Prakash’s Blog

Very good post on selecting a open source product/project for your Enterprise
here is extract from the posting at Open-source software policy

# one man projects and deadware must be avoided, there must be serious signs of project activity

# support of a well-known consortium like Apache or Eclipse is a must, SourceForge might indicate some project activity but does not give you any assurance about the project future

# always download and keep the sources too, if the original project goes off, then at least you can modify the sources yourself. You might also discover that some open-source projects are not that open-source…

The second problem is related to governance, developers have internet access and can download open-source software at will. There are risks in doing so in an uncontrolled way.
# Legal risks, what if you are a software vendor and one of your developers has been integrating a GPL licensed software component in the application you are selling? Might be also that developers have been using components with an evaluation license, anyone using Sun JAXB 1.x here? Developers are not lawyers!

# Compatibility risks, lots of open-source components have dependencies on other open-source components. Using in the same application several components like this might lead to a spaghetti of dependencies and seriously limit the ability to upgrade one of those. Hopefully, you will discover this at build time and not runtime. Avoid open-source components with lots of mandatory dependencies.

The advice I can give here is to define an Enterprise wide open-source policy and an open-source acceptance process. Controlling the use of open-source software is key. Read more and read my comments on the post.

Share This