Polices for how government employees can contribute to non-government OSS projects

[skavanagh]

How those projects are vetted and how / if government employees can contribute back to OSS software by non-government authors.

For instance I would love to have PKI / CAC authentication in http://github.com/skavanagh/KeyBox

The only thing I have found on this is here

http://dodcio.defense.gov/Open-Source-Software-FAQ/#Q:_Can_government_employees_contribute_code_to_open_source_software_projects.3F

but says it "may be released according to the terms of the original open-source license" and I would imagine there would have to be some vetting and approval process for that to occur. What conditions have to be met?

[niliopoulos]

Our experience is that for everything we publish we need to get publication release approval. Typically we submit a description of our work, along with our code to the administrative officer and when we get the "approved for public release" we can upload it. Note that you need to mark the part of your code as of being in the public domain.

Now if you want to be committing often this will get really cumbersome. We will at some point bring this issue to our organization, but I expect they will be slow to adopt a policy.

You definitely need to check with the tech-transfer office of your organization for more details although I doubt they will have any solid policies at this point. In any case they are the ones that will give you the proper guidance.

[ckaran]

@skavanagh If you are talking about Government-wide policies, you may wish to look at what is going on at code.gove, or contact @mattbailey0 and @AlvandSalehi who are leading the Government-wide efforts.

@nrlcmsladmin your organization may be able to use what ARL has done. That might help you and your organization out. By the way, that is ARL's official policy, not a reflection of some other policy. As such, it is getting updates and bug fixes as we go, so if you follow or fork it for your own purposes, it may give your organization a leg up in what it's doing, and might let you know of problems we run into as we correct them.

[niliopoulos]

I browsed over ARL's policy and it seems it deals with the major issues IMO (Initial release process, Liability, Minor/Major updates). I will bring it to the attention of our organization. Thanks!

[ckaran]

@nrlcmsladmin out of curiosity, which organization are you with? I want to know what experiences others have had.

[scarint]

Just read this article: https://www.theregister.co.uk/2017/02/21/code_for_cow_crap_valuation_and_chemical_risks_headed_your_way/

A quote says "[Paul] Berg was brought in to develop a process for releasing the software the government creates, though not all of it can be released, owing to national security considerations, among other concerns...For Berg, the challenge involves figuring out what to release and how to release it, because just dumping code online may not be the best strategy."

It goes on to discuss some success he's had, and it sounds like it might be in line with what's going on here.