What makes for a community distribution?
Off the Beat: Bruce Byfield's Blog
Choosing a Linux distribution is not always a technical issue. For many the degree of community control is at least as important as the version of the kernel or the default package selection. Even though Linux long-ago entered the mainstream of business, the conviction persists that distributions governed by the community remain more democratic and truer to the ideals of free software than those ruled by a company. However, in practice, determining the type and degree of community control needs more than a quick look at a description of the distribution's governance.
Several major distributions can be defined as community-governed. However, the exact form of government in such distributions varies considerably, and a particular set of practices may not fit everybody's ideal nor seem perfectly representative.
Debian, for example, can be described as a meritocratic democracy. Its principles are spelled out in its social contract, the Debian Leader is elected yearly, and is as much a delegator or diplomat as an executive. Referendums are held on major issues, and all voting is by a Condorcet method that compares each choice on the ballot against all other choices - a means of vote-tallying that is one of the most representative ever devised.
For some, this concern with policy seems the height of consensus-building. However, others find the endless discussion it tends to produce not only maddening, but also inefficient. It may even be part of the reason that Debian releases are so slow. Others might notice that many positions of influence in Debian are appointed, rather than elected, and that long-time Debian members have an undue influence on decisions while contributors who have not gone through the rigorous New Maintainer program are unable to participate directly in the process.
Much the same can be said about, Mageia, the community-based Mandriva descendant. Its core values are defined in a Code of Conduct, and every-day decisions are made by a Community Council, consisting of representatives of the distribution's development teams, while general policy and administration is handled by a board elected by active members. Yet four of the current six board members are founders of the project, which might make outsiders wonder how much of a hearing alternate viewpoints receive.
Still another model for the governance of a community-based distribution is illustrated by Linux Mint. Unlike Debian or Mageia, Linux Mint has yet to post a description of its governance. However, project lead Clement Lefebvre describes decisions as emerging from discussions among active developers, with the final decision "comes from the top (Usually from myself or from the person who is responsible for a particular project/aspect". Lefebvre admits that the process can be frustrating for those whose ideas are not implemented, but states that "strong leadership is important and benefits Linux Mint, [because] the decisions we take remain consisten and are coherent with our overall vision."
At first, that description sounds as though Linux Mint might be less democratic than either Debian or Mageia. However, Lefebvre also emphasizes that "when decisions need to be taken, we usually discuss within the team and we have a very good idea of what the opinion of our user base is . . . . We always try to gather as much feedback as possible, and to get a good appreciation of what people want." With this emphasis, Linux Mint's decision-making might be said to be more representative than either Debian's or Mageia's, even if it is less formally defined.
When corporate and community meet
At least two major community distributions are sponsored by corporations: Fedora by Red Hat, and openSUSE by SUSE. In each case, the community distribution is a staging ground for the distributions of its sponsor, and the sponsor employs developers to work full-time on the community distribution. In Fedora's case, the chair is selected and employed by Red Hat, and appoints four board members, while the community elects five. By contrast, SUSE appoints openSUSE's chair, and no more than two of the five elected board members can represent the same company or organization.
Knee-jerk cynicism would assume that such arrangements mean that corporate sponsors effectively control the community distributions. However, Paul W. Frields, a former Fedora Project Leader, writes that "My experience was more or less the opposite situation. I found Fedora participants in REd hat not only clearly understand they need to establish credibility in the community for ideas and code, but also that this approach produces superior results over a non-meritocratic one."
Frields adds that all board members try to base their interactions on a Red Hat-written work called The Open Source Way, which provides suggestions for common practices that aid in community building.
Nor, in practice, do corporations always veto the decisons of their community-based distributions. Jos Poortvliet, openSUSE's community manager, notes that openSUSE went its own way in deciding to make KDE the default desktop, in creating the openSUSE Foundation, and supporting the ARM architecture -- although SUSE eventually became more interested in ARM itself.
In fact, Poortvliet recalls that when openSUSE settled on its confusing system for version numbering, " the proposals and potential outcome was discussed by SUSE marketing, and they agreed that openSUSE couldn't have picked a more silly scheme -- but it was decide not to interfere -- even though, in this case, it was more a matter of protecting openSUSE against itself" than attempting to impose SUSE's will.
Poortvliet does admit that the potential for mutual distrust between SUSE and openSUSE always exists. Yet, on the whole, he describes SUSE's handling of its power as "thought and careful" and even "exemplary." "Management might not be aware of specific needs but often they are quite aware of the importance of community," he says.
Clearly, while the potential for corporate control of a distribution it sponsors is always there, abuse of that potential should not be automatically assumed. If nothing else, shared interests and beliefs can mean that corporate control is used discretely when it is used at all.
The case of Ubuntu
Like Fedora and openSUSE, Ubuntu is a community-based distribution supported by a corporation. In its earliest days, Ubuntu's sponsor Canonical went out of its way to support the Ubuntu community, developing one of the most cohesive communities in free software and pioneering routine elements of governance such as a code of conduct. To this day, Ubuntu volunteers show a level of dedication that has very parallels in free and open source software.
However, in the last few years, as Ubuntu has focused more on becoming profitable, the independence of its community has become more questionable. Many of the recent changes in Ubuntu, from the positioning of titlebar buttons to the inclusion of commercial search results in the dash, have been imposed by the Canonical design team, with protests stifled by founder Mark Shuttleworth in the name of cooperation in moving towards common goals.
More recently, some Ubuntu volunteers have revolted, claiming that they are being left out of development decisions as well as general policy-making. So far, these revolts have been quieted, thanks largely to the efforts of community manager Jono Bacon, but more than one pundit has suggested that Ubuntu is no longer a community distribution (if it ever was one).
The trouble with such declarations is that these days Ubuntu is neither one extreme or the other. In its everyday organization and activities, Ubuntu seems very much a community-based distribution. Recent events may have subdued the enthusiasm that existed five years ago, but at least some of it obviously remains -- if only to judge by how reluctant long-time volunteers are to break with the project.
Yet, at the same time, Canonical is exercising its veto much more obviously and frequently than Red Hat or SUSE. Whenever a major change is made to the Unity interface, or an attempt is made to monetize Ubuntu. the final decision always seems to be Canonical's, with any protests from the community stifled by a combination of imposed authority and glittering generalities.
Under these circumstances, Ubuntu seems best described as a hybrid, acting like a community when routine matters are discussed, and like an extension of Canonical when policy and direction are under consideration.
Choosing a community
What these examples show is that deciding whether a distribution is community-focused is far from an issue with definite answers. A distribution whose governance seems balanced may allow less input than it first appears to. Equally, corporate sponsorship does not automatically mean corporate control in all matters.
No doubt much depends on the personalities involved. A corporate executive who understands the importance of community may act more carefully than one whose attention is elsewhere. Similarly, a dedicated project manager or community leader may be more important than a code of conduct in making a community successful.
If the strength of community influences your choice of distribution, don't stop with reading the governance pages. Learn the names of the current leaders, and scan the project's mailing lists and announcements for the last year or so to get a sense of what happens in practice instead of theory. You might be surprised on how the extra information affects your opinion.comments powered by Disqus
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.
A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
FOSS community acts to protect freedom of choice for laptop devices.