Koha and Why We Need Foundations
November 29, 2011 3:32 PM
by Simon Phipps
A debate is raging around the value of non-profit Foundations to open source. In the face of well-informed criticism by Mike Rogers of Apache's reluctance to embrace modern distributed source management for new projects such as CouchDB, PhoneGap and OpenOffice, some have attempted to treat the criticism of the rejection of Git (a leading, if for Britons unfortunately named, DSMS) as a rejection of the idea of the Foundation.
This is ridiculous. While the facility Rogers lauds, GitHub, does make distributed collaboration easy, the social trust demonstrated by any successful open source community goes far beyond version control and the freedom to fork. The use of a Foundation as a legal structure to sustain and protect the mutual trust of a group of open source developers is both proven and of growing importance as corporations embrace open source ideals increasingly by default.
While there's no single recipe, creating a Foundation crystallises the mutual agreement of the founding developers and provides both a legal and a cultural bulwark against abuse. This seems so obvious that pretending criticism of technical conservatism is actually criticism of the idea of a Foundation seems absurd, especially when a corporate-focussed Foundation like Eclipse has safely made the Git transition.
Foundations are very valuable to open source communities, and the time to form them is when everyone agrees, not later when trust has been eroded by time and the profit motive. This is in the process of being tragically illustrated by the story of the Koha community.
Learning from Koha
My attention was drawn to an appeal by the founders of the Koha community to raise the funds needed to lodge a complaint in New Zealand, the project's original home, against an attempt by an American corporation to register their name as a trademark. The word "koha" is a Māori word describing a gift culture, and the project was a good fit for the name when it was created. Instead of just spending money on themselves, Horowhenua Library Trust decided they would commission a local developer to create a library management system that met their needs, and then make it open source so that every other library in the world could benefit from it.
The culture of the Māori term koha involves willing mutuality, and the global library community embraced Koha and made it grow to significant richness. When the time came, the original developers were delighted to join a US company that was keen to invest in - and profit from - Koha. Everything was good until the point when that company decided that, to maximise their profit, they needed to exert more control over the activities of the community.
They limited participation in the Koha site (originally hosted at koha.org) and in response the community created a fork of the code and moved to a new domain, koha-community.org. For more of the story, I recommend the detailed account at LWN and Glyn Moody's update. Today, the original developer wishes he had never agreed to move to the American company, and the library that originally started the work is appealing for funds to defend the community's trademark.
How could this have been avoided? The Koha community could have formed or joined a Foundation in the early days of the project when trust was strong. By formalising the governance of the community (preferably avoiding copyright concentration), and having the Foundation register the trademarks the community was using to identify itself, the early trust could have been channelled into a long-term basis for trust and collaboration.
The general lesson is clear. Just because GitHub provides an easy way for a group of developers to engage in distributed collaboration, that doesn't mean the social dynamics of communities have been superseded. Indeed, if you have aggressive corporations in your future you may well need a structure as well defined as Apache regardless of technical considerations. Whatever way you do it (maybe by vesting the trademarks in SPI or SFC - no need for heavyweight bureacracy), the time to secure your community in a non-profit foundation is when you don't have a problem, right at the beginning. Waiting until you do may prove harmful.
Update: Plenty of reaction, I've followed up on my personal blog