Those of us in the open source community know firsthand what an exciting time it is. Open source is growing by leaps and bounds, and is being adopted more and more every year. While this is awesome news for open source project admins, it also means that open source will be more of a target for malicious and dishonest activity. Recently, we have seen a disturbing trend and more evidence of those trying to capitalize on your hard work. As an open source developer, this should be something of the utmost concern.
We care deeply about the future of open source, so we offer these words of advice for project admins, to protect yourselves and your end users. Remember, your reputation is everything. It’s all you have, and it only takes a moment for that to be ruined.
1. Know where your project is being distributed, and only use trusted distribution partners. Do a regular search or sign yourself up for a Google Alert on your project name, and see what comes up. If your project is being downloaded from a site that you believe is not in compliance with your open source license, ask them to remove it immediately.
2. Know who might be infringing on your copyrights, or using your name to package harmful malware. We have seen this happen before. Again, regularly searching for your project name can help turn up some of these cases.
3. Speaking of intellectual property protection, if you haven’t taken the time to trademark your project name or logo, do it. This can make or break you if you ever need to take an infringement case to court. Copyright laws vary from country to country, and they can be pretty complicated, but there are resources out there that can help. The Software Freedom Law Center is a great place to start.
4. Clearly communicate to your end users where they can find the official version of your software. Make sure they know what they’re getting. If they download a piece of malware with your name on it, they will only blame you, and the trust you’ve worked so hard to achieve will be destroyed.
As a project admin, maintaining the integrity of the brand around your software can seem like a daunting task. But it’s also one of the most important tasks you face. It’s *your* project, made with *your* blood, sweat and tears. Remember that “open source” does not have to mean “open season.”