Truly Open Code Brings Best Software

Opinion: Open-source software development may not be easy, and no one likes to air their dirty laundry, but in the end, it's the smartest way to make software.

Almost everyone outside of Microsoft country is using open source in their development, but that doesnt mean it comes easy.

Weve seen proof positive of that this week. First, my friendly fellow reporter Stephen Shankland reported that Red Hat has decided to revitalize its free, community Linux, Fedora, by—drum roll please—opening up the project.

Whats that you say? Isnt the code already open? Well, yes, it is, but Red Hat manages the project, and its never put enough resources into it. The result was that non-Red Hat open-source developers were discouraged and contributed relatively little to it.

It sounds like Red Hat has learned the error of its ways.

To make Fedora more open-source friendly, Red Hat will be opening up the Fedora source code CVS (Concurrent Version System) so that programmers can see whats in the code before its released. Eventually, theyll be able to approve at least some CVS code submissions.

In addition, Red Hat will turn over maintenance of some software packages that arent part of the Fedora Core operating system to non-Red Hat developers in a program called Fedora Extras. This is not related to the University of Hawaiis Web site, Fedora Extras, which supports Fedora.

How is Red Hat going to do all of this? All will be revealed, or at least discussed, at FUDCon1 (Fedora User and Developer Conference) on Feb. 18 at MIT.

Despite the tongue-in-cheek name, this show—which starts immediately after LinuxWorld Boston—is a gathering of Red Hats best and outside Fedoras developers to hash out Fedoras roadmap going forward.

Meanwhile, Linus Torvalds has his own open-source ax to grind. In the Linux Kernel Mailing List, the core online mailing list for Linux development, theres been a discussion on how to handle kernel security issues management.

Torvalds said he would be "very happy with a private list in the sense that people wouldnt feel pressured to fix it that day, and I think it makes sense to have some policy where we dont necessarily make them public immediately in order to give people the time to discuss them."

That said, Torvalds continued, "It should be very clear that no entity—neither the reporter nor any particular vendor/developer—can require silence, or ask for anything more than lets find the right solution. A purely technical delay, in other words, with no politics or other issues involved."

Thats because from where Torvalds sits, "Otherwise it just becomes politics: You end up having security firms that want a certain date because they want a PR blitz, and you end up having vendors who want a certain date because they have release issues."

"Kernel bugs should be fixed as soon as humanly possible, and any delay is basically just about making excuses," he said. "And that means that as many people as possible should know about the problem as early as possible, because any closed list—or even just anybody sending a message to me personally—just increases the risk of the thing getting lost and delayed for the wrong reasons."

Therefore, when it comes to discussing security problems, "Id not personally mind some totally open list. No embargo at all, no limits on who reads it. The more, the merrier."

Whats the connection between Red Hats Fedora plans and Torvalds position on kernel security? Its simple: Both are based on the belief that the open-source way—where all of the code, where all of the problems, are out for discussion, repair and advancement—is the right way.

This doesnt come easy. Even open-source vendors dont want their dirty-laundry code revealed to the world. What Red Hat has learned, what Torvalds is saying, and what I believe is that as painful as it may be, being truly open with your code is the right way—the best way—to create the best possible software.

After all, consider the proof: Linux itself, Firefox, Apache, MySQL, the list goes on and on. Open source works; its as simple as that. We just need to trust this development method even more than we already do. Senior Editor Steven J. Vaughan-Nichols has been using and writing about operating systems since the late 80s and thinks he may just have learned something about them along the way.


Check out eWEEK.coms for the latest open-source news, reviews and analysis.