tags:

views:

57

answers:

2
+1  Q: 

Open Source Code Integrity - How does quality assurance work?

I've thought about this before and this topic has often steered me away from Open Source projects. Recently DotNetPanel has changed it's name to WebSitePanel and gone Open Source. The rumor mill is speculating that Microsoft is behind this.

My question (in multi-part) is quite simple. Can somebody please explain to me how quality assurance works on Open Source projects? How can a closed application get "only better" when Open Source? Doesn't the "too many cooks in the kitchen" theory apply when too many developers contribute (possibly bad) code to a project?

+1  A: 

It's a bit too open-ended. I'll try to answer in pieces.

  • First, the BIGGEST argument regarding the quality of open source code has almost nothing to do with the people contributing code, and more to do with people VIEWING the code. E.g. if the people looking for the bug constitute 5 project developers and 2 QA department people (to pick a random example), this level of attention easily gets beaten by 10s, 100s or 1000s of developer eyes on the code depending on project's usage and popularity.

    If you think this does not happen in real life, a personal anecdote for you - I personally check - at least on a surface - the code of pretty much EVERY CPAN module I newly use in my code. And actively report any bugs issues if I find.

  • Second, the pool of potential testers. Obviously, FOSS code has more users (since people who might bulk at closed source version due to price or philosophical objections are added to the pool) - and the latter ones are likely self-selected to be qualified testers and developers.

  • Third, a good FOSS project has high quality lead developer or team whose job it is to integrate code and ensure its quality. The major difference actually benefits the FOSS model - the leads have no timing pressure compared to commercial company and thus have more opportunity to devote as much time as needed to ensuring quality, code reviews and such.

  • Last, but not the least, you seem to be operating under the assumption that anyone working on proprietary code base is somehow automatically contribute code that is not bad to the project? If so, you're sadly mistaken - and this comes from someone who spent close to 100% of his professional development career working on corporate side of the gate.

Just to give this flavor, I personally, as I said, work on the proprietary corporate software, never was associated with FOSS project (partially due to lack of time) other than to test and report bugs as needed by my own usage, and only use FOSS stuff for practical reasons (quality/functionality) as opposed to philosophical ones.

DVK  2010-05-16 01:26:36
So basically it's other users spotting the bugs and defects. So initial SVN Commits of an added module could be pretty bad, but as more people want to use it (and discover bugs in the process), that module gets more attention and thus the bugs surface and get addressed?
rockinthesixstring  2010-05-16 01:31:05
@rockinthesixstring - first, I added more reasons after you read the initial version; second, it's one of the models assuming there's no project lead/moderator. It seems the really good ones usually do have those as opposed to a total anarchy of Joe Random Check-iner adding whatever the heck they want to the code. Think gcc, Linux, Mozilla, gpsd, or Perl for examples.
DVK  2010-05-16 01:35:33
When you say "Third, a good FOSS project has high quality lead developer or team", my question to that is.. How can a lead developer devote as much time to FOSS as they can to a Commercial Project? At least with a Commercial project the lead can get paid.
rockinthesixstring  2010-05-16 01:38:50
@DVK, I think I'm starting to follow your train of thought here. I guess the reason I'm asking at this point in time is because I'm worried about the future of the Commercial Project Turned FOSS that I've come to love and use every day.
rockinthesixstring  2010-05-16 01:41:38
Often the lead developers also do consulting for users of the product, and get paid through that. If that's the case, their business model is 'get as many users as we can through open source, because some of them are bound to need our services'. This usually works pretty well, because if you can try stuff and commit to it free, you're likely to have budget for consultants to fix the hard problems.
Andrew McGregor  2010-05-16 02:16:50
+1  A: 

Common sense, please. If you download code that one random person posted to an uncontrolled forge, you are taking pot luck. You had better be very careful before trusting it.

On the other hand, consider code from a project with a 10 year track record and a well-documented set of internal controls and procedures (e.g., oh, Apache Xerces). You know much more about its parentage and content than you will ever know about the binaries you get from, oh, Microsoft or Sun. You can take or leave the 'lots of eyeballs' argument. If you can read the entire email archive and see all the source history, you can judge for yourself. If you know that the package is extremely widely used, you have the luxury of trusting in all the people who have evaluated before you.

Many prominent FOSS projects are populated by people who are paid to work on them, just to toss in another fact. Plenty of non-FOSS is created by overworked, overstressed, underpaid developers who aren't given the time and resources to do their best work.

bmargulies  2010-05-16 02:33:29
I agree 100% with the common sense motto. I'm just trying to figure out how it all works. Since it's "open" source, I'm wondering if any fly-by-night developer can contribute to the code, or if there are check-stops along the way to ensure integrity before commit.
rockinthesixstring  2010-05-16 02:49:34
To answer that specifically: for most open source projects only a limited number of people (the core developers) actually have write access to The Code. But anyone can make their own local copy and alter that local copy as they wish. If they make a useful alteration, like fixing a bug, they can create a patch with their changes, send it to the core developers, and ask them to apply those changes to The Code. When the core developers notice someone who has repeatedly made useful contributions, they may offer that person write access to The Code.
David Zaslavsky  2010-05-16 03:21:44
Damn @David.. that's exactly the answer I was looking for.
rockinthesixstring  2010-05-16 03:24:54
David Zaslavsky  2010-05-16 03:25:03
@rockinthesixstring: happy to be of service ;-)
David Zaslavsky  2010-05-16 03:25:36
@David, I should clarify... it was the answer I was HOPING for!!!
rockinthesixstring  2010-05-16 03:28:48

related questions

What is the best way to organize my C project code and its external libraries?
Alternative to FreeLists for hosting my (developer/software) maling lists?
How do I decide which features to implement?
What is a quality real world example of TDD in action?
Why the proliferation of open source licenses?
Where can open source developers "showcase" their projects and ask for help with development?
Free (and/or open source) security software
FOSS tools for Flash development
Arguments for going open source
Is Mono ready for prime time?
Good Open Source Queuing Platform?
Where is a good place to find a talented web designer?
Alternatives to Visual Sourcesafe that integrate with Visual Studio
What is your motivation for doing free stuff?
Best License for Selling Open Source Software
Open Source C# Opportunities
How do I attract developers to an Open Source project?
Open Source Licensing Options for ASP.NET MVC Application?
Best Open Source Project Hosting Site
Open Source Windows Mobile OCR Library
Looking for WYSIWYG HTML editor
Using Xming X Window Server over a VPN
How to contribute code back to an Open Source project?
Open Source Ruby Projects
What level of programming should I have to contribute to open source?