On Monday DISA’s forge.mil got another mention on Slashdot. Not really new news, but I think it has been getting press again because of the related news that DISA is also open sourcing its Corporate Management Information System (CMIS). CMIS is a suite of HR and related projects and DISA signed an agreement with OSSI to open source them.
I had been meaning to touch base with Rob Vietmeyer at DISA anyway and the Slashdot mention (plus a subtle kick from Sara Winge) got me off the dime. We are working on a project that we want to share across DoD and since Rob is the force behind forge.mil, I had been meaning to ask him about its uptake. I thought I’d share his answers here.
Since forge.mil was launched it has grown to about 1400 registered users and approximately 10% of them are active on any given day. There are approximately 70 active projects right now in a variety of categories. There are system utilities, geospatial systems, a control system for UAV’s, an embedded engine control module, command and control system components, some SOA piece-parts for Net Enabled Command and Control (NECC) and Consolidated Afloat Networks and Enterprise Services (CANES), and sundry others. Project-related traffic (commits, downloads, etc.) is growing and there is a backlog of new projects being on-boarded (including at least one really high profile system that is looking to get broad participation).
What interested me about that list was that the code ranges across domains and from small niche items to components of large scale programs.
At this point most of the code seems to be licensed as “DoD Community Source” and a few projects are under Apache and BSD style licenses. DoD Community Source basically means that the code is “unlimited rights” or “government purpose license rights” under the Defense Federal Acquisition Rules (DFARS). While not “open source” in the OSI sense of the term, hosting code licensed this way on forge.mil should make collaboration across DoD the default rather than the exception. Basically these aren’t copyright-based licenses but are designed to operate as though they are in practice – the goal is to do open source-like development within the DoD garden walls.
The source that is licensed under Apache / BSD style licenses is in fact licensed copyrighted material, but at this moment it is still difficult for non-DoD community members to participate because of forge.mil access limitations. DISA is looking into ways to mirror these open source materials to sourceforge instances outside of the DoD garden walls and to extend community participation across those boundaries as well. I think mirroring the code will be a lot easier than figuring out how to do boundary-spanning community.
Projects wanting to be hosted on forge.mil go through a “project adjudication” process that screens out the people just looking for a repository but who don’t understand open (or, understand it but don’t want it). Projects that don’t want to provide open access to other DoD participants have been turned away.
I think there is something interesting hidden in plain view in that CMIS news as well.
One of the oddities of code written by government employees is that the government doesn’t create copyright. In an ironic twist, this means that the government can’t directly release code under open source licenses, since those licenses rely on copyright law to enforce their terms.
CMIS was written by government employees so DISA and OSSI had to figure out a hack to license it under a copyright-based license. Under the terms of their agreement DISA is releasing the code to OSSI under public domain, then OSSI is re-releasing a “derivative work” under OSL/ASL licenses.
I understand what DISA / OSSI is doing here but I wonder how much they’ve changed the code to make the “derivative” distinction. It’s probably moot though because, assuming community forms around the stuff, it shouldn’t take too long before a chain of real derivations is in place that would make the OSL/ASL license terms defensible.