{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據 GitHub 2020 報告,2019年10月至2020年9月期間,Github上的全球開發者數量已經超過5600萬,這一數字預計在 2025 年 將達到 1 億。作爲擁有最龐大開發者羣體的開源項目託管平臺,Github開發者數量的持續增長也直接反映了開源熱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"與此同時,另一個值得關注的數據是,中國的開源貢獻者(2020年佔比10%)已經躍居全球第二,並且佔比持續在上升,預計在2025年將達到13%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“中國開發者從一個開源的使用者,已經變成全球主流的開源貢獻者。開源的協作創新開發模式,也成爲推動軟件產業持續創新發展的源泉。”9月23日,在"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/theme\/112","title":"","type":null},"content":[{"type":"text","text":"2021華爲全聯接大會"}]},{"type":"text","text":"上,華爲雲與計算開源業務(OSDT)總經理堵俊平宣佈,華爲啓動“開源雨林”計劃,意圖攜手開源生態夥伴,幫助更多企業更好的使用開源、貢獻開源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"毋庸置疑,當前國內開源熱度空前高漲,但顯而易見,開源並不是“開放源代碼”就完事,企業組織使用開源更不是毫無規章,開源背後涉及的人、社區、管理等等因素,都是有講究的。而由於國內開源整體起步較晚,企業在採用開源加速創新的同時,也遇到了前所未有的挑戰。帶着這些思考,InfoQ受邀參加2021華爲全聯接大會,透過華爲的路徑看國內開源的發展現狀和趨勢,並深入瞭解“開源雨林”計劃背後的考量,希望此文能爲讀者帶來參考。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"擁抱開源,也要懂得治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"擁抱開源已是行業趨勢,市面上的開源軟件幾乎覆蓋了目前軟件技術棧的大部分。“開源已成爲全球軟件技術和產業創新的主導模式,是加速基礎軟件發展、社會高效協作的模式”,堵俊平表示,無論是大型的互聯網企業,還是普通的軟件開發者如今都可以藉助開源,開發出各個領域的軟件並改變傳統工業、農業以及我們的日常生活。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據信通院發佈的2020開源生態白皮書,2019年我國企業已經使用開源技術的企業佔比爲87.4%,企業對開源技術的接受程度較高,使用開源技術已成主流。其中,超半數企業使用開源軟件應用於數據庫方向,雲計算領域已普遍應用雲計算開源技術,超七成的企業應用開源容器技術,超六成的企業已經應用或正在測試微服務框架。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但由於中國的開源起步較晚,中美用戶生態還是存在一定的差距,國內企業用戶對開源認識不足,在一定程度上制約了國內開源的發展。雖然國內使用開源技術的企業多,但是真正理解並且參與貢獻的甚少。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"另有數據顯示,中國的500強企業中,有約96.6%其實不瞭解開源,僅2%參與開源貢獻。相比而言,全球500強企業中有79.2%瞭解開源,並且22%參與了開源貢獻。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前,國內企業對開源存在一些“誤解”,主要體現在以下幾個方面:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"免費:開源軟件都是免費的,企業無需爲開源軟件付費,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"商業發行版市場空間降低。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"合規:開源軟件可以隨意使用和fork,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"企業技術債和安全漏洞頻發、擠壓商業發行版市場空間。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"選型:不理解上下游社區及社區fork的關係,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"不能較好地分辨社區是否可延續。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"競爭力:競爭力開源後如何變現,不瞭解開源的商業模式,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"社區參與度不足。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"社區:不知道如何參加開源社區,也不瞭解參加社區投入產出,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"社區參與度不足。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"開源治理是針對開源引入過程、自發開源過程、開源社區維護等方面的一套流程體系,是推動開源生態良性發展的有效手段。對企業來說,不理解開源,就無法真正發揮技術創新作用賦能自身數字化轉型;不熟悉開源的安全、合規、生命週期及效率(工具),企業引入開源就容易得不償失,導致成本過高及鏈路過長。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總的來說,目前企業用戶在使用開源軟件時遇到的挑戰主要包括"},{"type":"text","marks":[{"type":"strong"}],"text":"安全"},{"type":"text","text":"(漏洞修復能力,漏洞修復服務,漏洞修復流程)、"},{"type":"text","marks":[{"type":"strong"}],"text":"合規"},{"type":"text","text":"(許可證衝突,識別合規風險,知識產權風險)、"},{"type":"text","marks":[{"type":"strong"}],"text":"生命週期"},{"type":"text","text":"(存量軟件升級,建立流程和規則,參與上游社區貢獻)、"},{"type":"text","marks":[{"type":"strong"}],"text":"效率"},{"type":"text","text":"(管理平臺,開源軟件庫,代碼掃描工具)等幾方面,"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"因此,企業對於開源治理的訴求愈加迫切。“華爲公司願意把在開源領域長期積累的經驗分享給夥伴。”堵俊平表示。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"提升全行業開源技術水平"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,“開源雨林”計劃是一次全新的嘗試,它將從開源通識、開源使用、開源貢獻三大方面構建開源課程體系,幫助企業快速理解開源理念,掌握實戰方法。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時,華爲也將發揮自身技術優勢與經驗優勢,在團隊、機制、項目三方面提供諮詢服務,協助企業構建開源能力中心,逐步提升全行業開源技術水平。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/32\/321ab1d4d6ec387ecdf59387d05272db.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"堵俊平在講解“開源雨林”計劃。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"具體而言,華爲把相關的理論和案例總結爲十門開源專業課程,以授課的方式讓企業快速具備實戰基礎。同時,華爲也會選擇和部分企業共建開源能力中心,或者採用聯合創新項目的方式完成企業組織和流程搭建,讓企業具備實戰能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲什麼是華爲?華爲是否具備這個基礎?相信在“開源雨林”計劃亮相之後,部分人會產生類似的疑問。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但若深入瞭解,則不難發現,近些年華爲"},{"type":"text","marks":[{"type":"strong"}],"text":"從開源的參與者逐步走向開源的引領者"},{"type":"text","text":"。目前華爲在頂級基金會(包括 Linux、CNCF、Linaro、OpenStack 等)擁有十多個董事席位,以及 200 多個 TSC、PTL、Core Committer 席位。在積極參與開源社區的同時,華爲也是開源項目的主動貢獻者,涵蓋操作系統、雲原生、數據庫以及 AI 等領域。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"堵俊平介紹道,華爲早在使用開源之初就成立了開源能力中心,並建立了可信開源的管理流程,已經有了10多年的社區經驗積累。除了大力發展華爲開源社區,華爲還在CHAOSS社區共享開源治理、社區運營、基礎設施經驗,共建開源項目\/社區度量標準。近期,華爲還加入了OpenChain項目(由 Linux 基金會發起的一項旨在簡化開源合規性的項目,幫助各種組織更高效地解決開源許可證一致性問題),希望能爲打造安全可信的開源軟件供應鏈貢獻更多的力量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"事實上,自 2019 年華爲全面提出了軟件開源的戰略後,華爲開源的實力開始顯現。在過去兩年時間裏,華爲陸續推出了 openEuler、OpenHarmony、MindSpore 、openGauss、KubEdge、EdgeGallery、Karmada 等平臺級開源項目,涉及到數字基礎設施操作系統、智能終端操作系統、AI 計算框架、分佈式數據庫、邊緣計算、多雲容器編排系統、等基礎軟件項目。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於歷史因素,中國基礎軟件競爭力十分薄弱,因此"},{"type":"text","marks":[{"type":"strong"}],"text":"華爲希望推動中國構建世界級的基礎軟件開源社區。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以openEuler爲例,當下政企用戶對於自主可控開源的操作系統替換關注度很高,openEuler(開源的Linux發行版)是數字基礎設施的操作系統。短短兩年,openEuler已經快速成長爲國計民生行業支持多樣性計算的首選操作系統,在運營商、政府、金融、能源行業都具備了大規模商用的能力。在本次大會上,openEuler 21.09版本正式發佈,同時推出了全新的雲原生全棧功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"值得一提的是,自Linux kernel 5.8版本以來,華爲內核代碼貢獻持續領先,"},{"type":"text","marks":[{"type":"strong"}],"text":"5.10版本貢獻第一,在華爲承諾幫助加強測試的支持下,Linux Kernel 5.10維護週期從2年延長至6年"},{"type":"text","text":"。根據 openEuler 社區的版本生命週期,openEuler 22.03 LTS 版本將於明年發佈,屆時將會使用 Linux Kernel 5.10 作爲該版本的內核。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了openEuler,其他開源項目比如openGauss、Karmada、MindSpore也在飛速發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全場景 AI 計算框架 MindSpore 開源一年多以來快速成長,能力日趨強大,最新 MindSpore 1.5 版本強化全場景能力、原生支持大模型,並新增 AI 科學計算新範式、電磁仿真套件和分子模擬套件,促進 AI 應用於科學計算。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“去 O”一直是政企用戶的目標,企業級數據庫 openGauss 自去年 6 月開源,已經有 70 家企業加入社區,開發貢獻者超過 2000 人,12 傢伙伴基於 openGauss 發佈商業發行版。如今,openGauss 社區理事會正式成立,包括主流的 DBV(數據庫軟件供應商)、關鍵行業客戶、高校學術機構等 18 家單位,共建共享共治 openGauss 開源社區,一同打造全球領先的企業級開源數據庫新生態。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生是大勢所趨,但是對於企業客戶而言,出於數據主權和安全隱私的考慮,企業客戶會考慮使用多雲混合雲方式開展業務,然而不同雲環境的基礎設施能力、安全架構的差異會造成企業 IT 架構和運維體系的割裂,加大多雲混合雲實施的複雜性,提高了運維成本。今年 4 月,華爲正式宣佈開源雲原生多雲容器編排項目 Karmada,並於 9 月將該項目捐贈給雲原生計算基金會 CNCF。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"金融業的開源使用風險治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不僅在 IT 和互聯網企業,銀行電信等不少傳統行業客戶也在許多場景引入開源技術,開源已經成爲推動企業數字化轉型和創新的一大推手。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據瞭解,華爲在推出“開源雨林”計劃之前,就和浦發銀行就金融領域開源治理和開源策略方面有所合作。在金融業迎來發展新機遇的大背景下,浦發銀行積極推進數字化轉型,投入大量人力進行數字化研究,在雲計算、大數據、人工智能領域進行開發創新,這其中不可避免地使用了大量開源軟件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但衆所周知,金融企業對監管合規和穩定性尤爲嚴苛,銀行產品大量使用開源技術的同時,合規、安全風險如何管控?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/3d\/3deb9013a7aebf116f8f66657198e17b.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"華爲指出,金融客戶當前仍着重於求解使用開源方面的問題,主要聚焦在安全、合規、生命週期、效率(工具)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當看到華爲在CNCF、Hadoop等開源社區的貢獻和影響力後,浦發決定和華爲公司合作,共同成立浦發·華爲開源技術聯合實驗室,圍繞開源使用風險治理結成聯創項目,並提出了樹立開源價值觀、確立方法論和落地實踐三步走的戰略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先是樹立開源價值觀,華爲開源專家開展了多次現場培訓和在線指導,和浦發一起識別開源使用風險,爲後續順利開展工作做好準備。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次是確立方法論,結合華爲開源治理的成功經驗,浦發打造了關於開源使用及治理的頂層設計,從管控風險,到平臺運作,最終實現高效自治。期間浦發結合業務實際,對開源技術引入、使用和安全管理設計了相關流程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後是成功落地實踐,在完成上述方法論後,浦發在引入環節規避了開源軟件相關安全風險,通過使用臺賬的記錄做到開源軟件可控可溯。目前開源治理能力已在全行推廣,幫助浦發安全、合規、可靠、高效地評估和使用開源軟件、管理開源資產、把控開源軟件使用中的安全風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於浦發率先在金融業實行開源管理,其能力得到了行業認可,同年浦發牽頭成立金融行業開源技術應用社區,進一步提升了浦發在行業中的影響力。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"寫在最後"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“只有通過開源,纔有機會聚焦全社會全產業鏈的力量迅速提升基礎軟件能力,進而推動全行業的創新。”堵俊平說道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"華爲在開源領域的投入有目共睹。需要強調的是,無論是華爲現在主導的開源社區或後續創建的其它社區,都需要企業有意向加入並且能夠打通社區和商業的循環,才能可持續地發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而如何幫助企業少走彎路,應對開源挑戰並切實有效地防範、化解開源風險的同時,能利用好開源的優勢實現業務價值,驅動業務創新,便是“開源雨林”計劃所要解決的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之,是否要採用開源技術已經不是我們首要考慮的問題,未來更重要的是如何更好地使用開源、探索開源,創造更多可能性。"}]}]}
面對安全、合規、效率等諸多挑戰,企業該如何用好“開源”?
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據 GitHub 2020 報告,2019年10月至2020年9月期間,Github上的全球開發者數量已經超過5600萬,這一數字預計在 2025 年 將達到 1 億。作爲擁有最龐大開發者羣體的開源項目託管平臺,Github開發者數量的持續增長也直接反映了開源熱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"與此同時,另一個值得關注的數據是,中國的開源貢獻者(2020年佔比10%)已經躍居全球第二,並且佔比持續在上升,預計在2025年將達到13%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“中國開發者從一個開源的使用者,已經變成全球主流的開源貢獻者。開源的協作創新開發模式,也成爲推動軟件產業持續創新發展的源泉。”9月23日,在"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/theme\/112","title":"","type":null},"content":[{"type":"text","text":"2021華爲全聯接大會"}]},{"type":"text","text":"上,華爲雲與計算開源業務(OSDT)總經理堵俊平宣佈,華爲啓動“開源雨林”計劃,意圖攜手開源生態夥伴,幫助更多企業更好的使用開源、貢獻開源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"毋庸置疑,當前國內開源熱度空前高漲,但顯而易見,開源並不是“開放源代碼”就完事,企業組織使用開源更不是毫無規章,開源背後涉及的人、社區、管理等等因素,都是有講究的。而由於國內開源整體起步較晚,企業在採用開源加速創新的同時,也遇到了前所未有的挑戰。帶着這些思考,InfoQ受邀參加2021華爲全聯接大會,透過華爲的路徑看國內開源的發展現狀和趨勢,並深入瞭解“開源雨林”計劃背後的考量,希望此文能爲讀者帶來參考。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"擁抱開源,也要懂得治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"擁抱開源已是行業趨勢,市面上的開源軟件幾乎覆蓋了目前軟件技術棧的大部分。“開源已成爲全球軟件技術和產業創新的主導模式,是加速基礎軟件發展、社會高效協作的模式”,堵俊平表示,無論是大型的互聯網企業,還是普通的軟件開發者如今都可以藉助開源,開發出各個領域的軟件並改變傳統工業、農業以及我們的日常生活。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據信通院發佈的2020開源生態白皮書,2019年我國企業已經使用開源技術的企業佔比爲87.4%,企業對開源技術的接受程度較高,使用開源技術已成主流。其中,超半數企業使用開源軟件應用於數據庫方向,雲計算領域已普遍應用雲計算開源技術,超七成的企業應用開源容器技術,超六成的企業已經應用或正在測試微服務框架。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但由於中國的開源起步較晚,中美用戶生態還是存在一定的差距,國內企業用戶對開源認識不足,在一定程度上制約了國內開源的發展。雖然國內使用開源技術的企業多,但是真正理解並且參與貢獻的甚少。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"另有數據顯示,中國的500強企業中,有約96.6%其實不瞭解開源,僅2%參與開源貢獻。相比而言,全球500強企業中有79.2%瞭解開源,並且22%參與了開源貢獻。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前,國內企業對開源存在一些“誤解”,主要體現在以下幾個方面:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"免費:開源軟件都是免費的,企業無需爲開源軟件付費,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"商業發行版市場空間降低。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"合規:開源軟件可以隨意使用和fork,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"企業技術債和安全漏洞頻發、擠壓商業發行版市場空間。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"選型:不理解上下游社區及社區fork的關係,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"不能較好地分辨社區是否可延續。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"競爭力:競爭力開源後如何變現,不瞭解開源的商業模式,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"社區參與度不足。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"社區:不知道如何參加開源社區,也不瞭解參加社區投入產出,導致"},{"type":"text","marks":[{"type":"strong"}],"text":"社區參與度不足。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"開源治理是針對開源引入過程、自發開源過程、開源社區維護等方面的一套流程體系,是推動開源生態良性發展的有效手段。對企業來說,不理解開源,就無法真正發揮技術創新作用賦能自身數字化轉型;不熟悉開源的安全、合規、生命週期及效率(工具),企業引入開源就容易得不償失,導致成本過高及鏈路過長。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總的來說,目前企業用戶在使用開源軟件時遇到的挑戰主要包括"},{"type":"text","marks":[{"type":"strong"}],"text":"安全"},{"type":"text","text":"(漏洞修復能力,漏洞修復服務,漏洞修復流程)、"},{"type":"text","marks":[{"type":"strong"}],"text":"合規"},{"type":"text","text":"(許可證衝突,識別合規風險,知識產權風險)、"},{"type":"text","marks":[{"type":"strong"}],"text":"生命週期"},{"type":"text","text":"(存量軟件升級,建立流程和規則,參與上游社區貢獻)、"},{"type":"text","marks":[{"type":"strong"}],"text":"效率"},{"type":"text","text":"(管理平臺,開源軟件庫,代碼掃描工具)等幾方面,"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"因此,企業對於開源治理的訴求愈加迫切。“華爲公司願意把在開源領域長期積累的經驗分享給夥伴。”堵俊平表示。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"提升全行業開源技術水平"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,“開源雨林”計劃是一次全新的嘗試,它將從開源通識、開源使用、開源貢獻三大方面構建開源課程體系,幫助企業快速理解開源理念,掌握實戰方法。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時,華爲也將發揮自身技術優勢與經驗優勢,在團隊、機制、項目三方面提供諮詢服務,協助企業構建開源能力中心,逐步提升全行業開源技術水平。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/32\/321ab1d4d6ec387ecdf59387d05272db.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"堵俊平在講解“開源雨林”計劃。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"具體而言,華爲把相關的理論和案例總結爲十門開源專業課程,以授課的方式讓企業快速具備實戰基礎。同時,華爲也會選擇和部分企業共建開源能力中心,或者採用聯合創新項目的方式完成企業組織和流程搭建,讓企業具備實戰能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲什麼是華爲?華爲是否具備這個基礎?相信在“開源雨林”計劃亮相之後,部分人會產生類似的疑問。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但若深入瞭解,則不難發現,近些年華爲"},{"type":"text","marks":[{"type":"strong"}],"text":"從開源的參與者逐步走向開源的引領者"},{"type":"text","text":"。目前華爲在頂級基金會(包括 Linux、CNCF、Linaro、OpenStack 等)擁有十多個董事席位,以及 200 多個 TSC、PTL、Core Committer 席位。在積極參與開源社區的同時,華爲也是開源項目的主動貢獻者,涵蓋操作系統、雲原生、數據庫以及 AI 等領域。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"堵俊平介紹道,華爲早在使用開源之初就成立了開源能力中心,並建立了可信開源的管理流程,已經有了10多年的社區經驗積累。除了大力發展華爲開源社區,華爲還在CHAOSS社區共享開源治理、社區運營、基礎設施經驗,共建開源項目\/社區度量標準。近期,華爲還加入了OpenChain項目(由 Linux 基金會發起的一項旨在簡化開源合規性的項目,幫助各種組織更高效地解決開源許可證一致性問題),希望能爲打造安全可信的開源軟件供應鏈貢獻更多的力量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"事實上,自 2019 年華爲全面提出了軟件開源的戰略後,華爲開源的實力開始顯現。在過去兩年時間裏,華爲陸續推出了 openEuler、OpenHarmony、MindSpore 、openGauss、KubEdge、EdgeGallery、Karmada 等平臺級開源項目,涉及到數字基礎設施操作系統、智能終端操作系統、AI 計算框架、分佈式數據庫、邊緣計算、多雲容器編排系統、等基礎軟件項目。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於歷史因素,中國基礎軟件競爭力十分薄弱,因此"},{"type":"text","marks":[{"type":"strong"}],"text":"華爲希望推動中國構建世界級的基礎軟件開源社區。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以openEuler爲例,當下政企用戶對於自主可控開源的操作系統替換關注度很高,openEuler(開源的Linux發行版)是數字基礎設施的操作系統。短短兩年,openEuler已經快速成長爲國計民生行業支持多樣性計算的首選操作系統,在運營商、政府、金融、能源行業都具備了大規模商用的能力。在本次大會上,openEuler 21.09版本正式發佈,同時推出了全新的雲原生全棧功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"值得一提的是,自Linux kernel 5.8版本以來,華爲內核代碼貢獻持續領先,"},{"type":"text","marks":[{"type":"strong"}],"text":"5.10版本貢獻第一,在華爲承諾幫助加強測試的支持下,Linux Kernel 5.10維護週期從2年延長至6年"},{"type":"text","text":"。根據 openEuler 社區的版本生命週期,openEuler 22.03 LTS 版本將於明年發佈,屆時將會使用 Linux Kernel 5.10 作爲該版本的內核。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了openEuler,其他開源項目比如openGauss、Karmada、MindSpore也在飛速發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全場景 AI 計算框架 MindSpore 開源一年多以來快速成長,能力日趨強大,最新 MindSpore 1.5 版本強化全場景能力、原生支持大模型,並新增 AI 科學計算新範式、電磁仿真套件和分子模擬套件,促進 AI 應用於科學計算。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“去 O”一直是政企用戶的目標,企業級數據庫 openGauss 自去年 6 月開源,已經有 70 家企業加入社區,開發貢獻者超過 2000 人,12 傢伙伴基於 openGauss 發佈商業發行版。如今,openGauss 社區理事會正式成立,包括主流的 DBV(數據庫軟件供應商)、關鍵行業客戶、高校學術機構等 18 家單位,共建共享共治 openGauss 開源社區,一同打造全球領先的企業級開源數據庫新生態。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生是大勢所趨,但是對於企業客戶而言,出於數據主權和安全隱私的考慮,企業客戶會考慮使用多雲混合雲方式開展業務,然而不同雲環境的基礎設施能力、安全架構的差異會造成企業 IT 架構和運維體系的割裂,加大多雲混合雲實施的複雜性,提高了運維成本。今年 4 月,華爲正式宣佈開源雲原生多雲容器編排項目 Karmada,並於 9 月將該項目捐贈給雲原生計算基金會 CNCF。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"金融業的開源使用風險治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不僅在 IT 和互聯網企業,銀行電信等不少傳統行業客戶也在許多場景引入開源技術,開源已經成爲推動企業數字化轉型和創新的一大推手。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據瞭解,華爲在推出“開源雨林”計劃之前,就和浦發銀行就金融領域開源治理和開源策略方面有所合作。在金融業迎來發展新機遇的大背景下,浦發銀行積極推進數字化轉型,投入大量人力進行數字化研究,在雲計算、大數據、人工智能領域進行開發創新,這其中不可避免地使用了大量開源軟件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但衆所周知,金融企業對監管合規和穩定性尤爲嚴苛,銀行產品大量使用開源技術的同時,合規、安全風險如何管控?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/3d\/3deb9013a7aebf116f8f66657198e17b.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"華爲指出,金融客戶當前仍着重於求解使用開源方面的問題,主要聚焦在安全、合規、生命週期、效率(工具)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當看到華爲在CNCF、Hadoop等開源社區的貢獻和影響力後,浦發決定和華爲公司合作,共同成立浦發·華爲開源技術聯合實驗室,圍繞開源使用風險治理結成聯創項目,並提出了樹立開源價值觀、確立方法論和落地實踐三步走的戰略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先是樹立開源價值觀,華爲開源專家開展了多次現場培訓和在線指導,和浦發一起識別開源使用風險,爲後續順利開展工作做好準備。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次是確立方法論,結合華爲開源治理的成功經驗,浦發打造了關於開源使用及治理的頂層設計,從管控風險,到平臺運作,最終實現高效自治。期間浦發結合業務實際,對開源技術引入、使用和安全管理設計了相關流程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後是成功落地實踐,在完成上述方法論後,浦發在引入環節規避了開源軟件相關安全風險,通過使用臺賬的記錄做到開源軟件可控可溯。目前開源治理能力已在全行推廣,幫助浦發安全、合規、可靠、高效地評估和使用開源軟件、管理開源資產、把控開源軟件使用中的安全風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於浦發率先在金融業實行開源管理,其能力得到了行業認可,同年浦發牽頭成立金融行業開源技術應用社區,進一步提升了浦發在行業中的影響力。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"寫在最後"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“只有通過開源,纔有機會聚焦全社會全產業鏈的力量迅速提升基礎軟件能力,進而推動全行業的創新。”堵俊平說道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"華爲在開源領域的投入有目共睹。需要強調的是,無論是華爲現在主導的開源社區或後續創建的其它社區,都需要企業有意向加入並且能夠打通社區和商業的循環,才能可持續地發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而如何幫助企業少走彎路,應對開源挑戰並切實有效地防範、化解開源風險的同時,能利用好開源的優勢實現業務價值,驅動業務創新,便是“開源雨林”計劃所要解決的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之,是否要採用開源技術已經不是我們首要考慮的問題,未來更重要的是如何更好地使用開源、探索開源,創造更多可能性。"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章