General discussion

Where does the buck stop with Open Source? Where does responsibility lie?

By MDKimzey ·
I have a serious question on Open Source. This is a serious- life and death of a product question. Everyone is singing the praises of Open Source. To be perfectly honest, a good deal of this seems like wishful thinking. My very serious question is: who *really* owns the responsibility for .NET Core as an Open Source product? Has all support moved to a community basis? I can see how this greatly reduces support costs for Microsoft. What are the expectations for documentation, support, and code quality? How do you manage the quality and versioning of a product with input from literally thousands of coders? Developer inputs can be extremely granular in detail. This is a very large backlog of pull-requests. Prior to the admission of a pull-request, how is the incoming code validated? Automated testing will not catch everything. If the answer to who owns the ultimate responsibility for .NET Core as a product is "everyone", .NET Core will soon be in serious trouble. The question of responsibility will surface very soon. How can this question not surface? Spreading responsibility over a vast community has some real disadvantages. This is especially true when most of the community holds day jobs that come first.
Thread display: Collapse - | Expand +

All Comments

Collapse -

Before looking at this question you need to understand

by OH Smeg In reply to Where does the buck stop ...

Where the Buck stops with Closed Source Software.

Very little of it has any protection for the End User so if lets say Microsoft has a coding problem with their OS they will fix it when they work out a solution but are very unlikely to pay any End User for money lost as a result of that flaw.

The same applies to Open Source if you let the group that codes that OS or Software of the problem you have experienced they are most likely going to fix it when they work out what is going wrong which sometimes is not that easy as quite often a series of things have to happen before a problem is repeatable and then they have to work out what has gone wrong and how to fix it if possible. That fix may involve a different way to do something and not the way you are doing it or it may involve writing new code or just about anything else and this is not confined to Open Source Software it applies to ALL SOFTWARE.

So in answer to your Question of who is Ultimately Responsible for flaws in software I would have to say No One is doesn't matter if it's Open or Closed Source no one is likely to get any Financial Compensation for faults in any software if that is what you are asking.

Collapse -

Question IS NOT about Financial Compensation for faults.

by mdkimzey1 In reply to Before looking at this qu ...

First of all - the question of where does the buck stop IS NOT about Financial Compensation for faults. This is a question about the quality. I see Open Source as problematic is the following ways.

(1) Support becomes "community support". The quality of community support varies greatly. Community support greatly decreases the cost of providing support for software companies. It does not in any way improve the quality of support. Is the developer that submits a fix going to support questions on their fix?

There is no obligation to provide help.

(2) Software changes come from a wide range of developers who use a wide range of coding standards. The idea of a coding standard ensures that code is maintainable. I doubt that all change sets submitted to open source follow a coding standard. This introduces a wide variety of coding styles to the software.

(3) Custom versions - what happens when a product uses a custom version of open source that conflicts with products that use other versions of the open source software?

(4) Security - with a large number of developers submitting change sets, the probability of the introduction of malicious code increases. How are repositories checked for malicious code? On some projects, code must be checked against specific security guidance (STIGs) before it can be used. This must happen for every update. In some applications, software with sections authored by developers in sensitive countries will prohibit the software's use.

(5) Who maintains the repository that contains the accepted or clean code base? An answer of "the community", "everyone", or "there is no accepted or clean code base", is in now way re-assuring.

(6) Documentation - who maintains the documentation and what standard is used? Do developers submit technical documentation with their changes? Does anyone review documentation for accuracy? Does anyone review the documentation for grammar mistakes?


Large software providers like open source because it offloads support cost to a community. The community is made up of developers who already have day jobs. I would not be surprised to learn that those managing a repository already have other responsibilities and that managing the repository comes second to billable work. Corporate developers in charge of open source repositories are probably over-worked and under-staffed.


Saying that no one is responsible or every one is responsible is not reassuring in any shape, form, or fashion.

Related Discussions

Related Forums