How can an author effectively open the code to his web application?

Question

There are quite a few issues when you open source an existing website, and I'd like to see how how others have tackled this before. Are there some good examples out there of web applications, which have a public source code repository?

These are issues I have in mind:

• Handling sensitive data: salt keys, database connection info, etc.
  I suppose you could store these in a file that is outside of the project, and only distribute an example file for contributors to build their local version.
• Protect your user base: what if a contributor doesn't want to cooperate, and wants to publish their own version on a different domain/server?
  It's not just bad that you may loose users, but it is also confusing for your users.
• Protect your search engine indexation: what if you are penalized by Google because someone carelessly publishes a copy of your site on a different www?

My best guess right now would be to use a standard open source license and add an extra clause that basically says you can build your local version and modify for your own uses, distribute the modified code, but you can not publish either the original or modified version on a public www (that leaves the possibility to build a custom version for intranet use, which won't hurt the website's userbase and indexation).

I think this is programming related. In other words my question is how can you effectively allow people to read/learn from your code and contribute without jeopardizing an already established web app and associated community?

Answer 1

Hope this can help others, a list of web-applications released under AGPL.

Answer 2

• Handling sensitive data: salt keys, database connection info, etc.
  I suppose you could store these in a file that is outside of the project, and only distribute an example file for contributors to build their local version.

You pretty much answer this question yourself here. You're absolutely right; you don't store your sensitive data in the code (and shouldn't do that anyhow), you store it in separate configuration files, and distribute templates, or scripts that can help generate the configuration files, or something of the sort.

• Protect your user base: what if a contributor doesn't want to cooperate, and wants to publish their own version on a different domain/server?
  It's not just bad that you may loose users, but it is also confusing for your users.

This is where copyleft licenses come in handy. One of the most popular is the GPL; this says that other people can modify your program, but if they distribute modified versions, they must release the source as well (this is a brief paraphrase, read the license itself and that FAQ on the license for more details). One problem with the GPL in web apps is that someone can modify your program, and not release source, as long as they never distribute the modified app, but just run it on their own servers (although this becoming a bit less of a problem as more of web apps are being written in JavaScript and distributed to the client).

For this reason, the AGPL was written, which requires that they release source code to their users if they run the application on a server. The AGPL is not as popular as the GPL, however, and there are plenty of pretty significant projects that consider the GPL to be good enough even for server software (WordPress, for instance). You'll have to make a judgement here about what your priorities are.

• Protect your search engine indexation: what if you are penalized by Google because someone carelessly publishes a copy of your site on a different www?

Generally, your will want your site to be indexed based on unique content terms that appear on your site, and not generic user interface terms that will appear on any site that uses the same software. Of course, this depends on whether your software is used to deliver other content, or whether it is purely an application interface.

You may wish to keep your own branding, advertising, and so on separate from the code itself to prevent this problem. Any terms which are essential to using this service do have the potential to be copied, but anything that distinguishes you uniquely as a business can be kept separate.

Again, think about WordPress. Their name is all over many blogs, and yet they are not penalized by Google, and the commercial WordPress service appears third in a Google search (behind two links for the open source project).