I would like to thank everyone who joined us for our Community Townhall. We appreciate the questions, concerns, and feedback.
To summarize the call, we clarified the changes and the reasons behind them. We acknowledged Puppet’s maturity as a product, the rising cost to secure and maintain open-source Puppet (OSP) and need to balance downstream priorities required of Enterprise customers while reinvesting in the freedom of the community to grow OSP under the Apache 2.0 license.
We also communicated our go-forward plans to formalize programs that support and recognize Puppet contributors and provide support for community-run regional user groups. We recognize that these programs previously existed, but we are looking to gather input from the community to ensure these programs are re-launched in a meaningful way. We communicated plans to discuss this live with community members at cfgmgmt camp.
After a few brief slides, we opened to the floor for questions. Here is a summary of the Q&A session. We didn’t have time to fully address all the questions asked during the live session, so I have provided additional clarification in this blog summary.
Community Ownership – Several questions & concerns were raised over the location and ownership of the open-source repositories. We addressed that the repos would remain in the puppetlabs name space which Perforce would continue to fund, including covering costs for contributor licenses and build pipelines/infrastructure.
As far as ownership goes, Perforce communicated a plan that grants ownership of the following to the collective community under the Apache 2.0 license:
• Co-author the source code of the project
• Approve commits / changes
• Maintain security fixes / defect fixes
• Create binaries, packages, Gems
• Create/Maintain Modules in a compatible way
Puppet & Perforce have historically owned this. In this new community-led model, Perforce is a part of the collective community, not the sole owners or gatekeepers of the community.
Control and decision making - It was asked how conflicts would be resolved going forward, and who would have majority control. Community members expressed concern with Perforce having too much power. Our view is that the collective community would have to work together to establish the correct process, structure, and bylaws. Mechanisms, such as the language steering committee, would allow us to work out ways that ensure compatibility and interoperability for the Puppet ecosystem. We do not aim to have majority stake, just equal representation as other community members. Our goal is to provide support for the community in this new model, and we still plan to contribute.
Contributions v Reviews - We discussed the reduction in contributions by community members over the past several years. Attendees indicated that this was a result of the infrequent and slow review process by the Puppet and Perforce team. The Perforce team agreed and acknowledged this as part of the prioritization problem we have been experiencing – a leading reason why we want to remove ourselves as a gatekeeper. In the new model, Perforce is no longer a gatekeeper. The collective community would have the ability to approve commits and changes.
Hardened packages - Questions were asked about the hardened OSP packages available in Perforce’s private repository, specifically what hardening will be provided. Perforce has a well-established, standardized set of processes and tools for product hardening that we apply consistently across our commercial offerings. Over time, we’ve developed a proven methodology that includes industry-leading security assessments, code reviews, and penetration testing procedures. Our approach involves leveraging a vetted toolchain for security scanning and adhering to a rigorous security checklist throughout the development lifecycle. By following these standardized practices, we ensure that Perforce commercial products pass thorough hardening measures before reaching our customers. The hardened OSP packages are no exception. We will provide further details, including SLAs, when the offering launches in early 2025.
We also confirmed that the community will have free access to the hardened OSP packages in the Perforce private repository under the terms of 25 node limited development license.
Cnfgmgmt camp geography - It was highlighted that many members would not be able to make cnfgmgmt camp and we agreed to investigate options to facilitate remote voting / viewing. We will ensure that the broader community has a chance to weigh in and vote.
Trademark - It was asked if the Puppet trademark could be used in the community project for various naming purposes. In short, the Perforce team said “no”. We understand that the open-source community is interested in using our trademark, and we appreciate the community’s enthusiasm for Puppet. However, our trademark represents a significant investment in our brand, reputation, and the quality we guarantee to our customers.
This choice isn’t a reflection on the community’s efforts or intentions. It is simply a matter of preserving the integrity of the Puppet brand and ensuring that any products or materials bearing the Puppet name continue to meet the criteria we have established. We appreciate your understanding and respect for our position.
Again, I would like to thank everyone for taking part in the Puppet Community Town Hall. Many of the concerns raised reflect the difficulty of having community contributions overlayed into a release process that Puppet and Perforce have fully controlled. We understand that this announcement and our intent to remediate these concerns can have the adverse effect of raising more questions than answers, but we are eager to find a path forward through ongoing conversations with the Puppet community. We believe that we share a common goal for increased adoption and success of Puppet across a diverse range of customer needs.
For those that could not make it, the recording is available. (Passcode: E4^x02M8)
Please reach out to us on Puppet’s Community slack or at puppet-community-questions@perforce.com with any questions.
Top comments (4)
I still don't see how this grants ownership to the community. You still want to own the git repositories and don't want to allow the community to use the "puppet" trademark. How does that grant us any ownership? This still reads like Perforce wants free labour, without any significant investment into the community.
Does that mean we don't need to sign an EULA?
But you do have the majority stake by owning the repos + trademark
Then it would be enough to donate the repos + trademark to Vox Pupuli or actually use the trusted contributor program you have/had, instead of ignoring requests for this program? Also you could have reduced the maintenance costs by stopping to treat PE an OSP as different products/code basis. And Puppet/Perforce has a track record of reinventing the wheel internally. And there's a long standing request from the community to open source your packaging pipelines or at last document them, so people can help out. Perforce navigated itself into a corner by ignoring all of this.
Sorry but that's just a lie, or you work in a different industry.
@bastelfreak wanna take a guess at what behavior prompted this post? hachyderm.io/@binford2k/1120570286...
To be very clear once again, this has never been the request. We do not want to own the
puppettrademark. We want an irrevocable but limited license to use the wordmarkpuppetonly in the context of the command line tools and configuration file paths used in the OSS project.In other words, we want our users to be able to type
puppet agent -tand edit thepuppet.conffile.Without this license, divergence is inevitable. We are trying to prevent that and it appears that Perforce is not. It would be nice to call our project OpenPuppet but that is a side benefit, not the priority.
I cannot count the number of times this has been said in the last 7 years that I know of personally, so I have a very hard time believing anything will be different this time.