Open Source & Governance: Putting the code on Github alone doesn’t maketh Open Source

Image Source:

Yesterday, Stephen O’ Grady from Redmonk wrote a great post addressing the role of foundations in the post Github world. He was trying to address the potential confusion among the role of open source foundations and version control systems. This reminds me of some of the arguments I heard from developers (and even some vendors) on open source.

I have come across some developers and vendors who think that dropping their source code on Github makes their project open source. In the early days of Web 2.0, we saw vendors opening up their APIs touting support for open APIs only to lock them down with restrictions once they realized that it costs money to open up their APIs or it even affects their own bottom-line. We have seen the drastic impact of unilateral changes made by them to address the issue on their ecosystem. People are slowly understanding that API dynamics involves much more than exposing their API over the internet. It involves cost, legal issues, etc. that comes along with exposing the API for any service. Though late, vendors are much more smarter on their API strategy these days.

It is even more important to consider such aspects when sharing the source code of a project. Before even sharing your code on Github, it is important to make sure copyrights are not violated and there are no legal issues associated with the shared code. After the source code is shared, apart from the license part of the code, it is also important to define the governance related to code. Governance is critical not only in protecting the source code but also in establishing trust with contributing developers and users.


In the past, with software like desktop operating systems, content management systems, etc., most of the end users of OSS were apathetic to the rights they had and, for most part, they were very happy with the availability of the source code. Some enthusiastic users participated in the mailing lists and forums suggesting features, promoting and helping fellow users. Even some contributing developers were apathetic to lack of any governance because, in the past, not many of the OSS projects ended up making money for the vendors. However, things changed drastically in the last decade.

More and more vendors realized that they can monetize open source and make a living out of it. Many other vendors were forced to embrace open source due to the market forces. More and more open source projects became vendor controlled OSS projects. Developers contributing to open source projects have started worrying about whether their contribution is at the mercy of the whims and fancies of the vendor controlling the project. They are also worried about vendor monetizing their hard work and cutting them off the loop (eg: issues related to MySQL acquisition).

Similarly, a shift happened in the open source user landscape as well. As we move into the services world, the end users of open source software changed from the ordinary Joes and Janes to enterprise IT and service providers. Unlike the apathetic Joes and Janes of the traditional software era, the use of open source software by enterprise IT and SPs are driven by the motivation that the open source nature of the product/project will empower them to participate in the software development process and even help them to nudge the direction of the project in the right direction. More than anything else, enterprise IT and SPs rely on OSS these days due to the “power” they get in the design and development of the software they use.

The changed developer mindset and the newer end user requirements puts project governance at the center of any credible open source project. Everything else comes next to governance. Unfortunately, today’s mindset among some developers and vendors is that source code on Github alone will help them attain the open source nirvana. They are either ignorant about the importance of governance or willfully ignore its importance. It is going to hurt everyone involved in the project in the long term.

In short, if you are a developer wanting to contribute your time and sweat to any open source project or an end user (enterprise IT or SP) wanting to invest your money and time on an open source project, the first question you should ask is “Have you got governance in place?”. If the answer is no, my humble suggestion is “Run Forrest, Run”. Good night and good luck.

Leave a Response