Open-sourcing

[jameslzhu]

Rationale

There are several benefits to us for publicly releasing our code:

• Transferring ownership to compserv org: the org's education benefits appear to have expired, so the only repos we can host under the compserv umbrella can be public. This is desirable for managing access permissions and avoiding ownership issues due to graduation, lost contact, etc.
• Lower barrier to contribution for non-compserv members / officers: faulty code can be investigated / fixed independently without manual access grants.
• Security incentives: making our code public incentivizes us to make our code secure, especially practices such as removing API keys. This also preemptively secures our code in the case of a Github security breach. (This may require a git filter-branch to remove objects with secrets.)
• Cross-pollination: we frequently receive questions on how portions of our website work, especially the d3.js course map. As a non-profit intended to benefit students and the public, we have at least a de jure motivation to release our code to the benefit of the campus community.
• Relevance to hknweb: hknweb is developed openly, but hkn-rails data must be migrated over. This will require access to hkn-rails code, facilitated by the open-sourcing.

Anti-rationales

• Security-risks: Making our code public, unfortunately, also comes with the risk of making our code easily exploitable, which given the end-of-life quasi-status of hkn-rails amplifies this risk. This risk is nullified when hkn-rails is no longer used in production.
• Effort on maintenance-mode code: this may be better used on hknweb. Nullified if we have an excess of manpower relative to tasks (chances are remote, but possible).

Tasks

• Remove all secrets (Remove api keys #175)
• Select license for open-source release: BSD 2-clause selected in 2011 by richardxia: aed99f9
• Request written permission from major contributors
• Transfer ownership to compserv org

[jameslzhu]

@richardxia @jvperrin @jasonk47 @theg5prank @seshness @tinnywang @flawedmatrix @davidchou @kevarifin14 @edliao @Jonathank @dhe95 @wylliec @michaelmmlu @adegtiar @rlaprade @ibrahima @vklee88 @andrewfang @alancyao @es1024 @alvinwan @MinasTyuru @zentner-kyle

Hello everyone!

As major contributors to hkn-rails, I'd like to inform you all that, as a current officer of @compserv, I'll be making this repo public soon, probably within the next month or two.

The major impetus for this change is the expiration of @compserv's access to private repos; the parent repo has been transferred to @jvperrin for the moment, until we could prepare the repo for public release (removing API keys, checking for major security issues, etc). Barring any roadblocks, we will be making this repo public and transferring it back to @compserv shortly.

Further info is available in the issue description above, but this should help managing future contributions by moving back under the org, as well as allowing us to more publicly share code. In particular, we get many emails about implementing a d3.js course map like ours.

(That said, I expect most future work from compserv to go into the new hknweb in Python / Django. Some of you may recognize the joke of history repeating itself.)

As for the legal justification, since aed99f9 (2011), this repo has carried the BSD 2-clause license in LICENSE (excerpted):

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice,
   this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

Pursuant to the license, I will be redistributing the code. As you are all copyright holders of your contributions, this is contingent on your agreement.

Your explicit agreement to this action will be greatly appreciated (by replying below), legally speaking, but otherwise I will be assuming your (implicit) agreement to the license by contributing to this repo.

There's a lot of legalese here, but the gist is that I'd like you all to know your work is being made public, for the benefit of future students and developers.

Thanks!
@jameslzhu

[jvperrin]

This is done! 🎉