Practical reality and challenges of offshoring open source development
Leveraging Open Source tools, framework and even code by developers in large (read traditional) IT shops is becoming increasingly prevalent. Which means, offshore teams that work with such IT shops are increasingly utilizing the ‘power of many’ and contributing back. I had briefly blogged on the convergence of Offshoring and Open source a while ago but hadn’t touched on a practical dimension that I came across recently.
Most IT teams that leverage open source tools, frameworks and solutions expect their team members to actively participate in the forums, and in case of teams that include service providers, say Infosys, expect them to also leverage and contribute to the open source community.
A member of my team was googling for some information when he came across a conversation in an online forum initiated by one of our employees posted using his id XYZ@infosys.com Now, there is nothing wrong in using your real moniker to post your viewpoints or seek information on the web (though the flip side is that spammers trawling the web are going to add your mail-id to their list). However, such participation in open forums, say contributing to a discussion in the spirit of Open Source poses a unique challenge: Queries to open source forums need context, and in some case code references to be posted.
A query seeking inputs from others in the open source may need context of what one was trying to do (when the problem occurred). In some cases, the posting may require addition of the exception stack trace, error codes etc. that would help the reader to understand the problem and context. Though best practices around these scenarios for participating in Open Source forums continue to emerge, here are a few rule-of-thumb that my teams are using:
- Teams need to be sensitized on their responsibilities while participating in open source forums.
- Do not post any customer specific information (data, or proprietary code)
- Code snippets when required to be posted can, and should be masked
- When in doubt, seek inputs from legal teams of your employer and that of the client.
Note that these are merely stopgap inputs to protect client information with their consent. Our teams are increasingly taking a top-down approach by revisiting the Master Service Agreement (MSA) and chalking out of code of conduct for specific engagements and projects. And this is certainly not the last word on the topic....
Comments
Mohan your point on sensitization is perfectly valid, but I don't think it applies to only open soruce. There are enough forums on non-open-source development as well and the same issue is valid there as well. Many times we need to post demo code to allow others on the forum to be able to reproduce the issue and provide help and care needs to be taken to ensure appropriate IP protection
Posted by: Atul Gupta | April 11, 2008 9:52 AM
Atul,
The theme is certainly about protecting the client's and service firm's IP while participating in open forums; and you are right, not just to Open Source. Discussions in other forums, including vendor forums carry a similar responsibility.
This said, there are a few additional risks/challenges with posting code on open source forums that developers need to be aware of: your code ‘demo’ posted in such forums could eventually find its way into the open source code, unless you take conscious steps to preclude its use. [perhaps a topic for another blog entry]
Posted by: Mohan | April 11, 2008 12:42 PM
Thanks for the interesting article about the Open Source industry.
Currently I am writing my bachelor thesis about this topic and can share the experience and outlines of the information outlined above.
Posted by: Henrik | April 15, 2008 10:55 AM