[openstack-dev] [openstack-tc] use of the word certified

Mark McLoughlin markmc at redhat.com
Sun Jun 8 08:10:07 UTC 2014

Hi John,

On Fri, 2014-06-06 at 13:59 -0600, John Griffith wrote:

> On Fri, Jun 6, 2014 at 1:55 PM, John Griffith <john.griffith at solidfire.com> wrote:

>         On Fri, Jun 6, 2014 at 1:23 PM, Mark McLoughlin <markmc at redhat.com> wrote:
>                 On Fri, 2014-06-06 at 13:29 -0400, Anita Kuno wrote:
>                 > The issue I have with the word certify is that it
>                 requires someone or a
>                 > group of someones to attest to something. The thing
>                 attested to is only
>                 > as credible as the someone or the group of someones
>                 doing the attesting.
>                 > We have no process, nor do I feel we want to have a
>                 process for
>                 > evaluating the reliability of the somones or groups
>                 of someones doing
>                 > the attesting.
>                 >
>                 > I think that having testing in place in line with
>                 other programs testing
>                 > of patches (third party ci) in cinder should be
>                 sufficient to address
>                 > the underlying concern, namely reliability of
>                 opensource hooks to
>                 > proprietary code and/or hardware. I would like the
>                 use of the word
>                 > "certificate" and all its roots to no longer be used
>                 in OpenStack
>                 > programs with regard to testing. This won't happen
>                 until we get some
>                 > discussion and agreement on this, which I would like
>                 to have.
>                 Thanks for bringing this up Anita. I agree that
>                 "certified driver" or
>                 similar would suggest something other than I think we
>                 mean.
>         ​Can you expand on the above comment?  In other words a bit
>         more about what "you" mean.  I think from the perspective of a
>         number of people that participate in Cinder the intent is in
>         fact to say.  Maybe it would help clear some things up for
>         folks that don't see why this has become a debatable issue.

Fair question. I didn't elaborate initially because I thought Anita
covered it pretty well.

>         By running CI tests successfully that it is in fact a ​way of
>         certifying that our device and driver is in fact 'certified'
>         to function appropriately and provide the same level of API
>         and behavioral compatability as the default components as
>         demonstrated by running CI tests on each submitted patch.

My view is that "certification" is an attestation that someone can take
the certified combination of a driver and whatever vendor product it is
associated with, and the combination will be fit for purpose in any of
the configurations that it supports.

To achieve anything close to that, we'd need to be explicit about what
distros, deployment tools, OpenStack configurations and vendor
configurations must be supported. And it would be fairly strange for us
to do that considering the way OpenStack just ships tarballs currently
rather than a fully deployable thing.

Also AIUI "certification" implies some level of warranty or guarantee,
which goes against the pretty clear language "WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND" in our license :)

Basically, I think there's a world of difference between what's expected
of a certification body and what a technical community like ours should
IMHO be undertaking in terms of providing information about how
functional and maintained drivers are.

(To be clear, I love any that we're trying to surface information about
how well maintained and tested drivers are)

>         Personally I believe part of the contesting of the phrases and
>         terms is partly due to the fact that a number of organizations
>         have their own "certification" programs and tests.  I think
>         that's great, and they in fact provide some form of
>         "certification" that a device works in their environment and
>         to their expectations.  

Also fair, and I should be careful to be clear about my Red Hat bias on
this. I am speaking here with my "upstream hat" on - i.e. thinking about
what's good for the project, not necessarily Red Hat - but I'm
definitely influenced about the meaning of "certification" by knowing a
little about Red Hat's product certification program.

>         Doing this from a general OpenStack integration perspective
>         doesn't seem all that different to me.  For the record, my
>         initial response to this was that I didn't have too much
>         preference on what it was called (verification, certification
>         etc etc), however there seems to be a large number of people
>         (not product vendors for what it's worth) that feel
>         differently.

>	On Fri, Jun 6, 2014 at 1:23 PM, Mark McLoughlin <markmc at redhat.com> wrote:
>                 And, for whatever its worth, the topic did come up at
>                 a Foundation board
>                 meeting and some board members expressed similar
>                 concerns, although I
>                 guess that was more precisely about the prospect of
>                 the Foundation
>                 calling drivers "certified".

> ​By the way, has anybody thought about this in an OpenStack general
> context.  I mean, are we saying that we don't offer any sort of
> certification or verification that the various OpenStack components or
> services actually work? 

Right, we don't. Do you have examples in mind of open-source projects
which do?

> I realize there are significantly different levels of certification
> and that's an important distinction as well in my opinion.

Another distinction is whether certification provided by the project vs
provided by the Foundation. In the case of Cinder[1], I think you've
made it reasonably clear the certification body is "the Cinder team" but
I think many people would expect any certification to be provided by the
Foundation and carry with it right to use e.g. an "OpenStack certified"
trademark. In other words, that something carrying the name
"certification" would imply a level of formality and that it would come
from a legal entity.

Now, to be clear - I think Cinder (or the project more generally)
probably can do this without any endorsement of the Foundation so long
as it doesn't get into trademark or legal risk territory, it's just that
I think we shouldn't be taking it on.


[1] - https://wiki.openstack.org/wiki/Cinder/certified-drivers

More information about the OpenStack-dev mailing list