Minutes and Recording from the Community Call on OMB Open Source Policy - March 24, 2016
Overall Impression of the OMB OS policy
Dr. David Wheeler, IDA - Key take away: it is not open source software (OSS) release by default; rather, the policy specifies an arbitrary minimum requirement of OSS release of 20 percent. For those that believe OSS release should be “by default”, please speak up. Also, instead of fighting against the 20% number, we should focus on a measure that makes sense. David suggested using dollar amount instead of lines of code as the basis for the measure.
Policy gaps –
- In addition to providing guidance, it would be helpful to have a point of contact.
- Timeline for OSS release is not specified; some mechanism for enforcement is needed.
- Include information on where the OSS came from.
Guy Esten, Apex Data Solutions - Key players in VA involved in OS do not understand the nature of OS - issues of IP, copyrights, and OS licensing. FOIA releasing is about releasing of information and not software product. Even though release by default is preferred; having seen how difficult it’s to release software at VA, government needs to be invested in it or else it would just be lip service.
Acquisition and FAR
David Wheeler - Does not see a conflict with the FAR; in particular, in the default FAR, government has unlimited right to OSS release subject to IP such a patents, etc. However, change in the contract can create conflict when contracting officer gives up rights the OSS release while receiving minimum gain from the contractor. In long term FAR may need be changed, but not for now given that it takes years to change FAR.
IP and Licensing
Don Hewitt, OSEHRA – is the OSS release public domain or open source licensing? Also the issue of attribution/copyrights when using open source licensing? The policy seemed to be fuzzy with the way the licensing ought to work. David Wheeler agrees and suggests that the response should provide some clear language on IP and licensing
Mike Milinkovich, OSI – The draft policy at least references OSS as defined by OSI (https://opensource.org/osd) - in that OSS is distributed under a license that comply with that definition. Mike suggests, as with David, that we should help them get it a better understanding of OSS. If government was to recommend open source licenses, they should generally tend towards the permissive ones such as Apache 2, BSD, etc.
Effective Code Release
Guy Esten – FOIA code release is not effective. With redaction, it is no longer working code.
Julie Harvey, VA – For effective OSS release, the development team has to understand that the code needs to be adaptable for localization to other implementations. In order to minimizes impact of redacting security parameters and proprietary components, VA is working on a new design standard that are more modular and table driven so that redacted components can be replaced in kind by the OS community. This will require that the VA development community make this a priority and change the culture. These changes have yet to happened at VA. Guy Esten reemphasize that we need pathways and resources within the government to make this happen, not just a OSS release policy.
Community for Sustainment
Mike Milinkovich - Government will discover that code release is necessary but not sufficient, then they will wake up to the fact that the community aspects are very important. Though it is likely that they will need to learn by failure and not by taking guidance. David believe the response should provide a couple sentence on the need for a community to sustain the OSS.
Open Source Policy Training Workshop (Last week of July)
(Julie Harvey – VA will welcome the workshop. David believes the workshop would be effective and suggested sessions to go over example draft agency-wide policy.
Seong Ki Mun – The workshop will begin with understanding the basics of OS, and then a Federal panel from DoD, VA, DHS, NASA, DOE, and others to speak on their experiences with the OS, and finally, afternoon sessions on OS policy and guideline best practices that offer templates and information for use in the development of agency-wide policy.
Future Calls (1 PM EDT, Thursday)
• Thursday 31 March
• Thursday 7 April – Last Call
• Monday 11 April – Due Date for Comments
Webex url: https://osehra.webex.com/osehra/onstage/g.php?MTID=e421d9648ed46cb9ffc2c3cd29f103a6f
1-650-479-3207, Access code: 666 433 175