A row has erupted over an open source directory project that was being managed by former Sun employees.

According to Simon Phipps, Sun's chief open source officer, Sun took back control of an open source directory project because the stewards of the project made unauthorised changes to the governance policy.

This happened five months before the team were surprisingly laid off during companywide redundancies.

Simon Phipps, Sun's chief open source officer, told Network World he regrets the argument around the OpenDS (directory server) project, but that the company simply wanted to reverse an unauthorised governance change that Sun claims eliminated its stake in the project, which began in July 2006 to create an open source directory written in Java.

Now that the governance has been reset, Phipps said it will continue to evolve.

The former project owners vehemently dispute that they usurped any chain of command and say that Sun was fully aware of what was going on.

But the fallout exposes the fact that Sun is struggling to figure out how best to manage employees and open source projects and balance its corporate interests with its goal of becoming a leader in the open source community. Phipps admits that he will focus on that issue in the coming year.

"We assumed people understood what their responsibilities were as employees but it is becoming clear to me that we need to be more explicit," said Phipps. "One of the things I will be doing in the new year is working out an appropriate set of training for both employees and managers who are engaged in open source."

But in April there we no such explicit procedures.

The four co-owners of OpenDS - Neil Wilson, Stephen Shoaff, Don Bowen and David Ely - who at the time were Sun employees, changed the OpenDS governance after internal and other feedback raised concerns about contradictions in the governance as to leadership within the project.

That led the foursome to alter a clause in the governance model that mandated a single project lead appointed by Sun that had final say over everything.

The four co-owners left a clause that gave responsibility for governance changes to a consensus of the project owners, who were all Sun employees until the September layoffs. That type of governance structure is not uncommon in open source projects.

"They thought they were acting within their authority but it turned out they weren't," said Phipps. "I think they were acting in good faith but, however, what they did went beyond what they were empowered to do."

The change, Phipps said, eventually resulted in Sun no longer having a controlling interest in the OpenDS community after the four co-owners were laid off, and that meant the April change amounted to the foursome disposing of a Sun asset, which they were not authorised to do.

"We respectfully disagree with Sun's assertion and would like to understand what 'asset' was transferred or divested. The intellectual property and copyright ownership have always remained under Sun's control as per the Sun Contributor Agreement. We have never disputed this and worked hard to protect Sun. As of this time, Simon has still not responded to my request to discuss this incident and I prefer not to comment further until he does," said Shoaff, Sun's former director of directory engineering and OpenDS co-founder.

Phipps said it is company policy that whenever any Sun employee acquires or disposes of a Sun asset, they have to get approval from the "appropriate authority that has fiduciary responsibility."

He did not define what asset he was talking about in this case.

"The change they made was in the community interest and they thought it was not going to be a problem because they were all Sun employees," said Phipps.

A question of governance

The governance changes came about after four months of executive discussion starting in December 2006. In April, Wilson, Shoaff and the other owners rewrote the clause in the governance model that stated the "Project Lead, who is appointed by Sun Microsystems, is responsible for managing the entire project, and is the final arbiter of all decisions."

The new version read: "This Project Lead, who is appointed and removed by a majority vote of the Project Owners, is responsible for managing the entire project."

Members of the OpenDS community had complained the original clause was contradictory to the model's preamble, which states "OpenDS has a simple governance model. Decisions are based on consensus and are made in public on discussion lists" and with the description of the "Project Owner" role, which says "Project Owners are responsible for ... changing the governance policy."

Further contradiction arose in a "Roles and Responsibilities" table within the governance model that stated the Project Lead has sole authority for updates "to governance policy (by consensus)."

The current version of the OpenDS governance model restores all the original language.

With other Sun projects, such as OpenSolaris and OpenJDK, "we have made sure always that the executive with fiduciary responsibility signs off on that sort of [change] with ink on paper," Phipps said.

While Shoaff offered only brief comment, Trey Drake, who was OpenDS community manager before the layoffs and said he initiated the April change, was blunt in a post to the OpenDS mailing list on 30 November.

"To say that [the change] wasn't "Sun approved" is incorrect. There were no less than two Sun officers (Directors), an engineering manager, a principal engineer, and the previous Sun appointed Project Lead involved in the change."

Drake said the idea behind the governance change and other changes were inspired by CEO Jonathan Schwartz's vision for Sun's growth and credibility in the open source software community.

"Reasoning that "we didn't approve" and hence [reverting to the pre-April governance] is a correction implies there was a previous wrong. You [Sun] have chosen to change the governance as you see fit. As the only project owners you have that right, but don't discredit the previous leadership and claim the moral high ground in doing so," Drake wrote.

Drake did admit that the April changes were not put out to the public mailing list and that he discussed them only with a select group of OpenDS users. But he says the changes were not done in secret and asked "would anyone in the OpenDS user community have disagreed with a freer, more open project?"

The flap shows that Sun does explicitly hold ultimate control over some open source projects, and Sun employees agree that is the case.

Blogger Dave Johnson, a social software architect at Sun and a member of the Apache Software Foundation, categorized on his blog various Sun open source governance model's on a spectrum of "Community Governance" to "Corporate Control." The corporate control group included OpenDS, OpenSSO, Glassfish and Mobile and Embedded.

Clearly control over OpenDS had evaporated when the project owners were laid off.

Phipps says that when Sun begins a project that the participants are naturally all from Sun and control the governance. As the project develops, he says, that can and does change. He says the story on OpenDS is not complete.

"I regard this as a skewed story at the moment, because if I was at liberty to tell you everything I found out as I have been investigating you would see that it is much more nuanced then it came across in Neil's [Wilson] original blog posting."

Phipps says his investigation of the matter continues.