20% of code && open source by default?

[mathisonian]

The introduction states one consideration as being:

Would an “open source by default” approach that required all new Federal custom code to be released as OSS, subject to exceptions for things like national security, be more or less effective in achieving the goals above?

At an (extremely) broad level open source code can be split into two categories: (1) code which is fairly self-contained and not likely useful to others outside of some purposes like education and the ability for users to provide feedback or things like typo fixes directly to the developers; and (2) code which is modular and meant to be consumed by other users.

For several reasons I would suggest that no, an open source by default would not largely help to meet the stated goals of "fuel innovation, lower costs, benefit the public, and meet the operational and mission needs of covered agencies".

Most code which is written by developers falls into category (1) above. While there is an argument for making this type of code open-source-by-default, it doesn't entirely make sense because,

• This places an additional burden on developers (for a website to be open source they have to take time to separate application code from any private keys, passwords needed for deployment, etc).
• It mostly adds noise to the open-source ecosystem. I'd rather see a few useful libraries be open sourced than 20 ruby on rails apps. There are plenty of existing examples to learn from in most cases.

One metric that some companies use, is that if they see the same code being re-used across multiple projects they see that as a library and will either open-source it or modularize it for easier internal use. I could see this as being useful for government work, especially when sharing code across agencies or branches.

Maybe a useful heuristic would be: where feasible with respect to national security, if one government agency wants to re-use code that another has written the mechanism for doing so should through open source.

[royfielding]

I think it is easy for everyone to have an opinion, but somewhat harder to actually move the government's software development processes and contracts in one fell swoop. The policy correctly describes this effort as a pilot program. I interpret the 20% figure as guidance to the government agencies on the minimum extent to which the pilot policy must be applied, which allows agencies the flexibility to adopt as, and when, appropriate to a given project and the availability of expertise. It also allows us all to first learn some early lessons about how an open source policy should be applied, on projects that are most willing and able to adapt, rather than attempt to change everything at once. I applaud the OMB for their foresight. I don't think it really matters whether the 20% figure applies to lines of code, number of projects, or number of finished products, but my preference would be 20% of projects.

[david-a-wheeler]

@royfielding -

It is true that the government cannot move instantaneously. That is why open source software realesse by default needs to be part of this policy now, so that people will understand where they need to go and have time to get there.

The policy is not a pilot program. The pilot is simply to establish a minimum measured bar by some time frame. So even the current proposed policy expects that it will take time to be deployed across the entire government. The key is to begin that transition to a more modern way of developing software, to improve transparency, and to enable "we the people" to receive the software that we paid for.

[rafael5]

The notion that x % of code should be donated as open source is not measurable nor enforceable.

An un-enforceable policy is as good as no policy, and in fact is worse than no policy at all because it gives the illusion that there is a policy. An government contractors know all too well how to circumvent poorly written policy... Costing taxpayers billions.

Open source by default is clear, comprehensive, and enforceable policy.

As stated earlier by many, waivers may be granted for special circumstances.

On Apr 18, 2016 6:22 PM, "Roy T. Fielding" notifications@github.com wrote:

I think it is easy for everyone to have an opinion, but somewhat harder to actually move the government's software development processes and contracts in one fell swoop. The policy correctly describes this effort as a pilot program. I interpret the 20% figure as guidance to the government agencies on the minimum extent to which the pilot policy must be applied, which allows agencies the flexibility to adopt as, and when, appropriate to a given project and the availability of expertise. It also allows us all to first learn some early lessons about how an open source policy should be applied, on projects that are most willing and able to adapt, rather than attempt to change everything at once. I applaud the OMB for their foresight. I don't think it really matters whether the 20% figure applies to lines of code, number of projects, or number of finished products, but my preference would be 20% of projects.

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/WhiteHouse/source-code-policy/issues/12#issuecomment-211605501

[normanbrobinson]

It is measurable, but to your point, that is the wrong goal. As it stands now, absent contractor contract agreement all works default to government works in the public domain, but often the agencies or contracts aren't explicit or obtaining that source material (code or otherwise). Placing the default to an explicit open source license and making anything else require justification is the most direct way forward.

Note that operationally, to be effective, IT or Acquisition governance within the agency will have to report on the percentages achieved, hopefully via existing IT Dashboard or similar ongoing reviews, and a target of 20% for the first year, seems acceptable and achievable.