Why companies that rely on open source projects must adhere to strong and enforced code of conduct?

Original Jonathan Vanian

Original link: https://gigaom.com/2014/10/25/ why-companies-that-rely-on-open-source-projects-must-insist-on-a-strong-enforceable-code-of-conduct/

Open source software, once plagued by ridicule and legal attacks, has now become a force in the technology industry. Live examples such as docker,hortonworks and Cloudera demonstrate that partnering with the developer community can thrive, and community contributors can help their core technologies keep up with the times and apply the latest features.

Many software engineers make use of their free time to contribute to open source projects, resulting in a great deal of innovation and free labor results. But open source technology has its other side, unlike traditional business environments where employees ' mistakes lead to disciplinary action, and members of the open source community often do not have the same constraints, because there is no "open source human Resources" Department responsible for managing these issues.

One example is Seth Vargo, an engineer from chef, who is responsible for the commercialization of chef's open source configuration management tools, who recently left the company and chef community for death threats from some community members. Just because some of his contributions to open source projects have been resented by some people.

This dilemma exposes a delicate problem, and companies that rely on open source technology for business success need to try to regulate the open source community without real control.

When companies start to regulate open-source community behavior, they will be very cautious, because it could stifle innovation or cause community members to question the motives of the company's supervisors. If the situation starts to be difficult to control, it is wise for the company to act, so that open source talent does not leave, and avoid escalating tensions.

There is a way to fight against wrongdoing and to establish a basic order, that is, to establish a strong code of conduct ———— a set of guiding principles that govern acceptable behaviour within the community. Ada Initiative, a nonprofit organization that supports women in open technology, has developed and popularized a set of codes of conduct to help community members identify inappropriate behaviours in a number of serious incidents such as sexual harassment and sexual assault in open-source conferences. And how to deal with some intolerable things after they happen.

The company's legal responsibility for its open source community

Heather J. Meeker, Partner of O ' Melveny&myers, a law firm focused on open source licensing, said open source projects have always been made up of self-managing technical members, and that their emergence does not depend on the initiation of specific companies and organizational entities.

"The open source community tends to be very straightforward and articulate their views, and when this is combined with an anonymous message, a strong view of the voice will appear, which may not happen in real-name situations." ”

Heather J. Meeker, O ' Melveny & Myers

The creation of open source organizations, such as the Linux Foundation and the Mozilla Foundation, both oversee their own open source technologies, which they believe will only succeed if they leave their devices. Now, other companies are starting to take on similar roles to exploit the wisdom of the open source community.

These open source communities are often stripped out of the business for legal reasons, and companies like it, Meeker said. The separation of laws from the community has freed the open source community from common management issues, including patent considerations, because they have to report on accounting and other debt matters.

Because the company has no legal responsibility for the open source community, it also makes the company "only ethical persuasion as the only means of executive authority", Meeker said, when the community members decided to make a little trouble, this problem can easily lead to an interesting dilemma.

Chef's engineer who received death threats

Seth Vargo later went to a company that worked as a data center management tool, Hashicorp, and for the community, his resignation left chef's face bare. Vargo did not elaborate on his concerns and declined to comment on the matter.

Chef Nathen Harvey, an open source community director, says that chef has developed a community-based guidance code similar to the code of conduct that outlines the acceptable behavior that the company expects from the open source community, The Vargo incident brought the company back up to update the terms to help mitigate future events that might be unknown.

Chef's initial code of conduct included behavioral advice, such as how to treat others with respect and carefully worded to avoid looking like an eccentric person.

The latest draft, in addition to a series of unacceptable actions, includes more punitive measures and introduces a new community management team of lawyers, inspectors and policymakers who are responsible for finding problems in mailing lists, GitHub, and other community members who are active.

If a lawyer or inspector (Harvey is currently in charge) has found a negative behavior, all team members will do their best to check the circumstances of the incident and find out who should be responsible for inciting it. If necessary, the CTO and partner of chef Adam Jacob will decide what to do next, including the possibility of removing the user's online space on the chef community.

In the practice of the draft, a community member felt that his own security had been compromised, and the guiding principle seemed more like a mandatory law.

"We didn't say it was our community code," says Harvey. "We work together with the community to develop these guidelines." ”

The importance of community self-regulation and external involvement

Ada Initiative partner Valerie Aurora believes that even if a company does not have legal power in the open source community, it is becoming increasingly important to establish a committee to regulate communication among members of the community, especially in an opinionated culture where the polite atmosphere is created.

"Many companies are now taking a non-intrusive approach," Aurora said of why some companies thought they could not monitor too much, "and they would stop producing value for free." ”

Rackspace Software developer Alex Gaynor (director of the Python Software Foundation, former director of the Django Software Foundation, and an open source contributor to OpenStack) believes that the Django Open source project has benefited greatly from the code of conduct that takes the arbitrator's authorization to act.

"' Hey, that's not right here, '" said Gaynor, describing what the arbitrator needs to say to the misbehaving members, "You can escalate corrections such as temporary or even permanent prohibitions if they look inappropriate." ”

Aurora recommends that companies pay a fee for open source submissions to check for malicious behavior in the community, because she believes it is difficult for someone to take the job for free.

"I think there is a moral obligation to ensure that these communities are not gas-producing groups. ”

Russell Keith-magee, chairman of the Django Software Foundation

In the chef's case, Harvey advocates that their arbitrators do this because of love, he says:

"The reality in chef's case is that no one's job is to monitor IRC, and no one is paying to answer questions on the StackOverflow. The people at chef do these things because they care about the community and the project. ”

Is the code of conduct effective?

It still takes time to test whether chef's new code of conduct will prevent events like Seth Vargo from happening again, but for organizations like the Django Project and Ada initiative, The code of Conduct, which contains relevant mandatory policies, has avoided the outbreak of some special cases.

After ADA initiative developed their code of conduct, Aurora said she saw a rise in the participation of women in open-source meetings, women who felt they were no longer insecure in the various meetings they had before. At the same time, violations in these meetings (such as the insertion of pornographic images in PPT) have also declined.

If there's one thing to be sure about managing the open source community, it's not an easy job. Even Linux leader Linux Torvalds (who himself has been the subject of the offensive commentary) recently admitted he made mistakes in his own Linux community.

"The problem tends to alienate users or developers, and I'm very good at this," Torvalds said in LinuxCon Europe 2014, "I use strong language, but again I'm not going to fix any of the statements." ”

Strong personalities in the open source community and lack of any legal protections, companies involved in open source projects may get more than just the agreed content, or even the occurrence of disputes or even death threats. But perhaps in this case, there is a code of conduct and some peremptory norms that should be able to be mitigated and disposed of before the event occurs.

"The chef community is not an entity, it's a collection of people," says Harvey. "The code of conduct may be the strongest thing that binds us to the software itself."

So it taught us a lesson that there was nothing free in the sky, including work on open source projects. If you're a company that wants to get involved in an open source community, it's a good thing to separate yourself from any legal responsibility, but that doesn't mean you can be completely exempt when something unlucky happens. When bad things happen in the community and no one is in control, the active members of the community will be away from here, and the negative impact on the project will lead to the absence of software engineers willing to participate. Then just say goodbye to your free innovation.

"A company entity that is in charge cannot get rid of all the responsibilities," Keith-magee said. "The market will accommodate companies that are responsible for their decisions." ”

Why companies that rely on open source projects must adhere to strong and enforced code of conduct?