In a twitter exchange about ethical licenses, my friend Stephen O'Grady said something that I thought was sharp:
the energy cost is only part of the issue. maybe it's significant over the long term, maybe not.
the collateral damage of the process to individuals and institutions with no other goal than protecting open source, however, is material IMO.
— steve o'grady (@sogrady) February 19, 2020
It's also very timely, given the upcoming Open Source Initiative (OSI) board of directors elections. Unsurprisingly, with all the various activity in open source licensing in the past 12-18 months, the OSI board has never seen more candidates, and with a greater range of interests and goals. They could take the organization in a variety of different directions, so figuring out how to vote is not going to be easy for anyone.
Inspired in large part by a variety of conversations at FOSDEM, as well as my experience as a one-term OSI board member and longtime OSI volunteer, I'm going to lay out the questions I've asked OSI board candidates, and the reasoning behind those questions.
The core challenge: The organization is facing a rapidly changing environment with a variety of tough constraints, including being very central to how the industry operates. To be successful, new board members will have to both grapple with current realities and offer a vision for a rapidly changing future—one or the other likely won't be enough.
A definitional note: There's a lot of conflict right now over what "open source" is.
Lots of folks, for perfectly good reasons, insist on an OSI- and license-centric definition of the term: "Open source software is made by many people and distributed under an (Open Source Definition)-compliant license." The broader culture (say, Merriam-Webster or Wikipedia, or many developers in the "GitHub generation") tends to define open source more broadly, usually with a primary focus on collaboration and no reference to the OSI's Open Source Definition. To avoid confusion in this essay, I'll try to use "open source" when I mean OSI's precise definition, and "open collaboration" or "open software collaboration" when I mean the less precise but much broader definition grounded in collaborative, online development of software (which usually implies, but does not specify, having few or no barriers to modification, use, and redistribution).
The current state of OSI
When looking at the future of OSI, two main things are critical, but perhaps not obvious, to know about the present state of the organization.
What is OSI for?
At FOSDEM, there were a lot of interesting conversations about what OSI could do. But once you started asking "why," many of the conversations kept getting hung up on the core question of what OSI is for. In short, there are a lot of different answers to this question.
For some people, OSI is for "guaranteeing software freedom," however, that is defined; for others, OSI is for creating a predictable environment for developers and their employers. For some, OSI is primarily about defending the Open Source Definition; for others, that goal is just one of many things the organization should do. And there are many other purposes; these are only a few! There are tensions among these, but also many ways in which they are compatible and overlapping, which is how the org has gotten as far as it has without always having clearly stated goals.
There's also the interesting tension between what OSI thinks it should do, and what others think it should do. You can think of the OSI as analogous to the EU: it promoted stability, reduced friction, built a huge market, and stopped open warfare. OSI's biggest beneficiaries really like that stability, but many of the people who want to get actively involved in OSI's day-to-day work really do mean actively involved, which implies some changes that might rock the boat. After all, few people want to take on a largely thankless goal like maintaining the status quo.
And finally, there's the challenge of the ever-increasing gap between the tens of millions who use the term "open source" interchangeably with "open software collaboration" and the much smaller number who, when they say open source, explicitly know about and reference the OSI Open Source Definition.
How does OSI do what it does?
OSI is currently a fairly shoestring organization, despite having been a key stabilizer for the software commons that is the basis of literally trillions of dollars of market value. To continue the EU analogy, it's like the organization brought continental peace and prosperity, but then no member states paid taxes.
Because of this, OSI has only one employee, and most of the org's day-to-day work is still done by volunteer board members. As any non-profit expert will tell you, this is not a happy combination. In this situation, board members usually find it challenging to create a long-term vision because they're too focused on nuts-and-bolts, but also find it hard to execute on any long-term plans because of board member turnover.
None of that is the fault of the people involved—they're all making the best of a difficult situation. But in this situation, even a non-profit executing on a very clear vision and strategy would have a hard time.
So what should we know about candidates?
On the OSI wiki, I have asked candidates a few pointed questions, listed below. I should stress that I think there are many ways to answer these questions in good faith, and I genuinely don't mean any of them as "gotchas" with only one right answer. I've tried to write them, instead, to illuminate, not just for candidates but for voters as well.
- If OSI could do only one thing, what would it be? Realistically, OSI and candidates only have the bandwidth for a handful of things; understanding the candidate's absolute #1 priority tells a lot about where that person will focus their energy. A legitimate answer might be "building organizational capacity to do more than one thing!" But if so, it means focusing on that in the short-term to the exclusion of many other things.
- Should OSI move towards a board that advises more and does less on a day-to-day basis? If so, what will you do to help bring about that change? If not, why not? I tend to think that OSI needs more resources, and should have a plan to acquire and deploy those resources. However, there are also legitimate good-faith arguments for an organization that is very cautious, limited, and driven by day-to-day board involvement, so I'm open to being persuaded by a thoughtful candidate on that point.
- If OSI has to choose between being an agent of change and a stabilizing force, which should it prefer? Much of the tension between license innovation of all stripes (not just ethical source, but also data/SaaS licensing) and OSI is a philosophical question about change and stability. I'd like to see candidates explain where they'll end up when push comes to shove (as it definitely will for candidates in this turbulent period).
- What should OSI do about the tens of millions of people who regularly collaborate to build software online (often calling that activity, colloquially, open source) but have literally no idea what OSI is or what it does? A strong candidate should be able to grapple with the reality that most open collaborative developers don't know or don't care about OSI. That said, there is a wide variety of potential answers—for example, one could say "our audience is the key decision-makers in the software industry, not the broader public, so OSI should speak to those decision-makers by doing…," or "we absolutely need to speak to that broader public again, so we should…," or many things in between (like the current affiliates program, which is limited but definitely still one of the best things the organization has done in the past decade).
- You have 24 hours in the day and are talented enough to do many different things. Why do you want to give some of those hours to OSI? Frankly, while perusing biographies, at least some of the candidates seem like they would be both happier and most impactful focusing on their main project (and I've told at least one of them that directly). We should hear why they think this is a good use of their time. A weak answer may suggest their interest will fade, a real problem for a board that has had a good number of resignations over the past several years. Or they may be a single-issue board member who pitches in less on other topics—not ideal for an organization that still relies on board members to do a lot of the day-to-day.
- If an Ethical Software Initiative sprung up tomorrow, what should OSI's relationship to it be? In a world with zillions of open and open-adjacent groups, how OSI manages relationships with them (Low priority? High priority? Hostile? Collaborative?) is likely to be a critical indicator of the OSI's overall success. Given the particular timeliness of the ethical license question, and how fraught it is, I'm asking about this through the ethical lens, but one could easily reframe it to focus on other organizations like the Free Software Foundation or Linux Foundation.
Where do I stand?
As I've mentioned in blog posts and some recent talks, I think the enormous success of open collaboration is the most critical challenge and opportunity right now. When we have 100 million open collaborative developers, which we likely will within the next couple of years, we'll need very different social and legal tools than when we had 10,000 developers, all of whom were one or two degrees of separation from someone who was in the room when the phrase open source was coined.
This growth means a vast diversity of problems to be solved, and a vast diversity of experiences and motivations brought to bear on those problems. It also means that, whether or not the OSI likes it, there is going to be lots of experimentation within open software collaboration, with varying relationships to formal OSI-defined open source. These experiments will take a lot of different forms: among others, pushing the bounds of existing licenses, using non-licensing forms of coordination like codes of conduct, and merely relying on norms baked into collaboration tools like GitHub. Some of this experimentation will be serious and thoughtful, some of it less so. How the OSI responds and leads will be critical to defining the organization's success in the next decade.
At the same time as it faces this challenge, the OSI has played an important role over the last 15 years in creating a stable, broad commons of programming resources—the biggest pool of shared, no-cost human infrastructure that has ever existed. One can quibble around the edges of this, and I certainly have, but I think overall, it isn't too much to say that the existence and relative predictability/stability of this commons has been a significant net plus for all of humanity. And, as I think Stephen was hinting at in the tweet I opened this piece with, it's entirely possible that a distracted or unfocused OSI could accidentally (or intentionally) weaken this commons.
If you take these two dynamics—growth and stability—as a given, as I do, then I see the OSI's primary challenge as being how to respect, safeguard, and grow the existing open source commons while also reacting appropriately and constructively to these new open collaboration innovations. There is also an important secondary challenge: How will it do these things within the very real organizational constraints it currently faces?
As a concrete example: Lots of folks in the open source space have expressed concerns about the enforceability of 'ethical' licenses. OSI can choose from many possible responses to this, based on a combination of the organization's goals, its role within the industry, and the resources it has to implement those responses. I want to vote for candidates who indicate that they've thought all these factors through, not just one aspect of it.
Where to go next
As I've said, I have posted these questions to all the board candidates, and will urge affiliates to think about them as well. Hopefully, it helps voters make choices in what certainly proves to be a very wide-ranging election.