.NET Foundation focuses on 'issues with the community' after executive director quits

Or should that be the community's issues with Microsoft?


Analysis .NET Foundation executive director Claire Novotny resigned last week, but board member Shawn Wildermuth said that this did not solve "issues with the community" on which the foundation will now focus.

The phrase "issues with the community" in Wildermuth's post should not be taken to mean that the community has misbehaved. It would be more accurate to call it the community's issues with the .NET Foundation, or perhaps with Microsoft, since the special role of Microsoft is one of those issues.

Both longstanding issues and a few more recent ones have triggered the current crisis. In summary:

Recent

  • Novotny made a pull request and merged it to a project to which she had not contributed for years.
  • .NET Foundation projects were forcibly moved from GitHub to the .NET Foundation's GitHub Enterprise without discussion with maintainers and sometimes in what appears to be an underhanded manner, such as for the WiX Toolset – though maintainer Rob Mensching has managed to move it back.
  • When board member Rodney Littles II resigned, the .NET Foundation implied in a post that this was to do with his "personal life" when in fact it was about frustrations with the .NET Foundation's role and lack of communication with member projects.

Longstanding

  • Projects have complained that the foundation delivers little of value to them and some have left or expressed interest in leaving. A co-maintainer of the Marten project said last week: "After… two years, we don't see any positive impact, any help from being a member."
  • The top issue faced by many .NET Foundation projects is their sustainability, but the foundation has concentrated on things like the semi-abandoned Project Maturity, which seems designed to reassure enterprise customers.
  • The .NET Foundation has done too little to promote .NET to a wider community than Microsoft's own platform.
  • The .NET Foundation is not fully independent but controlled by Microsoft, which has special "Founder member" status in the organisation's bylaws.
  • The .NET Foundation is poor at communication with member projects or the wider community and major changes like the proposed removal of the contribution model for projects, later reverted, happen with little explanation. The contribution model allows projects to join the Foundation without assigning their copyright.

Hadi Hariri, VP of Developer Advocacy at JetBrains, noted on Twitter last week: "JetBrains was one of the first to join the foundation when it was announced. However, the broken promises, the approach to how it treats OSS, and the overall lack of value to both JetBrains and the community is the reason we no longer are sponsors."

JetBrains provides the Rider cross-platform .NET IDE and is a natural fit for sponsoring the Foundation.

Opening up

In all this discussion, it is easy to lose sight of the fact that Microsoft made a huge change when it took .NET open source and launched the foundation in 2014. Most of .NET is licensed under the MIT or Apache 2 licences and available on GitHub, and that single fact counts for a lot.

The foundation, although it describes itself as independent, is only partially so. The bylaws grant Microsoft, as Founding Member, a veto on "any vote to materially change the Foundation's Membership Policy, Director Election Policy, Project Governance Policy, or any Intellectual Property-related agreements or policies."

Further, Microsoft controls the direction of .NET and its core libraries. Corporately, it may simply be unwilling to risk losing control of its core developer platform.

What was Project Maturity (and perhaps the Foundation) really about? A 2019 tweet by Novotny is a clue. "It's about enabling Microsoft to recommend and take dependencies on libraries not created by them instead of creating new ones that squash projects," she said.

That possibly unguarded comment is a Microsoft-centric view of what third-party, open-source .NET projects are for and the foundation's recent behaviour is in line with that.

What happens now? Newly elected board member Rob Prouse, who leads the NUnit team, said: "We will be doing our best to address all the concerns that have been raised recently," and referenced a new "maintainers committee."

Prouse also said that "for projects that were moved into GitHub Enterprise and would like to move back, we are working on a plan to do that."

Further announcements are expected this week.

The relationship between large corporations and open source is often strained. Oracle required a commercial licence for its official Java Development Kit in September 2017 and then made it free again last month. Google donated Kubernetes to the Cloud Native Foundation but chose a controversial path and the formation of a new organisation for its related Istio project. Elastic changed its licensing to restrict commercial usage of its open-source database manager.

It is in Microsoft's interests to have a healthy open-source community around .NET. The foundation, which once seemed part of the strategy for achieving that, now seems to stand in its way unless the company can achieve meaningful reform.

We have asked both Microsoft and the .NET Foundation for comment on these matters but have so far received no reply. ®

Similar topics

Broader topics


Other stories you might like

  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining science, no

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading
  • Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores

    Exploit, vulnerability discussion online can offer useful signals

    Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.

    Better still is prioritizing the repair of vulnerabilities for which exploit code is available, if that information is known.

    CVSS is a framework for rating the severity of software vulnerabilities (identified using CVE, or Common Vulnerability Enumeration, numbers), on a scale from 1 (least severe) to 10 (most severe). It's overseen by First.org, a US-based, non-profit computer security organization.

    Continue reading

Biting the hand that feeds IT © 1998–2022