Posts Tagged ‘Gouvernance’

Attending OWF and LinuxCon EMEA in October

2013/09/28

I just know it since yesterday, but I’ll be attending Open World Forum 2013 in order to have multiple customer and press related meetings next week near Paris. If you want to talk about Open Source at HP, Linux related topics such as continuous packaging or disaster recovery, you should find me on the HP booth. Won’t speak this time but will also surely be around the governance track.

I’ll also attend LinuxCon EMEA 2013 in Edinburgh later this month. This time I’ll speak about an ITIL Open Source solution stack I’m involved in for a customer, and will explain how you can today, by combining the appropriate tools such as iTop, Centreon/Shinken and OCS/Fusion Inventory set up the bases of an ITIL compliant Open Source management environment, full featured and highly customizable.

Again feel free to come and talk about anything I’m able to reasonably talk (including early music if you want ;-))

Fleur Pellerin dans la Silicon Valley sans voir HP ?

2013/05/24

D’après le blog d’Emmanuel Paquette, journaliste à l’Express, Fleur Pellerin ferait du 1er au 5 juin un déplacement dans la Silicon Valley.

A ma grande surprise, l’article ne mentionne pas HP dans les sociétés visitées. Je sais que cela fait moins mode que Facebook ou Twitter, mais la compagnie fondée dans un garage il y a 74 ans, et pour laquelle j’ai le plaisir de travailler, reste non seulement la première société dans les TIC au niveau mondial, (ou la seconde derrière Apple selon Fortune) mais elle reste aussi un employeur d’importance en France (environ 5000 personnes), avec des pôles de vente et de support locaux, mais aussi des structures européennes ou mondiales représentées.

J’espère que le cabinet de Fleur Pellerin contactera Gérald Karsenti, le PDG de HP en France, Je suis sûr qu’il se fera un plaisir d’au moins mettre en relation Mme la ministre avec Meg Whitman pour qu’elles puissent se rencontrer en Californie et échanger utilement. Avec le soutient que Meg apporte aux projets OpenStack, Hadoop, Linux et tant d’autres, la discussion pourrait même se porter sur comment HP pourrait aider en France à la mise en oeuvre de la directive du premier ministre sur l’utilisation préférentielle des logiciels libres dans l’administration. Et je veux bien être mis à contribution sur ce sujet au sein du Technology Council HP France 😉

Nous pourrons du reste discuter de cela et de plein d’autres choses lors du Salon Solutions Linux à Paris la semaine prochaine !

FLOSS governance news

2012/08/31

While at LinuxCon in San Diego, the SPDX working group of the Linux Foundation announced its 1.1 version of its specification. Quite an achievement, and probably the start of its real adoption by Open Source projects … providing enough tool do support it, and help projects in their identification tasks. I hope lots of large FLOSS consumers (HP included) will start contributing SPDX descriptions to upstream projects, helping them adopting it as it brings value on both side.

And one way to help will probably the support of this 1.1 SPDX spec by FOSSology in the future. For now the news around the tool is that a public instance is available, hosted by the Universty of Nebraska. This is a good news for Open Source projects that will be able to assess easily their licenses with it, without having the hassle to install and maintain their own ! Hopfully, more forges (as what OW2 has done) will also provide that service to the projects they’re incubating.

Just be aware that the code you’ll upload to that instance will be available for everybody to see, so do not post non-FLOSS code there, if you want it to remain secret ! If you’re developing closed source software, then install you’re own FOSSology instance instead !

Time to finish my FOSSology presentation update for tomorrow’s talk !

Presenting FOSSology at LinuxCon, San Diego next week

2012/08/21

I always find strange to be accepted as a speaker to LinuxCon on a subject for which I’m much less an expert than the other ones I proposed for which I’m leading the projects ! It happened last year for the EMEA event, and same stuff again this year for the US one.

But I won’t be criticizing here, as it’s my first possibility to visit the US west coast, and also my first time as a speaker to LinuxCon US so Champagne !! So I’ll be talking about FOSSology, the HP sponsored GPL Licenses analyzer tool.

So if you happen to be around, and want to discuss abour FLOSS, MondoRescue, Project-Builder.org, HP and Open Source, or something else such as early music, then feel free to come and talk. Well I’m sure you won’t come to see me, won’t you, but once you’re there to see the stars, just come and say hello 😉

Position des candidats à la présidence sur le Logiciel Libre

2012/04/14

Après candidats.fr (et les réponses de J.L. Mélanchon et N. Dupont-Aignan), c’est le CNLL qui publie un document sur la position respective de N. Sarkozy et F. Hollande quant aux logiciels libres que vous trouverez sur http://www.cnll.fr/sites/default/files/cp-positions-floss-ump-ps-3d.pdf. Cela comble en partie un manque qui m’inquiétait précédemment.

Dommage que des candidats qui représentent plus de 10% des électeurs selon les sondages, n’aient pas le temps (je n’ose penser que ce serait le désintérêt) de se positionner sur ce sujet important à l’heure des économies budgétaires, du produire français/européen, de notre implication dans la mondialisation (un fait pour le logiciel libre), des considérations sur la liberté en général et les libertés numériques en particulier.

Néanmoins il est intéressant de voir que ceux crédités du plus de chance de l’emporter ont répondu, avec parfois de nombreux détails qui méritent la lecture du document, et que hormis sur le sujet du brevet logiciel (ou pour moi la position de F. Hollande, qui plus est, clairement argumentée, est celle que devrait tenir la France tant au niveau européen, au parlement, au conseil et à l’OEB, qu’au niveau mondial à l’OMPI) il est réconfortant de voir que notre domain de prédilection est (enfin) soutenu par les politiques.

Maintenant il y a loin de la déclaration d’intentions aux actes, et malheureusement, sous le présent quinquenat, les LOPSI, DAVDSI et autres lois similaires n’ont pas clairement démontré qu’il y avait une bonne compréhension des valeurs que nous défendons et que nous avion encore besoin de l’APRIL, de l’AFUL, de la Quadrature du Net pour défendre nos positions et les faire entendre, et éviter que des lois défavorables aux logiciels libres et aux formats ouverts ne passent.

Donc, adhérez à ces associations pour les soutenir, les aider par des moyens financiers à défendre les positions auxquelles vous croyez, et votez, surtout votez pour pouvoir après demander des comptes si cela n’évolue pas favorablement. Celui qui ne vote pas n’a pas voix au chapitre.

Pour moi toute personne intéressée par les logiciels libres, doit s’intéresser au fondement que représentent les licences qui les régissent, et par voix de conséquence aux aspect de gouvernance que cela recouvre, et encore par conséquence aux aspects politiques au sens étymologique (vie de la cité) du mot. Donc aux votes qui se préparent. La législative étant de ce point de vue extrêmement importante, car ce sont nos députés que nous pouvons contacter pour leur demander d’infléchir telle ou telle loi.

Réservez lors des 22 Avril, 6 Mai, 10 et 17 juin prochains les 15 minutes qui suffisent à vous exprimer. Et le vote par correspondance n’a jamais été aussi simple (ma femme a accouchée prématurément en cherchant à avoir une procuration il y a 15 ans, mais maintenant c’est bien plus facile). Bon vote 🙂

Logiciel Libre et présidentielle

2012/04/04


Candidats.fr

S’il est un domaine étrangement absent du débat public et des discours des présidentiables, c’est bien le domaine de l’informatique 😦 Et pourtant, c’est un domaine touchant de nombreux français, tant dans leur travail quotidien, de par l’utilisation toujours plus prégnante des technologies du numérique, que dans leurs activités privées (gestion de photos, de musiques, de films, d’associations, navigation Internet, courrier électronique, bureautique, gestion de comptes, …).

Et s’il est un domaine où des économies drastiques peuvent être effectuées, c’est bien celui du logiciel dans le secteur informatique. Bien sûr en tant qu’utilisateur de technologies libres, et de distributions Linux depuis 1993, je suis particulièrement conscient de ces aspects, et du reste, c’est un des facteurs, avec la maîtrise technologique, qui poussent les clients avec lesquels j’interagis pour HP à adopter de plus en plus massivement ces technologies (et de façon plus importante que ce que les chiffres ne montrent, en raison du mode de diffusion du logiciel libre).

De plus en plus de résultat montre également que le secteur public bénéficie fortement de son adoption: Notre gendarmerie nationale, comme la ville de Munich sont deux exemples chiffrés et parfaitement analysés.

Et cela n’est pas difficile, ni pour un politique, ni pour un citoyen de comprendre la raisonnement: la réduction des coûts importants sur les licences (réduits à 0), la mise en concurrence sur les aspects support et prestation intellectuelle (amenant un prix de marché raisonnable et une qualité obligatoire), la meilleure maîtrise de l’environnement informatique par les équipes en charge (ou en infogérance si préféré), la meilleure sécurité apportée par la transparence du code, l’interopératbilité par le respect des standards et normes, tout contribue naturellement à ce que tous les partis et citoyens analysant honnêtement la situation tirent la même conclusion: il faut adopter massivement ces technologies, pour améliorer tant notre indépendance nationale, produire localement en bénéficiant de la production des autres, créer des emplois à forte valeur ajoutée, réduire les bugdets de l’état comme celui des entreprises (même en comptant les investissement dûs à la formation complémentaire), remettre le facteur humain au coeur des choix et replacer les technologistes qui ont permis ces avancées à leur juste niveau dans les chaînes de décision.

Pourtant, personne n’en parle. Ou si peu. ni de l’importance des données et formats ouverts !

Avec le si faible nombre de réponses obtenues au texte de candidats.fr (et aucun des 6 candidats que les sondages annoncent comme majeurs), comment se déterminer ? J’engage donc les candidats à la présidentielle, mais aussi ceux pour les législatives qui suivront à faire non seulement part de leurs intentions dans l’adoption de standards ouverts et des logiciels libres, mais aussi à les promouvoir dans les discours, comme l’un des moyens de réduire la dette de notre pays, d’améliorer l’emploi ainsi que notre indépendance technologique.

En 2012, votez FLOSS !

Droit d’auteur, l’avis d’un auteur parmi d’autres

2012/03/26

Suite à la lecture de l’article de François Élie, Bernard Lang et Franck Macrez sur la gestion des droits d’auteur sur les oeuvres orphelines, j’ai décidé de signer la pétition contre la loi qui renforce une fois de plus le droit des éditeurs (et on des auteurs) au détriment du public, et même des auteurs.

En tant qu’auteur de logiciel libre, musicien amateur, auteur d’articles de blog ou quoi que ce soit d’autre issu de mon esprit et représentant ainsi ma propriété intellectuelle, je trouve navrant le tour que prennent les événements. Après tout, pourquoi les créations d’un auteur devraient-elles être protégées au delà de sa mort ? On peut comprendre que l’on souhaite léguer des biens matériels aux siens, pour les protéger en partie des aléas de la vie, mais il faut aussi les laisser l’affronter et créer leur propre sillon.

En cela, s’ils peuvent en partie souhaiter défendre le droit d’auteur de leurs ascendants, pour qu’il n’y soit pas fait outrage, je ne vois pas pour quelle raison ils devraient bénéficier des droits financiers s’y rattachant de façon aussi excessive. Les bénéfices de la réputation de l’auteur initial sont bien suffisants non ? Et s’ils veulent en tirer profit, ils ont eux-même à faire preuve de leur talent pour reprendre le flambeau et mener leur barque.

Qu’en tant qu’auteur, on me protège du plagiat honteux, oui. Mais pas du pastiche ou de l’hommage non ! (La 8è symphonie de Chostakovitch pour le premier ou Les variations de Rachmaninov sur un thème de Corelli pour le second sont un des multiples exemples que la musique nous donne en ces domaines). Et à sa mort, que ses oeuvres puissent éternellement (tant que l’on sera en mesure de les conserver du moins) bénéficier au plus grand nombre me semble logique. C’est le principe même d’artiste qui invite au partage de l’émotion artistique par le plus grand nombre.

De quoi vit un musicien classique de nos jours. Pas Jordi Savall, ou Maurizio Pollini. Le musicien de rang, celui qui joue dans un quatuor, un orchestre baroque. De ses activités de musique vivante: concerts, animations, enseignement. Le disque en général ne leur rapporte guère (si ce n’est au forfait), et seul une poignée pourrait imaginer en vivre. Du reste, le disque a été originellement conçu pour conserver une trace d’interprètes majeurs pour qui cela valait la peine de d’investir (genre Caruso ! pas la soupe actuellement mise en boite). Ceci est aussi une des raisons de la désaffection pour ce medium, les éditeurs ne jouant plus leur rôle de sélection, mais enregistrant non pour conserver mais pour faire de l’argent (il y a aussi des exceptions en classique, comme le label de Jordi Savall, Alia Vox, qui fait oeuvre de mémoire, ou nombre de petits labels courageux comme les Hyperion, Harmonia Mundi, Alpha, Zig Zag, … qui le font aussi).

Le fait que je ne souhaite pas interpréter de la musique contemporaine tient certes de mon goût pour la musique ancienne, mais aussi par la complexité légale mise en place pour protéger les éditeurs (et prétendument les auteurs) et qui aboutit à l’impossibilité pour les interprètes de jouer les oeuvres de leur temps (et pas qu’en raison de leur complexité, car il reste du répertoire accessible).

Il est temps que les auteurs, les interprètes fassent preuve, de par leur vote pour des gens qui ne soient pas tous avocats de formation (et ne veulent tout résoudre que par une nouvelle loi), de leur souci de léguer d’eux la même image de générosité dont ils témoignent dans leur jeu musical. Qu’ils se prononcent en majorité pour la mise dans le domaine public de leurs oeuvres après leur mort. Que l’on change ces lois iniques pour favoriser l’échange culturel, comme les auteurs de logiciels libres ont su le faire dans leur domaine, quitte à adopter de nouvelles licences de diffusion. Leur talent est aujourd’hui leur gagne pain.

Quant on voit comment les “ayant-droits” de Charles Trénet se battent pour son héritage, ils sont bien loin de la joie de vivre transmise par le fou chantant, mais très proches de sa chanson l’héritage infernal. Ah l’héritage des droits d’auteur, vaste fumisterie en fait !! Idem avec le changement des dates de péremption des droits d’auteur pour continuer à couvrir le Boléro de Ravel, vache à lait de la Sacem (souhaitons bon courage à l’anti-sacem au passage).

Souhaitons que dans tous les sujets abordés lors de ces campagnes présidentielle et législative, les points précedemment évoqués fassent l’objet d’un large débat et que d’autre vision de notre société puissent émerger pour le partage de la culture, comme pour celui de la connaissance.

First day at OWF 2011 – Afternoon

2011/10/03

After lunch, it was time to come back in the “Open Source for industrial users” track lead by Gaël Blondelle.

Increasing industries speed to innovate with FLOSS by Dominique Toupin, Ericsson

  • Dominique started by asking a question: Does speed really matter ?
  • He rapidly concluded that yes, of course. He gave some examples of projects initiated by Elon Musk, such as Zip2 sold to Compaq in 1999, Paypal. Or Tesla (Electricity car) and also SpaceX. All were very complex systems elaborated in a short time thanks to Open Source. Same is true for Google/Android.
  • You end up with better features by doing Open Innovation and teaming up experts from different companies.
  • This is also valid inside your company: whole greater than the sum of the parts. And you’re not locked in.
  • Only 15% of RFE are really implemented in commercial products. In FLOSS, when a feature is key, you can do it yourself or buy someoneelse’s time so that it is realized at 100%.
  • People tend to oppose FLOSS to commercial, make to buy. It’s not the case. FLOSS is commercially supported, so just take the best of both worlds to fullfill your need of speed.
  • Requiring tools across the whole chain (and expensive ones) slow down your service activity, whereas using FLOSS tools in development brings speed to the service part. And you gain time with existing knowledge from universities or company acquired.
  • FLOSS allows to dedicate the extra budget gained on licenses costs into the features you need.
  • E/// has an Open Source Core team.

A very pragmatic approch exposed by Dominique, showing clearly tradeoffs needed at industrial level.

Efficient and safe FLOSS strategy by Michel Ruffin, ALU (on behalf of Philippe Richard, VP of Corporate CTO)

  • Size matters: 79000 employees, 27900 patents, 27000 developers, 130 countries, numerous suppliers and outsourcing, multiple acquisitions per year (=> deal with legacy), life cycle from 1 to 20 years. Makes developing the Governance process “interesting”.
  • Trend towards becoming an integrator of FLOSS with more complex SW stacks, reducing however the development costs during time.
  • ALU’s strategy is going to FLOSS to remove supplier lock-in, much more than to reduce costs.
  • Between 20%-80% of FLOSS components in their products (40% in average). Importance to create internal communities to discuss FLOSS related topics. FLOSS adoption means innovation, speed, freedom, new business model (moving from a HW/SW supplier into a service supplier)
  • ALU is a contributor of FLOSS (even if not known). By paying providers (10+MUSD), providing patches/bug fixes to tools, Corba/Mico, Plan9. Also sponsoring OWF, FOSSBazaar, Systematic, OVA, Carrier Grade Linux (LF).
  • For ALU, it matters to respect the philosophy behind the words of the license and thus contribute.
  • Strong FLOSS Governance process started in 2002. Process evolving constantly (taking in account new techno/licenses/acquisition/…) 160 people trained 1 week to be FLOSS validators. 1000 people trained on a basic tutorial. 3500 FLOSS components in ALU DB. Clauses in supplier contracts (propagation to their own suppliers). ALU willing to share the governance process with other companies. ALU would like to standardize these clauses with the Compliance group of the LF.
  • R&D is declaring FLOSS usage. ALU is also automating the BoM by scanning code (BlackDuck/protex and FOSSology)
  • All this is available as much as possible on the Internet (However, I was not able to find easily the oprtal mentioned in Michel’s slides 😦)
  • On top of the process, you need to check that it’s applied (start with CxO, R&D – even if they think they know), Communication). Then improve the process, deal with exceptions, stay flexible, and stronger during time.
  • Resources to support the process needs to be allocated accordingly. Use tools to automate and to detect issues and inform executives.
  • Challenges around stuff like Maven, SPDX adoption, partnership with other companies …

ALU presented a strong Governance model, including now suppliers, and is willing to share best practices with others in order to improve the ecosystem. Network Equipment Providers are clearly taking seriously this area.

Business model of co-development on FLOSS by Denis Pillat, Service Delivery Manager for ALM at ST Microelectronics and Laurent Charles, Enalean

  • Custopmer (ST) funded the development and save on the maintenance by contributing to the product Tuleap (a FLOSS ALM).
  • Customers’ developments are also supported by the partner (Enalean).
  • Strong internal usage of the forge (120000/40000 users) so central, with requirements around robustness and availability (ran 24×7) and long life cycle, but with an improved TCO. If budget is cut, needs independance from provider.
  • ST is not an ISV, team role is to support deployment and integration in ST landscape.
  • Solution retained is a mix of in-house and outsourced solution.
  • Using and adapting a FLOSS costs as it requires backporting features each time with new versions, and ST is not scaled to cope with the rythm of a FLOSS project.
  • Code and features from ST are reviewed with Enalean so easy to integrate. The partnership is of good quality. And also good quality of contributions.
  • For ST, FLOSS increases motivation of contributors with their work recognized and exposition, and they work more on creative parts, and less on maintenance tasks.

I think the presentation would have been more effective if ST would have been the only speaker (or speak more). The track isn’t aimed at promoting companies, but really share return of experience around FLOSS adoption.

TopCased return of experience (http://www.topcased.org) by Pierre Gaufillet, Airbus

  • Pierre first presented some characteristics of an airplane development in size throughout the years:
    • 4 kB for Concorde
    • 4 M for the A320
    • 12M for the A330
    • 500MB for A380
    • Life cycle: 40 years – A300 family (started in 1972 and production stoped in 2007 and support till 2050 = 78 years). Tools need to be there for a very long time.
  • Code is increasing. Quality is mandatory
  • Historically, development of their own tools to check quality. Not their core business. Moved to a buy approch.
  • Internal tools transfered to editors, who tried to sell them on larger scale, which failed as too costly and too specific. Some examples:
    • For Autan (Airbus name) => Attol (Marben) => Attol (Attol-Testware) => RTRT (Rational) => RTRT (IBM)
    • For RTRT they succeeded, but Airbus has anyway problems with the life cycle of this tool.
    • Scade (Airbus + Schneider) => Verilog => CS => Telelogic => Esterel Tech.
    • Geode (Airbus) => Verilog => Telelogic even died !
  • no more control on these tools by Airbus anymore. Sometimes can’t even buy a license anymore.
  • Topcased started in 2004. Reduce dev costs using model based System Engineering.
  • Integrated universities and academic partners.
  • Topcased aims to produce tools for embedded domain on critical system, on the descending branch of the V life cycle.
  • Community around topcased includes Airbus, CS, CNES, Thalès, EADS, Atos, AdaCore, INSA, EnSEEIHT, Toulouse Univs, Inria, Irisa, Laas, Onera at start. Now additional new partners such as Turbomeca, Continental, Obeo, Carnegie Mellon, CEA
  • 2006: First FLOSS release. (One year to solve licensing aspects)
  • 2007: V1.0 and then one major version per year synchro with Eclipse. Minor every 2 months.
  • 45 subprojects from model editors to code plan generator, model simulator to property generator.
  • 2011 first TopCased conference (> 100 persons)
  • Allows competitors to work jointly on components.
  • 12 components are in use today (A350)
  • However, an organization is missing to improve quality and IP control, maturity assessment, VLTS build system, roadmaps. OPEES (ITEA project) aims at fixing that.

I really like this presentation (that I first heard partly during the Think Tank 2010). It clearly shows the huge problems that software development still needs to solve in order to support such life cycles. Raises questions such as how to motivate a community to maintain software for so long time, typically. Also how to preserve build environement, especially when the hardware is changing as rapidly as it is today.

It was then time for me to change session and move to the Governance track lead by Martin Michlmayr.

I contributed briefly to a join talk with Antelink.

Tools for developers to ensure legal integrity of their code by Freddy Munoz, Antelink and Bruno Cornec, HP.

Freddy explained in more details what Guillaume covered in his talk of the morning, and went through the details of Antelink Notifier, Reporter and Search. For myself I covered rapidly FOSSology, giving its main features and also the latests developments realized. Of course, as the project is hosted by the Linux Foundation, as long as they keep the systems away from Internet for forensic, it will be difficult to have access to the project 😦 But hopefully, it will be back soon.

Identify the obligations of FLOSS by Benjamin Jean

  • a License (or contract) is a tool made of rights and obligations, a scope and trigger
  • Writers can be foundations or Companies
  • Number of licenses increases (70 referencesd by OSI, >50 by FSF, 1000 by Black Duck, 400 FOSSology)
  • Benjamin gave some statistics:
    • For Black Duck 43% is GNU GPLv2, 11% is MIT, 7% is Artistic
    • For OpenLogic 32% is Apache, 21% is LGPLv2.1, 14.4% is GPLV2
  • We need clarification: a common nomenclature (detailed and scalable) & descriptive
  • International standardization body is a good way, but very expensive, and not driven
  • Benjamin proposes a first classification based on obligations (to give, to do, to not do.)
  • Rights are harmonized across definitions (some more rights depending on licenses or some missing)
  • The real differences are around trigger, scope and obligations. Benjamin then detailed those:
  • Obligations have no common definition whereas a standard would be useful for projects, industry
  • Scope can be very limited (permissive), limited (GPL/GPL sometimes, CeCILL-C, MPL), standard/legal (EPL, EUPL, OSL) or large (GPL, CeCILL)
  • Trigger: Distribution (GPL), Usage (RPL), External deployments (AGPL, EUPL, …)
  • License compatibility could also be classified between limited and extended. Cf also work done at the Inria, described on their Web site in the Innovation part, Free Software then the guide.
  • This classification can also easily be valid across countries and thus not being dependant of local legal rules.

Benjamin’s approach was extremely sharp and that session was really deserving belonging to the ‘Think’ part of the OWF ! This approach by obligations could really improve the situation of licenses compatibilities and help all the actors of our FLOSS ecosystem.

I had still a bit of time to discuss with him, Martin and Marc Picornell before leaving the event and benefot from the fact I was in Paris to attend a concert at the Chatelet Theater performed by the National Orchestra lead by D. Gatti. Ravel, Dukas, Debussy and Enesco made a radical change for the end of the day !

You can see some of the pictures took during OWF 2011 at https://picasaweb.google.com/112434061686721373729/OWF2011

First day at OWF 2011 – Morning

2011/09/30

As usual, this event started with a number of keynotes in the morning. Eric Besson was, I must say, boring, just reading a paper, visibly without any idea of what all that was about 😦 Too bad he is the ministery in charge. When will France really take seriously IT and FLOSS in IT in particular !! When everybody is talking about debt reduction, FLOSS is such an opbvious way to contribute, that I’m still puzzled no political voluntarism is in place.

On the contrary, the region and the city showed more willingness to promote FLOSS and to report around their practice. Jean-Paul Planchou, and more over Jean-Louis Missika clearly articulated why FLOSS is so beneficial to the public sector, and why using FLOSS and Open Data is a no-brainer for a public policy, and thus why they will increase its adoption in the future.

Louis Montagne and Jean-Pierre Laisné then opened officially the OWF 2011. We then had a short presentation from Systematic, and jumped to the adoption of Open Data in UK by Nigel Shadbolt, which mentioned clearly that even if a governement doesn’t know what to do of some public data, a lot of citizens do know ! And develop tools to analyze them. This is not just about IT, but really about citizenship and politics in the original sense of the greek work polis !

Werner Knoblich, VP EMEA of Red Hat, then presented the Cloud offering at Red Hat and how its products were to the cloud, what RHEL is to a Linux distribution, or what RHEV is to KVM+libvirt… Stéphane Fermigier interrupted him during his keynote to mention that the Red Hat offering was not Open Source because he had been unable to download the software. Werner insisted on the fact it was as Open Source as the rest of what Red Hat delivers (as soon as it can) and that both CloudForms and DeltaAPI as soon they’ll be out of beta will be available largely for download.

Was then time to chose a session, and I picked up the “Open Source for industrial users” lead by Gaël Blondelle as I tried to contribute to its setup, and I’m interested by the topic, and the fact that some Governances talks were planned during it.
Here are the notes taken during these talks, and some personal comments.

Proper Tooling critical for FLOSS by Philippe-Arnaud Harranger, Atos (http://www.drakkr.org)

  • FLOSS is attractive
  • Some risks involved (IP, disappearance of projects, security, licenses, …) and addressed by the Governance approach.
  • Need to audit. The key is a proper process. But without tools, they won’t be respected.
  • Mentioned various tools (Antelink, Blackduck, FOSSology, OpenLogic, Palamida, Protecode) – Indicated that most are commercial except FOSSology.
  • P.A.H. introduced Drakkr: methodology and tooling for the Governance, to address the various risks (IP, security, tracking). All this is FLOSS as well. It contains:
    • OpenSource Cartouche (alternative to SPDX). More easy to use, and more community oriented, rather than legal. License Cartouche. rights and obligations linked to FLOSS
    • QSOS is another part. Spider charts available to compare FLOSS components. Competitors openBRR, OSMM, Quallos seem at their end.
    • StratOS: maturity and Strategic analysis of a FLOSS. Based on QSOS.
    • eCos: financial indicators around FLOSS ROI, costs analysis, comparison with proprietay. Other tool is WIBE
    • Also mentioned NVD for security flaws analysis
  • P.A.H Insisted on the fact that tooling (whatever) has to be used to support the process and the governance.

I already mentioned Open Cartouche previously, and I find that whole work of creating a coherent tool set around FLOSS Governance interesting and promising. Probably needs more adoption outside of France.

How to help development team manage FOSS during the whole industrial process by Guillaume Rousseau, Antelink (http://www.antelink.com)

  • How to develop best tools for dev teams.
  • Antelink helps you keep control of your SW integration and supply chain. Spinoff of Inria. Inria a major customer (10000 users around the forge).
  • Guillaume mentioned the challenge of dealing with on-shore/off-shore dev teams, contractors and FLOSS.
  • Dev is generally made of internal code, 3rd party FLOSS & commercial and Outsourced dev.
  • Adressing licensing issues asap is key to reduce costs. So needs to be done at the software factory level.
  • Also management of updates and security is key as well (especially 3rd party components).
  • Dev team and lawyers should talk to each other. You have to provide the right tools for dev teams.
  • Antelink is Part of OW2 SQUAT (SW Quality Assurance and Trustworhtiness).
  • Part of the Linux Foundation Open Compliance program working on SPDX.
  • Provides a large FLOSS DB (~1M projects, yes 1.000.000, twice as much as BlackDuck !!). Around the database, they developed a tool suite: Antepedia Notifier, Search and Reporter.
    • Antepedia Notifier plugged around VCS to detect introduction of FLOSS components and act accordingly
    • Antepedia Reporter does on demand analysus and produces reports
    • Antepedia Search allows you to upload components and check their content.

Antelink is clearly to be followed closely, with regards to their ability to store the largest base of code and provide information out of it.

Good Governance drives Innovation by Andrew Aitken, Olliance Group (Blackduck) (http://www.blackducksoftware.com)

  • BlackDuck has 75% of the market.
  • FLOSS is ubiquitous (85% of enterprises uses it) => management complex.
  • Took Mobile market as an example of growth. Impact of Android (taking the lead in less than 2 years) also on competitors. Complexity of building a complete Smartphone.
  • It’s not easy to manage FLOSS. Need policy (succint, flexible), process and automation (management with spreadsheet doesn’t work anymore).
  • Process is: Acquire, Approve, Catalog, Validate and Monitor.
  • FLOSS ecosysem is too abundant, spread across multiple repos (own ecosystem), thousands of projects (own governance), however more demand for FLOSS developers time than what is available.
  • Transparency, collaboration, meritocracy and OSI licensing are the keys for communities to innovate.
  • Example of innovation:
    • Danish government with its portal.
    • AOL is revamping itself fully based on FLOSS.
    • US Veterans health system open sourced (5 BUSD allocated to it, they pay 0,5 BUSD just for support)
    • New areas: Open Source Ecology, Open Prothetics, Oilgae (algue eating oil), Open Cola, Tropical Disease

Even if Andrew (who is leading the Open Source Think Tank) has lots of connections in the FLSOS ecosystem, and generally interesting talks, this time I didn’t find the presentation much interesting. Too generic, not entering in any level of detail, probably too BlackDuck oriented (original speaker planned was Tim Yeates) and not speaking enough about FLOSS projects. A deception.

FLOSS licensing in the supply chain by Didier Patry, HP (http://opensource.hp.com)

As an introduction, Didier introduced himself as leading a worldwide team of 12 persons working in Legal at HP around FLOSS. Dider then covered the following topics:

  • At HP compliance is not an option, it’s mandatory. Working with the HP open Source Review Board (OSRB).
  • IP infringement (Contract break) can be in some countries a criminal offense.
  • We could break HP’s reputation if we are not compliant with FLOSS license.
  • We’re seeing new license models coming up, creating compatibility issues.
  • This is also impacting all the digital information world (data, knowledge, …)
  • All that will keep lawyers busy (good for him of course :-).
  • HP puts requirements on suppiers around FLOSS compliance (our telco provider e.g.) which may not completely control the production chain.
  • Risk is not too much with our employees (trained), but with acquisitions (Autonomy e.g. atm) and procurement and the supply chain (thus the requirements on suppliers). Hard to scan fully. So need other way to manage the situation. So HP created a risk rate and identified high risk activities. Didier gave some concrete examples:
  • Usage risks:
    • Internal use is low risk
    • OEM-in/out is high risk
    • Reselling high revenue/volume product is high risk
    • Redistribution via channel partners is medium risk (depends on partner education)
    • Incorporation of critical FLOSS elements into flagship product is high risk
    • Company with single product (WebOS e.g. for Palm) is critical for them so non-compliance is high risk
    • Distribution with no-access to elements afterwards (e.g. to Army/NATO) is high risk
  • Licenses non compliance risk:
    • BSD/MIT and Apache are low risk
    • GPLv2 and 3 is higher risk
    • MPL is also higher risk
    • New FLOSS license are more risky
    • Items without licenses are very risky
  • Suppliers compliance:
    • SW from FLOSS project is low risk
    • SW from entity with strong FLOSS culture is low risk
    • SW from entity with strong corporate partnership is low risk
    • SW from entity with new or weak culture is high risk
    • SW from entity with start-up is high risk
  • Didier from that creates a 3 axes matrix to evaluate the global risk. Example huge difference between internal use of a BSD component vs high volume mixed of licenses SW.
  • Risk mitigation. Legeal protection is:

    • Representation (termination of the contract): good but does not address reputational risk
    • Warranties (damages): better but insufficient to compensate for reputational risk
    • Commitments: best proactive measures:
      e.g. list of FLOSS components in each package. Or easier Identify fully FLOSS components, licenses. Or even more easier again create a critical (black) list of licenses for you or ask for scanning (FOSSology – probably not easy, problem of confidentiality) or ask for external scan report or SPDX certification in the future.
    • Creating local agreements with partners around Governance.

In my opinion (not neutral of course as I’m another HP employee), it was the most interesting talk of the morning. I never had met with Didier before, just had him on the phone, and I was very impressed by his clear and didactic presentation, with the large set of examples he was giving live, and even if I’m aware of it, by the quality of the FLOSS Governance model in place at HP. Definitely worth sharing, and I’m convinced lots of entities could benefit from our views more.

It was then time to take a lunch box and start the set of afternoon sessions !

Meeting during LinuxCon in Prague or OWF in Paris

2011/09/05

I’m happy to have been informed that my proposal of presentation around FOSSology for LinuxCon 2011 in Prague has been accepted (too bad the others on MondoRescue or Project-Builder.org weren’t. Hopefully a next time).

However, for Project-Builder.org you can attend the presentation during the upcoming Open World Forum in Paris and discuss with me about everything Open Source and Linux and HP !

So some way to meet across Europe soon with you 🙂