Some recent announcements and trends have caused the topic of responsible openness to surface in my mind. Namely,
- The proposal posited by Lawrence Fahn of the corporate accountability group, As You Sow, which suggested that an Open Source Social Responsibility Report be made to shareholders by April 2008 "that discusses the social and environmental impacts of Oracle’s existing and potential open source policies and practices.”
- The approval of two Microsoft open source licenses by the OSI.
- A noticeable accretion of formerly proprietary software outfits releasing products as open source, some of which have yet to fully walk the walk.
In the past I've defended the flexibility of use and definition for the term 'open source.' My perspective is that use of the term shouldn't be so heavily determined on the licensing/legal terms approved or disapproved by the OSI. Outside the realms of legality, it is highly unlikely that disputes surrounding word and terminology application will result in anything more than a series of factional debates. Determination of valid open source is best found in the continuous examination of demonstrated action over a period of time, not in a pre-packaged set of licenses.
On the other hand, there is a definite need for strong boundaries that prevent misuse of open source as a marketing buzzword. In other words, a healthy balance that doesn't restrict the evolution of open source as a model and definition yet prevents the term from falling into disrepair. So my question is: why doesn't an independent body dedicated to the health of open source, like OSI, step in and establish a reporting framework for open source responsibility? The framework wouldn't have to be nearly as comprehensive as something like this, but would provide guidelines for demonstrating a commitment to the core principles of open source. During a conversation with a previous business partner of mine, he mentioned that this type of reporting should be done independent of an open source communities, similar to an audit. I don't agree and instead picture open source communities coming forward of their own accord. If only because audits conjure the IRS...enough said.
The immediate contention might be, who would take the time to demonstrate and/or care about a commitment to open source? Yet as an expanding array of open source is made available in assorted shapes and sizes, the question of how open becomes even more relevant, especially as more commercially backed communities emerge. It might become more realistic for vendors who actually are structurally committed to the open source model to find a slither of time to participate in a compact form of reporting that corroborates this fact. It's hard to look at the swelling ranks of larger, established vendors, that are swallowing open source pure-plays, and not reason that there isn't any interest in demonstrating open source responsibility, not only as a top-down initiative but also as an externally facing corporate relations task.
And I don't mean to single OSI out as a responsible party for initiating these activities, but it's hard to imagine an organization better suited for such a task, in both name and mission. It really is hard to argue against optional structures that promote responsibility of any type. Even if the option of engaging in structured reporting doesn't guarantee anything at all, it does provide a little more insight into what committed open source really is. Maybe I'm off the mark with this one, so it would be nice to hear what others have to say about the subject.