Does Open Source Need Quality Standards?

underpar writes "This Techworld.com article reports that a UK group called the Open Source Consortium is being officially launched today. The article further states that the goal of the group is to respond to claims that switching to open source is more expensive than using Microsoft products and to help smaller companies compete with Sun and IBM for open source contracts. They say they will not compete with other open source groups and they intend to eventually come to the US. The hype-filled about us section of their site says their Quality Standard Certification provides a "simple framework for self-assessment and performance improvement." The question of whether this is useful or even wanted in the US still remains to be answered."

I think they do...

[akaina]

... and rumor has it they're experimenting with this quality assurance idea called 'pier review'

Be Careful

[omghi2u]

Be careful what you wish for.

Something "free" or "cheap" might be so for a reason.

I still say best open source is that tied to proprietary hardware then you really cash in.

As for la-dee-dah software, operating systems, etc, I stay away from those.

Questionable quality.

[RealAlaskan]

From TFA:

Our quality standard certification is an ideal route for Open Source Consultancies who wish to be recognised for taking the first steps to implementing a formal quality management system. The OSC Business Standard makes an ideal first step on the road to ISO 9001 or the Excellence Model.

So, this is for consultancies, not software.

More to the point, isn't ISO 9001 one of those standards where you prove your ``quality'' by committing to following a process, and documenting that you do indeed follow that process? The inevitable result is that you can commit to shooting your customer in the foot, and document that you have done so, and earn the highest ``quality'' rating for it. That sort of ``quality'' isn't very reassuring.

Not a problem...

[danielrm26]

Certifications like this are often welcome in corporate environments where names and packaging often matter as much or more than the product.

Even if OSS is better in a lot of cases, many managers can't politically afford to introduce it because of the climate that exists in the still largely Windows-controlled world.

Any sort of ... anything that lends credibility to OSS is, in my book, a good thing. So if this takes off and acts as some sort of benchmark for quality that people can rely on, I say more power to them.

Re:Dumb overgeneralization

[Anonymous Coward]

Another dumb overgenralization is that this organization think that their " Quality Standard Certification" is appropriate for a wide range of products.

Linux in medical devices should have follow FDA standards

Linux in automotive systems shouldd follow DOT standards.

Linux in voting machines should follow Diebold/MS-Access quality standards..

(sorry for the US-centric examples - for your own country pick your favorite certification organizations)

In other news...

[kevin_conaway]

Scientists wonder:

Do bears shit in the woods?

Is the pope Catholic?

Does Open Source Need Quality Standards?

[Ed Almos]

YES !!!

And it needs to stick to them. Microsoft may produce buggy insecure code but I'm fed up of finding bugs in Open Source software and being told 'what do you expect, it's free'.

Ed Almos
Budapest, Hungary

Re:McHammer: Too Open To Standardize

[MoonFog]

Nothing will stop them. If US companies want to listen to the US Open Source Consortium as you name it, then they will. If European companies want to listen more to another OSC, then they are free to to do so. Is this necessarily a bad thing? As long as there is some kind of control and legitimacy over these consortiums, this can be good. Establishing 15 different consortiums within one country just because some developers disagree would probably be overkill though.

Linux _IS_ quality

[PhYrE2k2]

Linux is quality. By having publicly available code, we can all make sure it's up to our standards. If it's not, then you are welcome to (a) not use it, or (b) fix it. So why the concern? Contribute to the community and all is well. There's no barrier to helping (such as improving a country). But seriously, Linux has proven itself worthy of being quite stable and for the most part secure (problems are bound to happen in such a large block of code, but responsible repair is key). Same with the core applications within it. The UNIX model is tried tested and true over and over again. It's still used so commonly BECAUSE it just makes sense... Try that in a windows world (click here, then here, then here... no wait- we moved that feature elsewhere in the latest 'security patch'). -M

standards

[eille-la]

F/OSS needs more unified standards first! (like for packages).

nit-picking

[Errtu76]

While i could care less about w3c compliant, *if* you decide to put up a link to w3c, checking valid xml stuff, make sure it's actually valid ;)

The Community chooses.

[Nijika]

Ugh, sorry for the marketing like speak, but I feel like the quality standards in OSS are dictated in an "organic" way. Where the best software bubbles to the top, and the quality is assured by continued participation in quality software. Look at Apache. Look at the Linux and BSD kernels. KDE, anything. All of them have organic style quality controls where the community dictates just what is quality.

I can imagine an organized group like this, though, would be excellent at answering issues like corporate generated FUD in an organized and coherent way. That's our big problem, we lack representation (not counting eccentric geniuses with big ZZ top beards).

And a redundant idea to boot

[passthecrackpipe]

Not only an overgenralisation, it is a redundant idea to boot. OSDL already provides a lot of the stuff they publicly talk about - code quality etc. The real purpose of the organisation comes to light when you read deeper into the site.

You need to be skilled in their "consulting framework" [openforumeurope.org] and you need to conform to some "financial framework" as well. Their membership criteria are mysterious (hint, you probably need to be a member of their club of buddies) and some of the organisations that are members (and knowing those organisations intimately, they probably are the drivers behind this thing as well) are decidedly dodgy - Open Forum Europe has publicly spoken as "Open Source Representatives" and as such, have signed a declaration supporting software patents [theregister.co.uk]. Looks to me like just another group of people trying to corner a market. Anyone remember the Open Group, and the "good" they did for UNIX? (another hint - a lot of the same people are involved)

This is so much the wrong crowd to hang out with....

Very insightful, more comments

[davidwr]

Good to see "Dumb overgeneralization" modded to +5 right off the bat. Other replies in this thread also deserve "insightful" moderation.

Software should be held to whatever quality standards the customer requires, regardless of it's proprietary or open development process.

For products where quality IS important, published documentation, including source, code-change-history, published test-cases and results of running those tests cases, etc. can help ensure quality. Commercial outfits typically rely on outside auditors or "trust us" to show that they probably ship quality code. At best, they publish their test cases and the results of those tests. If we are really lucky, a few outsiders have reviewed the code and pronounced it good.

For projects where quality isn't important, well, nobody cares but the authors.

Re:Linux _IS_ quality

[MHV]

You're so out of the loop, it's not even fun: yes everyone can fix it blah blah blah. But by WHAT standard can we say YES or NO is it good? It is a perfectly admirable and vital aspect of such software that it is open for modification, but the point of the idea is that you want to determine once and for all if such and such software complies with a specific set of requirements, expectations, behaviour, name it. The point in the end is to have software that is determined beyond its mere existence: if you know that a network utility supports TCP/IP, then you will be able to use it with other tools that support TCP/IP. Why? Because TCP/IP is a standard! And everyone know how it works, and how to use it. The idea of a standard of quality is to say, can we use this software for specific purpose, and be sure we won't get screwed by a little bug, that, well, you know you could have fixed yourselves, because the source is open, you see?

You're making an essentialist argument: because the nature of Linux is openness, therefore it can only be good.

When you have (good) standards, you have to worry less about how things work, and you can start just using them.

Doesn't mean that ALL free software MUST follow such standards, and that's the beauty of FLOSS

F/OSS is better.

[rice_burners_suck]

Open source doesn't need any stupid quality standards. These things are completely stupid, and only for retarded corporations that use complicated processes to manage the lives of programmers like Big Brother manages the lives of puny peasants in 1984.

Free software is known to deliver quality software without stupid standards. People just program whatever they feel like programming. They do it because it is fun. Not because some stupid idiotic manager who thinks he's hot schitt because he has an MBA is breathing down your neck and yelling at the programmer for not making quality software fast enough and cheap enough. They don't understand anything about software and they think they can make stuff better by making up quality standards.

Not only do they expect the impossible in a shorter amount of time and they don't give you the TIME to make up good software, but then they make up quality standards as if to add insult to injury.

That is why F/OSS is so much better than this commercial garbage. Because F/OSS makes everything better without the need for any of this stupid management crap. F/OSS. Because friends don't let friends use commercial software.

Standards will just slow the war down

[Stevyn]

I tend to think of OSS as a war between different developers to see who's idea will be favored by the market. For too many years, implementation of ideas was up to some PHB. The problems of that system are starting to show. The idea that "well, it may not be the best way to do it, but at least we can all agree to do it this way" goes against the idea that the best solution will come out on top.

I think developers should continue to try new ideas and do it their way. If nobody likes their idea, their software won't be used and it won't matter.

The market will adjust. It may not be elegant or convenient to juggle several different packaging systems, for example, but people are doing it. Eventually, the best packaging system will come out on top because people chose to use it, not become some standards organization decided it was best.

These past few years of OSS have shown some pretty neat ideas in a short amount of time. I think it's going to improve at a faster rate in the next few years.

Re:Be Careful

[lxt518052]

Something "free" or "cheap" might be so for a reason.

I would call that FUD.

Just because it's free or cheap doesn't mean it's inferior in quality. Similarly, being expensive doesn't guarantee the quality would be good either.

Actually, for example, *BSDs are arguably the best network operating system and they are free. It is those overpriced proprietary OSes made by you-know-who that are riddled with bugs and security problems.

Software products do not suffer from resource scarcity like traditional commodity, such as cars, does. When a piece of software is written, it can be copied, compiled and ported to unlimited machines, the cost of it doesn't grow in proportion with the number of machines using it. The more people using it, the cheaper it goes.

Re:Does Open Source Need Quality Standards?

[Grishnakh]

Microsoft may produce buggy insecure code but I'm fed up of finding bugs in Open Source software and being told 'what do you expect, it's free'.

So you'd prefer to pay big bucks for your software instead, find bugs in it, and then be ignored when you complain to the software company?

Re:Who's standards

[PhYrE2k2]

I'll give you that, but for every binary decision, you're going to piss off roughly half the people.

There are security analysts who do spend time looking at the kernel, but it's a big job. As with most of these projects, they usually start becomes someone pays a security company to spend millions auditing it (ie: a government wanting to use it for sensitive data or voting machines). If only we could get every linux user to do one line of code *smirk* :)
BTW: FHS is an attempt at getting some standardization.

You mention 'designed for linux' and 'interoperability' which I think are tough ones. The big difference I find between Linux OS and Windows OS is that one company merges the GUI, kernel, drivers, shared libraries of 3rd party applications (DLLs), and (sadly) web browser into one. Linux, while having folks like RedHat producing distros, has no consistancy.

Now of course, I'm not saying anything you (or anyone on Slashdot) doesn't already know. But the key factor is that I can make my new audio board 'designed for linux 2.6', but the actual installation is different on every system. Some want a kernel compile, some store modules in one place, others will scream that the kernel is tainted when you load them. So how can one ensure that their board will work properly (and easily)?

There are a few attempts at standardizing hardware (as you mention linux hardware). The most popular thus far is DKMS: DKMS stands for Dynamic Kernel Module Support. It is designed to create a framework where kernel dependent module source can reside so that it is very easy to rebuild modules as you upgrade kernels. This will allow Linux vendors to provide driver drops without having to wait for new kernel releases while also taking out the guesswork for customers attempting to recompile modules for new kernels.
See http://linux.dell.com/dkms/ for more information.

No, because no one will use them

[upsidedown_duck]

Seriously, if a programmer can't even put forth the effort to make autoconf work on more than one platform, then they won't have the time to spend on "quality standards." I've seen professional programmers spout "best practices" out of their asses for a long time, and, when it comes time to produce something, they are just as fast and loose as anyone. The reason: talk is cheap. quality is very hard.

Open Source needs code reviews

[ceallaigh]

My company has looked at Open Source alternatives for some technology. We are subject to stringent certification process for our aviatoin software. The quality of Open Source code (programming habits, style, algorithms), the comments, the organization, makes use of Open Source a no-go.