I’m very much interested in the governance of open source projects, in particular if these are user-led projects. Getting students up to speed can be frustrating, though, as there is no established terminology and you need to have a fair bit of business and industry understanding, in particular about the U.S. system, in order to get started. With this post, I’m proposing a basic terminology to talk about the organizational structure underlying the governance of open source projects.
As the following lists show, there are only three basic situations. First, there are the traditional community projects without organizational backing. Next, there are open source projects hosted by a foundation that has incorporated as a legal entity.
- A pure community project is a project which defined its governance itself, implicitly or explicitly. Governance consists of the rules and practices, as enacted by the community.
- A foundation-hosted project is a project which had its rules and practices formally defined by the foundation, possibly enhanced with project-specific informal governance.
Of those projects hosted by a foundation, all use the foundation’s overall governance rules and practices, but some extend this with their own specialized governance.
- A generic foundation-hosted project has a governance structure as defined by the foundation for all its projects. Additional rules and practices may apply, and they may have been written down in an informal way, but they are not legally actionable. I call it generic because it doesn’t add anything formal to the existing rules and practices.
- A corporate foundation-hosted project has added to the general governance required by the foundation its own formally structured and recognized governance; it has been written down and is formally supported and hence legally actionable. I call it corporate because the need for additional governance only arises when companies enter the game.
The complications start when we look at who is hosting a project (if any). Many projects seem to be hosted by several foundations. The GraphQL project seems to be hosted by the Linux Foundation and the GraphQL foundation. The MochaJS project seems to be hosted by the Linux Foundation and the Open Collective (foundation). That’s at least what a plethora of labels on the project websites and an overly broad use of the term “foundation” suggest. Fortunately, this can be resolved: There must be one dominant foundation, not several.
The dominant foundation is the legal entity that acts as the fiscal sponsor for the project. A fiscal sponsor is that legal entity that maintains a bank account and answers to the tax authorities. Thus, the primary governance rules and practices of a project are those defined by its fiscal sponsor. At a minimum, this means abiding by the laws of the jurisdiction where the foundation incorporated. On top of that, by ways of bylaws and other mechanisms, a foundation can add more rules and practices of governance. The dominant foundation behind the GraphQL project is the Linux Foundation and the dominant foundation behind the MochaJS project is the Open Collective..
Other foundations then can help out, for whatever purposes. One reasonable purpose seems to be to offer guidance on documents, processes, and workflows, like the Joint Development Foundation is offering to Linux Foundation projects. Other purposes seem to be mostly marketing or to satisfy giving historically motivated credits.
Another complication is a hierarchy of governance structures. For example, the name of the Cloud Native Computing Foundation (CNCF) suggests that it incorporated as its own legal entity, but it didn’t. It is “just” another project of the Linux Foundation. The CNCF provides added formal governance rules and practices to its projects like Kubernetes, thereby extending and refining the general governance of the LF for its corporate foundation-hosted projects. I guess one can go overboard with a hierarchy of governance structures, each (ideally consistently) adding to superior organizations governance. I hope people will restrain themselves, though.
The project websites are often confusing. With respect to the dominant foundation behind a project, students and researcher can use tools like GuideStar to dig into the actual non-profit. They should do so to ensure their terminology is consistent and important differences are not missed.