
Ask HN: Does your company use a tool for outbound open source contributions? - BenBoe
There is a lot of blog posts about ‘outbound open source’ contributions in small or big companies. Example: http:&#x2F;&#x2F;www.smashingmagazine.com&#x2F;2013&#x2F;12&#x2F;open-sourcing-projects-guide-getting-started&#x2F;. Especially when starting a new open source project, many companies go through IP compliance checks and evaluate which license to apply (MIT vs Apache etc). Often times there is an approval process involved by the various parties (management, lawyers, process owners, etc).<p>Does your company have a tool for this process? If so which one? All I found so far was some companies leveraging Jira workflows.
======
theWold
I don't quite understand what you mean by outbound? I assume you mean people
who contributed to the code from outside of the company and how we officially
add their code in.

[https://github.com/capitalone/Hygieia](https://github.com/capitalone/Hygieia)

So I work for Capital One (obligatory _What 's in your Wallet_). This is our
Open Source DevOps Dashboard (Apache v2). We do make outside contributars
agree to a "Capital One Individual and Corporate Contributor License
Agreement" (ctrl-f for 'Link to Agreement' on the main git page I provided
above).

Essentially, from a buddy of mine who works on it, we basically just need to
make sure people don't somehow add non-compatiable liscensed code to it, and
we can keep using it with your contribution.

As for the commits from outside and taking it so that we can use it, I believe
we not only have the team incharge of the project review the code, but also
our Application Security guys look at the code a lot. (They always scrutinize
any and all non internal code for any sort of malicious intent (software or
legal)). Once the green light is from them then we are good to go, to my
understanding. I don't directly work on the project. (Shameless plug for what
I do work on
[https://ane.capitalone.com/landing](https://ane.capitalone.com/landing) .
Huzzah for Direct Auto Loans!)

I don't know much else, but if you reach out to any of the more active people
who contribute they'll reach back out, or atleast they did for me when I
reached out via my personal git account.

We have two other open source projects, but I am not as familiar with them as
Hygieia.

[https://github.com/capitalone](https://github.com/capitalone)

~~~
BenBoe
Thanks @theWold - that makes sense. Having a CLA in place is they way to make
sure the rights are assigned to the open source projects for further use.

I wonder if the people who initially started the open source project had to go
through some sort of approval process by management and whether that was
facilitated by a tool? Also if the company somehow keeps track of the open
source projects activities. Outbound basically meaning = from company to open
source world.

~~~
theWold
> I wonder if the people who initially started the open source project had to
> go through some sort of approval process by management and whether that was
> facilitated by a tool?

VERY much so. So, imagine yourself as some old bank executive. Sure you work
at a more progressive (tech and policy wise) bank than others, but still at
the end of the day we're a bank. Why would we give free things away? That was
the main reaction before our current CIO, Rob Alexandar, got into the mix of
things. He has slowly been pushing to become more and more forward thinking
about tech from the top down. Which is a hard thing in such a regulated
environment like a bank. There are so many internal power struggles on old
systems that all new tech hires (new meaning last 5 years and younger) with
getting rid of older things. We have begun to rewrite major systems. Keeping
good documentation. Transitioning everything to git rather than SVN. Updating
our AppSec ability to audit things quickly such that we can actually get
something to production in a week if we really want to.

