Posts Tagged ‘Gouvernance’

First day at OWF 2011 – Morning


As usual, this event started with a number of keynotes in the morning. Eric Besson was, I must say, boring, just reading a paper, visibly without any idea of what all that was about :-( Too bad he is the ministery in charge. When will France really take seriously IT and FLOSS in IT in particular !! When everybody is talking about debt reduction, FLOSS is such an opbvious way to contribute, that I’m still puzzled no political voluntarism is in place.

On the contrary, the region and the city showed more willingness to promote FLOSS and to report around their practice. Jean-Paul Planchou, and more over Jean-Louis Missika clearly articulated why FLOSS is so beneficial to the public sector, and why using FLOSS and Open Data is a no-brainer for a public policy, and thus why they will increase its adoption in the future.

Louis Montagne and Jean-Pierre Laisné then opened officially the OWF 2011. We then had a short presentation from Systematic, and jumped to the adoption of Open Data in UK by Nigel Shadbolt, which mentioned clearly that even if a governement doesn’t know what to do of some public data, a lot of citizens do know ! And develop tools to analyze them. This is not just about IT, but really about citizenship and politics in the original sense of the greek work polis !

Werner Knoblich, VP EMEA of Red Hat, then presented the Cloud offering at Red Hat and how its products were to the cloud, what RHEL is to a Linux distribution, or what RHEV is to KVM+libvirt… Stéphane Fermigier interrupted him during his keynote to mention that the Red Hat offering was not Open Source because he had been unable to download the software. Werner insisted on the fact it was as Open Source as the rest of what Red Hat delivers (as soon as it can) and that both CloudForms and DeltaAPI as soon they’ll be out of beta will be available largely for download.

Was then time to chose a session, and I picked up the “Open Source for industrial users” lead by Gaël Blondelle as I tried to contribute to its setup, and I’m interested by the topic, and the fact that some Governances talks were planned during it.
Here are the notes taken during these talks, and some personal comments.

Proper Tooling critical for FLOSS by Philippe-Arnaud Harranger, Atos (

  • FLOSS is attractive
  • Some risks involved (IP, disappearance of projects, security, licenses, …) and addressed by the Governance approach.
  • Need to audit. The key is a proper process. But without tools, they won’t be respected.
  • Mentioned various tools (Antelink, Blackduck, FOSSology, OpenLogic, Palamida, Protecode) – Indicated that most are commercial except FOSSology.
  • P.A.H. introduced Drakkr: methodology and tooling for the Governance, to address the various risks (IP, security, tracking). All this is FLOSS as well. It contains:
    • OpenSource Cartouche (alternative to SPDX). More easy to use, and more community oriented, rather than legal. License Cartouche. rights and obligations linked to FLOSS
    • QSOS is another part. Spider charts available to compare FLOSS components. Competitors openBRR, OSMM, Quallos seem at their end.
    • StratOS: maturity and Strategic analysis of a FLOSS. Based on QSOS.
    • eCos: financial indicators around FLOSS ROI, costs analysis, comparison with proprietay. Other tool is WIBE
    • Also mentioned NVD for security flaws analysis
  • P.A.H Insisted on the fact that tooling (whatever) has to be used to support the process and the governance.

I already mentioned Open Cartouche previously, and I find that whole work of creating a coherent tool set around FLOSS Governance interesting and promising. Probably needs more adoption outside of France.

How to help development team manage FOSS during the whole industrial process by Guillaume Rousseau, Antelink (

  • How to develop best tools for dev teams.
  • Antelink helps you keep control of your SW integration and supply chain. Spinoff of Inria. Inria a major customer (10000 users around the forge).
  • Guillaume mentioned the challenge of dealing with on-shore/off-shore dev teams, contractors and FLOSS.
  • Dev is generally made of internal code, 3rd party FLOSS & commercial and Outsourced dev.
  • Adressing licensing issues asap is key to reduce costs. So needs to be done at the software factory level.
  • Also management of updates and security is key as well (especially 3rd party components).
  • Dev team and lawyers should talk to each other. You have to provide the right tools for dev teams.
  • Antelink is Part of OW2 SQUAT (SW Quality Assurance and Trustworhtiness).
  • Part of the Linux Foundation Open Compliance program working on SPDX.
  • Provides a large FLOSS DB (~1M projects, yes 1.000.000, twice as much as BlackDuck !!). Around the database, they developed a tool suite: Antepedia Notifier, Search and Reporter.
    • Antepedia Notifier plugged around VCS to detect introduction of FLOSS components and act accordingly
    • Antepedia Reporter does on demand analysus and produces reports
    • Antepedia Search allows you to upload components and check their content.

Antelink is clearly to be followed closely, with regards to their ability to store the largest base of code and provide information out of it.

Good Governance drives Innovation by Andrew Aitken, Olliance Group (Blackduck) (

  • BlackDuck has 75% of the market.
  • FLOSS is ubiquitous (85% of enterprises uses it) => management complex.
  • Took Mobile market as an example of growth. Impact of Android (taking the lead in less than 2 years) also on competitors. Complexity of building a complete Smartphone.
  • It’s not easy to manage FLOSS. Need policy (succint, flexible), process and automation (management with spreadsheet doesn’t work anymore).
  • Process is: Acquire, Approve, Catalog, Validate and Monitor.
  • FLOSS ecosysem is too abundant, spread across multiple repos (own ecosystem), thousands of projects (own governance), however more demand for FLOSS developers time than what is available.
  • Transparency, collaboration, meritocracy and OSI licensing are the keys for communities to innovate.
  • Example of innovation:
    • Danish government with its portal.
    • AOL is revamping itself fully based on FLOSS.
    • US Veterans health system open sourced (5 BUSD allocated to it, they pay 0,5 BUSD just for support)
    • New areas: Open Source Ecology, Open Prothetics, Oilgae (algue eating oil), Open Cola, Tropical Disease

Even if Andrew (who is leading the Open Source Think Tank) has lots of connections in the FLSOS ecosystem, and generally interesting talks, this time I didn’t find the presentation much interesting. Too generic, not entering in any level of detail, probably too BlackDuck oriented (original speaker planned was Tim Yeates) and not speaking enough about FLOSS projects. A deception.

FLOSS licensing in the supply chain by Didier Patry, HP (

As an introduction, Didier introduced himself as leading a worldwide team of 12 persons working in Legal at HP around FLOSS. Dider then covered the following topics:

  • At HP compliance is not an option, it’s mandatory. Working with the HP open Source Review Board (OSRB).
  • IP infringement (Contract break) can be in some countries a criminal offense.
  • We could break HP’s reputation if we are not compliant with FLOSS license.
  • We’re seeing new license models coming up, creating compatibility issues.
  • This is also impacting all the digital information world (data, knowledge, …)
  • All that will keep lawyers busy (good for him of course :-).
  • HP puts requirements on suppiers around FLOSS compliance (our telco provider e.g.) which may not completely control the production chain.
  • Risk is not too much with our employees (trained), but with acquisitions (Autonomy e.g. atm) and procurement and the supply chain (thus the requirements on suppliers). Hard to scan fully. So need other way to manage the situation. So HP created a risk rate and identified high risk activities. Didier gave some concrete examples:
  • Usage risks:
    • Internal use is low risk
    • OEM-in/out is high risk
    • Reselling high revenue/volume product is high risk
    • Redistribution via channel partners is medium risk (depends on partner education)
    • Incorporation of critical FLOSS elements into flagship product is high risk
    • Company with single product (WebOS e.g. for Palm) is critical for them so non-compliance is high risk
    • Distribution with no-access to elements afterwards (e.g. to Army/NATO) is high risk
  • Licenses non compliance risk:
    • BSD/MIT and Apache are low risk
    • GPLv2 and 3 is higher risk
    • MPL is also higher risk
    • New FLOSS license are more risky
    • Items without licenses are very risky
  • Suppliers compliance:
    • SW from FLOSS project is low risk
    • SW from entity with strong FLOSS culture is low risk
    • SW from entity with strong corporate partnership is low risk
    • SW from entity with new or weak culture is high risk
    • SW from entity with start-up is high risk
  • Didier from that creates a 3 axes matrix to evaluate the global risk. Example huge difference between internal use of a BSD component vs high volume mixed of licenses SW.
  • Risk mitigation. Legeal protection is:

    • Representation (termination of the contract): good but does not address reputational risk
    • Warranties (damages): better but insufficient to compensate for reputational risk
    • Commitments: best proactive measures:
      e.g. list of FLOSS components in each package. Or easier Identify fully FLOSS components, licenses. Or even more easier again create a critical (black) list of licenses for you or ask for scanning (FOSSology – probably not easy, problem of confidentiality) or ask for external scan report or SPDX certification in the future.
    • Creating local agreements with partners around Governance.

In my opinion (not neutral of course as I’m another HP employee), it was the most interesting talk of the morning. I never had met with Didier before, just had him on the phone, and I was very impressed by his clear and didactic presentation, with the large set of examples he was giving live, and even if I’m aware of it, by the quality of the FLOSS Governance model in place at HP. Definitely worth sharing, and I’m convinced lots of entities could benefit from our views more.

It was then time to take a lunch box and start the set of afternoon sessions !

Meeting during LinuxCon in Prague or OWF in Paris


I’m happy to have been informed that my proposal of presentation around FOSSology for LinuxCon 2011 in Prague has been accepted (too bad the others on MondoRescue or weren’t. Hopefully a next time).

However, for you can attend the presentation during the upcoming Open World Forum in Paris and discuss with me about everything Open Source and Linux and HP !

So some way to meet across Europe soon with you :-)

Second day at Solutions Linux 2011


I attended in the morning the round table on Governance lead by ALexandre Zapolsky (Linagora)

3 companies were represented:

Alterway (created in 2006) – 10 MEUR – 120 people (Represented by Véronique Torner)
Activities: Consulting – Hosting – Training
Governance for large enterprise (Open CIO Summit)

Smile (created in 1991) – 33 MEUR – 10 years on FLOSS – 540 people (Represented by Patrice Bertrand)
Activities: FLOSS integration, Web site/Intranet development,
Leading the FLOSS Working Group at Syntec Numérique.

Linagora (created in 2000) – 13 MEUR – 130 people (Represented by Michel Marie Maudet)
Activities: SW Editor (OBM) – OSSA – Consulting

Véronique said that 3 years ago in the CIO Summit, CIOs thought they had no Open Source.
This year, they have representatives from Safran, Ministère de la Justice, PriceMinistère, Nature et Découverte, La Poste, Auchan. Hidden before at infra level. Now seen at CIO level. So will to control and govern.

Patrice said 3 years ago that Gartner revealed the presence of FLOSS in the enterprise.
Contacts were performed with Carrefour, Véolia, EDF. Enterprises do not see how to do Contributions.
Purchasingdepartment is one of the entities interested by the governance aspects. CIOs want to rationalize.

Michel-Marie mentioned that Linagora worked with Carrefour, Air France, Renault on these topics.
CIOs have to mitigate risks wrt Oracle, Microsoft, SAP, IBM (MISO) which represent 80% of their budgets and thusthey have a policy of diversification and of cost reduction.

Véronique mentioned that the recent crisis revealed Open Source and allowed to dialog with CEOs on the topic. FLOSS was considered as an entry level/low cost solution before. It’s now considered for its true qualities, creating value in the enterprise.

Patrice reported that studies put quality before price, even if price remains in the scope.
Price reduction is coming from the packaged offered proposed by the various actors. Cost reduction is done due to the economy of scale (when deploying hundreds, thousands of SW).

Véronique underlined that in the infrastructure space, FLOSS has been key for deployment. On some other areas (apps like CMS), the cost difference may be less important. Sharepoint may be at 0EUR inside a large enterprise, so what is the benefit of a drupal there. This has to be worked in other ways. Some customers said that Red Hat is sometimes more expensice than a proprietary solution.

Michel-Marie asked what is the value here: lots of SW are deployed but 80% of its functions is unused. CIOs today consider more the value brought. In the management/monitoring area, the BMC/IBM offerings are like Christmas trees but stick less to customer needs. The right term is to be cost effective. Some customers say today that they have more problems to find competencies around commercial solutions than on FLOSS ones, because engineer schools have adopted massively FLOSS technos. It’s now the reverse of what it was still 5 years ago.

La Poste Governance representative precised that the goal is to work on technical cost reduction (Nagios praised), but they realized rapidly that they should work on value analysis more precisely, and that the value is in the people (more agile), so cost is similar to proprietary solutions, but FLOSS gives much less problems on the long run (open formats, archiving constraints, …)

Alexandre then orientated the discussion now around the Governance aspects themselves, and what policy to put in place.

Patrice said that FLOSS governance consists of writing in a document what the enterprise want in term of FLOSS adoption, derived in term of support, RH, contributions, … Maturity is not there on his side in France.

Véronique has seen organizational models in place, with people dedicated to FLOSS governance (La Poste is precisely an example with a FLOSS IT central group + dedicated teams recommending solutions + a small legal aspect). In the Société Général Bank, there is no split, it’s handled as commercial products. Safran has on his side a more formal legal approach on FLOSS.

Michel-Marie mentioned a methodology that has been developed to help CIOs. Around 10 weeks of assessment (20 architects of Air France e.g. were met and interviewed) to summarize needs, what worked, what didin’t and which FLOSS Solutions could be involved. Recommandations from other customers are shared and expected. Second step is to benchmark per vertical, size of company, usage models (simple user or OEM providers such as ALU). Third step is to build the governance (technology program, policy doc, solution reference architectures). Bouygues Telecom has positioned Oracle for critical DBs, and FLOSS ones (PostgreSQL) for non-critical ones. Then there is a need to measure, during time, FLOSS adoption. They recommend to put in place a FLOSS Center of Expertise (ALU has 150 persons for that).

Commercial SW vendors do the evangelization by meeting refgularly with customers to present new versions, evolutions, … in the FLOSS area, enterprise sneed to put in place a specific team to monitor the FLOSS ecosystem, create reference architecture and also to support themselves (or not) and deal with it. Véronique presents that CIOs hope to give the support to a single actor, and also fear the lack of an editor behind the Software.

Smile teamed up with OpenLogic to solve the support aspects for enterprises (L1-2,5 done by Smile and L3 by OpenLogic – having commiters in a large set of communities).
Patrice also mentioned the importance of the inventory with tools (such as Black Duck, FOSSology), and new models of FLOSS development (mutualized development with FLOSS such as GENIVI or OPEES)

Michel-Marie precised that they specify reference architectures with customers, creating a base of a large number of components and work on the support as a single point of contact (Note that HP and Linagora have partnered in France to use this model for customers). Re-insurance and patch reversion to the communities/editors is then handled by that actor in charge of support. Currently OSSA offering from Linagora is used by 50 customers. Air France created a “Blue Hat” base.

Véronique has around 10 customers for support, and some other more specific contracts. Patrice mentioned 10 customers as well with a starting offering.
Véronique also insisted on industrialization of FLOSS, with their experience around PHP. Voyage-SNCF is one of the customers benefiting from their work in that area.

Patrice mentioned that this is an area (customer developing Software) where governance on FLOSS is key. There are legal constraints, licenses and IP to respect, training to be performed up to the developer.
Michel-Marie explained that there is a need to guide developers with Software Engineering frameworks, e.g. pointing to the right versions of libraries, forcing a ticket for evolution.
Véronique thought that there is a lack of knowledge of FLOSS usage in the enterprise. They miss “geeks” and legal background.

Guillaume Rousseau (Antelink) made a testimony of what leaded INRIA to identify IP rights on their SW base (660000 bricks). What is the tooling to put in place to manage hundreds of thousands of components ? Patrice indicated that putting in place a central repository is a goal of the governance process, but it creates frustration at developer level by controling them tightly (pre-dev control), or pass tools that control a posteriori (afterwards) the conformity to rules (in a continuous build chain). Véronique mentions that another approach is to integrate developers to the governance program, in order to gain adoption.

Michel-Marie mentioned they have a much smaller base (300) that they are monitoring, but consider they have the one really used by their customers. Only a small part of customers embed FLOSS in their products and need more fine control. Others are users of bricks, more well-known and less risky.

Question from the audience on how to Open Source an internally developed SW. Recommandations from Patrice are that there is a need to be pro-active on the topic (Case of EDF). Véronique had requests from ISVs, more on a marketing aspect. They can help around the development aspects, quality aspects, licensing aspects.

Then some conferences where made:

Open Source Cartouche by Philippe-Arnaud Haranger (Atos Origin – Team Pascal Pujo)

Study made around an Aerospatial customer.
9 years of devs, and strong willingness to use FLOSS components.
Study showed incompatible licenses. Copy/Paste of code in 2000+ bricks.
Quote: “My God ! What have been done ?”

Licensing wasn’t a priority (they already didn’t document)
Code contamination is made on purpose, because they need it, and is due to local teams, outsourcing, and external application maintenance.
Consequences: licenses not respected, proprietary code tainted (PI loss)
Open Source was favoured, but in reality they created risks.

Solutons: Strong governance (creates too many constraints in general) or Tooling (cost, but efficient) or Manual Audit (cost, complex, impact) or take risk (costs and impact) or open source the SW (anyway conformity required, but impact as irreversible).
The earlier it’s done the less it costs.

Solution is Open Source Cartouche (what is around the Pharaon) – derived from QSOS.
Identify licenses and the recursivity of components integrated
It’s a structural approach beforehands, instead of scan afterwards (even if this is also required)
Put more trust in the FLOSS, Avoid contamination and protect community works.
Presenter asked the possibility of using this formalism in FOSSology ?

Some Remarks on my side:
I asked the question: What is the position vs SPDX ? I think they are probably in competition, and that they forget to consider it before launching something on their side. What is important is to have a standard adopted. The answer was that there is a fear of Blackduck that may create problems for communities. Their standard proposal is simpler than SPDX so more pragmatic, and thus propably easier to adopt by FLOSS projects. And the team is open to make required adaptations. However, it won’t work as a franco-french stuff !! I think we need an SPDX lite if we aim at being adopted by FLOSS projects, as the current status of the project is just only understandable by lawyers. I’ll try to generate some discussions around that on the SPDX ML.

Thinking about all this I think it would be valuable as well to lauch a new initiative to create the CERT/CVE base of licenses violations, working on the same model (disclosure after problem is solved).

Governance deployment return of experience by Guillaume Degroisse (Consulting Lead Linagora)

Goal Today: being independant from MISO.
Quality and Interoperability are considered before price.
Problems of adoption: Using standards of the market. Lack of performant FLOSS solution on some specific areas.

Bouygues has 150 own persons developing using Agile methods with lots of FLOSS components (not outsourced, and localized in France)
CIOs have to consider organisation, competence management, purchasing, legal and providers aspects. All these topics ar part of the FLOSS governance plan he has to put in place.
Guillaume also detailed what was covered during the round table around LInagora’s approach (Assessment, OSSA, CoE)

FOSSOlogy by … Bruno Cornec (HP)
25′ around the reasons of its creation/open sourcing, features and focus on upcoming 1.4.0

Return of experience on mutualization by David Duquenne (OpenWide Technology)

Enterprise have to deal with apps modernization.
Presentation focused on value creation at apps dev.

From innovation to industrialization: Technology assessment, R&D, Architecture and Integration, method and tools for industrialization. These leads to a framework definition
The goal is to share that Java Framework (Improve Foundations) across enterprises (having an Open Source base and community driven, and specificities intergated as components in this framework).
He insisted on the lack of java competencies. They deliver some Cobol to java trainings, espeically in-house.

Alliance Informatique has developed 100+ apps using Improve Foundation.
RSI wanted to fusion different IT systems.
Renault looked at homogeneize hundreds of projects (International). More interested to contribute. Renault will help Open Wide to develop the framework at international level
Atos Origin is also using it for 3000 screnn migrations

Gains: integration of non-java devs. and mobility of resources is key.

Passed the rest of the day discussing with various people. Had in particular a long and very interesting discussion with Erwan Velu who work at Zodiac, where they are developing a SIT (Seat Integrated Technology) all based on FLOSS (Linux/Debian, vlc, webkit, ELF, …) and have done an impressive job at making a nice looking, very responsive interface. I just hope that most companies I’m traveling with will adopt it soon ! And good news: they’re hiring :-) So if you want to work in a interesting area, way to go !

And they’re not the only one trying to recruit. I know that Wallix and Linagora at least are looking for good profile. All good news for our sector, which show indirectly the wealth of FLOSS !

First day at Solutions Linux 2011


Summary of my first day at Solution Linux 2011. I was in charge of co-leading the community track with Anne Nicolas. We hosted the following sessions for which I took some notes:

Mickael Scherer (Mageia) presented “a Fork of a distribution: Mageia derived from Mandriva”
(He made an interesting relationship between Forks and Catholicism vs Protestantism as an historical reference)
Reason of fork => community vs entreprise
History of relationships:

  • 2000: cooker: R&D opened from Mandrake/Mandriva and idea of foundation considered
  • 2003/2004: resources sharing (compile cluster)
  • 2005: sharing problems met.
  • 2006: Steering committee between employees and contributors.
  • 2007: Foundation mentioned at RMLLs –
  • 2008: AUFML – Assoc of users.
  • 2009: Assembly to followup on
  • 2010: Mageia created to avoid Mandriva closure. Going further than a distro.

Mageia details:
More open governance – Association created + contributors (not creating a company as unfair wrt Mandriva) – Model based on a Council + Board. Renewed by 1/3
Mickael then mentioned some issues:

  • Pb1: Infrastructure: Not starting from nothing. Want to reuse and be at a high level from scratch.
    Code reuse is easy. Bugs reused is more complex (Customized bugzilla under Mandriva control).
    Hosting ? Gandi, Lost Oasis, Dedibox helped a lot.
  • Pb2: Brand management: Audit of code to remove mandriva – manual, underestimated.
  • Pb3: Comm: with original project. Even if angry vs some people, it’s better to avoid hostility. Split of identity (contributing to Mageia vs Mandriva) – Press contact is required for a distro
  • Pb4: Community. Feedback was important – 1100 mails just the first week ! Managing the enthusiasm. => Split tasks – People want to change everything ! DO a planning. Avoid the Vaporware effect (as said by LWN that will need to review that)
  • Pb5: Details management.

Logo: guidelines posted. Process to listen and need of transparency. Even if their choice is not chosen, they know why and get explanations. No blund choice.

Presentation made by Gael Blondelle. Works for Obeo (Obeo is Strategic member of Eclipse) – OPEES Project Lead

OPEES goal is Open Source for long life cycle projects.
It’s an Open Platform for thre Engineering of Embedded systems

Ensure the long term availability of FLOSS tools for Critical systems (life impact, very high costs).
Example: A300 Airbus life cycle: 35 Years. Support = 78 years
(1972 project started -2007 production stopped) – Support till 2050
On board software development for very long life cycle products.

Ericsson: Base station for mobile – General life cycle of 30/40 years (electro-mecanical telephony centrals created in 1920 and still used in 1980)

Will FLOSS bring success is not yet known. But what is known is that commercial SW failed (example: Verilog made Geode, then bought by Telelogic, then bought and killed by IBM) Not counting the change of support contracts, costs, …

Decision by Airbus and Aerospace Valley in 2004: Adopting FLOSS with Topcased
(UML modelers and code generation). Used since 2008 to write code in A350 (next generation).
In 2009 the main Topcased contributor was bought, and TopCased devs stopped there. But thanks to the FLOSS approach, other contributors were found to lead the project.

Problem: How to create a community ?

In a classical commercial world: 20% of requests from customers accepted, control in editors hands.
Industrial users have specific constraints. So creating a FLOSS community made of individuals, companies, VARs, vendors should allow to cover 80% of users needs in a generic fashion. The 20% remaining implemented as specific devs.
OPEES is coming from a traditional industrial world, not even a SW world. But they come to the FLOSS approach based on the 4 liberty of the GPL.
It also helps manage IP issues.
Open Code and Open Formats enable migration, interoperability, extensibility, and protect from vendors lock-in.
But FLOSS isn’t sufficient. There are needs for:

  • Community management
  • Ecosystem dev
  • Very Long Time support (10+ years) – Virtualization is a possibility
  • Need to have technology vendors oriented towards industrial users

OPEES mission is to ensure cross users company ecosystem (not one for Airbus, one for Thalès, …)
Governance near from Eclipse one. In Eclipse 1,5 years of maintenance. LTS support added (7/8 Years).
What adds OPEES: maturity assessment, industry oriented governance, labels, certification process enablement, Very Long Time SUpport
OPEES: ITEA research center 35 EMEA members – AdaCore, Obeo, Airbus, Inria, E///, CNES, EADS Astrium, Linagora, Atos, Thalès, + Universities

Next steps:
Have a legal entity to sustain the effort after 2012 (end of ITEA project).
Grow the community (transportation – rail, cars, energy – nuclear, …) made of researchers and employees, not individuals


Convergence of the FLOSS forges communities.
Re-dynamising SW forges (Minalogic and Systematic support)
Coordination by Bull + Orange Labs, Xerox, Inria.

Forge: collaborative platform for sw dev (born in 1999 with Means both the service and the SW itself
Partners: Codendi (Xerox), FusionForge (ex GForge), Novaforge (Bull)

Problems to solve: Identity management (SSO + roles), interoperability (with other forges – avoids data locking – not the first concern), tracability of specs, continuous integration, use SCRUMM method, work station integration (Eclipse plugin addition)
Specificities of the forges:

  • Codendi: Application Life cycle management ( fork in 2001) GPLv2, 25000 users, 4000 projects, on Fully opened 2 years ago => increased download numbers.
  • NovaForge: TM of BULL. Based on lots of FLOSS bricks (SVN, Mantis, PHPBB, Hudson, ExoPLatform) AGPL. Focus on data project confidentiality (due to BULL work activities). Migration of OW2 ongoing. Bull business model is around services (internal tool open sourced)
  • FusionForge: Fork os named GForge. Lack of evolutions around GForge after some years. Some french admins created FusionForge in 2009. Integration of extensions. More EMEA contributions (Germany), mediawiki integration, incr”easing # of commits.

Community of Xchanges: (Wiki, ML, planet, µ-blogs)
Organisation of forgers meetings ;-)

Mainly convergence between Codendi and FusionFOrge (common plugins, projects models). Problems to sync release cycles between company supported ones vs community based ones (evolution of projects vs customer needs).

OSLC-CM (Open Services for Life Cycle – Change Management): interoperability standard and ontology used for forges interoperability (coclico, trac, redmine)
OSLC + Eclipse/Mylyn for work station dev/forge integration
Exchanges with Qualipso and Helios. Contributions to ForgePlucker (based on E. Raymond rant originally, and now sustained by coclico) and Mailman.

Following these 3 presentations, I animated a round table to cover the topic of this track: 2011, year of the forks. We had various natures of speakers Rodrigue Le Gall from BonitaSoft and Julien Mathis from Merethis who where representing Open Source projects having a strong relationship with their respective company, Charles Schulz representing the Open Document Foundation, and Jean-Marc Fontaine for the AFUP, french association of PHP users, both of them representing direct communities.
We were able to cover various topics, from animation of communities, relationship of companies with the ommunity around the underlying projects, reason of forks, support from tools to maintain communities, brand management impact, the LibreOffice vs OpenOffice latest news, I found it very lively and interesting in content, and I hope visitors enjoyed it as I did.

Rest of the day was passed evoking Mageia evolutions, and discussing with various relationships that I can meet only once per year during this event. In particular I had a long chat with Guillaume Rousseau from Antelink, which is the firm behind Antepedia, database gathering more than 660 000 projects for reference. (too bad mine are not in it :-)) Among other things we discussed of governance, market needs, and I tried of course to convince him to open source his product in order to ease the integration in forges, and allow its easy adoption by large corporation who are the natural consumers of such a product, in the line of FOSSology. Of course, this is always more difficult for a young and starting company, especially on a niche market but some others already showed it was possible.

This week at Solutions Linux Paris


For those attending Solutions Linux this week in Paris (12-12th May CNIT), I’ll be around driving sessions (System Administration and Communities, with my friend Ennael) as well as presenting FOSSology during the Governance track.

So you may meet with me during the traclks or probably near the the HP pod on the Linagora booth to speak of that, or MondoRescue,, , LinuxCOE, or whatever Open Source and/or HP related topic you would like to discuss !

Hope to see you there soon. The next opportunity will be during the Red Hat EMEA Summit in Dublin or HP Discover in Las Vegas.

The GENIVI project


I attended a Meeting the 9th March 2011 organised by the Syntec Numérique on the GENIVI project in Paris, and I’d like to share with you a summary of this presentation. Thanks to Fabien and Philippe for proof-reading this summary, all the remaining mistakes being mine.

The GENIVI project

Presenters: Fabien Hernandez (Software Architect) PSA and Philippe Colliot (Technical Lead) PSA.


GENIVI ( is a non-profit industry alliance committed to driving the broad adoption of an In-Vehicle Infotainment (IVI) reference platform. GENIVI will accomplish this by aligning requirements, delivering reference implementations, offering certification programs and fostering a vibrant open source IVI community.

It is based on features, code and certification program. It is driven by car manufacturers. It has been setup due to increased customer demand.
GENIVI aims to provide a common middleware developed by all project members. (costs and bugs reduction).

Car manufacturer need to differentiate as well. Basic features are shared (such as video player), and they concentrate for differentiation on GUI and additional apps. Each manufacturer alone doesn’t have critical mass, but sharing these common bricks will allow each of them to reduce costs. Especially on the non-visible parts.

GENIVI should support multiple HW platforms (based on Intel, ARM, MIPS processors) and 15% of GENIVI members are chip manufacturers.
The solution is developped in layers (module oriented). The middleware is packaged to satisfy all profiles (entry, 2D navigation, high end 3D …)
Car life cycle: 3/4 years. Consumers world: 6/12 monthes.

History of GENIVI

Car Infotainment was historically achieved using black boxes.Now the move to Open Source is due to evolution of features, costs, develpment life cycles, competitive landscape and customer requests and thus motivated the GENIVI project creation. For example: For car navigation, systems used to cost more than 2kEUR. Tom-tom put it down a lot. Also PSA was managing multiple different closed source platforms up to now, from various providers (QNX, Windows, VxWorks, …) blocking them in their evolution (as solutions are sized at minimum).

Intel and BMW started to work on Linux with WindRiver. First PoCs occured in 2007. Following that the AUTOSAR consortium was created in 2007 (standardization body). A Split happened and BMW worked then with Magneti Marelli for another PoC. In April 2009, first announce was made in Geneva (the GEN of GENIVI :-)) of the GENIVI alliance, including BMW, Intel, Wind River, Magneti, GM, Delphi, PSA and Visteorrn. Goal is to have 6 monthes releases. End of 2010, the alliance released the Apollo release based on Meego. In May 2011, new version will be delivered (Borg in Dublin), with more compliance. Could be based on Meego or Ubuntu or something else. Adoption of Qt-Core as a brick, but it was not in compliance standard at start.

Since that more members including manufacturers (Renault, Nissan, Hyundai, Jaguar/Land Rover but some less active), First Tiers (Alpine, Bosch, Clarion, Mitsubishi, Pioneer) and Silicon manufacturer (Ti, freescale, Nvidia, ST, Samsung, ….) + lots of other !! (132 incl. Altran, Cisco, Accenture, Garmin, LG,
Nokia, Tata, Valeo, … but not HP yet !!!)

These members are mainly located in EMEA (80% activity) + AMS. Lots of M2M modules.
Some discussions have started with Google for the Android Consortium, and with the CE4A for the Terminal Mode (communication with external devices such as phones). Not ready yet to use standard devices for car control. Also there is a willingness to keep control on what runs in the the car, by the car manufacturers, even if they are open to allow additional application execution on the GENIVI platform.

Software development

GENIVI is organized with Expert groups. A PMO coordinates it. Solution Archhitects perform the Architecture Coordination.
From the design made, it goes to Execution Teams for coding (could be: feature addition to existing FLOSS bricks, or code creation if nothing is ready), and Maintenance teams for maintenance tasks.

The platform consists of 80% of existing FLOSS components (without modification), 15% of modules to be adapted (conman e.g.), 5% of specific code to be developed. But 100% of FLOSS code at the end.
It’s up to the point to allow car drivers to add/modify apps in the car (re-using the Meego concept).

The Baseline Integ. Team provides a GENIVI environement (a la distribution) to allow other teams to work.
The alliance has categorized 3 levels of licenses (Apache and GPLv2 are green). For code creation either L/GPL or Apache or BSD is used, depending on interfaces. Contributions not yet completely controled under the Governance model (case of conman of Meego recently). Intellectual Property is transmitted to the Alliance.


There is also another IVI module with Meego, which is hosted by the Linux Foundation. So not yet possible for GENIVI to be hosted here as well. The alliance has not considered joinnig an existing foundation (Eclipse, Apache) to benefit from Governance and tooling.

Governance in place on what enters in GENIVI as for now. as well as code scanning.
FOSSology and BlackDuck are among the tools used for validation and are still under evaluation.
I asked whether there are possibilities to share best practices and governance docs in the future. It has not yet been decided, but seems possible.
The Alliance is also looking at conformity around CGL and LSB.


It costs 5 kUSD to enter in the consortium (minimum fee for an Associate member). Many levels of contributions (and access to deliveries) exist with appropriate power of decision.
The Business model remains to be clarified completely.
The budget is around 800 kEUR yearly. With some permanent members to manage infra mainly.

Life cycle

GENIVI will be a market reality in 2013.

The Life Cycle is 3/4 years for development, but up to 15 years for the car.
I underlined the possibility for the GENIVI alliance to work with OPEES to share long life cycles best practices with the aerautics sector. (Side note: Ericsson joined OPEES recently)

Importance for PSA
Separated developments are not cost effective anymore. So PSA wants to put emphasis on what differentiates them and share what is not.
More requirements are put on providers in fact with the GENIVI offering. As a consequence it activities will evolve around integration capabilities, buying
capabilities, partners management, … At the end the car manufacturer is impacted by errors, where ever they come from. Its image is the one people remember.

Technical Constraints

  • Using networks such as CAN, MOST, Flexray, 1394 Auto, Ethernet AVB
  • Wake up time constraints (< 200ms)
  • Energy management linked to usage conditions (driving, parked, …)
  • HW constraints (# of accesses to flash memory )
  • Temperature constraints
  • Boot time constraints
  • Ergonomy constraints, especially when driving, and accessibility
  • Safety constraint (connection to critical car components, even audio e.g. could be dangerous)
  • Real time treatment required. back drive radar, or camera.
  • Security constraints (virus, openness, …) – ISO 2626-2 standard to be considered.
  • Studies also around Virtualization, micro OS, …

Question: What about car update from Internet during the night ? Answer: these types of studies are ongoing.

FOSSology presentation at OW2 annual conference 2010


It was just a quick travel from Grenoble to Paris the 25th of November to be at the 2010 OW2 annual conference, and in order to contrbute to the SQUAT track and deliver a FOSSology presentation (slides available here).

The FOSSology session went well. I had about 20 people attending (good due to the size of the room in La Cantine), and made some good contacts again, and had good questions as well.

The track was managed by Alexandre Lefebvre, France Telecom, and OW2 CTO.

Other talks I attended in the morning:

Antelink pres (Samuel Langlois):

BSTQC pres (Hao Kong):

Novaforge (Emmanuel Rias):

  • Novaforge is now an OW2 Project (Integrates Mantis, SVN, DokuWiki, Hudson, Sympa, TestLink, …)
  • Not pushing on new tool integration (done for some customers) but rather enrich the existing ecosystem
  • No Git atm e.g. or Salome (Quality Center competitor)
  • OW2 forge to migrate from Gforge to Novaforge
  • Migration tool is Talend (Usage of Web services)
  • Hopefully will be fully automated
  • Pilot (Novaforge !) in progress.
  • Others to follow after end of year.

QA @OW2 (Patrice Truong van Nga):

  • Creation of a new QA tool for OW2 projects + Label
  • 300 People at Ministery of Agriculture (few devs, experts) – 50+ Java J2EE projects
  • Process has been developed (and rules created/adapted/removed for the tools below => 470)
  • QA Tools have been introduced:
  • Rules violation detection (Pmd, Checkstyle for javadocs, Findbugs) – Java tools
  • Code coverage (Cobertura)
  • QA metrics, priorities and stats (Sonar)

Leo Apotheker new HP CEO


Of course, this is not a news :-) He has been nominated 10 days ago !

First time in history that a european is leading HP. I’m pretty sure it’ll make a change compared to our former texan CEO ;-) Of course, not everything will become easy and nice in one day. But after looking at a conference that Leo Apotheker gave in France and in french (and for those of you not native french speakers, he is one to my hears) I’m happy to see that we now have a leader who has a strong technical past, a muti-cultural background and is able to express himself in multiple languages. This video is really worth seeing.

Remains to see what is SAP past will bring with regards to Open Source for HP. Hopefully, he will increase our investments in this area, and focus more on Hardware and Services, as this is IMHO clearly the areas where we are already strong and where the future for us is. Maybe with him we will invest more money inside than buying outside… Let’s hope.

Le Syntec Informatique publie (enfin !) son Guide Open Source


(English version at

En préalable de l’Open World Forum, la semaine dernière à Paris, a eu lieu dans les locaux du Syntec Informatique la présentation du nouveau Guide “Réflexions sur la construction et le pilotage d’un projet Open Source” auquel j’ai participé.

Résultat de 2 ans de travail, il regroupe le travail d’avocats, d’architectes, de responsable de propriété intellectuelle, et de nombreux autres acteurs d’un grand nombre de sociétés françaises (parmi lesquelles Steria, Novell, Bull, Red Hat, CSC, HP, Microsoft, Logica, Sodifrance, Devoteam, Logitas, SAGE, Ingres, Orange, LINAGORA) intéressées à partager les meilleures pratiques autour de la gestion de projet comportant des composants Libre ou Open Source. Il est à mon avis très utile pour les nombreuses PME françaises qui se posent encore des questions sur ces sujets en apportant des réponses développées mais aussi des conseils pratiques d’organisation ou d’outillage par exemple

Le guide est disponible sous licence Creative Commons license CC-By-SA 3.0 et GNU FDL 1.3 et les contributions sont souhaitées pour son amélioration dans le temps pour en faire un incontournable ! Enregistrez-vous sur le site dédié:

L’annonce complète de Benjamin Jean est accessible ici.


Get every new post delivered to your Inbox.

Join 102 other followers