Re: Is Open Source Enough?

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Fri Sep 07 2007 - 09:53:11 CDT

Brian,

I quite agree with what you say. There is just one remaining aspect of certification: the qualities of the sponsor or initial vendor. There is knowledge gained and demonstrated by participation in the certification; one would have to assume that some worthwhile testing of vendor capability would be part of the certification. Too often, the certification may be simply a document dance.

Who will go first to participate in certification as the aspiring vendor? Why not wait for someone else to go first and then pick up the benefits?

My thought is simply that the certification must be divided into two parts: the software/hardware system and the institutional sponsor. Both must be certified, and certification of the sponsor is the reward for the effort in getting the Open Source system through certification. The system itself and its certification are then available through GPL, but the sponsor certification (if not the original sponsor) must be achieved through a separate process, assessing the capability of the would be sponsor. Nobody believes that just anyone can perform the role the vendor plays today, whether for good or not. Rather, it seems reasonable to free up the voting system and its certification and have vendors get certified as to their understanding of the system, their ability to consult regarding it, their ability to train others in its operation, their ability to customize code, and their ability to maintain a service and support organization.

One could argue that no current vendor deserves certification as a sponsor. That may be true. But there is an election and voting system expertise that requires certification if the new "vendor" is not to be the party obtaining certification. It would be a good thing for a single certified Open Source voting system to have many competing, knowledgeable, certified sponsors who could provide that system to state and local governments. My guess is also that many local governments of any size will choose to play that role themselves.

-- Dick

Brian Behlendorf <brian@behlendorf.com> wrote:
On Wed, 5 Sep 2007, Richard C. Johnson wrote:
> Thanks for some very acute observations. It is true that, if a
> certification document were Open Source, anybody could pick up and use a
> certification issued by someone else. The certificate authorities, however,
> name the parties responsible for submitting a system for certification on the
> certificate. There is a presumption that at least some knowledge of a system
> must be possessed by the certificated party. I believe that the certificating
> party could authorize designated others to hold and exercise a duplicate
> certificate for a duplicate system, but this is a real question yet to be
> answered.
>
> Is certification transferable, and if so, on what terms? Can I as a
> certificate holding company distribute a certificate I hold under GLP? It may
> be that only a company going through the certification process would be able
> to hold and use the resulting certificate. Any legal minds have a notion as
> to the IP of certificates issued by ITAs and VSTLs?

I think it's simply a matter of policy for the elections administrators to
decide on, whether to allow third parties to deploy certified systems (with NO
modifications of course) that the third parties did not themselves push through
the certification process. If certification of open source systems is publicly
funded, then we should think of that certification as a public good, and I
think it would be appropriate for any vendor to be able to provide a solution
using that certified version. If, however, the cost of certification continues
to be borne by the vendor, then I think it's fine to say the vendor (who made
the investment and took the risk) has the exclusive right to use that
certification. Today this is a moot issue as everyone's code is different and
must be separately certified anyways - but if we're trying to break the mold
this is IMHO a good place to go even further. It helps make the case for why
certifications should be publicly funded, too, as it eliminates the appearance
of corporate subsidy.

  Brian

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Sep 30 23:17:07 2007

This archive was generated by hypermail 2.1.8 : Sun Sep 30 2007 - 23:17:20 CDT