[Fsfe-uk] Questions about open-source from e-govt blog

[James Heald]

I was browsing through the blog of Alan Mather, who is the chief executive
of e-delivery at the voice of the e-envoy, and came across this posting from
30 Oct 2002.

I don't know whether he ever got any answers to his questions, but anyone
care to comment on them?



http://www.diverdiver.com/2002_10_30_diverdiver_archive.html#85620983

Open e-government Sauce?

John Gotze's been getting excited about open source opportunities in recent
posts, driven by the usual suspects promoting laws to prevent it being given
preference over proprietary solutions and a couple of conferences here and
there (the latter 'there' being a Danish 'there'). I've been reading all the
stuff for a while now, partly driven by pointed comments from John Lettice,
partly by our own open source policy and partly by excitement such as
John's. I guess I'm struggling a little over some points and, in trying to
get clarity over these points, all I get is the usual positional arguments.
This (the e-government agenda) is not a religion for me - but it is a
passion.

So, a few points, questions or issues:

Let's say I get some software that's open source - maybe JBOSS (an app
server that competes with weblogic amongst other things). Being government
there are bound to be some things we'll want it to do that it doesn't do
today - perhaps give it better clustering support, enhanced performance,
stronger security features or more advanced administration tools (all
problems with the present version from what I can see). It may not be in my
best interests, as government, to put the code that I've modified back into
the public domain, especially not in the security features. If I do, then
people know (far, far better than they know today) what we're doing and can
look for ways to exploit it. If I don't, then next time there's an upgrade
(based on work of all the people who do put their work back, I've got to do
lots of integration testing, regression testing and so on. So ... do I put
the enhancements in the public domain or not?

Let's then say that using the software I create a product - like a DIS box
that connects departments (and local authorities etc.) to the Gateway. The
software that I develop will need to be installed around dozens or even
hundreds of departments. Now, I don't do that ... commercial organisations
do that and they handle the integration and whatnot too. But how do they do
that if I've built the open source version of a DIS? Do I just give it to
them, can I sell it to them to recoup the costs that I have incurred in
putting the thing together in the first place? What about if it's not me
that puts the DIS together, but a commercial organisation ... how do they
recover their costs? They can't just sell the hardware ... and if they sell
a support agreement, then isn't it going to cost about the same as the
software licence in the first place (on the basis that it must recover
costs)?

Something else that is puzzling me is all of the talk about open source and
not much sight of it actually happening. I hear a lot about people not
wanting to go public because they worry that it will send a signal to
someone or other and that it might be misinterpreted. This strikes me as
crap, but there are not major stories every day on new adoptions of open
source. Or are there and I'm just missing them? I mean the German government
announced not long ago that they were going to pretty much mandate it; IBM
is putting at least a billion dollars into open source developments .... but
what's being done? And I mean on a scale, commercial, fully performant basis
here. I know that this site runs on linux - and that's a part of open source
but I don't think it's the big part. For me it's the packages and
integration of systems that are going to be important - how do you take
JBOSS and some open source content system and an open source caching
software and piece them all together to deliver a fully functional portal
with no commercial software in it? When it's built, how do you keep it
current, add functions and capability, block security holes, deliver
scheduled releases with fully tested feature sets and so on. Is it just too
early in the programme to expect this?

I don't want to be flamed here - I want to know how to get round (or over)
what appear to be the early obstacles in the roll-out and scale deployment
of open source software.