Signing the ModSecurity Contribution Agreement
Two months after leaving it, I went back: I signed the ModSecurity Contribution Agreement. If you read my blog post on open source dual licensing from a few days ago, the one where I explain how it is difficult to get user contributions to a dual-licensed open source project, you may wonder if I had told the truth. I had. I had said it was difficult to get contributions, but not impossible.
This is an interesting position for me to be in because I used to be on the other side, explaining to others why dual-licensing should not be a barrier to their contributing. It's only fair that I sign on the dotted line, isn't it? But—with the discussion on dual licensing in mind—why did I do it? It all comes down to motivation.
When you have big ideas it makes sense to start your own project, work hard, and benefit from your work. But when your ideas are not of the new-project sort, and generally not worth changing your life for, then the best thing to do is share your ideas (in the form of a code contribution) to a well-established project. By doing that you scratch your itch and get other people to benefit from your work.
And I don't feel bad about giving my time and code to Breach Security (who owns ModSecurity). Not in the slightest. After all, many man-years have been invested in ModSecurity. What do you think my contributions are going to be worth compared to what has already been given away to me?
I agree completely with what Ivan is saying here. There really have not been many user contributions to ModSecurity (other than the odd patch here or there to fix a bug) and it really comes down to two reasons for this. The ModSecurity code base has become fairly large, with a huge learning curve, and the licensing issues as Ivan has discussed.
In the future, I hope to solve some of this issue by making it easier to contribute to ModSecurity through third party modules, which help to distribute the ownership of the code. Some community members have already done this, but it needs to be easier and more prevalent. For now, though, I am glad Ivan has taken the plunge and signed on the dotted line. Without Ivan, there was really only me as the sole developer. While I'm sure Ivan will not be spending as much time on ModSecurity as he has in the past (don't let him Jelena - heh), his continued contributions will be a welcome asset to the community.
So, now I find myself in this rather strange position of having the roles reversed. Thanks, Ivan, for trusting me with the code base and welcome back to development. Now, there is work to do and I need to re-create your account! ;)
Posted by: Brian Rectanus | March 17, 2009 at 11:10 PM