How to check your open source project for signs of life

To find the pulse, look at the people

I am a firm believer in the power and value of open source, just as I'm a believer in understanding the nature of the community, how to discover and choose the code that's right for your application needs, and how to minimize risk and get the most benefit for your organization.

According to Wikipedia , as of February 2009 there were 230,000 open source projects listed and more than two million registered users on Sourceforge , making it the largest collection of open source tools and applications on the net.

That adds up to a lot of code floating around out there. Before you use any of it, though, you need to take a few things into consideration, not the least of which is determining how "live" the open source project is.

This is especially important if the application is something that's critical to your organization. A very raw piece of software can pose much higher risk compared to Linux , Lucene and other open source projects that are 10-plus years old and have thousands of contributors who are continually enhancing them.

If you wind up with a project that's not "live," there's no official support team to talk to when encountering issues, and forget about there being timely fixes, improvements and so on. It's wise to have a backup for any piece of software you're using for something mission-critical. The open source community's great but is not designed or equipped to address mission-critical timeliness and consistency; that's not what it's built for.

Here are a few key questions to ask when checking the "vital signs" of a project and determining the level of risk:

  • Is it controlled by only one or two developers?
  • Are there active and recent conversations on the mailing lists?
  • What proportion of the mailing list content is about "how to" questions from real users - vs. "let's change the source code" among the project's developers?
  • How many years has the project existed?
  • Is there commercial backing, especially for mission-critical software?

As you prepare to use open source, it's important to take the approach of evaluating and comprehending the potential risks involved.

There are many other tips and indicators that can be added to the list. What rules of thumb do you use when determining whether an open source project is live or dead?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.