Experiences in the governance of open source projects developed by government itself and protomoted for and in actual re-use by others

[anajsana]

This discussion thread is mirrored from the TODO Slack Channel and is anonymized

I was wondering if there are any experiences in the governance of open source projects developed by government itself and protomoted for and in actual re-use by others? I've been involved in various cases where these open source projects became popular within or outside the government domain, unprepared for the side-effects that introduced.

[anajsana]

anonymous person answered

I'm still kinda new to .govland, but projects like https://designsystem.digital.gov/ come to mind for a modern example.

There are examples of public/private partnerships from history, like SELinux that's worth mentioning perhaps too. What kinds of governance issues/side effects are you interested in?
One of the more advanced (tho less widely adopted) government open source projects that is exploring open governance is The Justice40 project: thejustice40.com and https://github.com/usds/justice40-tool. For non-government originated tho heavily government contributed, I think astropy.org has an interesting story (tho it is more classic in that it is foundation supported by Numfocus)

[anajsana]

anonymous person answered
I’m not familiar with the details of how it’s organized, but maybe something like Germany’s sovereign cloud stack be helpful to look into: https://scs.community/. Also the sovereign workplace (I guess it’s called project phoenix) https://www.dataport.de/about-phoenix/

[anajsana]

The author of the questions answered

Governance around open source can consist of various aspects. Think of stakeholder management, communication, feedback and question handling, finding finances, collecting contributions, being chairman. Aspects that can add to being a IT-service provider which a government body should keep from.

[anajsana]

anonymous person answered

I think I understand better what you're talking about. Whether or not a govt should be in the provider business I think depends on how much horizontal value it can receive. Cloud.gov (less so an open source project, moreso a shared platform for standing up open source projects/services/websites/apps) might be an example of where we see many agencies "reinventing the wheel" and doing the same work slightly differently, so providing a common surface and support system enables some sort of economy of scale.

The other model we have in our federal space is the concept of "revenue neutral" programs. So, cloud.gov will provide support and docs, however, you pay your own AWS bill, and possibly some overhead for that support, so the hosting agency doesn't get stuck with the financial AND the organizational overhead. It still ends up being cheaper/easier, because we are highly regulated (fedramp, techfar, fisma, etc) and outside orgs may not be specialized in supporting those additional requirements without paying for that specialized support at a premium.

Our OSPO in XYZ ORG is not revenue neutral like GSA/TTS, so we have to be careful how we do intake for requests for support, and be careful to avoid becoming "load-bearing" for projects.

GSA = US General Services Administration (gsa.gov) and TTS = Technology Transformation Services. The United States Digitial Service, 18F, The Presidential Innovation Fellowships, and other programs are run out of this part of the US Government.

I'm oldschool, prefer Unixstyle philosophy of "do one thing and do it well" pipelines of libraries and services, versus full-blown products, but that's a personal bias I think from living in Linuxland for many years. I believe much of the challenge of support comes from complexity of bundling layers of stacks, instead of dependent distributions of source with upstream contribution, but, that may be more of a necessity in this regulated space. I'm still learning, and open to being convinced otherwise ;

[anajsana]

The author of the questions answered
What you describe in cloud.gov is also common practice in the Netherlands with e.g. ODC's (Overheid Data Centers; Government data center). However, that is about the development of tools that are in use privately available services. Those tools are not made genericly available. Those services are indeed made available revenue neutral.

[anajsana]

The question is if there is any policy available for government agancies for the governing of open source projects deployed. Like for example a LFEnergy for governing the transition in the energy sector. Or maybe the OS/2 in Denmark

[anajsana]

anonymous person answered
@anajsana Do you know of any progress made on this topic since our last talk about it?