Open source projects and programs versus products

August 29, 2008

One of the things that the situation with security fixes and the Linux kernel changelogs illustrates is the difference between programs and products. With a program, what you get is the program; with a product, what you get is the program and a whole ecology of things surrounding it, ranging from documentation to backporting security fixes into older versions.

(This is why it takes a significant amount of effort to turn a program into a product, as Fred Brooks and others have noted. I credit Fred Brooks because I believe The Mythical Man-Month is where I first read about this.)

Some open source projects deliver products, so you get coordinated security fixes for old versions, planned release schedules, and so on (I would say that one example is Firefox). Other open source projects deliver programs, and leave it to other people to create products from them; I would say that these days, the Linux kernel is definitely an example of this. Understanding what you are getting from any given open source project is important, because otherwise you are asking to be disappointed (either in the lack of the niceties you expect from a product, or in a relatively plodding development schedule).

It might be nice if all open source projects delivered products, but there are two problems with this. First, turning a program into a product take extra work, which means that other areas of the project are getting less work; if you demand a product, you are implicitly demanding that the project move slower. Second, much of the work of turning a program into a product is tedious and thankless, which means that it is very hard to find volunteers to do it; at the extreme, if you demand products instead of programs, you get nothing.

My intuition is that the larger, more complex, and faster moving your program is, the more likely it is that you are going to deliver a program and not a product; you simply won't have the resources (in both time and interested people) to do anything else. (In light of this I am impressed with Firefox's ability to deliver an actual product. I suspect that Firefox is not quite as complex and fast moving as the kernel, but it is still pretty big.)

Written on 29 August 2008.
« We don't really control user desktop machines
A realization about the recent Red Hat Enterprise security issue »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Aug 29 23:18:38 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.