Slashdot Mirror

← Back to Stories (view on slashdot.org)

Corporations and OSS Do Not Mix (coglib.com)

Posted by Soulskill on from the like-oil-and-corporations dept.

An anonymous reader writes: Ian Cordasco, a prolific open source developer, wrote a lengthy post about his experiences working on code that gets used by companies as part of their business. His basic thesis is that the open source development process is not particularly compatible with for-profit corporations, and having them involved frequently makes progress more difficult. "As soon as a bug affects them, they want it fixed immediately. If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start." He adds, "When companies do 'contribute,' it's often not in the best interest of the community, it isn't enough, or it's thoroughly misguided." Cordasco is quick to note that there are exceptions, but he has an idea why the majority behave that way: "I don't have the complete answer, but one important point is that there is toxicity in the community, its leaders, and or its contributors, and the companies have learned their behavior from this toxicity." He provides a list of suggestions both for companies using open source software, and also some further reading on the subject from Ashe Dryden, David MacIver, and Cory Benfield.

7 of 213 comments (clear)

  1. Re:Offer paid support? by ArmoredDragon · · Score: 4, Informative

    I know RedHat does. If you don't have a contract with them, and you are a business, then they likely aren't going to bother with you. Now if you find a security vulnerability on the other hand, that's different, but if something doesn't work and you need it to work to fit a business need, they're going to want you to buy a contract.

  2. I suspect... by SwashbucklingCowboy · · Score: 3, Informative

    ... this is a case of the squeaky well gets noticed.

    I work in a large software company where we use thousands of open source projects in a couple of hundred projects and I'm intimately involved in the management of open source within the company. I've never had a team come to me and say "we need this bug fixed in the next day or two". And they damn sure don't go out threatening projects (that would be one of those "career limiting moves"). While I don't doubt that this guy has had people do that to him I gotta believe those are the people that he notices and remembers, not the silent majority.

  3. Re:Offer paid support? by jonnythan · · Score: 3, Informative

    Because the corporation is "contributing" to the project in some way, and they feel entitled to have such bugs fixed in a short period of time.

    No one cares if some random company using a piece of OSS demands a bug fix. That's not what this is about. This is about getting for-profit corporations getting involved somehow in a project, and then threatening to pull support if issues affecting them aren't resolved immediately.

  4. What does the license say? by QuietLagoon · · Score: 1, Informative

    ... If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start....

    Does the license under which the OSS code is used by the company say that bugs will be fixed within 24 hours? Was a contract entered that says bugs will be fixed within 24 hours?

    .
    If the answer to both of the above is "no", then what's the problem?

    I don't see why the guy is whining, and tainting the entire OSS community with his personal issues.

  5. Re:Threats? by BarbaraHudson · · Score: 3, Informative

    The threat is to move to using another OSS project. Of course, that other project probably have maintainers working under the same constraints, so the problem won't go away magically. When someone threatens to do that, the proper response is "I'm good with that. Which one are you switching to?" They probably haven't done the research to evaluate other products, or, if they have, they haven't found something compelling enough to make the switch. Call their bluff. The only thing you have to lose is someone who thinks that making threats is the right way to ask someone a favor.

    They know it will cost them money to switch. That's part of the cost of being a dick.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  6. Re:Seems a bit overblown by mysidia · · Score: 3, Informative

    Why would a corporation threaten some OSS developer?

    Because they're scared, and don't have the right expertise in their company to deal with the situation, also they don't have any consultant who can help them, And the bug is an unmitigatable remotely-exploitable 0Day in the web application framework used on their main e-commerce website with public exploit code but no patch, so that's an act of desperation and demonstration of internal management incompetence (not having competent staff or agreements in place to deal with the impact of a bug).

  7. Re:OSS is not compatible with businessmen. by serviscope_minor · · Score: 5, Informative

    Well done for condescendly making the parent's point while claiming he's wrong.

    RedHat sell expertise (i.e. support). If you just want the software, you can get it for free from CentOS.

    --
    SJW n. One who posts facts.