Thursday, January 22, 2009

Canadian Government RFI on Open Source Software

The Canadian government has an RFI concerning Free and Open Source Software ("No Charge Licensed Software"):
This is not a bid solicitation. Canada is seeking feedback from the Industry with respect to No Charge Licensed Software....

Canada has a Request for Information (RFI) related to No-Charge Licensed Software (typically referred to as Free and Open Source Software or FOSS and also applicable to freeware)....

The purpose of the RFI is to help the Government of Canada (GC) put together guidelines related to the planning, acquisition, use and disposal of No Charge Licensed Software (NCLS). While there is already significant interest for No Charge Licensed Software within the Government of Canada there are many questions being asked, see below. There exists operationally a requirement to produce common guidelines that are fair, open and transparent and can be applied consistently across departments....

  1. In the Overview, the Crown provided a definition for No Charge Licensed Software. Is this an appropriate definition?
  2. What are reasonable criteria that the Crown should consider in a decision process for acquiring No Charge Licensed Software? Are there circumstances in which the acquisition of No Charge Licensed Software would not be advisable?
  3. How should existing Government Furnished Equipment, Services, Service Level Agreements and internal resources be considered when evaluating the usage of No Charge Licensed Software?
  4. How practical is No Charge Licensed Software? Are there hidden costs that need to be considered as part of the process of evaluating the alternatives available?
  5. Are the general financial, technical and security risks associated with acquiring and using No Charge Licensed Software?
  6. Do Open Standards and interoperability factor into evaluation considerations?
  7. Does the technology factor into the evaluation consideration, such as ability to maintain and evergreen?
  8. Does the Crown evaluate the flexibility of the licensing models for No Charge Licensed Software?
  9. What impact will No Charge Licensed Software have on Government Licensed End-User Networks (
The following are the criteria described in the RFI that would be used in acquiring of Open Source Software:
  1. Architectural Review and Approval: This involves the applicable Enterprise Architecture group reviewing the product to ensure that it:
    • Is appropriate for the use specified in the request
    • Works well within the technical environment
    • Does not violate or overlap with any existing standards

  2. Financial Risk Assessment: Per Treasury Board Secretariat direction, the use of No Charge Software (particularly Free and Open Source Software) requires the completion of a financial risk assessment. The financial risk assessment must consider the risk exposure per year against the financial benefit. Depending on the level of risk involved, approval of the risk assessment will be required by:
    • The applicable Senior Financial Officer or delegate - for substantive risk
    • The business owner of the impacted or system - where risk is non-substantive

  3. Justification of No Charge Acquisition - A Procurement Officer must review the justification for acquisition of No Charge Software, for clarification and as due diligence for the validity of reasons and that they will stand possible future scrutiny.

  4. Investigation of Security Risks - Given the potentially heightened security risk of downloadable No Charge Software, the appropriate IT Security Officer must investigate and approve No Charge Software before it is approved for use. In particular, the security assessment will assure that the product does not contain viruses, malware or other means for an attacker to compromise the GC or departmental environment.

  5. Software License Review - Due to the diverse nature of licence models associated with No Charge Software, a review must be conducted to identify potential legal/policy impediments for the GC in agreeing to a particular licence agreement. The intent is to accumulate a list of acceptable licences (including popular ones such as GPL, LGPL, Apache etc.) so that a particular license model would only have to be examined once across the entire GC.
I would encourage those in the Open Source community and industry to participate in this interesting RFI.

Thanks to Russell McOrmond for pointing this out.


Mike Gifford said...

I passed this along to Russell, so glad he forwarded it on to you.

To simplify the process of gathering submissions I added the questions included in the RFI into the following survey.

If you don't have time to download and formally respond to the RFI yourself, please take the time to complete the survey. We'll compile it and send it on to the Public Works.

Glen Newton said...


Yes this RFI was discussed in the Gosling group list last week.

I took a look at the survey page you listed and it looks like a good idea. One question I have is: there is no information about who owns the information in the form a user might submit, what license the user is releasing the information under (if any) or even a link to an appropriate use or privacy policy page (I was able to find your privacy policy using the search for your site). You have also not made too explicit how you are going to use the submitted information ("which we will be compiling for use in our own submission").

Anonymous said...

Thanks for the feedback Glen.

Definitely should have appended more of this to the survey, but got busy with other things.

In the end I left it, edited it together and posted it here:

The final submission to PWGSC also had all of the other submissions contact information.

Next time I'll specify a CC license.