinating this memo.    
(i.e. Every time someone asked me to put in general software guidance that wasn't specific to OSS.)
Hopefully, I did okay in the end product. 
At least once, Richard Gray (former legal counsel to the CIO) called me out for violating it, which I think is hilarious. 

John Scott

unread,
Jan 26, 2022, 3:51:22 PMJan 26
to Dan Risacher, mil...@googlegroups.com
Only Gunnar can give absolution, js 

Tina

unread,
Jan 26, 2022, 3:53:25 PMJan 26
to mil...@googlegroups.com, Mark Bohannon, Dan Risacher
The first reference to Hellekson's Law for me (beyond ad for a law firm in Minnesota) came up from a blog from risacher.org.  So, you've been known to invoke it a time or two... 

Thanks for continuing to make things clearer for feds and contractors alike.

Ron Lichtinger

unread,
Jan 26, 2022, 3:57:14 PMJan 26
to mil...@googlegroups.com, Mark Bohannon, Dan Risacher
As the former publisher of FierceGovernmentIT, I'm just very happy to see that Dan not only continues to do great work, but that he has his 'Fierce 15' award from almost 10 years ago still listed on his LinkedIn profile!

Cem Karan

unread,
Jan 26, 2022, 4:30:00 PMJan 26
to mil...@googlegroups.com
Dan, does this mean that the DOD has procedures that the different components can adopt for releasing OSS?  ARL is still using what I wrote up years ago, and while it was the best that could be done in the internal political climate at the time, it'd be nice to think that things are further along now and ARL could adopt something from the DOD directly that works better...

Thanks,
Cem Karan

Brad Hards

unread,
Jan 26, 2022, 5:11:59 PMJan 26
to mil...@googlegroups.com
On Thursday, 27 January 2022 6:55:47 AM AEDT Dan Risacher wrote:
> https://dodcio.defense.gov/Portals/0/Documents/Library/SoftwareDev-OpenSourc
> e.pdf
Is there something that OSS software projects can do to help "tick the boxes"?

One of the projects I work on has this:
https://github.com/WestRidgeSystems/jmisb/blob/2.x/SECURITY.md

However I wonder if there is a broader need to help acquisition folks who
don't necessarily know how to turn the CIO policy into a decision record.

Brad



Kane McLean

unread,
Jan 26, 2022, 5:39:22 PMJan 26
to mil...@googlegroups.com
Nice!!! Glad to see this is still getting attention and practical formal guidance is finally inked.  

Kane 

--
--
You received this message because you are subscribed to the "Military Open Source Software"  Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en

www.mil-oss.org

---
You received this message because you are subscribed to the Google Groups "Military Open Source Software (Mil-OSS)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
--
Kane Sent from my mobile device

David A. Wheeler

unread,
Jan 26, 2022, 6:29:13 PMJan 26
to mil...@googlegroups.com
Wow! Congrats to Dan Riscacher!!
I'm sure this took a lot of coordination effort, it's impressive Dan
got this through to the finish line. Much of this builds on the
previous memo, which is great, and I was happy to
see some new or improved items.

I was very happy to see this anti-forking statement:
"Creating a separate, DoD-specific version of any OSS project, for any reason,
increases support risk and should be avoided whenever possible."
This "worst practice" has probably cost the government a
sizable sum, I'm glad to see specific guidance discouraging it.

I was also happy to see a statement for releasing orphaned software
via the relevant CIO (I know Dan wishes that had been in the
previous version; I'm glad to see it's here):
"In cases where the management of an existing software codebase is unclear, DoD
Components and Component CIOs are authorized and encouraged to make any necessary
determinations to resolve ambiguity and release legacy code as OSS where warranted.
For example, a CIO may choose to release "orphaned" software that was developed by a
program that has since been terminated, but may be useful to other agencies."

I was intrigued by this statement:
"The Department must follow an "Adopt, Buy, Create" approach to software,
preferentially adopting existing government or OSS solutions before
buying proprietary offerings, and only creating new non-commercial software
when no off-the-shelf solutions are adequate."

I wish everyone the best!!

--- David A. Wheeler

Reply all
Reply to author
Forward
0 new messages